cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario Thanks to Hugo Trippaers for the patch. Some modifications made to the patch as outlined in the JIRA. This closes #176
Date Tue, 28 Mar 2017 16:31:41 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9df8cbc09 -> b30d620d9


CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario
Thanks to Hugo Trippaers for the patch. Some modifications made to the patch as outlined in
the JIRA.
This closes #176


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b30d620d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b30d620d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b30d620d

Branch: refs/heads/master
Commit: b30d620d90593f52b79ae578373597defc89e80d
Parents: 9df8cbc
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Mar 28 17:29:22 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Mar 28 17:31:37 2017 +0100

----------------------------------------------------------------------
 .../rs/security/xml/EncryptionProperties.java   |  7 +++
 .../rs/security/xml/SignatureProperties.java    |  7 +++
 .../rs/security/xml/XmlSecOutInterceptor.java   |  7 ++-
 .../jaxrs/security/xml/JAXRSXmlSecTest.java     | 45 ++++++++++++++++++++
 .../systest/jaxrs/security/xml/stax-server.xml  | 16 +++++++
 5 files changed, 80 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
index e7c0fdf..4de9e8e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
@@ -25,6 +25,7 @@ public class EncryptionProperties {
     private String encryptionSymmetricKeyAlgo;
     private String encryptionDigestAlgo;
     private String encryptionKeyIdType;
+    private String encryptionKeyName;
 
     public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) {
         this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo;
@@ -50,5 +51,11 @@ public class EncryptionProperties {
     public String getEncryptionKeyIdType() {
         return encryptionKeyIdType;
     }
+    public String getEncryptionKeyName() {
+        return encryptionKeyName;
+    }
+    public void setEncryptionKeyName(String encryptionKeyName) {
+        this.encryptionKeyName = encryptionKeyName;
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
index dc81c8a..8c861ab 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
@@ -24,6 +24,7 @@ public class SignatureProperties {
     private String signatureC14nMethod;
     private String signatureC14nTransform;
     private String signatureKeyIdType;
+    private String signatureKeyName;
 
     public void setSignatureAlgo(String signatureAlgo) {
         this.signatureAlgo = signatureAlgo;
@@ -71,5 +72,11 @@ public class SignatureProperties {
     public void setSignatureKeyIdType(String signatureKeyIdType) {
         this.signatureKeyIdType = signatureKeyIdType;
     }
+    public String getSignatureKeyName() {
+        return signatureKeyName;
+    }
+    public void setSignatureKeyName(String signatureKeyName) {
+        this.signatureKeyName = signatureKeyName;
+    }
 
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 4688537..904a92b 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -48,6 +48,7 @@ import org.apache.cxf.phase.Phase;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.common.RSSecurityUtils;
 import org.apache.cxf.rt.security.SecurityConstants;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -160,8 +161,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         if (encryptSymmetricKey) {
             X509Certificate sendingCert = null;
             String userName =
-                (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
-                    SecurityConstants.ENCRYPT_USERNAME, message);
+                (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME,
message);
             if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
                 && !MessageUtils.isRequestor(message)) {
                 sendingCert =
@@ -194,6 +194,8 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
             properties.setEncryptionKeyIdentifier(
                 convertKeyIdentifier(encryptionProperties.getEncryptionKeyIdType()));
 
+            properties.setEncryptionKeyName(encryptionProperties.getEncryptionKeyName());
+
             if (encryptionProperties.getEncryptionKeyTransportAlgo() != null) {
                 properties.setEncryptionKeyTransportAlgorithm(
                     encryptionProperties.getEncryptionKeyTransportAlgo());
@@ -313,6 +315,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         if (this.keyInfoMustBeAvailable) {
             properties.setSignatureKeyIdentifier(
                 convertKeyIdentifier(sigProps.getSignatureKeyIdType()));
+            properties.setSignatureKeyName(sigProps.getSignatureKeyName());
         } else {
             properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_NoKeyInfo);
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index ea6f547..bb08668 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -35,6 +35,7 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rs.security.common.RSSecurityUtils;
 import org.apache.cxf.rs.security.xml.EncryptionProperties;
+import org.apache.cxf.rs.security.xml.SignatureProperties;
 import org.apache.cxf.rs.security.xml.XmlEncInInterceptor;
 import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
 import org.apache.cxf.rs.security.xml.XmlSecInInterceptor;
@@ -396,6 +397,50 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase
{
     }
 
     @Test
+    public void testPostBookWithEnvelopedSigKeyName() throws Exception {
+        // This test only applies to StAX - see CXF-7084
+        if (!test.streaming || !STAX_PORT.equals(test.port)) {
+            return;
+        }
+        String address = "https://localhost:" + test.port + "/xmlsigkeyname/bookstore/books";
+
+        JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+        bean.setAddress(address);
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+        Bus springBus = bf.createBus(busFile.toString());
+        bean.setBus(springBus);
+
+        Map<String, Object> properties = new HashMap<>();
+        properties.put(SecurityConstants.CALLBACK_HANDLER,
+                       "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+        properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
+        properties.put(SecurityConstants.SIGNATURE_PROPERTIES,
+                       "org/apache/cxf/systest/jaxrs/security/alice.properties");
+        bean.setProperties(properties);
+        XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+        sigOutInterceptor.setSignRequest(true);
+        sigOutInterceptor.setKeyInfoMustBeAvailable(true);
+
+        SignatureProperties sigProps = new SignatureProperties();
+        sigProps.setSignatureKeyName("alice");
+        sigProps.setSignatureKeyIdType("KeyName");
+        sigOutInterceptor.setSignatureProperties(sigProps);
+
+        bean.getOutInterceptors().add(sigOutInterceptor);
+
+        XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+        sigInInterceptor.setRequireSignature(true);
+        bean.setProvider(sigInInterceptor);
+
+        WebClient wc = bean.createWebClient();
+        WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+        Book book = wc.post(new Book("CXF", 126L), Book.class);
+        assertEquals(126L, book.getId());
+    }
+
+    @Test
     public void testPostEncryptedBook() throws Exception {
         String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
         Map<String, Object> properties = new HashMap<>();

http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
index fedc4f5..3ff5b4e 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
@@ -148,6 +148,22 @@ under the License.
         </jaxrs:properties>
     </jaxrs:server>
     
+    <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigkeyname">
+        <jaxrs:serviceBeans>
+            <ref bean="serviceBean"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:inInterceptors>
+            <ref bean="xmlSigInHandler"/>
+        </jaxrs:inInterceptors>
+        <jaxrs:outInterceptors>
+            <ref bean="xmlSigOutHandler"/>
+        </jaxrs:outInterceptors>
+        <jaxrs:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+        </jaxrs:properties>
+    </jaxrs:server>
+    
     <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints">
         <jaxrs:serviceBeans>
             <ref bean="serviceBean"/>


Mime
View raw message