(axis-axis2-java-core) branch dependabot/maven/org.apache.xmlbeans-xmlbeans-5.2.2 created (now 2f2efd9c4a)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/maven/org.apache.xmlbeans-xmlbeans-5.2.2 in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git at 2f2efd9c4a Bump org.apache.xmlbeans:xmlbeans from 3.0.1 to 5.2.2 No new revisions were added by this update.
(axis-axis2-java-core) branch dependabot/maven/org.apache.xmlbeans-xmlbeans-5.2.1 deleted (was a5f6538625)
This is an automated email from the ASF dual-hosted git repository. github-bot pushed a change to branch dependabot/maven/org.apache.xmlbeans-xmlbeans-5.2.1 in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-core.git was a5f6538625 Bump org.apache.xmlbeans:xmlbeans from 3.0.1 to 5.2.1 The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
(axis-axis2-java-rampart) branch master updated: RAMPART-437 SHA256 not supported for DigestAlgorithm for TransportBinding when specified correctly in policy.xml
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
The following commit(s) were added to refs/heads/master by this push:
new 6d85d98d RAMPART-437 SHA256 not supported for DigestAlgorithm for
TransportBinding when specified correctly in policy.xml
6d85d98d is described below
commit 6d85d98d50bc019d6a085887f24a5d420977d312
Author: Robert Lazarski
AuthorDate: Tue Nov 5 09:56:02 2024 -1000
RAMPART-437 SHA256 not supported for DigestAlgorithm for TransportBinding
when specified correctly in policy.xml
---
.../java/org/apache/rampart/builder/TransportBindingBuilder.java | 9 +
1 file changed, 9 insertions(+)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
index 242612c1..4ab54e4f 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -248,6 +248,9 @@ public class TransportBindingBuilder extends BindingBuilder
{
}
dkSig.getParts().addAll(sigParts);
+
+ // 1.8.0 and later, see RAMPART-437
+ dkSig.setDigestAlgorithm(rpd.getAlgorithmSuite().getDigest());
List referenceList
= dkSig.addReferencesToSign(sigParts);
@@ -290,6 +293,8 @@ public class TransportBindingBuilder extends BindingBuilder
{
sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
}
+ // 1.8.0 and later, see RAMPART-437
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
List referenceList
= sig.addReferencesToSign(sigParts);
@@ -526,6 +531,8 @@ public class TransportBindingBuilder extends BindingBuilder
{
sig.prepare(RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
rmd.getCustomClassLoader()));
sig.getParts().addAll(sigParts);
+ // 1.8.0 and later, see RAMPART-437
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
List referenceList
= sig.addReferencesToSign(sigParts);
@@ -672,6 +679,8 @@ public class TransportBindingBuilder extends BindingBuilder
{
sig.prepare(RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
rmd.getCustomClassLoader()));
sig.getParts().addAll(sigParts);
+ // 1.8.0 and later, see RAMPART-437
+ sig.setDigestAlgo(rpd.getAlgorithmSuite().getDigest());
List referenceList
= sig.addReferencesToSign(sigParts);
(axis-axis2-java-rampart) branch master updated (206965aa -> 5136d7b5)
This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git from 206965aa RAMPART-448 NullPointerException in RampartUtil.setKeyIdentifierType() when signing response new a41a08e0 RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization to WSS4J RequestData via optional parameters in Options and RampartConfig new 5136d7b5 RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization to WSS4J RequestData via optional parameters in Options and RampartConfig The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../java/org/apache/rampart/RampartEngine.java | 39 +++-- .../org/apache/rampart/RampartMessageData.java | 30 +++- .../rampart/handler/CertificateValidator.java | 40 - .../policy/builders/RampartConfigBuilder.java | 55 +++ .../apache/rampart/policy/model/RampartConfig.java | 181 +++-- .../apache/rampart/saml/SAML1AssertionHandler.java | 4 +- .../apache/rampart/saml/SAML2AssertionHandler.java | 5 +- .../apache/rampart/saml/SAMLAssertionHandler.java | 7 +- .../policy/builders/KerberosConfigBuilderTest.java | 2 +- .../rampart/policy/builders/kerberosConfig.policy | 12 +- .../main/java/org/apache/rahas/RahasConstants.java | 19 ++- .../java/org/apache/rahas/client/STSClient.java| 60 ++- .../org/apache/rahas/impl/util/CommonUtil.java | 40 - .../org/apache/rahas/impl/util/SAML2Utils.java | 11 +- .../org/apache/rahas/impl/util/CommonUtilTest.java | 3 +- 15 files changed, 445 insertions(+), 63 deletions(-)
(axis-axis2-java-rampart) 02/02: RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization to WSS4J RequestData via optional parameters in Options and RampartConfig
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 5136d7b5c74839c664f851cd666d3777e27f4d0b
Author: Robert Lazarski
AuthorDate: Tue Nov 5 09:14:19 2024 -1000
RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization
to WSS4J RequestData via optional parameters in Options and RampartConfig
---
.../apache/rampart/policy/model/RampartConfig.java | 20
1 file changed, 20 deletions(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index f65a09df..63cfec50 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -20,8 +20,6 @@ import org.apache.neethi.Assertion;
import org.apache.neethi.Constants;
import org.apache.neethi.PolicyComponent;
-import org.apache.wss4j.dom.handler.RequestData;
-
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
@@ -673,22 +671,4 @@ public class RampartConfig implements Assertion {
this.allowRSA15KeyTransportAlgorithm =
Boolean.valueOf(allowRSA15KeyTransportAlgorithm);
}
-// set some vars on WSS4J class RequestData via RamparConfig as desired in
-// Jira issues RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435
- /*
-public RequestData getRequestData() {
-RequestData requestData = new RequestData();
-requestData.setTimeStampStrict(timeStampStrict);
-requestData.setPrecisionInMilliSeconds(isTimestampPrecisionInMs);
-// 1.8.0 and later
-requestData.setDisableBSPEnforcement(disableBSPEnforcement);
-requestData.setHandleCustomPasswordTypes(handleCustomPasswordTypes);
-
requestData.setAllowNamespaceQualifiedPasswordTypes(allowNamespaceQualifiedPasswordTypes);
-
requestData.setAllowUsernameTokenNoPassword(allowUsernameTokenNoPassword);
-requestData.setTimeStampFutureTTL(timeStampFutureTTL);
-requestData.setUtTTL(utTTL);
-requestData.setUtFutureTTL(utFutureTTL);
-return requestData;
-}
- */
}
(axis-axis2-java-rampart) 01/02: RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization to WSS4J RequestData via optional parameters in Options and RampartConfig
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit a41a08e0a38aeb8258404bd98b4aca40efccfb57
Author: Robert Lazarski
AuthorDate: Tue Nov 5 09:10:16 2024 -1000
RAMPART-205, RAMPART-361, RAMPART-432, RAMPART-435 Add some customization
to WSS4J RequestData via optional parameters in Options and RampartConfig
---
.../java/org/apache/rampart/RampartEngine.java | 39 ++--
.../org/apache/rampart/RampartMessageData.java | 30 ++-
.../rampart/handler/CertificateValidator.java | 40 +++-
.../policy/builders/RampartConfigBuilder.java | 55 ++
.../apache/rampart/policy/model/RampartConfig.java | 201 +++--
.../apache/rampart/saml/SAML1AssertionHandler.java | 4 +-
.../apache/rampart/saml/SAML2AssertionHandler.java | 5 +-
.../apache/rampart/saml/SAMLAssertionHandler.java | 7 +-
.../policy/builders/KerberosConfigBuilderTest.java | 2 +-
.../rampart/policy/builders/kerberosConfig.policy | 12 +-
.../main/java/org/apache/rahas/RahasConstants.java | 19 +-
.../java/org/apache/rahas/client/STSClient.java| 60 +-
.../org/apache/rahas/impl/util/CommonUtil.java | 40 +++-
.../org/apache/rahas/impl/util/SAML2Utils.java | 11 +-
.../org/apache/rahas/impl/util/CommonUtilTest.java | 3 +-
15 files changed, 465 insertions(+), 63 deletions(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index e5bee768..c9564ee5 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -115,6 +115,7 @@ public class RampartEngine {
engine.setWssConfig(rmd.getConfig());
RampartConfig rampartConfig = rpd.getRampartConfig();
+RequestData requestData = new RequestData();
if (rampartConfig != null) {
WSSConfig config = engine.getWssConfig();
@@ -194,7 +195,25 @@ public class RampartEngine {
}
engine.setWssConfig(config);
-}
+requestData.setTimeStampStrict(rampartConfig.isTimeStampStrict());
+
requestData.setPrecisionInMilliSeconds(rampartConfig.isDefaultTimestampPrecisionInMs());
+// 1.8.0 and later
+
requestData.setDisableBSPEnforcement(rampartConfig.isDisableBSPEnforcement());
+
requestData.setHandleCustomPasswordTypes(rampartConfig.isHandleCustomPasswordTypes());
+
requestData.setAllowNamespaceQualifiedPasswordTypes(rampartConfig.isAllowNamespaceQualifiedPasswordTypes());
+ // this is set below
+//
requestData.setAllowUsernameTokenNoPassword(rampartConfig.isAllowNamespaceQualifiedPasswordTypes());
+
requestData.setValidateSamlSubjectConfirmation(rampartConfig.isValidateSamlSubjectConfirmation());
+
requestData.setTimeStampFutureTTL(rampartConfig.getTimeStampFutureTTL());
+requestData.setUtTTL(rampartConfig.getUtTTL());
+requestData.setUtFutureTTL(rampartConfig.getUtFutureTTL());
+
requestData.setAllowRSA15KeyTransportAlgorithm(rampartConfig.isAllowRSA15KeyTransportAlgorithm());
// backward compatibility as true
+
+ } else {
+requestData.setAllowRSA15KeyTransportAlgorithm(true); // backward
compatibility
+requestData.setValidateSamlSubjectConfirmation(false); // backward
compatibility
+requestData.setEncodePasswords(false); // default
+ }
ValidatorData data = new ValidatorData(rmd);
@@ -231,7 +250,7 @@ public class RampartEngine {
Crypto decCrypto =
RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
msgCtx.getAxisService().getClassLoader());
TokenCallbackHandler tokenCallbackHandler = new
TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd));
-WSHandlerResult result = processSecurityHeaderWithRSA15(rmd,
secHeader, engine, signatureCrypto, decCrypto, tokenCallbackHandler);
+WSHandlerResult result = processSecurityHeaderWithRSA15(rmd,
secHeader, engine, signatureCrypto, decCrypto, tokenCallbackHandler,
requestData);
results = result.getResults();
if(rpd.isSymmetricBinding()) {
@@ -276,7 +295,8 @@ public class RampartEngine {
Date.from(samlAssertionHandler.getDateNotBefore()),
Date.from(samlAssertionHandler.getDateNotOnOrAfter()));
-
token.setSecret(samlAssertionHandler.getAssertionKeyInfoSecret(signatureCrypto,
tokenCallbackHandler,
Boolean.parseBoolean(rampartConfig.getDisableBSPEnforcement(;
+
(axis-axis2-java-rampart) 01/03: RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit fef676d1be0faff901b4a659eb8d177bb5f1a6aa
Author: Robert Lazarski
AuthorDate: Tue Nov 5 15:03:03 2024 -1000
RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking
disabled
---
.../org/apache/rampart/RampartMessageData.java | 117 +++--
.../policy/builders/RampartConfigBuilder.java | 6 --
.../apache/rampart/policy/model/RampartConfig.java | 104 --
.../rampart/policy/builders/kerberosConfig.policy | 4 +-
.../main/java/org/apache/rahas/RahasConstants.java | 5 +-
.../java/org/apache/rahas/client/STSClient.java| 12 +++
6 files changed, 175 insertions(+), 73 deletions(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index b19c654d..713ddf87 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -52,6 +52,7 @@ import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.common.util.WSTimeSource;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
@@ -106,6 +107,37 @@ public class RampartMessageData {
public final static String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+/**
+ * Key to hold the WSTimeSource
+ */
+public final static String CUSTOM_WS_TIME_SOURCE = "wsTimeSource";
+
+/**
+ * Key to hold the BSP compliance
+ */
+public static final String DISABLE_BSP_ENFORCEMENT =
"disableBSPEnforcement";
+
+public static final String TIMESTAMP_STRICT = "timestampStrict";
+
+public static final String TIMESTAMP_PRECISION_IN_MS =
"timestampPrecisionInMs";
+
+public final static String ALLOW_USERNAME_TOKEN_NO_PASSWORD =
"allowUsernameTokenNoPassword";
+
+public final static String TIMESTAMP_FUTURE_TTL = "timeStampFutureTTL";
+
+public final static String UT_TTL = "utTTL";
+
+public final static String UT_FUTURE_TTL = "utFutureTTL";
+
+public final static String HANDLE_CUSTOM_PASSWORD_TYPES =
"handleCustomPasswordTypes";
+
+public final static String ALLOW_NAMESPACE_QUALIFIED_PASSWORDTYPES =
"allowNamespaceQualifiedPasswordTypes";
+public final static String ENCODE_PASSWORDS = "encodePasswords";
+
+public final static String VALIDATE_SAML_SUBJECT_CONFIRMATION =
"validateSamlSubjectConfirmation";
+
+public final static String ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM =
"allowRSA15KeyTransportAlgorithm";
+
/**
* Key to hold the WS-SecConv version
*/
@@ -183,6 +215,12 @@ public class RampartMessageData {
//Update the UsernameToken validator
this.config.setValidator(WSConstants.USERNAME_TOKEN,
RampartUsernameTokenValidator.class);
+ // set the Time Source
+WSTimeSource wsTimeSource =
(WSTimeSource)msgCtx.getProperty(CUSTOM_WS_TIME_SOURCE);
+if (wsTimeSource != null) {
+this.config.setCurrentTime(wsTimeSource);
+}
+
// First obtain the axis service as we have to do a null check,
there can be situations
// where Axis Service is null
AxisService axisService = msgCtx.getAxisService();
@@ -352,42 +390,58 @@ public class RampartMessageData {
}
}
-RequestData requestData = new RequestData();
// Check whether RampartConfig is present
if (this.policyData != null && this.policyData.getRampartConfig()
!= null) {
-boolean timestampPrecisionInMilliseconds = this.policyData
-.getRampartConfig().isDefaultTimestampPrecisionInMs();
-boolean timestampStrict =
this.policyData.getRampartConfig().isTimeStampStrict();
-
// set some vars on WSS4J class RequestData via RamparConfig as
desired in
// Jira issues RAMPART-205, RAMPART-361, RAMPART-432,
RAMPART-435
-boolean disableBSPEnforcement =
this.policyData.getRampartConfig().isDisableBSPEnforcement();
-boolean handleCustomPasswordTypes =
this.policyData.getRampartConfig().isHandleCustomPasswordTypes();
-boolean allowNamespaceQualifiedPasswordTypes =
this.policyData.getRampartConfig().isAllowNamespaceQualifiedPasswordTypes();
-boolean allowUsernameTokenNoPassword =
this.policyData.getRampartConfig().isAllowU
(axis-axis2-java-rampart) 03/03: RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 5bef64210be281d6f885f4e3c8269d244257a613
Author: Robert Lazarski
AuthorDate: Tue Nov 5 15:22:58 2024 -1000
RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking
disabled
---
.../java/org/apache/rampart/policy/builders/RampartConfigBuilder.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
index 7b34c1c7..5a03e062 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -128,7 +128,7 @@ public class RampartConfigBuilder implements
AssertionBuilder {
}
childElement = element.getFirstChildWithName(new QName(
-RampartConfig.NS, RampartConfig.TS_PRECISION_IN_MS_LN));
+RampartConfig.NS, RampartConfig.TIMESTAMP_PRECISION_IN_MS_LN));
if (childElement != null) {
rampartConfig.setTimestampPrecisionInMs(childElement.getText().trim());
}
(axis-axis2-java-rampart) 02/03: RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f7d0025284383789815e059200b2a3c57642240b
Author: Robert Lazarski
AuthorDate: Tue Nov 5 15:14:57 2024 -1000
RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking
disabled
---
.../src/main/java/org/apache/rampart/RampartMessageData.java| 2 +-
.../org/apache/rampart/policy/builders/RampartConfigBuilder.java| 6 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index 713ddf87..f9aa3daa 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -441,7 +441,7 @@ public class RampartMessageData {
this.policyData.getRampartConfig().setUtFutureTTL(utFutureTTLInput);
}
-}
+}
if (axisService != null) {
this.customClassLoader = axisService.getClassLoader();
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
index 016ab4a8..7b34c1c7 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -127,6 +127,12 @@ public class RampartConfigBuilder implements
AssertionBuilder {
.build(childElement.getFirstElement()));
}
+ childElement = element.getFirstChildWithName(new QName(
+RampartConfig.NS, RampartConfig.TS_PRECISION_IN_MS_LN));
+if (childElement != null) {
+
rampartConfig.setTimestampPrecisionInMs(childElement.getText().trim());
+}
+
childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.TS_TTL_LN));
if (childElement != null) {
(axis-axis2-java-rampart) branch master updated (6d85d98d -> 5bef6421)
This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git from 6d85d98d RAMPART-437 SHA256 not supported for DigestAlgorithm for TransportBinding when specified correctly in policy.xml new fef676d1 RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled new f7d00252 RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled new 5bef6421 RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../org/apache/rampart/RampartMessageData.java | 117 +++-- .../policy/builders/RampartConfigBuilder.java | 8 +- .../apache/rampart/policy/model/RampartConfig.java | 104 -- .../rampart/policy/builders/kerberosConfig.policy | 4 +- .../main/java/org/apache/rahas/RahasConstants.java | 5 +- .../java/org/apache/rahas/client/STSClient.java| 12 +++ 6 files changed, 179 insertions(+), 71 deletions(-)
(axis-axis2-java-rampart) 02/02: RAMPART-396 NullPointerException using STS, Trust and entropy
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 7cc7075a5d89d07a24288198dc013b51af1e162b
Author: Robert Lazarski
AuthorDate: Tue Nov 5 16:25:28 2024 -1000
RAMPART-396 NullPointerException using STS, Trust and entropy
---
.../src/main/java/org/apache/rahas/client/STSClient.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
index af43d188..3f428740 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -697,7 +697,7 @@ public class STSClient {
.getAlgorithmSuite();
if(algorithmSuite == null) {
- throw new TrustException("Invalid STS policy.
AlgorithmSuite not found");
+throw new TrustException("Invalid STS policy.
AlgorithmSuite not found");
}
}
}
@@ -774,7 +774,7 @@ public class STSClient {
}
}
-int nonceLength = this.algorithmSuite != null ?
this.algorithmSuite.getMaximumSymmetricKeyLength() / 8 : 16;
+int nonceLength = this.algorithmSuite != null ?
this.algorithmSuite.getMaximumSymmetricKeyLength() / 8 : 16;
try {
// Handle entropy
(axis-axis2-java-rampart) branch master updated (5bef6421 -> 7cc7075a)
This is an automated email from the ASF dual-hosted git repository. robertlazarski pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git from 5bef6421 RAMPART-420 Allow WS-Security timestamps to be spoofed and BSP checking disabled new 01a401cf RAMPART-396 NullPointerException using STS, Trust and entropy new 7cc7075a RAMPART-396 NullPointerException using STS, Trust and entropy The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../src/main/java/org/apache/rahas/client/STSClient.java | 15 ++- 1 file changed, 10 insertions(+), 5 deletions(-)
(axis-axis2-java-rampart) 01/02: RAMPART-396 NullPointerException using STS, Trust and entropy
This is an automated email from the ASF dual-hosted git repository.
robertlazarski pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 01a401cf2ec8f559717890292715ce64f9878296
Author: Robert Lazarski
AuthorDate: Tue Nov 5 16:22:44 2024 -1000
RAMPART-396 NullPointerException using STS, Trust and entropy
---
.../src/main/java/org/apache/rahas/client/STSClient.java | 15 ++-
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git
a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
index f8ca8789..af43d188 100644
--- a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -675,8 +675,9 @@ public class STSClient {
* the RST.
*
* @param servicePolicy
+ * @throws TrustException
*/
-private void processPolicy(Policy issuerPolicy, Policy servicePolicy) {
+private void processPolicy(Policy issuerPolicy, Policy servicePolicy)
throws TrustException {
//Get the policy assertions
//Assumption: there's only one alternative
@@ -694,6 +695,10 @@ public class STSClient {
this.algorithmSuite = ((Binding) tempAssertion)
.getAlgorithmSuite();
+
+if(algorithmSuite == null) {
+ throw new TrustException("Invalid STS policy.
AlgorithmSuite not found");
+}
}
}
}
@@ -768,6 +773,8 @@ public class STSClient {
}
}
}
+
+int nonceLength = this.algorithmSuite != null ?
this.algorithmSuite.getMaximumSymmetricKeyLength() / 8 : 16;
try {
// Handle entropy
@@ -786,8 +793,7 @@ public class STSClient {
ent,
RahasConstants.BIN_SEC_TYPE_NONCE);
this.requestorEntropy =
-
UsernameTokenUtil.generateNonce(this.algorithmSuite.
-getMaximumSymmetricKeyLength()/8);
+UsernameTokenUtil.generateNonce(nonceLength);
binSec.setText(Base64Utils.encode(this.requestorEntropy));
if (log.isDebugEnabled()) {
@@ -812,8 +818,7 @@ public class STSClient {
ent,
RahasConstants.BIN_SEC_TYPE_NONCE);
this.requestorEntropy =
-
UsernameTokenUtil.generateNonce(this.algorithmSuite.
-getMaximumSymmetricKeyLength()/8);
+UsernameTokenUtil.generateNonce(nonceLength);
binSec.setText(Base64Utils.encode(this.requestorEntropy));
if (log.isDebugEnabled()) {
