cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1214309 - in /cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test: java/org/apache/cxf/systest/wssec/examples/saml/ resources/ resources/org/apache/cxf/systest/wssec/examples/saml/ resources/org/apache/cxf/systest/wssec/example...
Date Wed, 14 Dec 2011 15:55:40 GMT
Author: coheigea
Date: Wed Dec 14 15:55:39 2011
New Revision: 1214309

URL: http://svn.apache.org/viewvc?rev=1214309&view=rev
Log:
Added some more SAML ws-security-example tests

Modified:
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java
Wed Dec 14 15:55:39 2011
@@ -20,16 +20,23 @@
 package org.apache.cxf.systest.wssec.examples.saml;
 
 import java.io.IOException;
+import java.security.cert.X509Certificate;
 import java.util.Collections;
 
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.ws.security.saml.ext.SAMLCallback;
 import org.apache.ws.security.saml.ext.bean.AttributeBean;
 import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
 import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 import org.opensaml.common.SAMLVersion;
 
@@ -67,6 +74,15 @@ public class SamlCallbackHandler impleme
                     new SubjectBean(
                         subjectName, subjectQualifier, confirmationMethod
                     );
+                if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)
+                    || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
+                    try {
+                        KeyInfoBean keyInfo = createKeyInfo();
+                        subjectBean.setKeyInfo(keyInfo);
+                    } catch (Exception ex) {
+                        throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
+                    }
+                }
                 
                 callback.setSubject(subjectBean);
                 
@@ -81,5 +97,19 @@ public class SamlCallbackHandler impleme
             }
         }
     }
+
+    protected KeyInfoBean createKeyInfo() throws Exception {
+        Crypto crypto = 
+            CryptoFactory.getInstance("alice.properties");
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("alice");
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        
+        KeyInfoBean keyInfo = new KeyInfoBean();
+        keyInfo.setCertificate(certs[0]);
+        keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+        
+        return keyInfo;
+    }
     
 }

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
Wed Dec 14 15:55:39 2011
@@ -78,4 +78,50 @@ public class SamlTokenTest extends Abstr
         samlPort.doubleIt(25);
     }
     
+    /**
+     * 2.3.1.2 (WSS1.0) SAML1.1 Assertion (Sender Vouches) over SSL
+     */
+    @org.junit.Test
+    public void testTLSSenderVouches() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesPort");
+        DoubleItPortType samlPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(samlPort, PORT2);
+        
+        samlPort.doubleIt(25);
+    }
+    
+    /**
+     * 2.3.1.3 (WSS1.0) SAML1.1 Assertion (HK) over SSL
+     */
+    @org.junit.Test
+    public void testTLSHOKSignedEndorsing() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingPort");
+        DoubleItPortType samlPort = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(samlPort, PORT2);
+        
+        samlPort.doubleIt(25);
+    }
+    
 }

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
Files cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks
(original) and cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks
Wed Dec 14 15:55:39 2011 differ

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
Files cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks (original)
and cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks Wed
Dec 14 15:55:39 2011 differ

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
Wed Dec 14 15:55:39 2011
@@ -48,10 +48,52 @@
         </wsdl:operation>
     </wsdl:binding>
     
+    <wsdl:binding name="DoubleItTLSSenderVouchesBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItTLSSenderVouchesPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
+    <wsdl:binding name="DoubleItTLSHOKSignedEndorsingBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItTLSHOKSignedEndorsingPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItBearerPort" binding="tns:DoubleItBearerBinding">
             <soap:address location="http://localhost:9009/DoubleItSamlBearer" />
         </wsdl:port>
+        <wsdl:port name="DoubleItTLSSenderVouchesPort" binding="tns:DoubleItTLSSenderVouchesBinding">
+            <soap:address location="https://localhost:9010/DoubleItSamlTLSSenderVouches"
/>
+        </wsdl:port>
+        <wsdl:port name="DoubleItTLSHOKSignedEndorsingPort" binding="tns:DoubleItTLSHOKSignedEndorsingBinding">
+            <soap:address location="https://localhost:9010/DoubleItSamlTLSHOKSignedEndorsing"
/>
+        </wsdl:port>
     </wsdl:service>
 
     <!-- 2.3.1.1 (WSS1.0) SAML1.1 Assertion (Bearer) -->
@@ -68,6 +110,82 @@
         </sp:SupportingTokens>
     </wsp:Policy>
     
+    <!-- 2.3.1.2 (WSS1.0) SAML1.1 Assertion (Sender Vouches) over SSL -->
+    <wsp:Policy wsu:Id="DoubleItTLSSenderVouchesPolicy">
+        <sp:TransportBinding>
+            <wsp:Policy>
+                <sp:TransportToken>
+                    <wsp:Policy>
+                        <sp:HttpsToken>
+                            <wsp:Policy>
+                                <sp:RequireClientCertificate/>
+                            </wsp:Policy>
+                        </sp:HttpsToken>
+                    </wsp:Policy>
+                </sp:TransportToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128 />
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+                <sp:Layout>
+                    <wsp:Policy>
+                        <sp:Strict />
+                    </wsp:Policy>
+                </sp:Layout>
+                <sp:IncludeTimestamp />
+            </wsp:Policy>
+        </sp:TransportBinding>
+        <sp:SignedSupportingTokens>
+            <wsp:Policy>
+                <sp:SamlToken
+                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                    <wsp:Policy>
+                        <sp:WssSamlV11Token10/>
+                    </wsp:Policy>
+                </sp:SamlToken>
+            </wsp:Policy>
+        </sp:SignedSupportingTokens>
+    </wsp:Policy>
+    
+    <!-- 2.3.1.3 (WSS1.0) SAML1.1 Assertion (HK) over SSL -->
+    <wsp:Policy wsu:Id="DoubleItTLSHOKSignedEndorsingPolicy">
+        <sp:TransportBinding>
+            <wsp:Policy>
+                <sp:TransportToken>
+                    <wsp:Policy>
+                        <sp:HttpsToken>
+                            <wsp:Policy>
+                                <sp:RequireClientCertificate/>
+                            </wsp:Policy>
+                        </sp:HttpsToken>
+                    </wsp:Policy>
+                </sp:TransportToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128 />
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+                <sp:Layout>
+                    <wsp:Policy>
+                        <sp:Strict />
+                    </wsp:Policy>
+                </sp:Layout>
+                <sp:IncludeTimestamp />
+            </wsp:Policy>
+        </sp:TransportBinding>
+        <sp:SignedEndorsingSupportingTokens>
+            <wsp:Policy>
+                <sp:SamlToken
+                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                    <wsp:Policy>
+                        <sp:WssSamlV11Token10/>
+                    </wsp:Policy>
+                </sp:SamlToken>
+            </wsp:Policy>
+        </sp:SignedEndorsingSupportingTokens>
+    </wsp:Policy>
+    
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
         <wsp:ExactlyOne>
             <wsp:All>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
Wed Dec 14 15:55:39 2011
@@ -47,13 +47,42 @@
        </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTLSSenderVouchesPort"

+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.saml-callback-handler" value-ref="saml1SenderVouchesHandler"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
+    <bean id="saml1SenderVouchesHandler" 
+          class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
+          <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"/>
+    </bean>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTLSHOKSignedEndorsingPort"

+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.saml-callback-handler" value-ref="saml1HOKHandler"/>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="alice.properties"/>

+           <entry key="ws-security.signature.username" value="alice"/>
+           <entry key="ws-security.self-sign-saml-assertion" value="true"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
+    <bean id="saml1HOKHandler" 
+          class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
+          <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"/>
+    </bean>
+    
     <http:conduit name="https://localhost:.*">
         <http:tlsClientParameters disableCNCheck="true">
             <sec:keyManagers keyPassword="password">
-                <sec:keyStore type="jks" password="password" resource="Morpit.jks"/>
+                <sec:keyStore type="jks" password="password" resource="alice.jks"/>
             </sec:keyManagers>
             <sec:trustManagers>
-                <sec:keyStore type="jks" password="password" resource="Truststore.jks"/>
+                <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
             </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>  

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
(original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
Wed Dec 14 15:55:39 2011
@@ -55,6 +55,33 @@
        </jaxws:properties> 
     </jaxws:endpoint>
     
+    <jaxws:endpoint 
+       id="TLSSenderVouches"
+       address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSSenderVouches"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSSenderVouchesPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint 
+       id="TLSHOKSignedEndorsing"
+       address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSHOKSignedEndorsing"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItTLSHOKSignedEndorsingPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+       wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+       depends-on="tls-settings">
+       <jaxws:properties>
+           <entry key="ws-security.signature.properties" value="bob.properties"/> 
+       </jaxws:properties> 
+    </jaxws:endpoint>
+    
     <!-- -->
     <!-- Any services listening on port ${testutil.ports.Server} must use the following
-->
     <!-- Transport Layer Security (TLS) settings -->
@@ -63,10 +90,10 @@
         <httpj:engine port="${testutil.ports.Server.2}">
             <httpj:tlsServerParameters>
                 <sec:keyManagers keyPassword="password">
-                    <sec:keyStore type="jks" password="password" resource="Bethal.jks"/>
+                    <sec:keyStore type="jks" password="password" resource="bob.jks"/>
                 </sec:keyManagers>
                 <sec:trustManagers>
-                    <sec:keyStore type="jks" password="password" resource="Truststore.jks"/>
+                    <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
                 </sec:trustManagers> 
                 <sec:cipherSuitesFilter>
                     <sec:include>.*_EXPORT_.*</sec:include>
@@ -76,7 +103,7 @@
                     <sec:include>.*_WITH_NULL_.*</sec:include>
                     <sec:exclude>.*_DH_anon_.*</sec:exclude>
                 </sec:cipherSuitesFilter>
-                <sec:clientAuthentication want="false" required="false"/>
+                <sec:clientAuthentication want="true" required="true"/>
             </httpj:tlsServerParameters>
         </httpj:engine>
     </httpj:engine-factory>



Mime
View raw message