cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] git commit: Backporting KeyIdentifier test + fix
Date Tue, 26 Aug 2014 11:52:08 GMT
Backporting KeyIdentifier test + fix


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/4408bdc4
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/4408bdc4
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/4408bdc4

Branch: refs/heads/2.7.x-fixes
Commit: 4408bdc4c9e0e5b870ffe70326459f2cefae4da6
Parents: 5d9f76d
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Aug 26 12:51:48 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Aug 26 12:51:48 2014 +0100

----------------------------------------------------------------------
 .../X509TokenPolicyValidator.java               | 74 ++++----------------
 .../cxf/systest/ws/action/ActionTest.java       |  4 --
 .../cxf/systest/ws/action/DoubleItAction.wsdl   |  4 --
 .../org/apache/cxf/systest/ws/action/client.xml | 17 ++---
 .../org/apache/cxf/systest/ws/action/server.xml |  6 +-
 5 files changed, 25 insertions(+), 80 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/4408bdc4/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
index 510ded0..e734447 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
@@ -19,35 +19,29 @@
 
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
+import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 import org.w3c.dom.Element;
-
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-<<<<<<< HEAD
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Merlin;
 import org.apache.ws.security.message.token.BinarySecurity;
-=======
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.dom.bsp.BSPEnforcer;
-import org.apache.wss4j.dom.message.token.BinarySecurity;
-import org.apache.wss4j.dom.message.token.X509Security;
-import org.apache.wss4j.dom.str.STRParser;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.model.X509Token;
-import org.apache.wss4j.policy.model.X509Token.TokenType;
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
+import org.apache.ws.security.message.token.X509Security;
+import org.apache.ws.security.str.STRParser;
+import org.apache.ws.security.util.WSSecurityUtil;
 
 /**
  * Validate an X509 Token policy.
@@ -56,6 +50,7 @@ public class X509TokenPolicyValidator extends AbstractTokenPolicyValidator
imple
     
     private static final String X509_V3_VALUETYPE = WSConstants.X509TOKEN_NS + "#X509v3";
     private static final String PKI_VALUETYPE = WSConstants.X509TOKEN_NS + "#X509PKIPathv1";
+    private static final Logger LOG = LogUtils.getL7dLogger(X509TokenPolicyValidator.class);
     
     public boolean validatePolicy(
         AssertionInfoMap aim,
@@ -64,40 +59,11 @@ public class X509TokenPolicyValidator extends AbstractTokenPolicyValidator
imple
         List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults
     ) {
-<<<<<<< HEAD
         Collection<AssertionInfo> ais = aim.get(SP12Constants.X509_TOKEN);
         if (ais == null || ais.isEmpty()) {
             return true;
         }
-        
-=======
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.X509_TOKEN);
-        if (!ais.isEmpty()) {
-            parsePolicies(ais, message, signedResults, results);
-            
-            assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10);
-            assertPolicy(aim, SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11);
-            assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN10);
-            assertPolicy(aim, SPConstants.WSS_X509_V1_TOKEN11);
-            assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN10);
-            assertPolicy(aim, SPConstants.WSS_X509_V3_TOKEN11);
-            
-            assertPolicy(aim, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE);
-            assertPolicy(aim, SPConstants.REQUIRE_THUMBPRINT_REFERENCE);
-            assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
-            assertPolicy(aim, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE);
-        }
-        
-        return true;
-    }
-    
-    private void parsePolicies(
-        Collection<AssertionInfo> ais, 
-        Message message,
-        List<WSSecurityEngineResult> signedResults,
-        List<WSSecurityEngineResult> results
-    ) {
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
+
         List<WSSecurityEngineResult> bstResults = 
             WSS4JUtils.fetchAllActionResults(results, WSConstants.BST);
         
@@ -116,15 +82,12 @@ public class X509TokenPolicyValidator extends AbstractTokenPolicyValidator
imple
                 continue;
             }
 
-<<<<<<< HEAD
-            if (!checkTokenType(x509TokenPolicy.getTokenVersionAndType(), bstResults)) {
-=======
-            if (!checkTokenType(x509TokenPolicy.getTokenType(), bstResults, signedResults))
{
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
+            if (!checkTokenType(x509TokenPolicy.getTokenVersionAndType(), bstResults, signedResults))
{
                 ai.setNotAsserted("An incorrect X.509 Token Type is detected");
                 continue;
             }
         }
+        
         return true;
     }
     
@@ -132,14 +95,9 @@ public class X509TokenPolicyValidator extends AbstractTokenPolicyValidator
imple
      * Check that at least one received token matches the token type.
      */
     private boolean checkTokenType(
-<<<<<<< HEAD
         String requiredVersionAndType,
-        List<WSSecurityEngineResult> bstResults
-=======
-        TokenType tokenType,
         List<WSSecurityEngineResult> bstResults,
         List<WSSecurityEngineResult> signedResults
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
     ) {
         if (bstResults.isEmpty() && signedResults.isEmpty()) {
             return false;
@@ -174,10 +132,8 @@ public class X509TokenPolicyValidator extends AbstractTokenPolicyValidator
imple
                     if (keyIdentifier != null 
                         && X509_V3_VALUETYPE.equals(keyIdentifier.getAttributeNS(null,
"ValueType"))) {
                         try {
-                            X509Security token = 
-                                new X509Security(keyIdentifier, 
-                                                 new BSPEnforcer(true));
-                            X509Certificate cert = token.getX509Certificate(null);
+                            X509Security token = new X509Security(keyIdentifier, false);
+                            X509Certificate cert = token.getX509Certificate(new Merlin());
                             if (cert != null && cert.getVersion() == 3) {
                                 return true;
                             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4408bdc4/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
index 68e85da..e81be3d 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
@@ -214,9 +214,6 @@ public class ActionTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
-<<<<<<< HEAD
-
-=======
     
     // Here the client is using "Actions", where the server is using an AsymmetricBinding
policy
     @org.junit.Test
@@ -242,5 +239,4 @@ public class ActionTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/4408bdc4/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
index 9a73de0..78835f8 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
@@ -76,9 +76,5 @@
             <soap:address location="http://localhost:9001/DoubleItAsymmetric"/>
         </wsdl:port>
     </wsdl:service>
-<<<<<<< HEAD
 
-=======
-    
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
 </wsdl:definitions>

http://git-wip-us.apache.org/repos/asf/cxf/blob/4408bdc4/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
index 467d6e1..a6fc384 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
@@ -188,9 +188,6 @@
         </jaxws:inInterceptors>
     </jaxws:client>
     
-<<<<<<< HEAD
-    
-=======
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort"
createdFromAPI="true">
         <jaxws:outInterceptors>
             <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
@@ -198,12 +195,12 @@
                     <map>
                         <entry key="action" value="Timestamp Signature Encrypt"/>
                         <entry key="signatureUser" value="alice"/>
-                        <entry key="signaturePropFile" value="alice.properties"/>
+                        <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
                         <entry key="encryptionUser" value="bob"/>
-                        <entry key="encryptionPropFile" value="bob.properties"/>
+                        <entry key="encryptionPropFile" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
                         <entry key="signatureKeyIdentifier" value="DirectReference"/>
                         <entry key="signatureParts" value="{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;{}{http://schemas.xmlsoap.org/soap/envelope/}Body;"/>
-                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
                         <entry key="signatureKeyIdentifier" value="X509KeyIdentifier"/>
                     </map>
                 </constructor-arg>
@@ -214,13 +211,13 @@
                 <constructor-arg>
                     <map>
                         <entry key="action" value="Timestamp Signature Encrypt"/>
-                        <entry key="signatureVerificationPropFile" value="bob.properties"/>
-                        <entry key="decryptionPropFile" value="alice.properties"/>
-                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+                        <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+                        <entry key="decryptionPropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+                        <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
                     </map>
                 </constructor-arg>
             </bean>
         </jaxws:inInterceptors>
     </jaxws:client>
->>>>>>> 6d6ce13... Adding a Action -> Policy test for a KeyIdentifier
fix
+
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/4408bdc4/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
index 073067e..04aa2a3 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
@@ -235,9 +235,9 @@
     
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Asymmetric"
address="http://localhost:${testutil.ports.Server}/DoubleItAsymmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItAsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/action/DoubleItActionPolicy.wsdl">
         <jaxws:properties>
-            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
-            <entry key="ws-security.signature.properties" value="bob.properties"/>
-            <entry key="ws-security.encryption.properties" value="alice.properties"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.wssec10.server.KeystorePasswordCallback"/>
+            <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/server/bob.properties"/>
+            <entry key="ws-security.encryption.properties" value="org/apache/cxf/systest/ws/wssec10/server/alice.properties"/>
             <entry key="ws-security.encryption.username" value="alice"/>
         </jaxws:properties>
     </jaxws:endpoint>


Mime
View raw message