cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1081802 - in /cxf/trunk/rt/ws/security/src: main/java/org/apache/cxf/ws/security/wss4j/ test/java/org/apache/cxf/ws/security/wss4j/ test/resources/
Date Tue, 15 Mar 2011 14:39:00 GMT
Author: coheigea
Date: Tue Mar 15 14:38:59 2011
New Revision: 1081802

URL: http://svn.apache.org/viewvc?rev=1081802&view=rev
Log:
Added a set of unit tests for SAML Assertions + picking up some changes in the latest WSS4J
1.6-SNAPSHOT.

Added:
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSAMLCallbackHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML1CallbackHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML2CallbackHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
    cxf/trunk/rt/ws/security/src/test/resources/saml_hok.properties
      - copied, changed from r1081690, cxf/trunk/rt/ws/security/src/test/resources/saml2_hok.properties
    cxf/trunk/rt/ws/security/src/test/resources/saml_sv.properties
      - copied, changed from r1081690, cxf/trunk/rt/ws/security/src/test/resources/saml1_sv.properties
Removed:
    cxf/trunk/rt/ws/security/src/test/resources/saml1_sv.properties
    cxf/trunk/rt/ws/security/src/test/resources/saml2_hok.properties
    cxf/trunk/rt/ws/security/src/test/resources/saml2_sv.properties
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1081802&r1=1081801&r2=1081802&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
Tue Mar 15 14:38:59 2011
@@ -525,7 +525,7 @@ public class WSS4JInInterceptor extends 
             }
             if (cbHandler == null) {
                 try {
-                    cbHandler = getPasswordCB(reqData);
+                    cbHandler = getPasswordCallbackHandler(reqData);
                 } catch (WSSecurityException sec) {
                     Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
                     if (ep != null && ep.getEndpointInfo() != null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java?rev=1081802&r1=1081801&r2=1081802&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
Tue Mar 15 14:38:59 2011
@@ -18,12 +18,12 @@
  */
 package org.apache.cxf.ws.security.wss4j;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.Vector;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -184,7 +184,7 @@ public class WSS4JOutInterceptor extends
                 /*
                  * Get the action first.
                  */
-                List<Integer> actions = new Vector<Integer>();
+                List<Integer> actions = new ArrayList<Integer>();
                 String action = getString(WSHandlerConstants.ACTION, mc);
                 if (action == null) {
                     throw new SoapFault(new Message("NO_ACTION", LOG), version

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSAMLCallbackHandler.java?rev=1081802&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSAMLCallbackHandler.java
(added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSAMLCallbackHandler.java
Tue Mar 15 14:38:59 2011
@@ -0,0 +1,152 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.ActionBean;
+import org.apache.ws.security.saml.ext.bean.AttributeBean;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+
+/**
+ * A base implementation of a Callback Handler for a SAML assertion. By default it creates
an
+ * authentication assertion.
+ */
+public abstract class AbstractSAMLCallbackHandler implements CallbackHandler {
+    
+    public enum Statement {
+        AUTHN, ATTR, AUTHZ
+    };
+    
+    protected String subjectName;
+    protected String subjectQualifier;
+    protected String confirmationMethod;
+    protected X509Certificate[] certs;
+    protected Statement statement = Statement.AUTHN;
+    protected CERT_IDENTIFIER certIdentifier = CERT_IDENTIFIER.X509_CERT;
+    protected byte[] ephemeralKey;
+    
+    public void setConfirmationMethod(String confMethod) {
+        confirmationMethod = confMethod;
+    }
+    
+    public void setStatement(Statement statement) {
+        this.statement = statement;
+    }
+    
+    public void setCertIdentifier(CERT_IDENTIFIER certIdentifier) {
+        this.certIdentifier = certIdentifier;
+    }
+    
+    public void setCerts(X509Certificate[] certs) {
+        this.certs = certs;
+    }
+    
+    public byte[] getEphemeralKey() {
+        return ephemeralKey;
+    }
+    
+    /**
+     * Note that the SubjectBean parameter should be null for SAML2.0
+     */
+    protected void createAndSetStatement(SubjectBean subjectBean, SAMLCallback callback)
{
+        if (statement == Statement.AUTHN) {
+            AuthenticationStatementBean authBean = new AuthenticationStatementBean();
+            if (subjectBean != null) {
+                authBean.setSubject(subjectBean);
+            }
+            authBean.setAuthenticationMethod("Password");
+            callback.setAuthenticationStatementData(Collections.singletonList(authBean));
+        } else if (statement == Statement.ATTR) {
+            AttributeStatementBean attrBean = new AttributeStatementBean();
+            if (subjectBean != null) {
+                attrBean.setSubject(subjectBean);
+            }
+            AttributeBean attributeBean = new AttributeBean();
+            attributeBean.setSimpleName("role");
+            attributeBean.setAttributeValues(Collections.singletonList("user"));
+            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
+            callback.setAttributeStatementData(Collections.singletonList(attrBean));
+        } else {
+            AuthDecisionStatementBean authzBean = new AuthDecisionStatementBean();
+            if (subjectBean != null) {
+                authzBean.setSubject(subjectBean);
+            }
+            ActionBean actionBean = new ActionBean();
+            actionBean.setContents("Read");
+            authzBean.setActions(Collections.singletonList(actionBean));
+            authzBean.setResource("endpoint");
+            authzBean.setDecision(AuthDecisionStatementBean.Decision.PERMIT);
+            callback.setAuthDecisionStatementData(Collections.singletonList(authzBean));
+        }
+    }
+    
+    protected KeyInfoBean createKeyInfo() throws Exception {
+        KeyInfoBean keyInfo = new KeyInfoBean();
+        if (statement == Statement.AUTHN) {
+            keyInfo.setCertificate(certs[0]);
+            keyInfo.setCertIdentifer(certIdentifier);
+        } else if (statement == Statement.ATTR) {
+            // Build a new Document
+            DocumentBuilderFactory docBuilderFactory = 
+                DocumentBuilderFactory.newInstance();
+            docBuilderFactory.setNamespaceAware(true);
+            DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+            Document doc = docBuilder.newDocument();
+                  
+            // Create an Encrypted Key
+            WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+            encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
+            encrKey.setUseThisCert(certs[0]);
+            encrKey.prepare(doc, null);
+            ephemeralKey = encrKey.getEphemeralKey();
+            Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
+            
+            // Append the EncryptedKey to a KeyInfo element
+            Element keyInfoElement = 
+                doc.createElementNS(
+                    WSConstants.SIG_NS, WSConstants.SIG_PREFIX + ":" + WSConstants.KEYINFO_LN
+                );
+            keyInfoElement.setAttributeNS(
+                WSConstants.XMLNS_NS, "xmlns:" + WSConstants.SIG_PREFIX, WSConstants.SIG_NS
+            );
+            keyInfoElement.appendChild(encryptedKeyElement);
+            
+            keyInfo.setElement(keyInfoElement);
+        }
+        return keyInfo;
+    }
+}

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML1CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML1CallbackHandler.java?rev=1081802&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML1CallbackHandler.java
(added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML1CallbackHandler.java
Tue Mar 15 14:38:59 2011
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
+import org.opensaml.common.SAMLVersion;
+
+/**
+ * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an
+ * authentication assertion using Sender Vouches.
+ */
+public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
+    
+    public SAML1CallbackHandler() throws Exception {
+        if (certs == null) {
+            Crypto crypto = CryptoFactory.getInstance("alice.properties");
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("alice");
+            certs = crypto.getX509Certificates(cryptoType);
+        }
+        
+        subjectName = "uid=alice,ou=people,ou=saml-demo,o=example.com";
+        subjectQualifier = "www.example.com";
+        confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
+    }
+    
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof SAMLCallback) {
+                SAMLCallback callback = (SAMLCallback) callbacks[i];
+                callback.setSamlVersion(SAMLVersion.VERSION_11);
+                SubjectBean subjectBean = 
+                    new SubjectBean(
+                        subjectName, subjectQualifier, confirmationMethod
+                    );
+                if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
+                    try {
+                        KeyInfoBean keyInfo = createKeyInfo();
+                        subjectBean.setKeyInfo(keyInfo);
+                    } catch (Exception ex) {
+                        throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
+                    }
+                }
+                createAndSetStatement(subjectBean, callback);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+    
+}

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML2CallbackHandler.java?rev=1081802&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML2CallbackHandler.java
(added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SAML2CallbackHandler.java
Tue Mar 15 14:38:59 2011
@@ -0,0 +1,81 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.opensaml.common.SAMLVersion;
+
+/**
+ * A Callback Handler implementation for a SAML 2 assertion. By default it creates an
+ * authentication assertion using Sender Vouches.
+ */
+public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
+    
+    public SAML2CallbackHandler() throws Exception {
+        if (certs == null) {
+            Crypto crypto = CryptoFactory.getInstance("alice.properties");
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("alice");
+            certs = crypto.getX509Certificates(cryptoType);
+        }
+        
+        subjectName = "uid=alice,ou=people,ou=saml-demo,o=example.com";
+        subjectQualifier = "www.example.com";
+        confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
+    }
+    
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof SAMLCallback) {
+                SAMLCallback callback = (SAMLCallback) callbacks[i];
+                callback.setSamlVersion(SAMLVersion.VERSION_20);
+                SubjectBean subjectBean = 
+                    new SubjectBean(
+                        subjectName, subjectQualifier, confirmationMethod
+                    );
+                if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
+                    try {
+                        KeyInfoBean keyInfo = createKeyInfo();
+                        subjectBean.setKeyInfo(keyInfo);
+                    } catch (Exception ex) {
+                        throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
+                    }
+                }
+                callback.setSubject(subjectBean);
+                createAndSetStatement(null, callback);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+    
+}

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java?rev=1081802&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
(added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SamlTokenTest.java
Tue Mar 15 14:38:59 2011
@@ -0,0 +1,380 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.soap.SOAPPart;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.helpers.DOMUtils.NullResolver;
+import org.apache.cxf.helpers.XMLUtils;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.junit.Test;
+
+
+/**
+ * Some tests for creating and processing (signed) SAML Assertions.
+ */
+public class SamlTokenTest extends AbstractSecurityTest {
+
+    public SamlTokenTest() {
+    }
+
+    /**
+     * This test creates a SAML1 Assertion and sends it in the security header to the provider.

+     */
+    @Test
+    public void testSaml1Token() throws Exception {
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
+        outProperties.put(
+            WSHandlerConstants.SAML_CALLBACK_CLASS, 
+            "org.apache.cxf.ws.security.wss4j.SAML1CallbackHandler"
+        );
+        
+        Map<String, String> inProperties = new HashMap<String, String>();
+        inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        
+        List<String> xpaths = new ArrayList<String>();
+        xpaths.add("//wsse:Security");
+        xpaths.add("//wsse:Security/saml1:Assertion");
+
+        List<WSHandlerResult> handlerResults = 
+            makeInvocation(outProperties, xpaths, inProperties);
+        
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
+        assert !receivedAssertion.isSigned();
+    }
+    
+    /**
+     * This test creates a SAML2 Assertion and sends it in the security header to the provider.
+     */
+    @Test
+    public void testSaml2Token() throws Exception {
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
+        outProperties.put(
+            WSHandlerConstants.SAML_CALLBACK_CLASS, 
+            "org.apache.cxf.ws.security.wss4j.SAML2CallbackHandler"
+        );
+        
+        Map<String, String> inProperties = new HashMap<String, String>();
+        inProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_UNSIGNED);
+        
+        List<String> xpaths = new ArrayList<String>();
+        xpaths.add("//wsse:Security");
+        xpaths.add("//wsse:Security/saml2:Assertion");
+
+        List<WSHandlerResult> handlerResults = 
+            makeInvocation(outProperties, xpaths, inProperties);
+        
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
+        assert !receivedAssertion.isSigned();
+    }
+    
+    /**
+     * This test creates a sender-vouches SAML1 Assertion, where the Assertion and SOAP body
are 
+     * signed, and sends it in the security header to the provider.
+     */
+    @Test
+    public void testSaml1TokenSignedSenderVouches() throws Exception {
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
+        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+        outProperties.put(WSHandlerConstants.USER, "myalias");
+        outProperties.put("password", "myAliasPassword");
+        outProperties.put(
+            WSHandlerConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler()
+        );
+        
+        Map<String, String> inProperties = new HashMap<String, String>();
+        inProperties.put(
+            WSHandlerConstants.ACTION, 
+            WSHandlerConstants.SAML_TOKEN_UNSIGNED + " " + WSHandlerConstants.SIGNATURE
+        );
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        
+        List<String> xpaths = new ArrayList<String>();
+        xpaths.add("//wsse:Security");
+        xpaths.add("//wsse:Security/saml1:Assertion");
+
+        List<WSHandlerResult> handlerResults = 
+            makeInvocation(outProperties, xpaths, inProperties);
+        
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
+        assert !receivedAssertion.isSigned();
+        
+        actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
+        assertTrue(actionResult != null);
+    }
+    
+    /**
+     * This test creates a sender-vouches SAML2 Assertion, where the Assertion and SOAP body
are 
+     * signed, and sends it in the security header to the provider.
+     */
+    @Test
+    public void testSaml2TokenSignedSenderVouches() throws Exception {
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_sv.properties");
+        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+        outProperties.put(WSHandlerConstants.USER, "myalias");
+        outProperties.put("password", "myAliasPassword");
+        outProperties.put(
+            WSHandlerConstants.SAML_CALLBACK_REF, new SAML2CallbackHandler()
+        );
+        
+        Map<String, String> inProperties = new HashMap<String, String>();
+        inProperties.put(
+            WSHandlerConstants.ACTION, 
+            WSHandlerConstants.SAML_TOKEN_UNSIGNED + " " + WSHandlerConstants.SIGNATURE
+        );
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        
+        List<String> xpaths = new ArrayList<String>();
+        xpaths.add("//wsse:Security");
+        xpaths.add("//wsse:Security/saml2:Assertion");
+
+        List<WSHandlerResult> handlerResults = 
+            makeInvocation(outProperties, xpaths, inProperties);
+        
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_UNSIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
+        assert !receivedAssertion.isSigned();
+        
+        actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
+        assertTrue(actionResult != null);
+    }
+    
+    
+    /**
+     * This test creates a holder-of-key SAML1 Assertion, and sends it in the security header

+     * to the provider.
+     */
+    @Test
+    public void testSaml1TokenHOK() throws Exception {
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_hok.properties");
+        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+        outProperties.put(WSHandlerConstants.USER, "alice");
+        outProperties.put("password", "password");
+        outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        outProperties.put(
+            WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
+        );
+        
+        Map<String, String> inProperties = new HashMap<String, String>();
+        inProperties.put(
+            WSHandlerConstants.ACTION, 
+            WSHandlerConstants.SAML_TOKEN_SIGNED + " " + WSHandlerConstants.SIGNATURE
+        );
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        
+        List<String> xpaths = new ArrayList<String>();
+        xpaths.add("//wsse:Security");
+        xpaths.add("//wsse:Security/saml1:Assertion");
+
+        List<WSHandlerResult> handlerResults = 
+            makeInvocation(outProperties, xpaths, inProperties);
+        
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
+        assert receivedAssertion.isSigned();
+        
+        actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
+        assertTrue(actionResult != null);
+    }
+    
+    /**
+     * This test creates a holder-of-key SAML2 Assertion, and sends it in the security header

+     * to the provider.
+     */
+    @Test
+    public void testSaml2TokenHOK() throws Exception {
+        Map<String, Object> outProperties = new HashMap<String, Object>();
+        outProperties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
+        outProperties.put(WSHandlerConstants.SAML_PROP_FILE, "saml_hok.properties");
+        outProperties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+        outProperties.put(WSHandlerConstants.USER, "alice");
+        outProperties.put("password", "password");
+        outProperties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        outProperties.put(
+            WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
+        );
+        
+        Map<String, String> inProperties = new HashMap<String, String>();
+        inProperties.put(
+            WSHandlerConstants.ACTION, 
+            WSHandlerConstants.SAML_TOKEN_SIGNED + " " + WSHandlerConstants.SIGNATURE
+        );
+        inProperties.put(WSHandlerConstants.SIG_PROP_FILE, "insecurity.properties");
+        
+        List<String> xpaths = new ArrayList<String>();
+        xpaths.add("//wsse:Security");
+        xpaths.add("//wsse:Security/saml2:Assertion");
+
+        List<WSHandlerResult> handlerResults = 
+            makeInvocation(outProperties, xpaths, inProperties);
+        
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.ST_SIGNED);
+        AssertionWrapper receivedAssertion = 
+            (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
+        assert receivedAssertion.isSigned();
+        
+        actionResult =
+            WSSecurityUtil.fetchActionResult(handlerResults.get(0).getResults(), WSConstants.SIGN);
+        assertTrue(actionResult != null);
+    }
+    
+    private List<WSHandlerResult> makeInvocation(
+        Map<String, Object> outProperties,
+        List<String> xpaths,
+        Map<String, String> inProperties
+    ) throws Exception {
+        Document doc = readDocument("wsse-request-clean.xml");
+
+        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor();
+        PhaseInterceptor<SoapMessage> handler = ohandler.createEndingInterceptor();
+
+        SoapMessage msg = new SoapMessage(new MessageImpl());
+        Exchange ex = new ExchangeImpl();
+        ex.setInMessage(msg);
+
+        SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
+        SOAPPart part = saajMsg.getSOAPPart();
+        part.setContent(new DOMSource(doc));
+        saajMsg.saveChanges();
+
+        msg.setContent(SOAPMessage.class, saajMsg);
+
+        for (String key : outProperties.keySet()) {
+            msg.put(key, outProperties.get(key));
+        }
+
+        handler.handleMessage(msg);
+
+        doc = part;
+
+        for (String xpath : xpaths) {
+            assertValid(xpath, doc);
+        }
+
+        byte[] docbytes = getMessageBytes(doc);
+        XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes));
+
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+        dbf.setValidating(false);
+        dbf.setIgnoringComments(false);
+        dbf.setIgnoringElementContentWhitespace(true);
+        dbf.setNamespaceAware(true);
+
+        DocumentBuilder db = dbf.newDocumentBuilder();
+        db.setEntityResolver(new NullResolver());
+        doc = StaxUtils.read(db, reader, false);
+
+        WSS4JInInterceptor inHandler = new WSS4JInInterceptor();
+
+        SoapMessage inmsg = new SoapMessage(new MessageImpl());
+        ex.setInMessage(inmsg);
+        inmsg.setContent(SOAPMessage.class, saajMsg);
+
+        for (String key : inProperties.keySet()) {
+            inHandler.setProperty(key, inProperties.get(key));
+        }
+
+        inHandler.handleMessage(inmsg);
+
+        final List<WSHandlerResult> handlerResults = 
+            CastUtils.cast((List<?>)inmsg.get(WSHandlerConstants.RECV_RESULTS));
+        return handlerResults;
+    }
+    
+    private byte[] getMessageBytes(Document doc) throws Exception {
+        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+        XMLStreamWriter byteArrayWriter = StaxUtils.createXMLStreamWriter(outputStream);
+        StaxUtils.writeDocument(doc, byteArrayWriter, false);
+        byteArrayWriter.flush();
+        return outputStream.toByteArray();
+    }
+
+    // FOR DEBUGGING ONLY
+    /*private*/ static String serialize(Document doc) {
+        return XMLUtils.toString(doc);
+    }
+}

Copied: cxf/trunk/rt/ws/security/src/test/resources/saml_hok.properties (from r1081690, cxf/trunk/rt/ws/security/src/test/resources/saml2_hok.properties)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/resources/saml_hok.properties?p2=cxf/trunk/rt/ws/security/src/test/resources/saml_hok.properties&p1=cxf/trunk/rt/ws/security/src/test/resources/saml2_hok.properties&r1=1081690&r2=1081802&rev=1081802&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/resources/saml2_hok.properties (original)
+++ cxf/trunk/rt/ws/security/src/test/resources/saml_hok.properties Tue Mar 15 14:38:59 2011
@@ -1,10 +1,8 @@
 org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
-org.apache.ws.security.saml.issuer.cryptoProp.file=crypto.properties
-org.apache.ws.security.saml.issuer.key.name=16c73ab6-b892-458f-abf5-2f875f74882e
-org.apache.ws.security.saml.issuer.key.password=security
+org.apache.ws.security.saml.issuer.cryptoProp.file=outsecurity.properties
+org.apache.ws.security.saml.issuer.key.name=myalias
+org.apache.ws.security.saml.issuer.key.password=myAliasPassword
 org.apache.ws.security.saml.issuer=www.example.com
 org.apache.ws.security.saml.issuer.sendKeyValue=false
 org.apache.ws.security.saml.issuer.signAssertion=true
-org.apache.ws.security.saml.version=1.1
-org.apache.ws.security.saml.callback=org.apache.ws.security.common.SAML1AuthnHOKHandler
 

Copied: cxf/trunk/rt/ws/security/src/test/resources/saml_sv.properties (from r1081690, cxf/trunk/rt/ws/security/src/test/resources/saml1_sv.properties)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/resources/saml_sv.properties?p2=cxf/trunk/rt/ws/security/src/test/resources/saml_sv.properties&p1=cxf/trunk/rt/ws/security/src/test/resources/saml1_sv.properties&r1=1081690&r2=1081802&rev=1081802&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/resources/saml1_sv.properties (original)
+++ cxf/trunk/rt/ws/security/src/test/resources/saml_sv.properties Tue Mar 15 14:38:59 2011
@@ -3,5 +3,3 @@ org.apache.ws.security.saml.issuer=www.e
 org.apache.ws.security.saml.issuer.cryptoProp.file=outsecurity.properties
 org.apache.ws.security.saml.issuer.key.name=myalias
 org.apache.ws.security.saml.issuer.key.password=myAliasPassword
-org.apache.ws.security.saml.version=1.1
-org.apache.ws.security.saml.callback=org.apache.cxf.ws.security.wss4j.SAML1CallbackHandler



Mime
View raw message