cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1537460 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/ systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/
Date Thu, 31 Oct 2013 12:09:11 GMT
Author: coheigea
Date: Thu Oct 31 12:09:10 2013
New Revision: 1537460

URL: http://svn.apache.org/r1537460
Log:
Fixing WS-SC Cancel operation + added unit tests

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
Thu Oct 31 12:09:10 2013
@@ -241,7 +241,12 @@ public final class STSUtils {
                                            MessageInfo.Type.OUTPUT);
         oi.setOutput("CancelSecurityTokenResponseMsg", mio);
         mpi = mio.addMessagePart("response");
-        mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+        
+        if (WST_NS_05_02.equals(namespace)) {
+            mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+        } else {
+            mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponseCollection"));
+        }
         return oi;
     }
 }

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java
Thu Oct 31 12:09:10 2013
@@ -19,8 +19,16 @@
 
 package org.apache.cxf.systest.ws.wssc;
 
+import java.io.IOException;
 import java.net.URL;
-
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.xml.namespace.QName;
 import javax.xml.ws.Service;
 
@@ -28,6 +36,22 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
 import org.apache.cxf.systest.ws.common.SecurityTestUtil;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.addressing.policy.MetadataConstants;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.DefaultSymmetricBinding;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.ProtectionToken;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.X509Token;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -39,6 +63,7 @@ import org.junit.Test;
  */
 public class WSSCUnitTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(UnitServer.class);
+    static final String PORT2 = allocatePort(UnitServer.class, 2);
 
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -151,5 +176,154 @@ public class WSSCUnitTest extends Abstra
         ((java.io.Closeable)port).close();
     }
 
+    @Test
+    public void testIssueUnitTest() throws Exception {
+        
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = WSSCUnitTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setSecureConv(true);
+        stsClient.setLocation("https://localhost:" + PORT + "/" + "DoubleItTransport");
+        
+        // Add Addressing policy
+        Policy p = new Policy();
+        ExactlyOne ea = new ExactlyOne();
+        p.addPolicyComponent(ea);
+        All all = new All();
+        all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME,
+                                                      false));
+        ea.addPolicyComponent(all);
+        
+        stsClient.setPolicy(p);
+        
+        stsClient.requestSecurityToken("http://localhost:" + PORT + "/" + "DoubleItTransport");
+    }
+    
+    @Test
+    public void testIssueAndCancelUnitTest() throws Exception {
+        
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = WSSCUnitTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setSecureConv(true);
+        stsClient.setLocation("http://localhost:" + PORT2 + "/" + "DoubleItSymmetric");
+        
+        stsClient.setPolicy(createSymmetricBindingPolicy());
+        
+        Map<String, Object> properties = new HashMap<String, Object>();
+        properties.put("ws-security.encryption.username", "bob");
+        TokenCallbackHandler callbackHandler = new TokenCallbackHandler();
+        properties.put("ws-security.callback-handler", callbackHandler);
+        properties.put("ws-security.signature.properties", "alice.properties");
+        properties.put("ws-security.encryption.properties", "bob.properties");
+        stsClient.setProperties(properties);
+        
+        SecurityToken securityToken = 
+            stsClient.requestSecurityToken("http://localhost:" + PORT2 + "/" + "DoubleItSymmetric");
+        assertNotNull(securityToken);
+        callbackHandler.setSecurityToken(securityToken);
+        
+        assertTrue(stsClient.cancelSecurityToken(securityToken));
+    }
 
+    // mock up a SymmetricBinding policy to talk to the STS
+    private Policy createSymmetricBindingPolicy() {
+        // Add Addressing policy
+        Policy p = new Policy();
+        ExactlyOne ea = new ExactlyOne();
+        p.addPolicyComponent(ea);
+        All all = new All();
+        all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME,
+                                                      false));
+        ea.addPolicyComponent(all);
+        
+        // X509 Token
+        final X509Token x509Token = 
+            new X509Token(
+                SPConstants.SPVersion.SP12,
+                SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER,
+                null,
+                null,
+                null,
+                new Policy()
+            );
+        
+        Policy x509Policy = new Policy();
+        ExactlyOne x509PolicyEa = new ExactlyOne();
+        x509Policy.addPolicyComponent(x509PolicyEa);
+        All x509PolicyAll = new All();
+        x509PolicyAll.addPolicyComponent(x509Token);
+        x509PolicyEa.addPolicyComponent(x509PolicyAll);
+        
+        // AlgorithmSuite
+        Policy algSuitePolicy = new Policy();
+        ExactlyOne algSuitePolicyEa = new ExactlyOne();
+        algSuitePolicy.addPolicyComponent(algSuitePolicyEa);
+        All algSuitePolicyAll = new All();
+        algSuitePolicyAll.addAssertion(
+            new PrimitiveAssertion(new QName(SP12Constants.SP_NS, SP12Constants.ALGO_SUITE_BASIC128)));
+        algSuitePolicyEa.addPolicyComponent(algSuitePolicyAll);
+        AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SPVersion.SP12, algSuitePolicy);
+        
+        // Symmetric Binding
+        Policy bindingPolicy = new Policy();
+        ExactlyOne bindingPolicyEa = new ExactlyOne();
+        bindingPolicy.addPolicyComponent(bindingPolicyEa);
+        All bindingPolicyAll = new All();
+        
+        bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12,
x509Policy));
+        bindingPolicyAll.addPolicyComponent(algorithmSuite);
+        bindingPolicyAll.addAssertion(
+            new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
+        bindingPolicyAll.addAssertion(
+            new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
+        bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
+        
+        DefaultSymmetricBinding binding = 
+            new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
+        binding.setOnlySignEntireHeadersAndBody(true);
+        binding.setProtectTokens(false);
+        all.addPolicyComponent(binding);
+        
+        List<Header> headers = new ArrayList<Header>();
+        SignedParts signedParts = 
+            new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
+        all.addPolicyComponent(signedParts);
+        
+        return p;
+    }
+    
+    private static class TokenCallbackHandler implements CallbackHandler {
+        
+        private SecurityToken securityToken;
+        
+        @Override
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+            for (int i = 0; i < callbacks.length; i++) {
+                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+                if (securityToken != null && pc.getIdentifier().equals(securityToken.getId()))
{
+                    pc.setKey(securityToken.getSecret());
+                } else {
+                    new org.apache.cxf.systest.ws.common.KeystorePasswordCallback().handle(callbacks);
+                }
+                    
+            }
+        }
+
+        public void setSecurityToken(SecurityToken securityToken) {
+            this.securityToken = securityToken;
+        }
+        
+    };
 }

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl
Thu Oct 31 12:09:10 2013
@@ -68,6 +68,26 @@
         </wsdl:operation>
     </wsdl:binding>
     
+    <wsdl:binding name="DoubleItSymmetricBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSymmetricPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItTransportPort" binding="tns:DoubleItTransportBinding">
             <soap:address location="https://localhost:9001/DoubleItTransport" />
@@ -75,6 +95,9 @@
         <wsdl:port name="DoubleItTransportSP12Port" binding="tns:DoubleItTransportSP12Binding">
             <soap:address location="https://localhost:9001/DoubleItTransportSP12" />
         </wsdl:port>
+        <wsdl:port name="DoubleItSymmetricPort" binding="tns:DoubleItSymmetricBinding">
+            <soap:address location="http://localhost:9001/DoubleItSymmetric" />
+        </wsdl:port>
     </wsdl:service>
 
     <wsp:Policy wsu:Id="DoubleItTransportPolicy" 
@@ -235,6 +258,116 @@
         </wsp:ExactlyOne>
     </wsp:Policy>
     
+    <wsp:Policy wsu:Id="DoubleItSymmetricPolicy" 
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:SymmetricBinding>
+					<wsp:Policy>
+						<sp:ProtectionToken>
+							<wsp:Policy>
+								<sp:SecureConversationToken
+									sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:BootstrapPolicy>
+											<wsp:Policy>
+												<sp:SignedParts>
+													<sp:Body />
+													<!--
+													<sp:Header Name="To"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+													<sp:Header Name="From"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+													<sp:Header Name="FaultTo"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+													<sp:Header Name="ReplyTo"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+													<sp:Header Name="MessageID"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+													<sp:Header Name="RelatesTo"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+													<sp:Header Name="Action"
+														Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+														-->
+												</sp:SignedParts>
+												<sp:SymmetricBinding>
+													<wsp:Policy>
+														<sp:ProtectionToken>
+															<wsp:Policy>
+																<sp:X509Token
+																	sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+																	<wsp:Policy>
+																		<sp:WssX509V3Token10 />
+																	</wsp:Policy>
+																</sp:X509Token>
+															</wsp:Policy>
+														</sp:ProtectionToken>
+														<sp:AlgorithmSuite>
+															<wsp:Policy>
+																<sp:Basic128 />
+															</wsp:Policy>
+														</sp:AlgorithmSuite>
+														<sp:Layout>
+															<wsp:Policy>
+																<sp:Lax />
+															</wsp:Policy>
+														</sp:Layout>
+														<sp:IncludeTimestamp />
+														<sp:OnlySignEntireHeadersAndBody />
+													</wsp:Policy>
+												</sp:SymmetricBinding>
+												<sp:Wss11>
+													<wsp:Policy>
+														<sp:MustSupportRefKeyIdentifier />
+														<sp:MustSupportRefIssuerSerial />
+														<sp:MustSupportRefThumbprint />
+														<sp:MustSupportRefEncryptedKey />
+													</wsp:Policy>
+												</sp:Wss11>
+												<sp:Trust13>
+													<wsp:Policy>
+														<sp:MustSupportIssuedTokens />
+														<sp:RequireClientEntropy />
+														<sp:RequireServerEntropy />
+													</wsp:Policy>
+												</sp:Trust13>
+											</wsp:Policy>
+										</sp:BootstrapPolicy>
+									</wsp:Policy>
+								</sp:SecureConversationToken>
+							</wsp:Policy>
+						</sp:ProtectionToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:Basic128 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+						<sp:OnlySignEntireHeadersAndBody />
+					</wsp:Policy>
+				</sp:SymmetricBinding>
+				<sp:Wss10>
+					<wsp:Policy>
+						<sp:MustSupportRefKeyIdentifier />
+						<sp:MustSupportRefIssuerSerial />
+					</wsp:Policy>
+				</sp:Wss10>
+				<sp:Trust10>
+					<wsp:Policy>
+						<sp:MustSupportIssuedTokens />
+						<sp:RequireClientEntropy />
+						<sp:RequireServerEntropy />
+					</wsp:Policy>
+				</sp:Trust10>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+    
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
       <wsp:ExactlyOne xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
          <wsp:All>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml
Thu Oct 31 12:09:10 2013
@@ -53,7 +53,6 @@
         </jaxws:properties>
     </jaxws:client>
     
-    
     <jaxws:client name="{http://WSSec/wssc}AC_IPingService" createdFromAPI="true">
         <jaxws:properties>
             <entry key="ws-security.callback-handler.sct" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml
Thu Oct 31 12:09:10 2013
@@ -95,4 +95,21 @@
      
     </jaxws:endpoint> 
     
+    <jaxws:endpoint 
+       id="Symmetric"
+       address="http://localhost:${testutil.ports.UnitServer.2}/DoubleItSymmetric" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSymmetricPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl">
+        
+       <jaxws:properties>
+           <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+           <entry key="ws-security.signature.properties" value="bob.properties"/>
+           <entry key="ws-security.signature.properties.sct" value="bob.properties"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
 </beans>



Mime
View raw message