Return-Path: 
 <commits-return-39848-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 31E8B17F0A
	for <apmail-cxf-commits-archive@www.apache.org>;
 Fri,  8 Jan 2016 13:38:22 +0000 (UTC)
Received: (qmail 45786 invoked by uid 500); 8 Jan 2016 13:38:22 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 45736 invoked by uid 500); 8 Jan 2016 13:38:21 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 45727 invoked by uid 99); 8 Jan 2016 13:38:21 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jan 2016 13:38:21 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 3D239DFC89; Fri,  8 Jan 2016 13:38:21 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <00618a2eaddf41e9a70d315f0cfed7b0@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Support referencing a SAML PublicKey with the
 Asymmetric Binding + KeyValue
Date: Fri,  8 Jan 2016 13:38:21 +0000 (UTC)

Repository: cxf
Updated Branches:
  refs/heads/master 8a4e85b24 -> 9754ca7ba


Support referencing a SAML PublicKey with the Asymmetric Binding + KeyValue


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9754ca7b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9754ca7b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9754ca7b

Branch: refs/heads/master
Commit: 9754ca7bab38fc8e73df276488ff63295fcb2b82
Parents: 8a4e85b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jan 8 12:14:17 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jan 8 12:14:17 2016 +0000

----------------------------------------------------------------------
 .../AsymmetricBindingHandler.java               |  6 +++-
 .../IssuedTokenPolicyValidator.java             |  3 ++
 .../sts/asymmetric/AsymmetricBindingTest.java   | 35 +++++++++++++++++++-
 .../cxf/systest/sts/asymmetric/DoubleIt.wsdl    |  3 ++
 .../cxf/systest/sts/asymmetric/cxf-client.xml   | 30 +++++++++++++++++
 .../cxf/systest/sts/asymmetric/cxf-service.xml  |  7 ++++
 .../systest/sts/asymmetric/cxf-stax-service.xml |  8 +++++
 7 files changed, 90 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 2508447..564cece 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
+import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -478,10 +479,13 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     if (!isRequestor() && securityToken != null 
                         && securityToken.getX509Certificate() != null) {
                         encr.setUseThisCert(securityToken.getX509Certificate());
+                    } else if (!isRequestor() && securityToken != null 
+                        && securityToken.getKey() instanceof PublicKey) {
+                        encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
                     } else {
                         setEncryptionUser(encr, encrToken, false, crypto);
                     }
-                    if (!encr.isCertSet() && crypto == null) {
+                    if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
                         unassertPolicy(recToken, "Missing security configuration. "
                                 + "Make sure jaxws:client element is configured " 
                                 + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");

http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
index 73f3f29..c2c21f2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
@@ -270,6 +270,9 @@ public class IssuedTokenPolicyValidator extends AbstractSamlPolicyValidator {
             if (certs != null && certs.length > 0) {
                 token.setX509Certificate(certs[0], null);
             }
+            if (subjectKeyInfo.getPublicKey() != null) {
+                token.setKey(subjectKeyInfo.getPublicKey());
+            }
         }
         if (assertionWrapper.getSaml1() != null) {
             token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);

http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
index 6f63830..cb4627c 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
@@ -105,7 +105,6 @@ public class AsymmetricBindingTest extends AbstractBusClientServerTestBase {
                                                 {new TestParam(PORT, true, STSPORT2)},
                                                 {new TestParam(STAX_PORT, false, STSPORT2)},
                                                 {new TestParam(STAX_PORT, true, STSPORT2)},
-                                                
                                                 {new TestParam(PORT, false, STAX_STSPORT2)},
                                                 {new TestParam(PORT, true, STAX_STSPORT2)},
                                                 {new TestParam(STAX_PORT, false, STAX_STSPORT2)},
@@ -177,6 +176,40 @@ public class AsymmetricBindingTest extends AbstractBusClientServerTestBase {
         ((java.io.Closeable)asymmetricSaml2Port).close();
         bus.shutdown(true);
     }
+    
+    @org.junit.Test
+    public void testUsernameTokenSAML2KeyValue() throws Exception {
+        // TODO
+        if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = AsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2KeyValuePort");
+        DoubleItPortType asymmetricSaml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(asymmetricSaml2Port, test.getPort());
+        
+        TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml2Port, test.getStsPort());
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(asymmetricSaml2Port);
+        }
+        
+        doubleIt(asymmetricSaml2Port, 30);
+        TokenTestUtils.verifyToken(asymmetricSaml2Port);
+        
+        ((java.io.Closeable)asymmetricSaml2Port).close();
+        bus.shutdown(true);
+    }
 
     @org.junit.Test
     public void testUsernameTokenSAML1Encrypted() throws Exception {

http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
index 2f78416..c6f7c1a 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
@@ -56,6 +56,9 @@
         <wsdl:port name="DoubleItAsymmetricSAML2Port" binding="tns:DoubleItAsymmetricSAML2Binding">
             <soap:address location="http://localhost:8082/doubleit/services/doubleitasymmetricsaml2"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItAsymmetricSAML2KeyValuePort" binding="tns:DoubleItAsymmetricSAML2Binding">
+            <soap:address location="http://localhost:8082/doubleit/services/doubleitasymmetricsaml2keyvalue"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItAsymmetricSAML1EncryptedPort" binding="tns:DoubleItAsymmetricSAML1Binding">
             <soap:address location="http://localhost:8082/doubleit/services/doubleitasymmetricsaml1encrypted"/>
         </wsdl:port>

http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
index e98ffba..ed6013b 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
@@ -61,6 +61,36 @@
             <entry key="security.sts.client" value-ref="stsClient"/>
         </jaxws:properties>
     </jaxws:client>
+    
+     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSAML2KeyValuePort" createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="security.signature.properties" value="clientKeystore.properties"/>
+            <entry key="security.signature.username" value="myclientkey"/>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.encryption.properties" value="clientKeystore.properties"/>
+            <entry key="security.encryption.username" value="myservicekey"/>
+            <entry key="security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="http://localhost:8080/SecurityTokenService/UT?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port"/>
+                    <property name="properties">
+                        <map>
+                            <entry key="security.username" value="alice"/>
+                            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                            <entry key="security.encryption.username" value="mystskey"/>
+                            <entry key="security.encryption.properties" value="clientKeystore.properties"/>
+                            <entry key="security.sts.token.username" value="myclientkey"/>
+                            <entry key="security.sts.token.properties" value="clientKeystore.properties"/>
+                            <entry key="ws-security.is-bsp-compliant" value="false"/>
+                       </map>
+                    </property>
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:client>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSAML1EncryptedPort" createdFromAPI="true">
         <jaxws:properties>
             <entry key="security.signature.properties" value="clientKeystore.properties"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
index 3c3e88b..cbc183c 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
@@ -34,6 +34,13 @@
             <entry key="security.signature.properties" value="serviceKeystore.properties"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml2keyvalue" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML2KeyValuePort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.Server}/doubleit/services/doubleitasymmetricsaml2keyvalue" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="security.signature.username" value="myservicekey"/>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml1encrypted" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML1EncryptedPort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.Server}/doubleit/services/doubleitasymmetricsaml1encrypted" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
         <jaxws:properties>
             <entry key="security.signature.username" value="myservicekey"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
index d484007..3c6ca76 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
@@ -36,6 +36,14 @@
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml2keyvalue" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML2KeyValuePort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.StaxServer}/doubleit/services/doubleitasymmetricsaml2keyvalue" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="security.signature.username" value="myservicekey"/>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml1encrypted" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML1EncryptedPort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.StaxServer}/doubleit/services/doubleitasymmetricsaml1encrypted" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
         <jaxws:properties>
             <entry key="security.signature.username" value="myservicekey"/>