Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E990C10238 for ; Mon, 14 Oct 2013 16:06:58 +0000 (UTC) Received: (qmail 14927 invoked by uid 500); 14 Oct 2013 16:06:54 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 14873 invoked by uid 500); 14 Oct 2013 16:06:47 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 14695 invoked by uid 99); 14 Oct 2013 16:06:40 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Oct 2013 16:06:40 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Oct 2013 16:06:35 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 656C423888E4; Mon, 14 Oct 2013 16:06:13 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1531958 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/ services/sts/systests/basic/src/test/java/org/apache/cx... Date: Mon, 14 Oct 2013 16:06:13 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20131014160613.656C423888E4@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Mon Oct 14 16:06:12 2013 New Revision: 1531958 URL: http://svn.apache.org/r1531958 Log: More work on streaming STS test-cases Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1531958&r1=1531957&r2=1531958&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Mon Oct 14 16:06:12 2013 @@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j import java.io.IOException; import java.security.Key; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -32,6 +33,7 @@ import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; +import javax.crypto.spec.SecretKeySpec; import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; @@ -62,6 +64,7 @@ import org.apache.wss4j.common.saml.bean import org.apache.wss4j.common.saml.bean.SubjectBean; import org.apache.wss4j.common.util.KeyUtils; import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.policy.SP11Constants; import org.apache.wss4j.policy.SP12Constants; import org.apache.wss4j.policy.SPConstants; @@ -95,11 +98,16 @@ import org.apache.wss4j.policy.model.XPa import org.apache.wss4j.policy.stax.PolicyUtils; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken; +import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; +import org.apache.xml.security.algorithms.JCEMapper; import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.stax.ext.SecurePart; import org.apache.xml.security.stax.ext.SecurePart.Modifier; +import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken; import org.apache.xml.security.stax.securityToken.OutboundSecurityToken; +import org.apache.xml.security.stax.securityToken.SecurityTokenConstants; import org.apache.xml.security.stax.securityToken.SecurityTokenProvider; +import org.apache.xml.security.utils.Base64; import org.opensaml.common.SAMLVersion; /** @@ -413,6 +421,73 @@ public abstract class AbstractStaxBindin return null; } + protected void storeSecurityToken(SecurityToken tok) { + SecurityTokenConstants.TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken; + if (tok.getTokenType() != null) { + if (tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) { + tokenType = WSSecurityTokenConstants.KerberosToken; + } else if (tok.getTokenType().startsWith(WSSConstants.NS_SAML10_TOKEN_PROFILE) + || tok.getTokenType().startsWith(WSSConstants.NS_SAML11_TOKEN_PROFILE)) { + tokenType = WSSecurityTokenConstants.Saml11Token; + } else if (tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_02) + || tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_12)) { + tokenType = WSSecurityTokenConstants.SecureConversationToken; + } + } + + final Key key = tok.getKey(); + final byte[] secret = tok.getSecret(); + final X509Certificate[] certs = new X509Certificate[1]; + if (tok.getX509Certificate() != null) { + certs[0] = tok.getX509Certificate(); + } + + final GenericOutboundSecurityToken encryptedKeySecurityToken = + new GenericOutboundSecurityToken(tok.getId(), tokenType, key, certs) { + + @Override + public Key getSecretKey(String algorithmURI) throws XMLSecurityException { + if (secret != null && algorithmURI != null && !"".equals(algorithmURI)) { + return KeyUtils.prepareSecretKey(algorithmURI, secret); + } + if (key != null) { + return key; + } + if (secret != null) { + String jceAlg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI); + if (jceAlg == null || "".equals(jceAlg)) { + jceAlg = "HmacSHA1"; + } + return new SecretKeySpec(secret, jceAlg); + } + + return super.getSecretKey(algorithmURI); + } + }; + + final SecurityTokenProvider encryptedKeySecurityTokenProvider = + new SecurityTokenProvider() { + + @Override + public OutboundSecurityToken getSecurityToken() throws XMLSecurityException { + return encryptedKeySecurityToken; + } + + @Override + public String getId() { + return encryptedKeySecurityToken.getId(); + } + + }; + encryptedKeySecurityToken.setSha1Identifier(tok.getSHA1()); + outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, + encryptedKeySecurityTokenProvider); + outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, + encryptedKeySecurityTokenProvider); + outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN, + encryptedKeySecurityTokenProvider); + } + protected void policyNotAsserted(Assertion assertion, String reason) { if (assertion == null) { return; @@ -1097,4 +1172,45 @@ public abstract class AbstractStaxBindin return encryptedParts; } + protected static class TokenStoreCallbackHandler implements CallbackHandler { + private CallbackHandler internal; + private TokenStore store; + public TokenStoreCallbackHandler(CallbackHandler in, TokenStore st) { + internal = in; + store = st; + } + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; + + String id = pc.getIdentifier(); + SecurityToken token = store.getToken(id); + if (token != null) { + if (token.getSHA1() == null && pc.getKey() != null) { + token.setSHA1(getSHA1(pc.getKey())); + // Create another cache entry with the SHA1 Identifier as the key + // for easy retrieval + store.add(token.getSHA1(), token); + } + pc.setKey(token.getSecret()); + pc.setCustomToken(token.getToken()); + return; + } + } + if (internal != null) { + internal.handle(callbacks); + } + } + } + + private static String getSHA1(byte[] input) { + try { + byte[] digestBytes = WSSecurityUtil.generateDigest(input); + return Base64.encode(digestBytes); + } catch (WSSecurityException e) { + //REVISIT + } + return null; + } } Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1531958&r1=1531957&r2=1531958&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Mon Oct 14 16:06:12 2013 @@ -25,6 +25,7 @@ import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; +import javax.security.auth.callback.CallbackHandler; import javax.xml.namespace.QName; import javax.xml.soap.SOAPException; @@ -44,6 +45,9 @@ import org.apache.wss4j.policy.model.Abs import org.apache.wss4j.policy.model.AlgorithmSuite; import org.apache.wss4j.policy.model.AsymmetricBinding; import org.apache.wss4j.policy.model.IssuedToken; +import org.apache.wss4j.policy.model.SecureConversationToken; +import org.apache.wss4j.policy.model.SecurityContextToken; +import org.apache.wss4j.policy.model.SpnegoContextToken; import org.apache.wss4j.policy.model.X509Token; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.xml.security.stax.ext.SecurePart; @@ -102,6 +106,18 @@ public class StaxAsymmetricBindingHandle if (initiatorToken instanceof IssuedToken) { SecurityToken sigTok = getSecurityToken(); addIssuedToken((IssuedToken)initiatorToken, sigTok, false, true); + if (sigTok != null) { + storeSecurityToken(sigTok); + outboundTokens.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION); + } + + // Set up CallbackHandler which wraps the configured Handler + Map config = getProperties(); + TokenStoreCallbackHandler callbackHandler = + new TokenStoreCallbackHandler( + (CallbackHandler)config.get(ConfigurationConstants.PW_CALLBACK_REF), getTokenStore() + ); + config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler); } } @@ -206,6 +222,18 @@ public class StaxAsymmetricBindingHandle if (initiatorToken instanceof IssuedToken) { SecurityToken sigTok = getSecurityToken(); addIssuedToken((IssuedToken)initiatorToken, sigTok, false, true); + if (sigTok != null) { + storeSecurityToken(sigTok); + outboundTokens.remove(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION); + } + + // Set up CallbackHandler which wraps the configured Handler + Map config = getProperties(); + TokenStoreCallbackHandler callbackHandler = + new TokenStoreCallbackHandler( + (CallbackHandler)config.get(ConfigurationConstants.PW_CALLBACK_REF), getTokenStore() + ); + config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler); } } @@ -377,16 +405,19 @@ public class StaxAsymmetricBindingHandle } AbstractToken sigToken = wrapper.getToken(); + configureSignature(wrapper, sigToken, false); + if (abinding.isProtectTokens() && (sigToken instanceof X509Token) && sigToken.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER) { parts += "{Element}{" + WSSConstants.NS_WSSE10 + "}BinarySecurityToken;"; + } else if (sigToken instanceof IssuedToken || sigToken instanceof SecurityContextToken + || sigToken instanceof SecureConversationToken || sigToken instanceof SpnegoContextToken) { + config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false"); } config.put(ConfigurationConstants.SIGNATURE_PARTS, parts); config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts); - configureSignature(wrapper, sigToken, false); - if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { config.put(ConfigurationConstants.SIG_ALGO, abinding.getAlgorithmSuite().getSymmetricSignature()); Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1531958&r1=1531957&r2=1531958&view=diff ============================================================================== --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original) +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Mon Oct 14 16:06:12 2013 @@ -19,8 +19,6 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; -import java.io.IOException; -import java.security.Key; import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Date; @@ -29,10 +27,7 @@ import java.util.Map; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import javax.crypto.spec.SecretKeySpec; -import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; -import javax.security.auth.callback.UnsupportedCallbackException; import javax.xml.namespace.QName; import javax.xml.soap.SOAPException; @@ -43,14 +38,10 @@ import org.apache.cxf.message.MessageUti import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; -import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.ConfigurationConstants; -import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; -import org.apache.wss4j.common.util.KeyUtils; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.WSSConfig; -import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding; import org.apache.wss4j.policy.model.AbstractToken; @@ -68,19 +59,15 @@ import org.apache.wss4j.policy.model.Use import org.apache.wss4j.policy.model.X509Token; import org.apache.wss4j.stax.ext.WSSConstants; import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants; -import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.apache.xml.security.algorithms.JCEMapper; import org.apache.xml.security.exceptions.XMLSecurityException; import org.apache.xml.security.stax.ext.SecurePart; import org.apache.xml.security.stax.ext.SecurePart.Modifier; -import org.apache.xml.security.stax.impl.securityToken.GenericOutboundSecurityToken; import org.apache.xml.security.stax.impl.util.IDGenerator; import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent; import org.apache.xml.security.stax.securityEvent.SecurityEvent; import org.apache.xml.security.stax.securityToken.OutboundSecurityToken; -import org.apache.xml.security.stax.securityToken.SecurityTokenConstants.TokenType; import org.apache.xml.security.stax.securityToken.SecurityTokenProvider; -import org.apache.xml.security.utils.Base64; /** * @@ -623,16 +610,6 @@ public class StaxSymmetricBindingHandler return null; } - private String getSHA1(byte[] input) { - try { - byte[] digestBytes = WSSecurityUtil.generateDigest(input); - return Base64.encode(digestBytes); - } catch (WSSecurityException e) { - //REVISIT - } - return null; - } - private KeyGenerator getKeyGenerator(String symEncAlgo) throws WSSecurityException { try { // @@ -662,98 +639,4 @@ public class StaxSymmetricBindingHandler } } - private void storeSecurityToken(SecurityToken tok) { - TokenType tokenType = WSSecurityTokenConstants.EncryptedKeyToken; - if (tok.getTokenType() != null) { - if (tok.getTokenType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) { - tokenType = WSSecurityTokenConstants.KerberosToken; - } else if (tok.getTokenType().startsWith(WSSConstants.NS_SAML10_TOKEN_PROFILE) - || tok.getTokenType().startsWith(WSSConstants.NS_SAML11_TOKEN_PROFILE)) { - tokenType = WSSecurityTokenConstants.Saml11Token; - } else if (tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_02) - || tok.getTokenType().startsWith(WSSConstants.NS_WSC_05_12)) { - tokenType = WSSecurityTokenConstants.SecureConversationToken; - } - } - - final Key key = tok.getKey(); - final byte[] secret = tok.getSecret(); - final GenericOutboundSecurityToken encryptedKeySecurityToken = - new GenericOutboundSecurityToken(tok.getId(), tokenType, key) { - - @Override - public Key getSecretKey(String algorithmURI) throws XMLSecurityException { - if (secret != null && algorithmURI != null && !"".equals(algorithmURI)) { - return KeyUtils.prepareSecretKey(algorithmURI, secret); - } - if (key != null) { - return key; - } - if (secret != null) { - String jceAlg = JCEMapper.getJCEKeyAlgorithmFromURI(algorithmURI); - if (jceAlg == null || "".equals(jceAlg)) { - jceAlg = "HmacSHA1"; - } - return new SecretKeySpec(secret, jceAlg); - } - - return super.getSecretKey(algorithmURI); - } - }; - - final SecurityTokenProvider encryptedKeySecurityTokenProvider = - new SecurityTokenProvider() { - - @Override - public OutboundSecurityToken getSecurityToken() throws XMLSecurityException { - return encryptedKeySecurityToken; - } - - @Override - public String getId() { - return encryptedKeySecurityToken.getId(); - } - - }; - encryptedKeySecurityToken.setSha1Identifier(tok.getSHA1()); - outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_ENCRYPTION, - encryptedKeySecurityTokenProvider); - outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_SIGNATURE, - encryptedKeySecurityTokenProvider); - outboundTokens.put(WSSConstants.PROP_USE_THIS_TOKEN_ID_FOR_CUSTOM_TOKEN, - encryptedKeySecurityTokenProvider); - } - - private class TokenStoreCallbackHandler implements CallbackHandler { - private CallbackHandler internal; - private TokenStore store; - public TokenStoreCallbackHandler(CallbackHandler in, TokenStore st) { - internal = in; - store = st; - } - - public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - WSPasswordCallback pc = (WSPasswordCallback)callbacks[i]; - - String id = pc.getIdentifier(); - SecurityToken token = store.getToken(id); - if (token != null) { - if (token.getSHA1() == null && pc.getKey() != null) { - token.setSHA1(getSHA1(pc.getKey())); - // Create another cache entry with the SHA1 Identifier as the key - // for easy retrieval - store.add(token.getSHA1(), token); - } - pc.setKey(token.getSecret()); - pc.setCustomToken(token.getToken()); - return; - } - } - if (internal != null) { - internal.handle(callbacks); - } - } - - } } Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java?rev=1531958&r1=1531957&r2=1531958&view=diff ============================================================================== --- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java (original) +++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java Mon Oct 14 16:06:12 2013 @@ -191,10 +191,25 @@ public class AsymmetricBindingTest exten doubleIt(asymmetricSaml1EncryptedPort, 40); + // TODO Streaming - The encrypted issued token is placed under the Signature + // and hence an error is thrown on the receiving side + asymmetricSaml1EncryptedPort = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(asymmetricSaml1EncryptedPort, PORT); + if (standalone) { + TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1EncryptedPort, STSPORT2); + } + bindingProvider = (BindingProvider)asymmetricSaml1EncryptedPort; + stsClient = + (STSClient)bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT); + stsClient.setUseKeyCertificate(certs[0]); + + SecurityTestUtil.enableStreaming(asymmetricSaml1EncryptedPort); + // doubleIt(asymmetricSaml1EncryptedPort, 25); + ((java.io.Closeable)asymmetricSaml1EncryptedPort).close(); bus.shutdown(true); } - + private static void doubleIt(DoubleItPortType port, int numToDouble) { int resp = port.doubleIt(numToDouble); assertEquals(numToDouble * 2 , resp); Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java?rev=1531958&r1=1531957&r2=1531958&view=diff ============================================================================== --- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java (original) +++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/StaxAsymmetricBindingTest.java Mon Oct 14 16:06:12 2013 @@ -193,6 +193,21 @@ public class StaxAsymmetricBindingTest e doubleIt(asymmetricSaml1EncryptedPort, 40); + // TODO Streaming - The encrypted issued token is placed under the Signature + // and hence an error is thrown on the receiving side + asymmetricSaml1EncryptedPort = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(asymmetricSaml1EncryptedPort, PORT); + if (standalone) { + TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1EncryptedPort, STSPORT2); + } + bindingProvider = (BindingProvider)asymmetricSaml1EncryptedPort; + stsClient = + (STSClient)bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT); + stsClient.setUseKeyCertificate(certs[0]); + + SecurityTestUtil.enableStreaming(asymmetricSaml1EncryptedPort); + // doubleIt(asymmetricSaml1EncryptedPort, 25); + ((java.io.Closeable)asymmetricSaml1EncryptedPort).close(); bus.shutdown(true); } Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java?rev=1531958&r1=1531957&r2=1531958&view=diff ============================================================================== --- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java (original) +++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java Mon Oct 14 16:06:12 2013 @@ -175,11 +175,12 @@ public class SymmetricBindingTest extend // DOM doubleIt(symmetricSaml1Port, 25); - // TODO Streaming - Problem with including encrypted SAML Token in header + // TODO Streaming - The encrypted issued token is placed under the ReferenceList + // and hence an error is thrown on the receiving side symmetricSaml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(symmetricSaml1Port, PORT); if (standalone) { - TokenTestUtils.updateSTSPort((BindingProvider)symmetricSaml1Port, STSPORT); + TokenTestUtils.updateSTSPort((BindingProvider)symmetricSaml1Port, STSPORT2); } SecurityTestUtil.enableStreaming(symmetricSaml1Port); // doubleIt(symmetricSaml1Port, 25); @@ -208,8 +209,18 @@ public class SymmetricBindingTest extend TokenTestUtils.updateSTSPort((BindingProvider)symmetricSaml2Port, STSPORT2); } + // DOM doubleIt(symmetricSaml2Port, 30); + // Streaming + symmetricSaml2Port = service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(symmetricSaml2Port, PORT); + if (standalone) { + TokenTestUtils.updateSTSPort((BindingProvider)symmetricSaml2Port, STSPORT2); + } + SecurityTestUtil.enableStreaming(symmetricSaml2Port); + doubleIt(symmetricSaml2Port, 25); + ((java.io.Closeable)symmetricSaml2Port).close(); bus.shutdown(true); }