cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r797645 - in /cxf/branches/2.2.x-fixes: ./ distribution/src/main/release/samples/ws_security/interopfest/wssc/ distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/ distribution/src/main/release/sa...
Date Fri, 24 Jul 2009 20:48:10 GMT
Author: dkulp
Date: Fri Jul 24 20:48:10 2009
New Revision: 797645

URL: http://svn.apache.org/viewvc?rev=797645&view=rev
Log:
Merged revisions 797640 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r797640 | dkulp | 2009-07-24 16:40:45 -0400 (Fri, 24 Jul 2009) | 2 lines
  
  [CXF-2359] Fixes to properly check all the signatures and timestamps.
  Part of it is a patch from Colm O hEigeartaigh
........

Modified:
    cxf/branches/2.2.x-fixes/   (props changed)
    cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml
    cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java
    cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
    cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jul 24 20:48:10 2009
@@ -1 +1 @@
-/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792265,792271,792604,792683-792685,792975,792985,793059,793570,794297,794396,794680,794728,794771,794778-794780,794892,795044,795104,795160,795583,795907,796022-796023,796352,796593,796741,796780,796994-796997,797117,797159,797192,797194,797231-797233,797442,797505,797517,797534,797581-797583,797587
+/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792265,792271,792604,792683-792685,792975,792985,793059,793570,794297,794396,794680,794728,794771,794778-794780,794892,795044,795104,795160,795583,795907,796022-796023,796352,796593,796741,796780,796994-796997,797117,797159,797192,797194,797231-797233,797442,797505,797517,797534,797581-797583,797587,797640

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml
(original)
+++ cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml
Fri Jul 24 20:48:10 2009
@@ -90,7 +90,7 @@
             <plugin>
                 <groupId>org.apache.cxf</groupId>
                 <artifactId>cxf-codegen-plugin</artifactId>
-                <version>LATEST</version>
+                <version>2.3.0-SNAPSHOT</version>
                 <executions>
                     <execution>
                         <id>generate-sources</id>

Modified: cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java
(original)
+++ cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java
Fri Jul 24 20:48:10 2009
@@ -84,6 +84,10 @@
         if (url.contains("X10_I")) {
             ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "etc/bob.properties");
             ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "etc/alice.properties");
+        } else if (url.contains("MutualCert")) {
+            ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "etc/bob.properties");
+            ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "etc/alice.properties");
+            ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         }
         ep.publish(url);
     }

Modified: cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl
(original)
+++ cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl
Fri Jul 24 20:48:10 2009
@@ -34,6 +34,32 @@
                 <xsl:when test="@schemaLocation='http://ndgo-introp-s24/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd3'">
                     <xsl:attribute name="schemaLocation">WSSecureConversation_3.xsd</xsl:attribute>
                 </xsl:when>
+
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd0'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_0.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd0'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_0.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd1'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_1.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd1'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_1.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd2'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_2.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd2'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_2.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd3'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_3.xsd</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd3'">
+                    <xsl:attribute name="schemaLocation">WSSecureConversation_3.xsd</xsl:attribute>
+                </xsl:when>
+
                 <xsl:otherwise>
                     <xsl:attribute name="schemaLocation">
                         <xsl:value-of select="@schemaLocation"/>
@@ -53,6 +79,12 @@
                 <xsl:when test="@location='http://ndgo-introp-s24/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?wsdl'">
                     <xsl:attribute name="location">WSSecureConversation.wsdl</xsl:attribute>
                 </xsl:when>
+                <xsl:when test="@location='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?wsdl'">
+                    <xsl:attribute name="location">WSSecureConversation.wsdl</xsl:attribute>
+                </xsl:when>
+                <xsl:when test="@location='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?wsdl'">
+                    <xsl:attribute name="location">WSSecureConversation.wsdl</xsl:attribute>
+                </xsl:when>
                 <xsl:otherwise>
                     <xsl:attribute name="location">WSSecureConversation_policy.wsdl</xsl:attribute>
                 </xsl:otherwise>

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Fri Jul 24 20:48:10 2009
@@ -262,9 +262,9 @@
                 Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
                 Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
                 if (abinding.getProtectionToken() != null) {
-                    if (e != null) {
+                    if (e != null && s == null) {
                         s = e;
-                    } else if (s != null) {
+                    } else if (s != null && e == null) {
                         e = s;
                     }
                 }

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Fri Jul 24 20:48:10 2009
@@ -233,18 +233,24 @@
              */
 
             // Extract the signature action result from the action vector
-            WSSecurityEngineResult actionResult = WSSecurityUtil
-                .fetchActionResult(wsResult, WSConstants.SIGN);
-
-            if (actionResult != null) {
-                X509Certificate returnCert = (X509Certificate)actionResult
-                    .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-
-                if (returnCert != null && !verifyTrust(returnCert, reqData)) {
-                    LOG.warning("The certificate used for the signature is not trusted");
-                    throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
+            Vector signatureResults = new Vector();
+            signatureResults = 
+                WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN, signatureResults);
+
+            if (!signatureResults.isEmpty()) {
+                for (int i = 0; i < signatureResults.size(); i++) {
+                    WSSecurityEngineResult result = 
+                        (WSSecurityEngineResult) signatureResults.get(i);
+                    
+                    X509Certificate returnCert = (X509Certificate)result
+                        .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+    
+                    if (returnCert != null && !verifyTrust(returnCert, reqData))
{
+                        LOG.warning("The certificate used for the signature is not trusted");
+                        throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
+                    }
+                    msg.put(SIGNATURE_RESULT, result);
                 }
-                msg.put(SIGNATURE_RESULT, actionResult);
             }
 
             /*
@@ -257,16 +263,22 @@
              */
 
             // Extract the timestamp action result from the action vector
-            actionResult = WSSecurityUtil.fetchActionResult(wsResult, WSConstants.TS);
-
-            if (actionResult != null) {
-                Timestamp timestamp = (Timestamp)actionResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
-
-                if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData)))
{
-                    LOG.warning("The timestamp could not be validated");
-                    throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
+            Vector timestampResults = new Vector();
+            timestampResults = 
+                WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, timestampResults);
+
+            if (!timestampResults.isEmpty()) {
+                for (int i = 0; i < timestampResults.size(); i++) {
+                    WSSecurityEngineResult result = 
+                        (WSSecurityEngineResult) timestampResults.get(i);
+                    Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP);
+    
+                    if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData)))
{
+                        LOG.warning("The timestamp could not be validated");
+                        throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
+                    }
+                    msg.put(TIMESTAMP_RESULT, result);
                 }
-                msg.put(TIMESTAMP_RESULT, actionResult);
             }
 
             /*

Modified: cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
(original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
Fri Jul 24 20:48:10 2009
@@ -129,8 +129,12 @@
             ping.setScenario("Scenario5");
             ping.setText("ping");
             params.setPing(ping);
-            PingResponse output = port.ping(params);
-            assertEquals(OUT, output.getPingResponse().getText());
+            try {
+                PingResponse output = port.ping(params);
+                assertEquals(OUT, output.getPingResponse().getText());
+            } catch (Exception ex) {
+                throw new Exception("Error doing " + portPrefix, ex);
+            }
         }
     }
 

Modified: cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
(original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
Fri Jul 24 20:48:10 2009
@@ -106,6 +106,12 @@
                     "org/apache/cxf/systest/ws/wssec11/server/bob.properties");
             ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", 
                     "org/apache/cxf/systest/ws/wssec11/server/alice.properties");
+        } else if (url.contains("MutualCert")) {
+            ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", 
+                "org/apache/cxf/systest/ws/wssec11/server/bob.properties");
+            ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", 
+                "org/apache/cxf/systest/ws/wssec11/server/alice.properties");
+            ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         }
         ep.publish(url);
     }



Mime
View raw message