cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] branch master updated: Added EndorsingSupportingToken/IssuedToken SymmetricKey test
Date Tue, 16 Jan 2018 17:59:55 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new dae5b16  Added EndorsingSupportingToken/IssuedToken SymmetricKey test
dae5b16 is described below

commit dae5b16c80b4a8e4926e29e901b3c8477cec71b8
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Tue Jan 16 17:55:39 2018 +0000

    Added EndorsingSupportingToken/IssuedToken SymmetricKey test
---
 .../sts/transport/TransportBindingTest.java        | 29 +++++++
 .../apache/cxf/systest/sts/transport/DoubleIt.wsdl | 92 ++++++++++++++++++++++
 .../cxf/systest/sts/transport/cxf-client.xml       |  9 +++
 .../cxf/systest/sts/transport/cxf-service.xml      |  7 ++
 .../cxf/systest/sts/transport/cxf-stax-service.xml |  9 +++
 5 files changed, 146 insertions(+)

diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
index 0eca7f7..49def3e 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
@@ -419,6 +419,35 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase
{
         bus.shutdown(true);
     }
 
+    @org.junit.Test
+    public void testSAML2EndorsingSymmetric() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = TransportBindingTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2SymmetricEndorsingPort");
+        DoubleItPortType transportSaml1Port =
+            service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(transportSaml1Port, test.getPort());
+
+        TokenTestUtils.updateSTSPort((BindingProvider)transportSaml1Port, test.getStsPort());
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportSaml1Port);
+        }
+
+        doubleIt(transportSaml1Port, 25);
+
+        ((java.io.Closeable)transportSaml1Port).close();
+        bus.shutdown(true);
+    }
+
     private DOMSource createDOMRequest() throws ParserConfigurationException {
         // Creating a DOMSource Object for the request
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
index fe0e803..083f672 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
@@ -79,6 +79,21 @@
             </wsdl:output>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItTransportSAML2SymmetricEndorsingBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2SymmetricEndorsingPolicy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItTransportSAML1Port" binding="tns:DoubleItTransportSAML1Binding">
             <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1"/>
@@ -93,6 +108,10 @@
                    binding="tns:DoubleItTransportSAML2X509EndorsingBinding">
             <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2x509endorsing"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItTransportSAML2SymmetricEndorsingPort"
+                   binding="tns:DoubleItTransportSAML2SymmetricEndorsingBinding">
+            <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2symmetricendorsing"/>
+        </wsdl:port>
     </wsdl:service>
     <wsp:Policy wsu:Id="DoubleItBindingTransportSAML1Policy">
         <wsp:ExactlyOne>
@@ -373,6 +392,79 @@
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2SymmetricEndorsingPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsam:Addressing wsp:Optional="false">
+                    <wsp:Policy/>
+                </wsam:Addressing>
+                <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:HttpsToken>
+                                    <wsp:Policy/>
+                                </sp:HttpsToken>
+                            </wsp:Policy>
+                        </sp:TransportToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <sp:RequestSecurityTokenTemplate>
+                                <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+                                <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType>
+                            </sp:RequestSecurityTokenTemplate>
+                            <wsp:Policy>
+                                <sp:RequireInternalReference/>
+                                <!-- <sp:RequireDerivedKeys/> -->
+                            </wsp:Policy>
+                            <sp:Issuer>
+                                <wsaw:Address>http://localhost:8080/STS/STSUT
+                                                                </wsaw:Address>
+                                <wsaw:Metadata>
+                                    <wsx:Metadata>
+                                        <wsx:MetadataSection>
+                                            <wsx:MetadataReference>
+                                                <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+                                                                                        
       </wsaw:Address>
+                                            </wsx:MetadataReference>
+                                        </wsx:MetadataSection>
+                                    </wsx:Metadata>
+                                </wsaw:Metadata>
+                            </sp:Issuer>
+                        </sp:IssuedToken>
+                    </wsp:Policy>
+                </sp:EndorsingSupportingTokens>
+                <sp:Wss11>
+                    <wsp:Policy>
+                        <sp:MustSupportRefIssuerSerial/>
+                        <sp:MustSupportRefThumbprint/>
+                        <sp:MustSupportRefEncryptedKey/>
+                    </wsp:Policy>
+                </sp:Wss11>
+                <sp:Trust13>
+                    <wsp:Policy>
+                        <sp:MustSupportIssuedTokens/>
+                        <sp:RequireClientEntropy/>
+                        <sp:RequireServerEntropy/>
+                    </wsp:Policy>
+                </sp:Trust13>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
         <wsp:ExactlyOne>
             <wsp:All>
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
index f6d0912..1606d31 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
@@ -28,6 +28,7 @@
         <property name="wsdlLocation" value="https://localhost:8443/SecurityTokenService/Transport?wsdl"/>
         <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
         <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+        <property name="keySize" value="128"/>
         <property name="properties">
             <map>
                 <entry key="security.username" value="alice"/>
@@ -80,6 +81,14 @@
             <entry key="security.sts.client" value-ref="stsClient"/>
         </jaxws:properties>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SymmetricEndorsingPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="security.username" value="myclientkey"/>
+            <entry key="security.signature.properties" value="clientKeystore.properties"/>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.sts.client" value-ref="stsClient"/>
+        </jaxws:properties>
+    </jaxws:client>
     <http:conduit name="https://localhost.*">
         <http:tlsClientParameters disableCNCheck="true">
             <sec:keyManagers keyPassword="ckpass">
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
index 84a0288..d2d09da 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
@@ -52,6 +52,13 @@
             <entry key="ws-security.enable.timestamp.cache" value="false"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2symmetric"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2SymmetricEndorsingPort"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.transport.Server}/doubleit/services/doubleittransportsaml2symmetricendorsing"
wsdlLocation="org/apache/cxf/systest/sts/transport/DoubleIt.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.enable.timestamp.cache" value="false"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
         <httpj:engine port="${testutil.ports.transport.Server}">
             <httpj:tlsServerParameters>
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
index 6a7eef7..1b3607c 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
@@ -57,6 +57,15 @@
             <entry key="ws-security.enable.timestamp.cache" value="false"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2symmetricendorsing"
implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2SymmetricEndorsingPort"
serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.transport.StaxServer}/doubleit/services/doubleittransportsaml2symmetricendorsing"
wsdlLocation="org/apache/cxf/systest/sts/transpor [...]
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+            <entry key="ws-security.is-bsp-compliant" value="false"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+            <entry key="ws-security.enable.timestamp.cache" value="false"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
         <httpj:engine port="${testutil.ports.transport.StaxServer}">
             <httpj:tlsServerParameters>

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Mime
View raw message