cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1491417 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/ systests/ws-se...
Date Mon, 10 Jun 2013 11:20:08 GMT
Author: coheigea
Date: Mon Jun 10 11:20:08 2013
New Revision: 1491417

URL: http://svn.apache.org/r1491417
Log:
Fixed AlgorithmSuite bug + enabled a load of streaming ws-security tests following recent
fixes in WSS4J

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
Mon Jun 10 11:20:08 2013
@@ -68,7 +68,51 @@ public class DefaultAlgorithmSuiteLoader
         return new GCMAlgorithmSuite(version, nestedPolicy);
     }
     
-    private static class GCMAlgorithmSuite extends AlgorithmSuite {
+    public static class GCMAlgorithmSuite extends AlgorithmSuite {
+        
+        static {
+            algorithmSuiteTypes.put(
+                "Basic128GCM", 
+                new AlgorithmSuiteType(
+                    "Basic128GCM",
+                    SPConstants.SHA1,
+                    "http://www.w3.org/2009/xmlenc11#aes128-gcm",
+                    SPConstants.KW_AES128,
+                    SPConstants.KW_RSA_OAEP,
+                    SPConstants.P_SHA1_L128,
+                    SPConstants.P_SHA1_L128,
+                    128, 128, 128, 256, 1024, 4096
+                )
+            );
+            
+            algorithmSuiteTypes.put(
+                "Basic192GCM", 
+                new AlgorithmSuiteType(
+                    "Basic192GCM",
+                    SPConstants.SHA1,
+                    "http://www.w3.org/2009/xmlenc11#aes192-gcm",
+                    SPConstants.KW_AES192,
+                    SPConstants.KW_RSA_OAEP,
+                    SPConstants.P_SHA1_L192,
+                    SPConstants.P_SHA1_L192,
+                    192, 192, 192, 256, 1024, 4096
+                )
+            );
+            
+            algorithmSuiteTypes.put(
+                "Basic256GCM", 
+                new AlgorithmSuiteType(
+                    "Basic256GCM",
+                    SPConstants.SHA1,
+                    "http://www.w3.org/2009/xmlenc11#aes256-gcm",
+                    SPConstants.KW_AES256,
+                    SPConstants.KW_RSA_OAEP,
+                    SPConstants.P_SHA1_L256,
+                    SPConstants.P_SHA1_L192,
+                    256, 192, 256, 256, 1024, 4096
+                )
+            );        
+        }
 
         GCMAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) {
             super(version, nestedPolicy);
@@ -88,38 +132,13 @@ public class DefaultAlgorithmSuiteLoader
             }
 
             if ("Basic128GCM".equals(assertionName)) {
-                setAlgorithmSuiteType(new AlgorithmSuiteType(
-                        "Basic128GCM",
-                        SPConstants.SHA1,
-                        "http://www.w3.org/2009/xmlenc11#aes128-gcm",
-                        SPConstants.KW_AES128,
-                        SPConstants.KW_RSA_OAEP,
-                        SPConstants.P_SHA1_L128,
-                        SPConstants.P_SHA1_L128,
-                        128, 128, 128, 256, 1024, 4096
-                ));
+                setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic128GCM"));
                 getAlgorithmSuiteType().setNamespace(assertionNamespace);
             } else if ("Basic192GCM".equals(assertionName)) {
-                setAlgorithmSuiteType(new AlgorithmSuiteType(
-                        "Basic192GCM",
-                        SPConstants.SHA1,
-                        "http://www.w3.org/2009/xmlenc11#aes192-gcm",
-                        SPConstants.KW_AES192,
-                        SPConstants.KW_RSA_OAEP,
-                        SPConstants.P_SHA1_L192,
-                        SPConstants.P_SHA1_L192,
-                        192, 192, 192, 256, 1024, 4096));
+                setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic192GCM"));
                 getAlgorithmSuiteType().setNamespace(assertionNamespace);
             } else if ("Basic256GCM".equals(assertionName)) {
-                setAlgorithmSuiteType(new AlgorithmSuiteType(
-                        "Basic256GCM",
-                        SPConstants.SHA1,
-                        "http://www.w3.org/2009/xmlenc11#aes256-gcm",
-                        SPConstants.KW_AES256,
-                        SPConstants.KW_RSA_OAEP,
-                        SPConstants.P_SHA1_L256,
-                        SPConstants.P_SHA1_L192,
-                        256, 192, 256, 256, 1024, 4096));
+                setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic256GCM"));
                 getAlgorithmSuiteType().setNamespace(assertionNamespace);
             }
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
Mon Jun 10 11:20:08 2013
@@ -34,6 +34,7 @@ import org.apache.wss4j.policy.SP12Const
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 
@@ -167,9 +168,8 @@ public class PolicyStaxActionInIntercept
         assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION);
         
         assertAllAssertionsByLocalname(aim, SPConstants.ALGORITHM_SUITE);
-        for (String s : AlgorithmSuite.getSupportedAlgorithmSuiteNames()) {
-            assertAllAssertionsByLocalname(aim, s);
-        }
+        assertAllAlgorithmSuites(SP11Constants.SP_NS, aim);
+        assertAllAlgorithmSuites(SP12Constants.SP_NS, aim);
         
         assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE);
         assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_EXTERNAL_REFERENCE);
@@ -207,5 +207,29 @@ public class PolicyStaxActionInIntercept
             }
         }
     }
+    
+    private void assertAllAlgorithmSuites(String spNamespace, AssertionInfoMap aim) {
+        Collection<AssertionInfo> sp11Ais = 
+            aim.get(new QName(spNamespace, SPConstants.ALGORITHM_SUITE));
+        if (sp11Ais != null) {
+            for (AssertionInfo ai : sp11Ais) {
+                ai.setAsserted(true);
+                AlgorithmSuite algorithmSuite = (AlgorithmSuite)ai.getAssertion();
+                AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
+                String namespace = algorithmSuiteType.getNamespace();
+                if (namespace == null) {
+                    namespace = spNamespace;
+                }
+                Collection<AssertionInfo> algAis = 
+                    aim.get(new QName(namespace, algorithmSuiteType.getName()));
+                if (algAis != null) {
+                    for (AssertionInfo algAi : algAis) {
+                        algAi.setAsserted(true);
+                    }
+                }
+            }
+        }
+    }
+
 
 }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java
Mon Jun 10 11:20:08 2013
@@ -93,9 +93,8 @@ public class GCMTest extends AbstractBus
         gcmPort.doubleIt(25);
         
         // Streaming
-        // TODO - See WSS-442
-        // SecurityTestUtil.enableStreaming(gcmPort);
-        // gcmPort.doubleIt(25);
+        SecurityTestUtil.enableStreaming(gcmPort);
+        gcmPort.doubleIt(25);
         
         ((java.io.Closeable)gcmPort).close();
         bus.shutdown(true);
@@ -137,9 +136,8 @@ public class GCMTest extends AbstractBus
         gcmPort.doubleIt(25);
         
         // Streaming
-        // TODO - See WSS-442
-        // SecurityTestUtil.enableStreaming(gcmPort);
-        // gcmPort.doubleIt(25);
+        SecurityTestUtil.enableStreaming(gcmPort);
+        gcmPort.doubleIt(25);
         
         ((java.io.Closeable)gcmPort).close();
         bus.shutdown(true);
@@ -181,9 +179,8 @@ public class GCMTest extends AbstractBus
         gcmPort.doubleIt(25);
         
         // Streaming
-        // TODO - See WSS-442
-        // SecurityTestUtil.enableStreaming(gcmPort);
-        // gcmPort.doubleIt(25);
+        SecurityTestUtil.enableStreaming(gcmPort);
+        gcmPort.doubleIt(25);
         
         ((java.io.Closeable)gcmPort).close();
         bus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
Mon Jun 10 11:20:08 2013
@@ -258,7 +258,7 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO See WSS-442
+    // TODO
     @org.junit.Test
     @org.junit.Ignore
     public void testSaml2OverSymmetric() throws Exception {
@@ -320,7 +320,7 @@ public class StaxSamlTokenTest extends A
     // Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
     // fail as the provider will demand that there is a signature covering both the assertion
     // and the message body.
-    // TODO See WSS-442
+    // TODO 
     @org.junit.Test
     @org.junit.Ignore
     public void testSaml2OverSymmetricSupporting() throws Exception {
@@ -588,9 +588,7 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO See WSS-442
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricSamlInitiator() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -619,7 +617,7 @@ public class StaxSamlTokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO See WSS-442
+    // TODO 
     @org.junit.Test
     @org.junit.Ignore
     public void testSaml2OverSymmetricSignedElements() throws Exception {
@@ -981,7 +979,7 @@ public class StaxSamlTokenTest extends A
     
     // In this test-case, the WSP is configured with a XACML PEP interceptor, which in this
     // case just mocks the call to the PDP + enforces the decision
-    // TODO See WSS-442
+    // TODO
     @org.junit.Test
     @org.junit.Ignore
     public void testSaml2PEP() throws Exception {

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
Mon Jun 10 11:20:08 2013
@@ -217,9 +217,7 @@ public class StaxX509TokenTest extends A
     }
     */
     
-    // TODO - See WSS-442
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricIssuerSerial() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -247,9 +245,7 @@ public class StaxX509TokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO See WSS-449
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricThumbprint() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -334,9 +330,7 @@ public class StaxX509TokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO - See WSS-442
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricProtectTokens() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -615,9 +609,7 @@ public class StaxX509TokenTest extends A
         bus.shutdown(true);
     }
     
-    // TODO See WSS-442
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricEncryption() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Mon Jun 10 11:20:08 2013
@@ -236,9 +236,8 @@ public class X509TokenTest extends Abstr
         x509Port.doubleIt(25);
         
         // Streaming
-        // TODO - See WSS-442
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
@@ -265,9 +264,8 @@ public class X509TokenTest extends Abstr
         x509Port.doubleIt(25);
         
         // Streaming
-        // TODO - See WSS-442
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
@@ -350,9 +348,8 @@ public class X509TokenTest extends Abstr
         x509Port.doubleIt(25);
         
         // Streaming
-        // TODO - See WSS-442
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);
@@ -625,9 +622,8 @@ public class X509TokenTest extends Abstr
         x509Port.doubleIt(25);
         
         // Streaming
-        // TODO See WSS-442
-        // SecurityTestUtil.enableStreaming(x509Port);
-        // x509Port.doubleIt(25);
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
         
         ((java.io.Closeable)x509Port).close();
         bus.shutdown(true);

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml
Mon Jun 10 11:20:08 2013
@@ -64,6 +64,7 @@
            <entry key="ws-security.signature.username" value="alice"/>
            <entry key="ws-security.callback-handler" 
                   value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+           <entry key="ws-security.is-bsp-compliant" value="false"/>
        </jaxws:properties>
     </jaxws:client>
     

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml
Mon Jun 10 11:20:08 2013
@@ -79,6 +79,7 @@
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
           <entry key="ws-security.encryption.username" value="useReqSigCert"/>
           <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+          <entry key="ws-security.is-bsp-compliant" value="false"/>
        </jaxws:properties> 
      
     </jaxws:endpoint> 



Mime
View raw message