cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1359568 - in /cxf/branches/2.6.x-fixes: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/ systests/ws-security/src/test/java/org/apache/cxf/sy...
Date Tue, 10 Jul 2012 10:10:58 GMT
Author: coheigea
Date: Tue Jul 10 10:10:57 2012
New Revision: 1359568

URL: http://svn.apache.org/viewvc?rev=1359568&view=rev
Log:
Merged revisions 1359554 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1359554 | coheigea | 2012-07-10 10:56:30 +0100 (Tue, 10 Jul 2012) | 2 lines

  [CXF-4414] - SecurityPolicy validation fails when a KeyValue is used as an EndorsingSupportingToken

........

Modified:
    cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
    cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
    cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java

Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java?rev=1359568&r1=1359567&r2=1359568&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
Tue Jul 10 10:10:57 2012
@@ -567,14 +567,14 @@ public abstract class AbstractSupporting
         X509Certificate cert = 
             (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
         byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
+        PublicKey publicKey = 
+            (PublicKey)result.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
         
         // Now see if the same credential exists in the tokenResult list
         for (WSSecurityEngineResult token : tokenResult) {
             Integer actInt = (Integer)token.get(WSSecurityEngineResult.TAG_ACTION);
             BinarySecurity binarySecurity = 
                 (BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
-            PublicKey publicKey = 
-                (PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
             if (binarySecurity instanceof X509Security
                 || binarySecurity instanceof PKIPathSecurity) {
                 X509Certificate foundCert = 
@@ -590,10 +590,10 @@ public abstract class AbstractSupporting
                 if (samlKeyInfo != null) {
                     X509Certificate[] subjectCerts = samlKeyInfo.getCerts();
                     byte[] subjectSecretKey = samlKeyInfo.getSecret();
-                    if (cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
{
-                        return true;
-                    }
-                    if (subjectSecretKey != null && Arrays.equals(subjectSecretKey,
secret)) {
+                    PublicKey subjectPublicKey = samlKeyInfo.getPublicKey();
+                    if ((cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
+                        || (subjectSecretKey != null && Arrays.equals(subjectSecretKey,
secret))
+                        || (subjectPublicKey != null && subjectPublicKey.equals(publicKey)))
{
                         return true;
                     }
                 }

Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1359568&r1=1359567&r2=1359568&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Tue Jul 10 10:10:57 2012
@@ -34,6 +34,7 @@ import org.apache.cxf.systest.ws.common.
 import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler;
 import org.apache.cxf.systest.ws.saml.server.Server;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 
 import org.example.contract.doubleit.DoubleItPortType;
@@ -398,6 +399,36 @@ public class SamlTokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testSaml2EndorsingPKOverTransport() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(saml2Port, PORT2);
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler();
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setKeyInfoIdentifier(CERT_IDENTIFIER.KEY_VALUE);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "ws-security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSaml2EndorsingOverTransportSP11() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

Modified: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java?rev=1359568&r1=1359567&r2=1359568&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
(original)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
Tue Jul 10 10:10:57 2012
@@ -46,6 +46,7 @@ import org.opensaml.common.SAMLVersion;
 public class SamlCallbackHandler implements CallbackHandler {
     private boolean saml2 = true;
     private String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
+    private CERT_IDENTIFIER keyInfoIdentifier = CERT_IDENTIFIER.X509_CERT;
     
     public SamlCallbackHandler() {
         //
@@ -59,6 +60,10 @@ public class SamlCallbackHandler impleme
         this.confirmationMethod = confirmationMethod;
     }
     
+    public void setKeyInfoIdentifier(CERT_IDENTIFIER keyInfoIdentifier) {
+        this.keyInfoIdentifier = keyInfoIdentifier;
+    }
+    
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof SAMLCallback) {
@@ -114,8 +119,12 @@ public class SamlCallbackHandler impleme
         X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
         
         KeyInfoBean keyInfo = new KeyInfoBean();
-        keyInfo.setCertificate(certs[0]);
-        keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+        keyInfo.setCertIdentifer(keyInfoIdentifier);
+        if (keyInfoIdentifier == CERT_IDENTIFIER.X509_CERT) {
+            keyInfo.setCertificate(certs[0]);
+        } else if (keyInfoIdentifier == CERT_IDENTIFIER.KEY_VALUE) {
+            keyInfo.setPublicKey(certs[0].getPublicKey());
+        }
         
         return keyInfo;
     }



Mime
View raw message