Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1091384 - in /cxf/trunk/systests/ws-security/src/test:
 java/org/apache/cxf/systest/ws/saml/
 java/org/apache/cxf/systest/ws/saml/client/
 resources/org/apache/cxf/systest/ws/saml/client/
 resources/wsdl_systest_wssec/saml/
Date: Tue, 12 Apr 2011 12:29:10 -0000
To: commits@cxf.apache.org
From: coheigea@apache.org
Message-Id: <20110412122910.B9D3623889B3@eris.apache.org>

Author: coheigea
Date: Tue Apr 12 12:29:10 2011
New Revision: 1091384

URL: http://svn.apache.org/viewvc?rev=1091384&view=rev
Log:
[CXF-3432] - Added a test for the last commit.

Modified:
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java Tue Apr 12 12:29:10 2011
@@ -29,6 +29,7 @@ import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
 import org.apache.cxf.systest.ws.saml.server.Server;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 
@@ -76,8 +77,7 @@ public class SamlTokenTest extends Abstr
         }
         
         ((BindingProvider)saml1Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
         );
         try {
             saml1Port.doubleIt(BigInteger.valueOf(25));
@@ -87,8 +87,7 @@ public class SamlTokenTest extends Abstr
         }
 
         ((BindingProvider)saml1Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
         );
         BigInteger result = saml1Port.doubleIt(BigInteger.valueOf(25));
         assert result.equals(BigInteger.valueOf(50));
@@ -110,7 +109,7 @@ public class SamlTokenTest extends Abstr
         DoubleItService service = new DoubleItService();
         
         DoubleItPortType saml2Port = service.getDoubleItSaml2SymmetricPort();
-        
+       
         try {
             saml2Port.doubleIt(BigInteger.valueOf(25));
             fail("Expected failure on an invocation with no SAML Assertion");
@@ -119,8 +118,7 @@ public class SamlTokenTest extends Abstr
         }
         
         ((BindingProvider)saml2Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
         );
         try {
             saml2Port.doubleIt(BigInteger.valueOf(25));
@@ -130,12 +128,45 @@ public class SamlTokenTest extends Abstr
         }
         
         ((BindingProvider)saml2Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
         );
         BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
         assert result.equals(BigInteger.valueOf(50));
     }
+    
+    /**
+     * Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
+     * fail as the provider will demand that there is a signature covering both the assertion
+     * and the message body.
+     */
+    @org.junit.Test
+    public void testSaml2OverSymmetricSupporting() throws Exception {
+
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        DoubleItService service = new DoubleItService();
+        
+        DoubleItPortType saml2Port = service.getDoubleItSaml2SymmetricSupportingPort();
+        
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
+        );
+        
+        try {
+            saml2Port.doubleIt(BigInteger.valueOf(25));
+            fail("Expected failure on an invocation with an unsigned SAML SV Assertion");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            assert ex.getMessage().contains("Assertion fails sender-vouches requirements");
+        }
+    }
 
     @org.junit.Test
     public void testSaml2OverAsymmetric() throws Exception {
@@ -163,8 +194,7 @@ public class SamlTokenTest extends Abstr
         }
         
         ((BindingProvider)saml2Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
         );
         try {
             saml2Port.doubleIt(BigInteger.valueOf(25));
@@ -174,8 +204,7 @@ public class SamlTokenTest extends Abstr
         }
         
         ((BindingProvider)saml2Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
         );
         BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
         assert result.equals(BigInteger.valueOf(50));
@@ -196,8 +225,7 @@ public class SamlTokenTest extends Abstr
         DoubleItPortType saml1Port = service.getDoubleItSaml1SelfSignedTransportPort();
         
         ((BindingProvider)saml1Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler(false)
+            "ws-security.saml-callback-handler", new SamlCallbackHandler(false)
         );
         BigInteger result = saml1Port.doubleIt(BigInteger.valueOf(25));
         assert result.equals(BigInteger.valueOf(50));
@@ -222,8 +250,7 @@ public class SamlTokenTest extends Abstr
         DoubleItPortType saml2Port = service.getDoubleItSaml2SymmetricProtectionPort();
         
         ((BindingProvider)saml2Port).getRequestContext().put(
-            "ws-security.saml-callback-handler",
-            new org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler()
+            "ws-security.saml-callback-handler", new SamlCallbackHandler()
         );
         BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
         assert result.equals(BigInteger.valueOf(50));

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java Tue Apr 12 12:29:10 2011
@@ -39,6 +39,7 @@ import org.opensaml.common.SAMLVersion;
  */
 public class SamlCallbackHandler implements CallbackHandler {
     private boolean saml2 = true;
+    private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
     
     public SamlCallbackHandler() {
         //
@@ -48,6 +49,10 @@ public class SamlCallbackHandler impleme
         this.saml2 = saml2;
     }
     
+    public void setConfirmationMethod(String confirmationMethod) {
+        this.confirmationMethod = confirmationMethod;
+    }
+    
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
@@ -60,8 +65,7 @@ public class SamlCallbackHandler impleme
                 callback.setIssuer("sts");
                 String subjectName = "uid=sts-client,o=mock-sts.com";
                 String subjectQualifier = "www.mock-sts.com";
-                String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
-                if (!saml2) {
+                if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                     confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
                 }
                 SubjectBean subjectBean = 

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml Tue Apr 12 12:29:10 2011
@@ -59,9 +59,20 @@
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
            <entry key="ws-security.encryption.username" value="bob"/>
        </jaxws:properties>
-   </jaxws:client>  
+    </jaxws:client>
+    
+      <jaxws:client name="{http://WSSec/saml}DoubleItSaml2SymmetricSupportingPort" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+           <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="bob"/>
+       </jaxws:properties>
+     </jaxws:client>  
    
-   <jaxws:client name="{http://WSSec/saml}DoubleItSaml2AsymmetricPort" 
+    <jaxws:client name="{http://WSSec/saml}DoubleItSaml2AsymmetricPort" 
                   createdFromAPI="true">
        <jaxws:properties>
            <entry key="ws-security.encryption.username" value="alice"/>
@@ -73,9 +84,9 @@
            <entry key="ws-security.signature.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
        </jaxws:properties>
-   </jaxws:client> 
+    </jaxws:client> 
 
-   <jaxws:client name="{http://WSSec/saml}DoubleItSaml1SelfSignedTransportPort" 
+    <jaxws:client name="{http://WSSec/saml}DoubleItSaml1SelfSignedTransportPort" 
                   createdFromAPI="true">
        <jaxws:properties>
            <entry key="ws-security.callback-handler" 
@@ -85,9 +96,9 @@
                   value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
            <entry key="ws-security.self-sign-saml-assertion" value="true"/>
        </jaxws:properties>
-   </jaxws:client>  
+    </jaxws:client>  
    
-   <jaxws:client name="{http://WSSec/saml}DoubleItSaml2SymmetricProtectionPort" 
+    <jaxws:client name="{http://WSSec/saml}DoubleItSaml2SymmetricProtectionPort" 
                   createdFromAPI="true">
        <jaxws:properties>
            <entry key="ws-security.callback-handler" 
@@ -96,6 +107,6 @@
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
            <entry key="ws-security.encryption.username" value="bob"/>
        </jaxws:properties>
-   </jaxws:client>  
+    </jaxws:client>  
     
 </beans>

Modified: cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl?rev=1091384&r1=1091383&r2=1091384&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl Tue Apr 12 12:29:10 2011
@@ -129,6 +129,25 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItSaml2SymmetricSupportingBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSaml2SymmetricSupportingPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:binding name="DoubleItSaml2AsymmetricBinding" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#DoubleItSaml2AsymmetricPolicy" />
         <soap:binding style="document"
@@ -175,6 +194,10 @@
         <wsdl:port name="DoubleItSaml2SymmetricPort" binding="tns:DoubleItSaml2SymmetricBinding">
             <soap:address location="http://localhost:9001/DoubleItSaml2Symmetric" />
         </wsdl:port>
+        <wsdl:port name="DoubleItSaml2SymmetricSupportingPort" 
+                   binding="tns:DoubleItSaml2SymmetricSupportingBinding">
+            <soap:address location="http://localhost:9001/DoubleItSaml2Symmetric" />
+        </wsdl:port>
         <wsdl:port name="DoubleItSaml2AsymmetricPort" binding="tns:DoubleItSaml2AsymmetricBinding">
             <soap:address location="http://localhost:9001/DoubleItSaml2Asymmetric" />
         </wsdl:port>
@@ -310,6 +333,56 @@
          </wsp:All>
       </wsp:ExactlyOne>
     </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItSaml2SymmetricSupportingPolicy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:SymmetricBinding>
+               <wsp:Policy>
+                  <sp:ProtectionToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                              <sp:RequireThumbprintReference />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:ProtectionToken>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax/>
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp/>
+                  <sp:OnlySignEntireHeadersAndBody/>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic256/>
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+               </wsp:Policy>
+            </sp:SymmetricBinding>
+            <sp:Wss11>
+               <wsp:Policy>
+                  <sp:MustSupportRefIssuerSerial/>
+                  <sp:MustSupportRefThumbprint/>
+                  <sp:MustSupportRefEncryptedKey/>
+               </wsp:Policy>
+            </sp:Wss11>
+            <sp:SupportingTokens>
+               <wsp:Policy>
+                  <sp:SamlToken
+                      sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                      <wsp:Policy>
+                         <sp:WssSamlV20Token11/>
+                      </wsp:Policy>
+                  </sp:SamlToken>
+               </wsp:Policy>
+            </sp:SupportingTokens>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
     <wsp:Policy wsu:Id="DoubleItSaml2AsymmetricPolicy">
       <wsp:ExactlyOne>
          <wsp:All>