axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r453998 - in /webservices/axis2/trunk/java/modules: integration/ integration/test-resources/rampart/ integration/test-resources/rampart/policy/ integration/test/org/apache/rampart/ rahas/src/org/apache/rahas/client/ secpolicy/src/org/apache...
Date Sat, 07 Oct 2006 19:49:06 GMT
Author: ruchithf
Date: Sat Oct  7 12:49:05 2006
New Revision: 453998

URL: http://svn.apache.org/viewvc?view=rev&rev=453998
Log:
1.) Supporting the scenario where the protection token of a SymmetricBinding is an X509Token
2.) Added a test scenario to RamaprtTest
3.) Updated TokenCallbackHandler to hold an externally supplied callback handler to use in
the cases other than SCTs

NOTE : this requires the latest wss4j-SNAPSHOT.jar


Added:
    webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-2.xml
    webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-2.xml
Modified:
    webservices/axis2/trunk/java/modules/integration/maven.xml
    webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
    webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
    webservices/axis2/trunk/java/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
    webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties

Modified: webservices/axis2/trunk/java/modules/integration/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/maven.xml?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/maven.xml Sat Oct  7 12:49:05 2006
@@ -293,6 +293,15 @@
 		    <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
                  basedir="target/temp-ramp"/>
 				 
+			<copy overwrite="yes" file="test-resources/rampart/issuer.properties"
+                  tofile="target/temp-ramp/issuer.properties"/>
+				  
+			<copy overwrite="yes" file="test-resources/rampart/services-sc-2.xml"
+                  tofile="target/temp-ramp/META-INF/services.xml"/>
+
+		    <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar"
+                 basedir="target/temp-ramp"/>
+				 
 			<!-- Service classes for the SecConv tests -->
 			<mkdir dir="target/temp-sc"/>
 			<mkdir dir="target/temp-sc/META-INF"/>

Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-2.xml?view=auto&rev=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-2.xml
(added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-2.xml
Sat Oct  7 12:49:05 2006
@@ -0,0 +1,194 @@
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+	<wsp:ExactlyOne>
+		<wsp:All>
+			<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<wsp:Policy>
+					<sp:ProtectionToken>
+						<wsp:Policy>
+							<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+								<wsp:Policy>
+									<sp:RequireDerivedKeys/>
+									<sp:BootstrapPolicy>
+										<wsp:Policy>
+											<sp:EncryptedParts>
+												<sp:Body/>
+											</sp:EncryptedParts>
+											<sp:SymmetricBinding>
+												<wsp:Policy>
+													<sp:ProtectionToken>
+														<wsp:Policy>
+															<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+																<wsp:Policy>
+																	<sp:RequireDerivedKeys/>
+																	<sp:RequireThumbprintReference/>
+																	<sp:WssX509V3Token10/>
+																</wsp:Policy>
+															</sp:X509Token>
+														</wsp:Policy>
+													</sp:ProtectionToken>
+													<sp:AlgorithmSuite>
+														<wsp:Policy>
+															<sp:Basic128Rsa15/>
+														</wsp:Policy>
+													</sp:AlgorithmSuite>
+													<sp:Layout>
+														<wsp:Policy>
+															<sp:Strict/>
+														</wsp:Policy>
+													</sp:Layout>
+													<sp:IncludeTimestamp/>
+													<sp:EncryptSignature/>
+													<sp:OnlySignEntireHeadersAndBody/>
+												</wsp:Policy>
+											</sp:SymmetricBinding>
+											<sp:EndorsingSupportingTokens>
+												<wsp:Policy>
+													<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+														<wsp:Policy>
+															<sp:RequireThumbprintReference/>
+															<sp:WssX509V3Token10/>
+														</wsp:Policy>
+													</sp:X509Token>
+												</wsp:Policy>
+											</sp:EndorsingSupportingTokens>
+											<sp:Wss11>
+												<wsp:Policy>
+													<sp:MustSupportRefKeyIdentifier/>
+													<sp:MustSupportRefIssuerSerial/>
+													<sp:MustSupportRefThumbprint/>
+													<sp:MustSupportRefEncryptedKey/>
+													<sp:RequireSignatureConfirmation/>
+												</wsp:Policy>
+											</sp:Wss11>
+											<sp:Trust10>
+												<wsp:Policy>
+													<sp:MustSupportIssuedTokens/>
+													<sp:RequireClientEntropy/>
+													<sp:RequireServerEntropy/>
+												</wsp:Policy>
+											</sp:Trust10>
+										</wsp:Policy>
+									</sp:BootstrapPolicy>
+								</wsp:Policy>
+							</sp:SecureConversationToken>
+						</wsp:Policy>
+					</sp:ProtectionToken>
+					<sp:AlgorithmSuite>
+						<wsp:Policy>
+							<sp:Basic128Rsa15/>
+						</wsp:Policy>
+					</sp:AlgorithmSuite>
+					<sp:Layout>
+						<wsp:Policy>
+							<sp:Strict/>
+						</wsp:Policy>
+					</sp:Layout>
+					<sp:IncludeTimestamp/>
+					<sp:EncryptSignature/>
+					<sp:OnlySignEntireHeadersAndBody/>
+				</wsp:Policy>
+			</sp:SymmetricBinding>
+			<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<wsp:Policy>
+					<sp:MustSupportRefKeyIdentifier/>
+					<sp:MustSupportRefIssuerSerial/>
+					<sp:MustSupportRefThumbprint/>
+					<sp:MustSupportRefEncryptedKey/>
+				</wsp:Policy>
+			</sp:Wss11>
+			<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<wsp:Policy>
+					<sp:MustSupportIssuedTokens/>
+					<sp:RequireClientEntropy/>
+					<sp:RequireServerEntropy/>
+				</wsp:Policy>
+			</sp:Trust10>
+			<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<sp:Body/>
+			</sp:EncryptedParts>
+			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
+				<ramp:user>alice</ramp:user>
+				<ramp:encryptionUser>bob</ramp:encryptionUser>
+				<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+				
+				<ramp:signatureCrypto>
+					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+					</ramp:crypto>
+				</ramp:signatureCrypto>
+				<ramp:encryptionCypto>
+					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+					</ramp:crypto>
+				</ramp:encryptionCypto>
+				
+				<ramp:tokenIssuerPolicy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<wsp:Policy>
+						<sp:EncryptedParts>
+							<sp:Body/>
+						</sp:EncryptedParts>
+						<sp:SymmetricBinding>
+							<wsp:Policy>
+								<sp:ProtectionToken>
+									<wsp:Policy>
+										<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+											<wsp:Policy>
+												<sp:RequireDerivedKeys/>
+												<sp:RequireThumbprintReference/>
+												<sp:WssX509V3Token10/>
+											</wsp:Policy>
+										</sp:X509Token>
+									</wsp:Policy>
+								</sp:ProtectionToken>
+								<sp:AlgorithmSuite>
+									<wsp:Policy>
+										<sp:Basic128Rsa15/>
+									</wsp:Policy>
+								</sp:AlgorithmSuite>
+								<sp:Layout>
+									<wsp:Policy>
+										<sp:Strict/>
+									</wsp:Policy>
+								</sp:Layout>
+								<sp:IncludeTimestamp/>
+								<sp:EncryptSignature/>
+								<sp:OnlySignEntireHeadersAndBody/>
+							</wsp:Policy>
+						</sp:SymmetricBinding>
+						<sp:EndorsingSupportingTokens>
+							<wsp:Policy>
+								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:RequireThumbprintReference/>
+										<sp:WssX509V3Token10/>
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:EndorsingSupportingTokens>
+						<sp:Wss11>
+							<wsp:Policy>
+								<sp:MustSupportRefKeyIdentifier/>
+								<sp:MustSupportRefIssuerSerial/>
+								<sp:MustSupportRefThumbprint/>
+								<sp:MustSupportRefEncryptedKey/>
+								<sp:RequireSignatureConfirmation/>
+							</wsp:Policy>
+						</sp:Wss11>
+						<sp:Trust10>
+							<wsp:Policy>
+								<sp:MustSupportIssuedTokens/>
+								<sp:RequireClientEntropy/>
+								<sp:RequireServerEntropy/>
+							</wsp:Policy>
+						</sp:Trust10>
+					</wsp:Policy>
+				</ramp:tokenIssuerPolicy>
+				
+			</ramp:RampartConfig>
+		</wsp:All>
+	</wsp:ExactlyOne>
+</wsp:Policy>

Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-2.xml?view=auto&rev=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-2.xml
(added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-2.xml
Sat Oct  7 12:49:05 2006
@@ -0,0 +1,248 @@
+<service name="SecureService">
+
+	<module ref="addressing"/>
+	<module ref="rampart"/>
+	<module ref="rahas"/>
+
+	<parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+	<operation name="echo">
+		<messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+		<actionMapping>urn:echo</actionMapping>
+	</operation>
+
+	<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+	<wsp:ExactlyOne>
+		<wsp:All>
+			<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<wsp:Policy>
+					<sp:ProtectionToken>
+						<wsp:Policy>
+							<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+								<wsp:Policy>
+									<sp:RequireDerivedKeys/>
+									<sp:BootstrapPolicy>
+										<wsp:Policy>
+											<sp:EncryptedParts>
+												<sp:Body/>
+											</sp:EncryptedParts>
+											<sp:SymmetricBinding>
+												<wsp:Policy>
+													<sp:ProtectionToken>
+														<wsp:Policy>
+															<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+																<wsp:Policy>
+																	<sp:RequireDerivedKeys/>
+																	<sp:RequireThumbprintReference/>
+																	<sp:WssX509V3Token10/>
+																</wsp:Policy>
+															</sp:X509Token>
+														</wsp:Policy>
+													</sp:ProtectionToken>
+													<sp:AlgorithmSuite>
+														<wsp:Policy>
+															<sp:Basic128Rsa15/>
+														</wsp:Policy>
+													</sp:AlgorithmSuite>
+													<sp:Layout>
+														<wsp:Policy>
+															<sp:Strict/>
+														</wsp:Policy>
+													</sp:Layout>
+													<sp:IncludeTimestamp/>
+													<sp:EncryptSignature/>
+													<sp:OnlySignEntireHeadersAndBody/>
+												</wsp:Policy>
+											</sp:SymmetricBinding>
+											<sp:EndorsingSupportingTokens>
+												<wsp:Policy>
+													<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+														<wsp:Policy>
+															<sp:RequireThumbprintReference/>
+															<sp:WssX509V3Token10/>
+														</wsp:Policy>
+													</sp:X509Token>
+												</wsp:Policy>
+											</sp:EndorsingSupportingTokens>
+											<sp:Wss11>
+												<wsp:Policy>
+													<sp:MustSupportRefKeyIdentifier/>
+													<sp:MustSupportRefIssuerSerial/>
+													<sp:MustSupportRefThumbprint/>
+													<sp:MustSupportRefEncryptedKey/>
+													<sp:RequireSignatureConfirmation/>
+												</wsp:Policy>
+											</sp:Wss11>
+											<sp:Trust10>
+												<wsp:Policy>
+													<sp:MustSupportIssuedTokens/>
+													<sp:RequireClientEntropy/>
+													<sp:RequireServerEntropy/>
+												</wsp:Policy>
+											</sp:Trust10>
+										</wsp:Policy>
+									</sp:BootstrapPolicy>
+								</wsp:Policy>
+							</sp:SecureConversationToken>
+						</wsp:Policy>
+					</sp:ProtectionToken>
+					<sp:AlgorithmSuite>
+						<wsp:Policy>
+							<sp:Basic128Rsa15/>
+						</wsp:Policy>
+					</sp:AlgorithmSuite>
+					<sp:Layout>
+						<wsp:Policy>
+							<sp:Strict/>
+						</wsp:Policy>
+					</sp:Layout>
+					<sp:IncludeTimestamp/>
+					<sp:EncryptSignature/>
+					<sp:OnlySignEntireHeadersAndBody/>
+				</wsp:Policy>
+			</sp:SymmetricBinding>
+			<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<wsp:Policy>
+					<sp:MustSupportRefKeyIdentifier/>
+					<sp:MustSupportRefIssuerSerial/>
+					<sp:MustSupportRefThumbprint/>
+					<sp:MustSupportRefEncryptedKey/>
+				</wsp:Policy>
+			</sp:Wss11>
+			<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<wsp:Policy>
+					<sp:MustSupportIssuedTokens/>
+					<sp:RequireClientEntropy/>
+					<sp:RequireServerEntropy/>
+				</wsp:Policy>
+			</sp:Trust10>
+			<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+				<sp:Body/>
+			</sp:EncryptedParts>
+			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
+				<ramp:user>bob</ramp:user>
+				<ramp:encryptionUser>alice</ramp:encryptionUser>
+				<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+				
+				<ramp:signatureCrypto>
+					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+					</ramp:crypto>
+				</ramp:signatureCrypto>
+				<ramp:encryptionCypto>
+					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+					</ramp:crypto>
+				</ramp:encryptionCypto>
+				
+				<ramp:tokenIssuerPolicy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<wsp:Policy>
+						<sp:EncryptedParts>
+							<sp:Body/>
+						</sp:EncryptedParts>
+						<sp:SymmetricBinding>
+							<wsp:Policy>
+								<sp:ProtectionToken>
+									<wsp:Policy>
+										<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+											<wsp:Policy>
+												<sp:RequireDerivedKeys/>
+												<sp:RequireThumbprintReference/>
+												<sp:WssX509V3Token10/>
+											</wsp:Policy>
+										</sp:X509Token>
+									</wsp:Policy>
+								</sp:ProtectionToken>
+								<sp:AlgorithmSuite>
+									<wsp:Policy>
+										<sp:Basic128Rsa15/>
+									</wsp:Policy>
+								</sp:AlgorithmSuite>
+								<sp:Layout>
+									<wsp:Policy>
+										<sp:Strict/>
+									</wsp:Policy>
+								</sp:Layout>
+								<sp:IncludeTimestamp/>
+								<sp:EncryptSignature/>
+								<sp:OnlySignEntireHeadersAndBody/>
+							</wsp:Policy>
+						</sp:SymmetricBinding>
+						<sp:EndorsingSupportingTokens>
+							<wsp:Policy>
+								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:RequireThumbprintReference/>
+										<sp:WssX509V3Token10/>
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:EndorsingSupportingTokens>
+						<sp:Wss11>
+							<wsp:Policy>
+								<sp:MustSupportRefKeyIdentifier/>
+								<sp:MustSupportRefIssuerSerial/>
+								<sp:MustSupportRefThumbprint/>
+								<sp:MustSupportRefEncryptedKey/>
+								<sp:RequireSignatureConfirmation/>
+							</wsp:Policy>
+						</sp:Wss11>
+						<sp:Trust10>
+							<wsp:Policy>
+								<sp:MustSupportIssuedTokens/>
+								<sp:RequireClientEntropy/>
+								<sp:RequireServerEntropy/>
+							</wsp:Policy>
+						</sp:Trust10>
+					</wsp:Policy>
+				</ramp:tokenIssuerPolicy>
+				
+			</ramp:RampartConfig>
+		</wsp:All>
+	</wsp:ExactlyOne>
+	</wsp:Policy>
+	
+    <parameter name="sct-issuer-config">
+		<sct-issuer-config>
+			<cryptoProperties>
+               <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+                    <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+                    <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+                </crypto>
+			</cryptoProperties>
+			<addRequestedAttachedRef />
+			<addRequestedUnattachedRef />
+
+            <!--
+               Key computation mechanism
+               1 - Use Request Entropy
+               2 - Provide Entropy
+               3 - Use Own Key
+            -->
+            <keyComputation>3</keyComputation>
+
+            <!--
+               proofKeyType element is valid only if the keyComputation is set to 3
+               i.e. Use Own Key
+
+               Valid values are: EncryptedKey & BinarySecret
+            -->
+            <proofKeyType>BinarySecret</proofKeyType>
+        </sct-issuer-config>
+    </parameter>
+	
+	<parameter name="token-canceler-config">
+		<token-canceler-config>
+			<!--<proofToken>EncryptedKey</proofToken>-->
+			<!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+			<!--<addRequestedAttachedRef />-->
+		</token-canceler-config>
+    </parameter>
+	
+	
+</service>

Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
(original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
Sat Oct  7 12:49:05 2006
@@ -60,7 +60,7 @@
     
             ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
null);
             ServiceClient serviceClient = new ServiceClient(configContext, null);
-            Options options = new Options();
+            
 
             serviceClient.engageModule(new QName("addressing"));
             serviceClient.engageModule(new QName("rampart"));
@@ -73,6 +73,7 @@
                     //Skip the Basic256 tests
                     continue;
                 }
+                Options options = new Options();
                 System.out.println("Testing WS-Sec: custom scenario " + i);
                 options.setAction("urn:echo");
                 options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureService"
+ i));
@@ -84,11 +85,9 @@
             }
 
             
-            for (int i = 1; i <= 1; i++) { //<-The number of tests we have
-                if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
-                    //Skip the Basic256 tests
-                    continue;
-                }
+            for (int i = 1; i <= 2; i++) { //<-The number of tests we have
+
+                Options options = new Options();
                 System.out.println("Testing WS-SecConv: custom scenario " + i);
                 options.setAction("urn:echo");
                 options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC"
+ i));

Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
(original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
Sat Oct  7 12:49:05 2006
@@ -21,6 +21,7 @@
 import org.apache.axiom.om.impl.builder.StAXOMBuilder;
 import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
 import org.apache.axiom.om.util.Base64;
+import org.apache.axiom.soap.SOAP12Constants;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.addressing.AddressingConstants;
 import org.apache.axis2.addressing.EndpointReference;
@@ -116,6 +117,7 @@
             ServiceClient client = getServiceClient(rstQn, issuerAddress);
             
             client.getOptions().setProperty(RAMPART_POLICY, issuerPolicy);
+            client.getOptions().setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);

             //TODO : Get the soap version from config 
 
             //Process the STS and service policy policy

Modified: webservices/axis2/trunk/java/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
Sat Oct  7 12:49:05 2006
@@ -83,6 +83,8 @@
                 
             } else if (Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart()))
{
                 symmetricBinding.setEntireHeadersAndBodySignatures(true);
+            } else if (Constants.ENCRYPT_SIGNATURE.equals(name)) {
+                symmetricBinding.setSignatureProtection(true);
             }
         }        
     }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java
Sat Oct  7 12:49:05 2006
@@ -56,8 +56,9 @@
             
             results = engine.processSecurityHeader(rmd.getDocument(), 
                                 null, 
-                                new TokenCallbackHandler(rmd.getTokenStorage()),
-                                null);
+                                new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
+                                RampartUtil.getSignatureCrypto(rpd.getRampartConfig(), 
+                                        msgCtx.getAxisService().getClassLoader()));
         } else {
             results = engine.processSecurityHeader(rmd.getDocument(),
                       null, 

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
Sat Oct  7 12:49:05 2006
@@ -16,17 +16,13 @@
 
 package org.apache.rampart;
 
-import org.apache.axiom.om.OMElement;
 import org.apache.rahas.Token;
 import org.apache.rahas.TokenStorage;
-import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.message.token.Reference;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.xml.namespace.QName;
 
 import java.io.IOException;
 
@@ -34,29 +30,40 @@
 public class TokenCallbackHandler implements CallbackHandler {
 
     private TokenStorage store;
-
+    private CallbackHandler handler;
     
-    public TokenCallbackHandler(TokenStorage store) {
+    public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
         this.store = store;
+        this.handler = handler;
     }
     
-    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+    public void handle(Callback[] callbacks) 
+    throws IOException, UnsupportedCallbackException {
+        
         for (int i = 0; i < callbacks.length; i++) {
 
             if (callbacks[i] instanceof WSPasswordCallback) {
                 WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
-                String id = pc.getIdentifer();
-                Token tok;
-                try {
-                    //Pick up the token from the token store
-                    tok = this.store.getToken(id);
-                    if(tok != null) {
-                        //Get the secret and set it in the callback object
-                        pc.setKey(tok.getSecret());
+                if(pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN &&
+                        this.store != null) {
+                    String id = pc.getIdentifer();
+                    Token tok;
+                    try {
+                        //Pick up the token from the token store
+                        tok = this.store.getToken(id);
+                        if(tok != null) {
+                            //Get the secret and set it in the callback object
+                            pc.setKey(tok.getSecret());
+                        }
+                    } catch (Exception e) {
+                        e.printStackTrace();
+                        throw new IOException(e.getMessage());
+                    }
+                } else {
+                    //Handle other types of callbacks with the usual handler
+                    if(this.handler != null) {
+                        handler.handle(new Callback[]{pc});
                     }
-                } catch (Exception e) {
-                    e.printStackTrace();
-                    throw new IOException(e.getMessage());
                 }
 
             } else {

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
Sat Oct  7 12:49:05 2006
@@ -466,7 +466,8 @@
                                 .getSignatureElement());
 
                 signatureValues.add(dkSign.getSignatureValue());
-
+                
+                signatureElement = dkSign.getSignatureElement();
             } catch (WSSecurityException e) {
                 throw new RampartException("errorInDerivedKeyTokenSignature", e);
             } catch (ConversationException e) {

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
Sat Oct  7 12:49:05 2006
@@ -447,6 +447,12 @@
                 try {
                     sig.addReferencesToSign(sigParts, rmd.getSecHeader());
                     sig.computeSignature();
+                    
+                    this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+                            rmd, 
+                            this.getInsertionLocation(), 
+                            sig.getSignatureElement()));
+                    
                 } catch (WSSecurityException e) {
                     throw new RampartException("errorInSignatureWithX509Token", e);
                 }

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
Sat Oct  7 12:49:05 2006
@@ -31,14 +31,17 @@
 import org.apache.ws.secpolicy.model.SecureConversationToken;
 import org.apache.ws.secpolicy.model.SupportingToken;
 import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationException;
 import org.apache.ws.security.message.WSSecDKEncrypt;
 import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Vector;
@@ -100,6 +103,8 @@
             } else if(encryptionToken instanceof SecureConversationToken) {
                 tokenId = rmd.getSecConvTokenId();
                 log.debug("SCT Id : " + tokenId);
+            } else if (encryptionToken instanceof X509Token) {
+                tokenId = setupEncryptedKey(rmd, encryptionToken);
             }
             
             if(tokenId == null || tokenId.length() == 0) {
@@ -129,6 +134,10 @@
                 attached = true;
             }
             
+            //In the X509 case we MUST add the EncryptedKey
+            if(encryptionToken instanceof X509Token) {
+                RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+            }
             Document doc = rmd.getDocument();
 
             if(encryptionToken.isDerivedKeys()) {
@@ -296,6 +305,8 @@
                 sigTokId = rmd.getSecConvTokenId();
             } else if(sigToken instanceof IssuedToken) {
                 sigTokId = rmd.getIssuedSignatureTokenId();
+            } else if(sigToken instanceof X509Token) {
+                sigTokId = setupEncryptedKey(rmd, sigToken);
             }
         } else {
             throw new RampartException("signatureTokenMissing");
@@ -309,11 +320,23 @@
 
         if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
                 Constants.INCLUDE_ONCE.equals(sigToken.getInclusion()) ||
-                (rmd.isClientSide() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(sigToken.getInclusion())))
{
-            sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+                (rmd.isClientSide() && 
+                        Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(
+                                sigToken.getInclusion()))) {
+            sigTokElem = RampartUtil.appendChildToSecHeader(rmd, 
+                                                            sigTok.getToken());
+            this.setInsertionLocation(sigTokElem);
         }
+        
 
-        this.setInsertionLocation(sigTokElem);
+        
+        //In the X509 case we MUST add the EncryptedKey
+        if(sigToken instanceof X509Token) {
+            sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+            
+            //Set the insertion location
+            this.setInsertionLocation(sigTokElem);
+        }
         
 
         HashMap sigSuppTokMap = null;
@@ -361,6 +384,7 @@
                 signatureValues.add(iter.next());
             }
         }
+
         //Encryption
         Token encrToken = rpd.getEncryptionToken();
         Element encrTokElem = null;
@@ -454,6 +478,49 @@
             } catch (WSSecurityException e) {
                 throw new RampartException("errorInEncryption", e);
             }    
+        }
+    }
+
+    /**
+     * @param rmd
+     * @param sigToken
+     * @return
+     * @throws RampartException
+     */
+    private String setupEncryptedKey(RampartMessageData rmd, Token sigToken) 
+    throws RampartException {
+        try {
+            WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd, 
+                                                                sigToken);
+            String id = encrKey.getId();
+            //Create a rahas token from this info and store it so we can use
+            //it in the next steps
+    
+            Date created = new Date();
+            Date expires = new Date();
+            //TODO make this lifetime configurable ???
+            expires.setTime(System.currentTimeMillis() + 300000);
+            org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+                            id, 
+                            (OMElement) encrKey.getEncryptedKeyElement(),
+                            created, 
+                            expires);
+            tempTok.setSecret(encrKey.getEphemeralKey());
+            
+            rmd.getTokenStorage().add(tempTok);
+            
+            String bstTokenId = encrKey.getBSTTokenId();
+            //If direct ref is used to refer to the cert
+            //then add the cert to the sec header now
+            if(bstTokenId != null && bstTokenId.length() > 0) {
+                RampartUtil.appendChildToSecHeader(rmd, 
+                        encrKey.getBinarySecurityTokenElement());
+            }
+            
+            return id;
+            
+        } catch (TrustException e) {
+            throw new RampartException("errorInAddingTokenIntoStore");
         }
     }
     

Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=453998&r1=453997&r2=453998
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
(original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
Sat Oct  7 12:49:05 2006
@@ -20,6 +20,7 @@
 noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
 unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
 errorExtractingToken = Error extracting token : \"{0}\"
+errorInAddingTokenIntoStore = Error in adding token into store
 errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
 errorInSignatureWithX509Token = Error in signature with X509Token
 errorCreatingEncryptedKey = Error in creating an encrypted key



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message