cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1196708 - in /cxf/branches/2.4.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/...
Date Wed, 02 Nov 2011 17:20:16 GMT
Author: coheigea
Date: Wed Nov  2 17:20:15 2011
New Revision: 1196708

URL: http://svn.apache.org/viewvc?rev=1196708&view=rev
Log:
Added support to the SymmetricBinding for the ProtectTokens policy for X509Tokens.
 - Added 2x system tests

Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/x509/DoubleItX509.wsdl

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
Wed Nov  2 17:20:15 2011
@@ -108,7 +108,9 @@ public class SymmetricBindingBuilder imp
                 symmetricBinding.setEntireHeadersAndBodySignatures(true);
             } else if (SPConstants.ENCRYPT_SIGNATURE.equals(name.getLocalPart())) {
                 symmetricBinding.setSignatureProtection(true);
-            }
+            } else if (SPConstants.PROTECT_TOKENS.equals(name.getLocalPart())) {
+                symmetricBinding.setTokenProtection(true);
+            } 
         }
     }
 }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/TransportBindingBuilder.java
Wed Nov  2 17:20:15 2011
@@ -84,8 +84,6 @@ public class TransportBindingBuilder imp
                         parent.setIncludeTimestamp(true);
                     } else if (name.equals(SPConstants.LAYOUT)) {
                         parent.setLayout((Layout)new LayoutBuilder().build(child, factory));
-                    } else if (name.equals(SPConstants.PROTECT_TOKENS)) {
-                        parent.setTokenProtection(true);
                     } else if (name.equals(SPConstants.SIGNED_SUPPORTING_TOKENS)
                         || name.equals(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
                         

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/TransportBinding.java
Wed Nov  2 17:20:15 2011
@@ -110,11 +110,6 @@ public class TransportBinding extends Bi
             layout.serialize(writer);
             // </sp:Layout>
         }
-        if (isTokenProtection()) {
-            // <sp:ProtectTokens />
-            writer.writeStartElement(prefix, SPConstants.PROTECT_TOKENS, namespaceURI);
-            writer.writeEndElement();
-        }
 
         if (isIncludeTimestamp()) {
             // <sp:IncludeTimestamp>

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Wed Nov  2 17:20:15 2011
@@ -775,7 +775,10 @@ public class SymmetricBindingHandler ext
             } else {
                 sigTokId = tok.getId();
             }
-                           
+                      
+            if (included && sbinding.isTokenProtection()) {
+                sigs.add(new WSEncryptionPart(sigTokId));
+            }
             
             sig.setCustomTokenId(sigTokId);
             sig.setSecretKey(tok.getSecret());

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Wed Nov  2 17:20:15 2011
@@ -286,12 +286,6 @@ public class TransportBindingHandler ext
             
             dkSig.prepare(doc, secHeader);
             
-            /*
-            if(binding.isTokenProtection()) {
-                sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
-            }
-            */
-            
             dkSig.setParts(sigParts);
             List<Reference> referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
             

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Wed Nov  2 17:20:15 2011
@@ -130,6 +130,44 @@ public class X509TokenTest extends Abstr
         x509Port.doubleIt(BigInteger.valueOf(25));
     }
     
+    @org.junit.Test
+    public void testAsymmetricProtectTokens() throws Exception {
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        DoubleItService service = new DoubleItService();
+        DoubleItPortType x509Port = service.getDoubleItAsymmetricProtectTokensPort();
+        updateAddressPort(x509Port, PORT);
+        x509Port.doubleIt(BigInteger.valueOf(25));
+    }
+    
+    @org.junit.Test
+    public void testSymmetricProtectTokens() throws Exception {
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        DoubleItService service = new DoubleItService();
+        DoubleItPortType x509Port = service.getDoubleItSymmetricProtectTokensPort();
+        updateAddressPort(x509Port, PORT);
+        x509Port.doubleIt(BigInteger.valueOf(25));
+    }
+    
     private boolean checkUnrestrictedPoliciesInstalled() {
         try {
             byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
Wed Nov  2 17:20:15 2011
@@ -80,4 +80,27 @@
        </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://WSSec/x509}DoubleItAsymmetricProtectTokensPort" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="bob"/>
+           <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>

+           <entry key="ws-security.signature.username" value="alice"/>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://WSSec/x509}DoubleItSymmetricProtectTokensPort" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="bob"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
 </beans>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
Wed Nov  2 17:20:15 2011
@@ -123,4 +123,45 @@
      
     </jaxws:endpoint> 
     
+    <jaxws:endpoint 
+       id="AsymmetricProtectTokens"
+       address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricProtect"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricProtectTokensPort"
+       xmlns:s="http://WSSec/x509"
+       implementor="org.apache.cxf.systest.ws.x509.server.DoubleItImpl"
+       wsdlLocation="wsdl_systest_wssec/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>

+          <entry key="ws-security.encryption.username" value="alice"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="SymmetricProtectTokens"
+       address="http://localhost:${testutil.ports.Server}/DoubleItX509SymmetricProtect" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSymmetricProtectTokensPort"
+       xmlns:s="http://WSSec/x509"
+       implementor="org.apache.cxf.systest.ws.x509.server.DoubleItImpl"
+       wsdlLocation="wsdl_systest_wssec/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
 </beans>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/x509/DoubleItX509.wsdl?rev=1196708&r1=1196707&r2=1196708&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/x509/DoubleItX509.wsdl
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/wsdl_systest_wssec/x509/DoubleItX509.wsdl
Wed Nov  2 17:20:15 2011
@@ -149,6 +149,45 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItAsymmetricProtectTokensBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItAsymmetricProtectTokensPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItSymmetricProtectTokensBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSymmetricProtectTokensPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItKeyIdentifierPort" binding="tns:DoubleItKeyIdentifierBinding">
             <soap:address location="http://localhost:9001/DoubleItX509KeyIdentifier" />
@@ -163,6 +202,14 @@
                    binding="tns:DoubleItAsymmetricIssuerSerialBinding">
             <soap:address location="http://localhost:9001/DoubleItX509Asymmetric" />
         </wsdl:port>
+        <wsdl:port name="DoubleItAsymmetricProtectTokensPort" 
+                   binding="tns:DoubleItAsymmetricProtectTokensBinding">
+            <soap:address location="http://localhost:9001/DoubleItX509AsymmetricProtect"
/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItSymmetricProtectTokensPort" 
+                   binding="tns:DoubleItSymmetricProtectTokensBinding">
+            <soap:address location="http://localhost:9001/DoubleItX509SymmetricProtect"
/>
+        </wsdl:port>
     </wsdl:service>
 
     <wsp:Policy wsu:Id="DoubleItKeyIdentifierPolicy">
@@ -313,6 +360,86 @@
       </wsp:ExactlyOne>
     </wsp:Policy>
     
+    <wsp:Policy wsu:Id="DoubleItAsymmetricProtectTokensPolicy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:AsymmetricBinding>
+               <wsp:Policy>
+                  <sp:InitiatorToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:InitiatorToken>
+                  <sp:RecipientToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                              <sp:RequireIssuerSerialReference />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:RecipientToken>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax/>
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp/>
+                  <sp:OnlySignEntireHeadersAndBody/>
+                  <sp:ProtectTokens/>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic256/>
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+               </wsp:Policy>
+            </sp:AsymmetricBinding>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
+    
+    <wsp:Policy wsu:Id="DoubleItSymmetricProtectTokensPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SymmetricBinding>
+                  <wsp:Policy>
+                    <sp:ProtectionToken>
+                       <wsp:Policy>
+                          <sp:X509Token
+                             sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                             <wsp:Policy>
+                                <sp:WssX509V3Token11 />
+                             </wsp:Policy>
+                          </sp:X509Token>
+                       </wsp:Policy>
+                    </sp:ProtectionToken>
+                    <sp:Layout>
+                       <wsp:Policy>
+                          <sp:Lax/>
+                       </wsp:Policy>
+                    </sp:Layout>
+                    <sp:IncludeTimestamp/>
+                    <sp:OnlySignEntireHeadersAndBody/>
+                    <sp:ProtectTokens/>
+                    <sp:SignBeforeEncrypting/>
+                    <sp:AlgorithmSuite>
+                       <wsp:Policy>
+                          <sp:Basic256/>
+                       </wsp:Policy>
+                    </sp:AlgorithmSuite>
+                 </wsp:Policy>
+              </sp:SymmetricBinding>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
       <wsp:ExactlyOne>
          <wsp:All>



Mime
View raw message