Return-Path: Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: (qmail 74541 invoked from network); 5 May 2010 16:22:56 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 5 May 2010 16:22:56 -0000 Received: (qmail 69610 invoked by uid 500); 5 May 2010 16:22:56 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 69569 invoked by uid 500); 5 May 2010 16:22:55 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 69562 invoked by uid 99); 5 May 2010 16:22:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 May 2010 16:22:55 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 May 2010 16:22:51 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id CB6DA23888EA; Wed, 5 May 2010 16:21:59 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r941365 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/ systests/ws... Date: Wed, 05 May 2010 16:21:59 -0000 To: commits@cxf.apache.org From: dkulp@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20100505162159.CB6DA23888EA@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dkulp Date: Wed May 5 16:21:59 2010 New Revision: 941365 URL: http://svn.apache.org/viewvc?rev=941365&view=rev Log: Add support for restricted encryption for WS-SC by allowing key size less than 256 bits Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/server/server.xml cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssc/WSSecureConversation_policy.wsdl Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=941365&r1=941364&r2=941365&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java Wed May 5 16:21:59 2010 @@ -48,6 +48,8 @@ import org.apache.cxf.ws.security.Securi import org.apache.cxf.ws.security.policy.SP11Constants; import org.apache.cxf.ws.security.policy.SP12Constants; import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType; +import org.apache.cxf.ws.security.policy.model.AlgorithmSuite; +import org.apache.cxf.ws.security.policy.model.Binding; import org.apache.cxf.ws.security.policy.model.SecureConversationToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; import org.apache.cxf.ws.security.policy.model.Trust10; @@ -168,11 +170,47 @@ public class SecureConversationTokenInte String s = message .getContextualProperty(Message.ENDPOINT_ADDRESS).toString(); client.setLocation(s); - + AlgorithmSuite suite = getAlgorithmSuite(aim); + if (suite != null) { + client.setAlgorithmSuite(suite); + int x = suite.getMaximumSymmetricKeyLength(); + if (x < 256) { + client.setKeySize(x); + } + } Map ctx = client.getRequestContext(); mapSecurityProps(message, ctx); return s; } + + private static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) { + Binding transport = null; + Collection ais = aim.get(SP12Constants.TRANSPORT_BINDING); + if (ais != null) { + for (AssertionInfo ai : ais) { + transport = (Binding)ai.getAssertion(); + } + } else { + ais = aim.get(SP12Constants.ASYMMETRIC_BINDING); + if (ais != null) { + for (AssertionInfo ai : ais) { + transport = (Binding)ai.getAssertion(); + } + } else { + ais = aim.get(SP12Constants.SYMMETRIC_BINDING); + if (ais != null) { + for (AssertionInfo ai : ais) { + transport = (Binding)ai.getAssertion(); + } + } + } + } + if (transport != null) { + return transport.getAlgorithmSuite(); + } + return null; + } + private static void mapSecurityProps(Message message, Map ctx) { for (String s : SecurityConstants.ALL_PROPERTIES) { Object v = message.getContextualProperty(s + ".sct"); Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=941365&r1=941364&r2=941365&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Wed May 5 16:21:59 2010 @@ -273,6 +273,12 @@ public class STSClient implements Config public void setEndpointQName(QName qn) { endpointName = qn; } + public void setKeySize(int i) { + keySize = i; + } + public int getKeySize() { + return keySize; + } private void createClient() throws BusException, EndpointException { @@ -392,8 +398,11 @@ public class STSClient implements Config X509Certificate cert = null; Crypto crypto = null; + if (keySize <= 0) { + keySize = 256; + } if (keyType.endsWith("SymmetricKey")) { - if (!wroteKeySize && !isSecureConv) { + if (!wroteKeySize && (!isSecureConv || keySize != 256)) { writer.writeStartElement("wst", "KeySize", namespace); writer.writeCharacters(Integer.toString(keySize)); writer.writeEndElement(); @@ -404,7 +413,7 @@ public class STSClient implements Config writer.writeStartElement("wst", "BinarySecret", namespace); writer.writeAttribute("Type", namespace + "/Nonce"); if (algorithmSuite == null) { - requestorEntropy = WSSecurityUtil.generateNonce(8); + requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8); } else { requestorEntropy = WSSecurityUtil .generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8); Modified: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java?rev=941365&r1=941364&r2=941365&view=diff ============================================================================== --- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java (original) +++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java Wed May 5 16:21:59 2010 @@ -26,17 +26,11 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.systest.ws.wssc.server.Server; -import org.apache.cxf.systest.ws.wssec11.WSSecurity11Common; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.SecurityConstants; + import org.junit.BeforeClass; import org.junit.Test; -import org.xmlsoap.ping.Ping; - -import wssec.wssc.IPingService; -import wssec.wssc.PingRequest; -import wssec.wssc.PingResponse; -import wssec.wssc.PingService; /** * @@ -45,70 +39,153 @@ public class WSSCTest extends AbstractBu private static final String OUT = "CXF : ping"; - + private static wssec.wssc.PingService svc; + @BeforeClass public static void startServers() throws Exception { - if (!WSSecurity11Common.checkUnrestrictedPoliciesInstalled()) { - //do nothing - return; - } assertTrue( "Server failed to launch", // run the server in the same process // set this to false to fork launchServer(Server.class, true) ); - } - - @Test - public void testClientServer() throws Exception { - if (!WSSecurity11Common.checkUnrestrictedPoliciesInstalled()) { - //do nothing - return; - } - String[] argv = new String[] { - "SecureConversation_MutualCertificate10SignEncrypt_IPingService", - "AC_IPingService", - "ADC_IPingService", - "ADC-ES_IPingService", - "_A_IPingService", - "_AD_IPingService", - "_AD-ES_IPingService", - - "UXC_IPingService", - "UXDC_IPingService", - "UXDC-SEES_IPingService", - "_UX_IPingService", - "_UXD_IPingService", - "_UXD-SEES_IPingService", - - - "XC_IPingService", - "XDC_IPingService", - "XDC_IPingService1", - "XDC-ES_IPingService", - "XDC-SEES_IPingService", - "_X_IPingService", - "_X10_IPingService", - "_XD_IPingService", - "_XD-SEES_IPingService", - "_XD-ES_IPingService", - }; - //argv = new String[] {argv[1]}; + final Bus bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssc/client/client.xml"); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - PingService svc = new PingService(); + svc = new wssec.wssc.PingService(); + } + + + @Test + public void testSecureConversationMutualCertificate10SignEncryptIPingService() throws Exception { + runTest("SecureConversation_MutualCertificate10SignEncrypt_IPingService"); + } + + @Test + public void testACIPingService() throws Exception { + runTest("AC_IPingService"); + } + + @Test + public void testADCIPingService() throws Exception { + runTest("ADC_IPingService"); + } + + @Test + public void testADCESIPingService() throws Exception { + runTest("ADC-ES_IPingService"); + } + + @Test + public void testAIPingService() throws Exception { + runTest("_A_IPingService"); + } + + @Test + public void testADIPingService() throws Exception { + runTest("_AD_IPingService"); + } + + @Test + public void testADESIPingService() throws Exception { + runTest("_AD-ES_IPingService"); + } + + @Test + public void testUXCIPingService() throws Exception { + runTest("UXC_IPingService"); + } + + @Test + public void testUXDCIPingService() throws Exception { + runTest("UXDC_IPingService"); + } + + @Test + public void testUXDCSEESIPingService() throws Exception { + runTest("UXDC-SEES_IPingService"); + } + + @Test + public void testUXIPingService() throws Exception { + runTest("_UX_IPingService"); + } + + @Test + public void testUXDIPingService() throws Exception { + runTest("_UXD_IPingService"); + } + + @Test + public void testUXDSEESIPingService() throws Exception { + runTest("_UXD-SEES_IPingService"); + } + + @Test + public void testXCIPingService() throws Exception { + runTest("XC_IPingService"); + } + + @Test + public void testXDCIPingService() throws Exception { + runTest("XDC_IPingService"); + } + + @Test + public void testXDCIPingService1() throws Exception { + runTest("XDC_IPingService1"); + } + + @Test + public void testXDCESIPingService() throws Exception { + runTest("XDC-ES_IPingService"); + } + + @Test + public void testXDCSEESIPingService() throws Exception { + runTest("XDC-SEES_IPingService"); + } + + @Test + public void testXIPingService() throws Exception { + runTest("_X_IPingService"); + } + + @Test + public void testX10IPingService() throws Exception { + runTest("_X10_IPingService"); + } + + @Test + public void testXDIPingService() throws Exception { + runTest("_XD_IPingService"); + } + + @Test + public void testXDSEESIPingService() throws Exception { + runTest("_XD-SEES_IPingService"); + } + + @Test + public void testXDESIPingService() throws Exception { + runTest("_XD-ES_IPingService"); + } + + + + + private void runTest(String ... argv) throws Exception { for (String portPrefix : argv) { - final IPingService port = + final wssec.wssc.IPingService port = svc.getPort( new QName( "http://WSSec/wssc", portPrefix ), - IPingService.class + wssec.wssc.IPingService.class ); ((BindingProvider)port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, @@ -118,14 +195,14 @@ public class WSSCTest extends AbstractBu ((BindingProvider)port).getRequestContext() .put(SecurityConstants.STS_TOKEN_DO_CANCEL, Boolean.TRUE); } - PingRequest params = new PingRequest(); - Ping ping = new Ping(); + wssec.wssc.PingRequest params = new wssec.wssc.PingRequest(); + org.xmlsoap.ping.Ping ping = new org.xmlsoap.ping.Ping(); ping.setOrigin("CXF"); ping.setScenario("Scenario5"); ping.setText("ping"); params.setPing(ping); try { - PingResponse output = port.ping(params); + wssec.wssc.PingResponse output = port.ping(params); assertEquals(OUT, output.getPingResponse().getText()); } catch (Exception ex) { throw new Exception("Error doing " + portPrefix, ex); Modified: cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/server/server.xml URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/server/server.xml?rev=941365&r1=941364&r2=941365&view=diff ============================================================================== --- cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/server/server.xml (original) +++ cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/server/server.xml Wed May 5 16:21:59 2010 @@ -46,7 +46,7 @@ - + Modified: cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssc/WSSecureConversation_policy.wsdl URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssc/WSSecureConversation_policy.wsdl?rev=941365&r1=941364&r2=941365&view=diff ============================================================================== --- cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssc/WSSecureConversation_policy.wsdl (original) +++ cxf/trunk/systests/ws-specs/src/test/resources/wsdl_systest_wsspec/wssc/WSSecureConversation_policy.wsdl Wed May 5 16:21:59 2010 @@ -29,7 +29,7 @@ - + @@ -77,7 +77,7 @@ - + @@ -193,7 +193,7 @@ - + @@ -240,7 +240,7 @@ - + @@ -379,7 +379,7 @@ - + @@ -425,7 +425,7 @@ - + @@ -563,7 +563,7 @@ - + @@ -610,7 +610,7 @@ - + @@ -748,7 +748,7 @@ - + @@ -796,7 +796,7 @@ - + @@ -935,7 +935,7 @@ - + @@ -983,7 +983,7 @@ - + @@ -1120,7 +1120,7 @@ - + @@ -1166,7 +1166,7 @@ - + @@ -1311,7 +1311,7 @@ - + @@ -1344,7 +1344,7 @@ - + @@ -1480,7 +1480,7 @@ - + @@ -1527,7 +1527,7 @@ - + @@ -1665,7 +1665,7 @@ - + @@ -1713,7 +1713,7 @@ - + @@ -1852,7 +1852,7 @@ - + @@ -1900,7 +1900,7 @@ - + @@ -2041,7 +2041,7 @@ - + @@ -2076,7 +2076,7 @@ - + @@ -2216,7 +2216,7 @@ - + @@ -2251,7 +2251,7 @@ - + @@ -2391,7 +2391,7 @@ - + @@ -2427,7 +2427,7 @@ - + @@ -2564,7 +2564,7 @@ - + @@ -2599,7 +2599,7 @@ - + @@ -2737,7 +2737,7 @@ - + @@ -2772,7 +2772,7 @@ - + @@ -2910,7 +2910,7 @@ - + @@ -2946,7 +2946,7 @@ - + @@ -3085,7 +3085,7 @@ - + @@ -3130,7 +3130,7 @@ - + @@ -3270,7 +3270,7 @@ - + @@ -3315,7 +3315,7 @@ - + @@ -3455,7 +3455,7 @@ - + @@ -3501,7 +3501,7 @@ - + @@ -3638,7 +3638,7 @@ - + @@ -3683,7 +3683,7 @@ - + @@ -3821,7 +3821,7 @@ - + @@ -3866,7 +3866,7 @@ - + @@ -4004,7 +4004,7 @@ - + @@ -4050,7 +4050,7 @@ - +