cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1455117 - in /cxf/branches/wss4j2.0-port: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyva...
Date Mon, 11 Mar 2013 12:34:14 GMT
Author: coheigea
Date: Mon Mar 11 12:34:14 2013
New Revision: 1455117

URL: http://svn.apache.org/r1455117
Log:
Asserted some more Assertions to get testcases passing

Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Mon Mar 11 12:34:14 2013
@@ -176,6 +176,9 @@ public final class WSSecurityPolicyLoade
             SP12Constants.SIGN_BEFORE_ENCRYPTING,
             SP12Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE,
             SP11Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE,
+            SP12Constants.PROTECT_TOKENS,
+            SP11Constants.PROTECT_TOKENS,
+            SP12Constants.RSA_KEY_VALUE,
             
             SP11Constants.LAX, SP11Constants.LAXTSFIRST, SP11Constants.LAXTSLAST,
             SP12Constants.LAX, SP12Constants.LAXTSFIRST, SP12Constants.LAXTSLAST,

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Mon Mar 11 12:34:14 2013
@@ -515,6 +515,11 @@ public class PolicyBasedWSS4JInIntercept
             
             // stuff we can default to asserted and un-assert if a condition isn't met
             assertPolicy(aim, SP12Constants.KEY_VALUE_TOKEN);
+            assertPolicy(aim, SP12Constants.RSA_KEY_VALUE);
+            assertPolicy(aim, SP12Constants.REQUIRE_ISSUER_SERIAL_REFERENCE);
+            assertPolicy(aim, SP12Constants.REQUIRE_THUMBPRINT_REFERENCE);
+            assertPolicy(aim, SP12Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
+            
 
             message.put(WSHandlerConstants.ACTION, action.trim());
         }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Mon Mar 11 12:34:14 2013
@@ -135,27 +135,37 @@ public abstract class AbstractBindingPol
      * Validate the layout assertion. It just checks the LaxTsFirst and LaxTsLast properties
      */
     protected boolean validateLayout(
+        AssertionInfoMap aim,
         boolean laxTimestampFirst,
         boolean laxTimestampLast,
         List<WSSecurityEngineResult> results
     ) {
         if (laxTimestampFirst) {
             if (results.isEmpty()) {
+                notAssertPolicy(aim, SP12Constants.LAXTSFIRST, "Layout does not match the
requirements");
                 return false;
             }
             Integer firstAction = (Integer)results.get(0).get(WSSecurityEngineResult.TAG_ACTION);
             if (firstAction.intValue() != WSConstants.TS) {
+                notAssertPolicy(aim, SP12Constants.LAXTSFIRST, "Layout does not match the
requirements");
                 return false;
             }
+            assertPolicy(aim, SP12Constants.LAXTSFIRST);
         } else if (laxTimestampLast) {
             if (results.isEmpty()) {
+                notAssertPolicy(aim, SP12Constants.LAXTSLAST, "Layout does not match the
requirements");
                 return false;
             }
             Integer lastAction = 
                 (Integer)results.get(results.size() - 1).get(WSSecurityEngineResult.TAG_ACTION);
             if (lastAction.intValue() != WSConstants.TS) {
+                notAssertPolicy(aim, SP12Constants.LAXTSLAST, "Layout does not match the
requirements");
                 return false;
             }
+            assertPolicy(aim, SP12Constants.LAXTSLAST);
+        } else {
+            assertPolicy(aim, SP12Constants.LAX);
+            assertPolicy(aim, SP12Constants.STRICT);
         }
         return true;
         
@@ -177,6 +187,13 @@ public abstract class AbstractBindingPol
         if (!algorithmValidator.validatePolicy(ai, binding.getAlgorithmSuite())) {
             return false;
         }
+        assertPolicy(aim, SP12Constants.ALGORITHM_SUITE);
+        String namespace = binding.getAlgorithmSuite().getVersion().getNamespace();
+        String name = binding.getAlgorithmSuite().getAlgorithmSuiteType().getName();
+        Collection<AssertionInfo> algSuiteAis = aim.get(new QName(namespace, name));
+        for (AssertionInfo algSuiteAi : algSuiteAis) {
+            algSuiteAi.setAsserted(true);
+        }
         
         // Check the IncludeTimestamp
         if (!validateTimestamp(binding.isIncludeTimestamp(), false, results, signedResults,
message)) {
@@ -192,7 +209,7 @@ public abstract class AbstractBindingPol
         LayoutType layoutType = layout.getLayoutType();
         boolean timestampFirst = layoutType == LayoutType.LaxTsFirst;
         boolean timestampLast = layoutType == LayoutType.LaxTsLast;
-        if (!validateLayout(timestampFirst, timestampLast, results)) {
+        if (!validateLayout(aim, timestampFirst, timestampLast, results)) {
             String error = "Layout does not match the requirements";
             notAssertPolicy(aim, SP12Constants.LAYOUT, error);
             ai.setNotAsserted(error);
@@ -207,12 +224,14 @@ public abstract class AbstractBindingPol
             ai.setNotAsserted(error);
             return false;
         }
+        assertPolicy(aim, SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY);
         
         // Check whether the signatures were encrypted or not
         if (binding.isProtectTokens() && !isSignatureEncrypted(results)) {
             ai.setNotAsserted("The signature is not protected");
             return false;
         }
+        assertPolicy(aim, SP12Constants.PROTECT_TOKENS);
         
         return true;
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
Mon Mar 11 12:34:14 2013
@@ -19,8 +19,14 @@
 
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
+import java.util.Collection;
+
+import javax.xml.namespace.QName;
+
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
 import org.apache.wss4j.policy.model.AbstractToken;
 
@@ -56,4 +62,14 @@ public abstract class AbstractTokenPolic
         }
     }
     
+    protected boolean assertPolicy(AssertionInfoMap aim, QName q) {
+        Collection<AssertionInfo> ais = aim.get(q);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
Mon Mar 11 12:34:14 2013
@@ -24,6 +24,8 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import javax.xml.namespace.QName;
+
 import org.w3c.dom.Element;
 
 import org.apache.cxf.message.Message;
@@ -87,7 +89,7 @@ public class SamlTokenPolicyValidator ex
                 SamlAssertionWrapper assertionWrapper = 
                     (SamlAssertionWrapper)result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                 
-                if (!checkVersion(samlToken, assertionWrapper)) {
+                if (!checkVersion(aim, samlToken, assertionWrapper)) {
                     ai.setNotAsserted("Wrong SAML Version");
                     continue;
                 }
@@ -132,7 +134,11 @@ public class SamlTokenPolicyValidator ex
     /**
      * Check the policy version against the received assertion
      */
-    private boolean checkVersion(SamlToken samlToken, SamlAssertionWrapper assertionWrapper)
{
+    private boolean checkVersion(
+        AssertionInfoMap aim,
+        SamlToken samlToken, 
+        SamlAssertionWrapper assertionWrapper
+    ) {
         SamlTokenType samlTokenType = samlToken.getSamlTokenType();
         if ((samlTokenType == SamlTokenType.WssSamlV11Token10
             || samlTokenType == SamlTokenType.WssSamlV11Token11)
@@ -142,6 +148,8 @@ public class SamlTokenPolicyValidator ex
             && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_20) {
             return false;
         }
+        
+        assertPolicy(aim, new QName(samlToken.getVersion().getNamespace(), samlTokenType.name()));
         return true;
     }
     

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Mon Mar 11 12:34:14 2013
@@ -22,6 +22,8 @@ package org.apache.cxf.ws.security.wss4j
 import java.util.Collection;
 import java.util.List;
 
+import javax.xml.namespace.QName;
+
 import org.w3c.dom.Element;
 
 import org.apache.cxf.message.Message;
@@ -52,7 +54,6 @@ public class TransportBindingPolicyValid
         if (ais == null || ais.isEmpty()) {                       
             return true;
         }
-        
         for (AssertionInfo ai : ais) {
             TransportBinding binding = (TransportBinding)ai.getAssertion();
             ai.setAsserted(true);
@@ -75,6 +76,13 @@ public class TransportBindingPolicyValid
             if (!algorithmValidator.validatePolicy(ai, binding.getAlgorithmSuite())) {
                 continue;
             }
+            assertPolicy(aim, SP12Constants.ALGORITHM_SUITE);
+            String namespace = binding.getAlgorithmSuite().getVersion().getNamespace();
+            String name = binding.getAlgorithmSuite().getAlgorithmSuiteType().getName();
+            Collection<AssertionInfo> algSuiteAis = aim.get(new QName(namespace, name));
+            for (AssertionInfo algSuiteAi : algSuiteAis) {
+                algSuiteAi.setAsserted(true);
+            }
             
             // Check the IncludeTimestamp
             if (!validateTimestamp(binding.isIncludeTimestamp(), true, results, signedResults,
message)) {
@@ -90,7 +98,7 @@ public class TransportBindingPolicyValid
             LayoutType layoutType = layout.getLayoutType();
             boolean timestampFirst = layoutType == LayoutType.LaxTsFirst;
             boolean timestampLast = layoutType == LayoutType.LaxTsLast;
-            if (!validateLayout(timestampFirst, timestampLast, results)) {
+            if (!validateLayout(aim, timestampFirst, timestampLast, results)) {
                 String error = "Layout does not match the requirements";
                 notAssertPolicy(aim, SP12Constants.LAYOUT, error);
                 ai.setNotAsserted(error);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
Mon Mar 11 12:34:14 2013
@@ -23,6 +23,8 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import javax.xml.namespace.QName;
+
 import org.w3c.dom.Element;
 
 import org.apache.cxf.message.Message;
@@ -33,6 +35,7 @@ import org.apache.wss4j.dom.WSSecurityEn
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
 import org.apache.wss4j.policy.model.SupportingTokens;
@@ -64,7 +67,6 @@ public class UsernameTokenPolicyValidato
             org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy = 
                 (org.apache.wss4j.policy.model.UsernameToken)ai.getAssertion();
             ai.setAsserted(true);
-
             if (!isTokenRequired(usernameTokenPolicy, message)) {
                 continue;
             }
@@ -80,6 +82,14 @@ public class UsernameTokenPolicyValidato
                 continue;
             }
         }
+        
+        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.CREATED));
+        assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.NONCE));
+        assertPolicy(aim, SP12Constants.NO_PASSWORD);
+        assertPolicy(aim, SP12Constants.HASH_PASSWORD);
+        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN10);
+        assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN11);
+        
         return true;
     }
     
@@ -101,6 +111,7 @@ public class UsernameTokenPolicyValidato
                 ai.setNotAsserted("Password hashing policy not enforced");
                 return false;
             }
+            
             if (isNoPassword && (usernameToken.getPassword() != null)) {
                 ai.setNotAsserted("Username Token NoPassword policy not enforced");
                 return false;
@@ -115,6 +126,7 @@ public class UsernameTokenPolicyValidato
                 ai.setNotAsserted("Username Token Created policy not enforced");
                 return false;
             }
+            
             if (usernameTokenPolicy.isNonce() 
                 && (usernameToken.getNonce() == null || usernameToken.isHashed()))
{
                 ai.setNotAsserted("Username Token Nonce policy not enforced");

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
Mon Mar 11 12:34:14 2013
@@ -79,6 +79,14 @@ public class X509TokenPolicyValidator ex
                 continue;
             }
         }
+        
+        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_10);
+        assertPolicy(aim, SP12Constants.WSS_X509_PKI_PATH_V1_TOKEN_11);
+        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_10);
+        assertPolicy(aim, SP12Constants.WSS_X509_V1_TOKEN_11);
+        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_10);
+        assertPolicy(aim, SP12Constants.WSS_X509_V3_TOKEN_11);
+        
         return true;
     }
     

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1455117&r1=1455116&r2=1455117&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
(original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
Mon Mar 11 12:34:14 2013
@@ -85,7 +85,7 @@
      
     </jaxws:endpoint> 
     
-    <bean id="crypto" class="org.apache.ws.security.components.crypto.CryptoFactory" 
+    <bean id="crypto" class="org.apache.wss4j.common.crypto.CryptoFactory" 
         factory-method="getInstance">
         <constructor-arg>
             <util:properties id="cryptoProperties" 



Mime
View raw message