cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1469835 - in /cxf/branches/wss4j2.0-port: rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/
Date Fri, 19 Apr 2013 14:04:07 GMT
Author: coheigea
Date: Fri Apr 19 14:04:07 2013
New Revision: 1469835

URL: http://svn.apache.org/r1469835
Log:
Adding DOM -> StaX SAML HOK interop tests

Added:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomStaxSamlValidator.java
Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java

Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomStaxSamlValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomStaxSamlValidator.java?rev=1469835&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomStaxSamlValidator.java
(added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/CustomStaxSamlValidator.java
Fri Apr 19 14:04:07 2013
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.saml;
+
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.stax.impl.securityToken.SamlSecurityTokenImpl;
+import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
+import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl;
+import org.apache.wss4j.stax.validate.TokenContext;
+import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
+
+/**
+ * A trivial custom Validator for a SAML Assertion. It makes sure that the issuer is 
+ * "www.example.com", checks the version of the assertion, and checks the subject confirmation
+ * method.
+ */
+public class CustomStaxSamlValidator extends SamlTokenValidatorImpl {
+    
+    private boolean requireSAML1Assertion = true;
+    private boolean requireSenderVouches = true;
+    
+    public void setRequireSAML1Assertion(boolean requireSAML1Assertion) {
+        this.requireSAML1Assertion = requireSAML1Assertion;
+    }
+    
+    public void setRequireSenderVouches(boolean requireSenderVouches) {
+        this.requireSenderVouches = requireSenderVouches;
+    }
+    
+    @SuppressWarnings("unchecked")
+    @Override
+    public <T extends SamlSecurityToken & InboundSecurityToken> T validate(
+        final SamlAssertionWrapper samlAssertionWrapper,
+        final InboundSecurityToken subjectSecurityToken,
+        final TokenContext tokenContext
+    ) throws WSSecurityException {
+        //jdk 1.6 compiler bug? http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6302954
+        //type parameters of <T>T cannot be determined; no unique maximal instance
exists for type variable T with
+        // upper bounds org.apache.wss4j.stax.securityToken.SamlSecurityToken,
+        // org.apache.wss4j.stax.securityToken.SamlSecurityToken,
+        // org.apache.xml.security.stax.ext.securityToken.InboundSecurityToken
+        //works fine on jdk 1.7
+        final SamlSecurityToken token =
+            super.</*fake @see above*/SamlSecurityTokenImpl>
+                        validate(samlAssertionWrapper, subjectSecurityToken, tokenContext);
+        
+        //
+        // Do some custom validation on the assertion
+        //
+        if (!"www.example.com".equals(samlAssertionWrapper.getIssuerString())) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        if (requireSAML1Assertion && samlAssertionWrapper.getSaml1() == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        } else if (!requireSAML1Assertion && samlAssertionWrapper.getSaml2() == null)
{
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+
+        String confirmationMethod = samlAssertionWrapper.getConfirmationMethods().get(0);
+        if (confirmationMethod == null) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+        if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod))
{
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        } else if (!requireSenderVouches 
+            && !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+        }
+        
+        return (T)token;
+    }
+    
+}
\ No newline at end of file

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java?rev=1469835&r1=1469834&r2=1469835&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/DOMToStaxSamlTest.java
Fri Apr 19 14:04:07 2013
@@ -37,6 +37,9 @@ import org.apache.cxf.ws.security.wss4j.
 import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
 import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.WSSecurityEngine;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.junit.Test;
@@ -177,6 +180,119 @@ public class DOMToStaxSamlTest extends A
         assertEquals("test", echo.echo("test"));
     }
     
+    @Test
+    public void testSaml1TokenHOK() throws Exception {
+        // Create + configure service
+        Service service = createService();
+        
+        WSSSecurityProperties inProperties = new WSSSecurityProperties();
+        Properties cryptoProperties = 
+            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
+        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
+        
+        CustomStaxSamlValidator validator = new CustomStaxSamlValidator();
+        inProperties.addValidator(WSSecurityEngine.SAML_TOKEN, validator);
+        inProperties.addValidator(WSSecurityEngine.SAML2_TOKEN, validator);
+        
+        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
+        service.getInInterceptors().add(inhandler);
+        
+        // Create + configure client
+        Echo echo = createClientProxy();
+        
+        Client client = ClientProxy.getClient(echo);
+        client.getInInterceptors().add(new LoggingInInterceptor());
+        client.getOutInterceptors().add(new LoggingOutInterceptor());
+        
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setSignAssertion(true);
+        properties.put(
+            WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
+        );
+        
+        properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+        properties.put(WSHandlerConstants.USER, "alice");
+        properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
+        properties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
+        
+        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
+        client.getOutInterceptors().add(ohandler);
+
+        try {
+            echo.echo("test");
+            fail("Failure expected on receiving sender vouches instead of HOK");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+
+        validator.setRequireSenderVouches(false);
+        assertEquals("test", echo.echo("test"));
+    }
+    
+    @Test
+    public void testSaml2TokenHOK() throws Exception {
+        // Create + configure service
+        Service service = createService();
+        
+        WSSSecurityProperties inProperties = new WSSSecurityProperties();
+        Properties cryptoProperties = 
+            CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader());
+        inProperties.setSignatureVerificationCryptoProperties(cryptoProperties);
+        
+        CustomStaxSamlValidator validator = new CustomStaxSamlValidator();
+        inProperties.addValidator(WSSecurityEngine.SAML_TOKEN, validator);
+        inProperties.addValidator(WSSecurityEngine.SAML2_TOKEN, validator);
+        
+        WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties);
+        service.getInInterceptors().add(inhandler);
+        
+        // Create + configure client
+        Echo echo = createClientProxy();
+        
+        Client client = ClientProxy.getClient(echo);
+        client.getInInterceptors().add(new LoggingInInterceptor());
+        client.getOutInterceptors().add(new LoggingOutInterceptor());
+        
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put(WSHandlerConstants.ACTION, WSHandlerConstants.SAML_TOKEN_SIGNED);
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setSignAssertion(true);
+        properties.put(
+            WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler
+        );
+        
+        properties.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");
+        properties.put(WSHandlerConstants.USER, "alice");
+        properties.put(WSHandlerConstants.PW_CALLBACK_REF, new PasswordCallbackHandler());
+        properties.put(WSHandlerConstants.SIG_PROP_FILE, "alice.properties");
+        
+        WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties);
+        client.getOutInterceptors().add(ohandler);
+
+        try {
+            echo.echo("test");
+            fail("Failure expected on receiving sender vouches instead of HOK");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        validator.setRequireSenderVouches(false);
+        
+        try {
+            echo.echo("test");
+            fail("Failure expected on receiving a SAML 1.1 Token instead of SAML 2.0");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        }
+        validator.setRequireSAML1Assertion(false);
+
+        assertEquals("test", echo.echo("test"));
+    }
+    
+    
     private Service createService() {
         // Create the Service
         JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean();

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java?rev=1469835&r1=1469834&r2=1469835&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java
Fri Apr 19 14:04:07 2013
@@ -266,8 +266,6 @@ public class StaxToDOMSamlTest extends A
         );
         properties.setCallbackHandler(new PasswordCallbackHandler());
         
-        // outProperties.put("password", "password");
-        
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
         
@@ -326,8 +324,6 @@ public class StaxToDOMSamlTest extends A
             WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference
         );
         
-        // outProperties.put("password", "password");
-        
         WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
         client.getOutInterceptors().add(ohandler);
         

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1469835&r1=1469834&r2=1469835&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Fri Apr 19 14:04:07 2013
@@ -246,7 +246,7 @@ public class SamlTokenTest extends Abstr
             saml2Port.doubleIt(25);
             fail("Expected failure on an invocation with an unsigned SAML SV Assertion");
         } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            assertTrue(ex.getMessage().contains("Assertion fails sender-vouches requirements"));
+            assertTrue(ex.getMessage().contains("An error was discovered processing"));
         }
         
         ((java.io.Closeable)saml2Port).close();



Mime
View raw message