You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/07/04 12:24:27 UTC
svn commit: r1499714 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/ sy...
Author: coheigea
Date: Thu Jul 4 10:24:26 2013
New Revision: 1499714
URL: http://svn.apache.org/r1499714
Log:
More streaming fixes + tests
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java Thu Jul 4 10:24:26 2013
@@ -182,6 +182,7 @@ public class PolicyStaxActionInIntercept
assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
+ assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_THUMBPRINT);
assertAllAssertionsByLocalname(aim, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY);
@@ -191,6 +192,11 @@ public class PolicyStaxActionInIntercept
assertAllAssertionsByLocalname(aim, SPConstants.WSS10);
assertAllAssertionsByLocalname(aim, SPConstants.WSS11);
+
+ assertAllAssertionsByLocalname(aim, SPConstants.TRUST_10);
+ assertAllAssertionsByLocalname(aim, SPConstants.TRUST_13);
+ assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
+ assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
}
private void assertAllAssertionsByLocalname(AssertionInfoMap aim, String localname) {
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Thu Jul 4 10:24:26 2013
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
+import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -30,7 +31,9 @@ import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
@@ -50,6 +53,7 @@ import org.apache.cxf.ws.security.tokens
import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
import org.apache.neethi.Assertion;
import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.policy.SP11Constants;
@@ -148,9 +152,44 @@ public abstract class AbstractStaxBindin
config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
}
+ // Check if a CallbackHandler was specified
+ if (config.get(ConfigurationConstants.PW_CALLBACK_REF) == null) {
+ String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ if (password != null) {
+ String username =
+ (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
+ config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+ }
+ }
+
return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
}
+ private static class UTCallbackHandler implements CallbackHandler {
+
+ private final String username;
+ private final String password;
+
+ public UTCallbackHandler(String username, String password) {
+ this.username = username;
+ this.password = password;
+ }
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (Callback callback : callbacks) {
+ if (callback instanceof WSPasswordCallback) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callback;
+ if (pwcb.getIdentifier().equals(username)) {
+ pwcb.setPassword(password);
+ }
+ }
+ }
+ }
+
+ }
+
protected SecurePart addKerberosToken(
KerberosToken token, boolean signed, boolean endorsing
) throws WSSecurityException {
@@ -286,20 +325,8 @@ public abstract class AbstractStaxBindin
}
protected void configureTimestamp(AssertionInfoMap aim) {
- Map<String, Object> config = getProperties();
-
AbstractBinding binding = getBinding(aim);
if (binding != null && binding.isIncludeTimestamp()) {
- // Action
- if (config.containsKey(ConfigurationConstants.ACTION)) {
- String action = (String)config.get(ConfigurationConstants.ACTION);
- config.put(ConfigurationConstants.ACTION,
- action + " " + ConfigurationConstants.TIMESTAMP);
- } else {
- config.put(ConfigurationConstants.ACTION,
- ConfigurationConstants.TIMESTAMP);
- }
-
timestampAdded = true;
}
}
@@ -887,6 +914,7 @@ public abstract class AbstractStaxBindin
for (Header head : parts.getHeaders()) {
QName qname = new QName(head.getNamespace(), head.getName());
SecurePart securePart = new SecurePart(qname, Modifier.Element);
+ securePart.setRequired(false);
signedParts.add(securePart);
}
}
@@ -939,6 +967,7 @@ public abstract class AbstractStaxBindin
for (Header head : parts.getHeaders()) {
QName qname = new QName(head.getNamespace(), head.getName());
SecurePart securePart = new SecurePart(qname, Modifier.Content);
+ securePart.setRequired(false);
encryptedParts.add(securePart);
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Thu Jul 4 10:24:26 2013
@@ -80,6 +80,19 @@ public class StaxAsymmetricBindingHandle
} else {
doSignBeforeEncrypt();
}
+
+ if (timestampAdded) {
+ Map<String, Object> config = getProperties();
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.TIMESTAMP);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP);
+ }
+ }
}
private void doSignBeforeEncrypt() {
@@ -125,6 +138,7 @@ public class StaxAsymmetricBindingHandle
new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
sigs.add(part);
}
+ sigs.addAll(this.getSignedParts());
addSupportingTokens();
if (isRequestor() && initiatorWrapper != null) {
@@ -379,11 +393,21 @@ public class StaxAsymmetricBindingHandle
}
}
- sigParts.addAll(this.getSignedParts());
+ String optionalParts = "";
+ if (config.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
+ optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
+ if (!optionalParts.endsWith(";")) {
+ optionalParts += ";";
+ }
+ }
for (SecurePart part : sigParts) {
QName name = part.getName();
- parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ if (part.isRequired()) {
+ parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ } else {
+ optionalParts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ }
}
AbstractToken sigToken = wrapper.getToken();
@@ -393,6 +417,7 @@ public class StaxAsymmetricBindingHandle
}
config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+ config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
configureSignature(wrapper, sigToken, false);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Thu Jul 4 10:24:26 2013
@@ -131,6 +131,18 @@ public class StaxSymmetricBindingHandler
if (!isRequestor()) {
config.put(ConfigurationConstants.ENC_SYM_ENC_KEY, "false");
}
+
+ if (timestampAdded) {
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.TIMESTAMP);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP);
+ }
+ }
}
private void doEncryptBeforeSign() {
@@ -204,6 +216,7 @@ public class StaxSymmetricBindingHandler
new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
sigParts.add(part);
}
+ sigParts.addAll(this.getSignedParts());
AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
@@ -276,6 +289,7 @@ public class StaxSymmetricBindingHandler
new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
sigs.add(part);
}
+ sigs.addAll(this.getSignedParts());
if (isRequestor()) {
addSupportingTokens();
@@ -402,11 +416,21 @@ public class StaxSymmetricBindingHandler
}
}
- sigParts.addAll(this.getSignedParts());
+ String optionalParts = "";
+ if (config.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
+ optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
+ if (!optionalParts.endsWith(";")) {
+ optionalParts += ";";
+ }
+ }
for (SecurePart part : sigParts) {
QName name = part.getName();
- parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ if (part.isRequired()) {
+ parts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ } else {
+ optionalParts += "{Element}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ }
}
AbstractToken sigToken = wrapper.getToken();
@@ -415,6 +439,7 @@ public class StaxSymmetricBindingHandler
}
config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+ config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
configureSignature(wrapper, sigToken, false);
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Thu Jul 4 10:24:26 2013
@@ -92,6 +92,19 @@ public class StaxTransportBindingHandler
} else {
addSignatureConfirmation(null);
}
+
+ if (timestampAdded) {
+ Map<String, Object> config = getProperties();
+ // Action
+ if (config.containsKey(ConfigurationConstants.ACTION)) {
+ String action = (String)config.get(ConfigurationConstants.ACTION);
+ config.put(ConfigurationConstants.ACTION,
+ action + " " + ConfigurationConstants.TIMESTAMP);
+ } else {
+ config.put(ConfigurationConstants.ACTION,
+ ConfigurationConstants.TIMESTAMP);
+ }
+ }
}
/**
@@ -312,6 +325,14 @@ public class StaxTransportBindingHandler
}
}
+ String optionalParts = "";
+ if (properties.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
+ optionalParts = (String)properties.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
+ if (!optionalParts.endsWith(";")) {
+ optionalParts += ";";
+ }
+ }
+
// Add timestamp
if (timestampAdded) {
parts += "{Element}{" + WSSConstants.NS_WSU10 + "}Timestamp;";
@@ -324,7 +345,7 @@ public class StaxTransportBindingHandler
}
for (Header head : signedParts.getHeaders()) {
- parts += "{Element}{" + head.getNamespace() + "}" + head.getName() + ";";
+ optionalParts += "{Element}{" + head.getNamespace() + "}" + head.getName() + ";";
}
}
/*
@@ -345,6 +366,7 @@ public class StaxTransportBindingHandler
*/
properties.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+ properties.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Thu Jul 4 10:24:26 2013
@@ -247,7 +247,14 @@ public class SecurityPolicyTest extends
getClass().getResource("alice.properties"));
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("bob.properties"));
+
+ // DOM
pt.doubleIt(5);
+
+ // TODO EncryptBeforeSigning + EncryptSignature not working
+ // SecurityTestUtil.enableStreaming(pt);
+ // pt.doubleIt(5);
+
((java.io.Closeable)pt).close();
portQName = new QName(NAMESPACE, "DoubleItPortSign");
@@ -260,6 +267,7 @@ public class SecurityPolicyTest extends
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("bob.properties"));
pt.doubleIt(5);
+
((java.io.Closeable)pt).close();
portQName = new QName(NAMESPACE, "DoubleItPortSignThenEncrypt");
@@ -271,12 +279,14 @@ public class SecurityPolicyTest extends
getClass().getResource("alice.properties"));
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("bob.properties"));
+
+ // DOM
pt.doubleIt(5);
- //((BindingProvider)pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
- // POLICY_SIGNENC_PROVIDER_ADDRESS);
- //int x = pt.doubleIt(5);
- //assertEquals(10, x);
+ // Streaming
+ SecurityTestUtil.enableStreaming(pt);
+ // pt.doubleIt(5);
+
((java.io.Closeable)pt).close();
portQName = new QName(NAMESPACE, "DoubleItPortHttps");
@@ -293,7 +303,14 @@ public class SecurityPolicyTest extends
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "bob");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_USERNAME, "bob");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.PASSWORD, "pwd");
+
+ // DOM
+ pt.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(pt);
pt.doubleIt(25);
+
((java.io.Closeable)pt).close();
try {
@@ -329,7 +346,6 @@ public class SecurityPolicyTest extends
QName portQName = new QName(NAMESPACE, "DoubleItPortSignedOnly");
pt = service.getPort(portQName, DoubleItPortType.class);
-
updateAddressPort(pt, PORT);
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new KeystorePasswordCallback());
@@ -338,7 +354,14 @@ public class SecurityPolicyTest extends
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("bob.properties"));
//This should work as it should be properly signed.
+
+ // DOM
+ assertEquals(10, pt.doubleIt(5));
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(pt);
assertEquals(10, pt.doubleIt(5));
+
((java.io.Closeable)pt).close();
//Try sending a message with the "TimestampOnly" policy into affect to the
@@ -348,6 +371,7 @@ public class SecurityPolicyTest extends
pt = service.getPort(portQName, DoubleItPortType.class);
((BindingProvider)pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
POLICY_SIGNONLY_ADDRESS);
+ // DOM
try {
pt.doubleIt(5);
fail("should have had a security/policy exception as the body wasn't signed");
@@ -355,6 +379,15 @@ public class SecurityPolicyTest extends
assertTrue(ex.getMessage().contains("policy alternatives"));
}
+ // Streaming
+ try {
+ SecurityTestUtil.enableStreaming(pt);
+ pt.doubleIt(5);
+ fail("should have had a security/policy exception as the body wasn't signed");
+ } catch (Exception ex) {
+ // expected
+ }
+
((java.io.Closeable)pt).close();
bus.shutdown(true);
}
@@ -431,7 +464,6 @@ public class SecurityPolicyTest extends
}
-
@Test
public void testCXF3041() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -455,8 +487,13 @@ public class SecurityPolicyTest extends
getClass().getResource("alice.properties"));
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("bob.properties"));
+
+ // DOM
assertEquals(10, pt.doubleIt(5));
+ // Streaming
+ SecurityTestUtil.enableStreaming(pt);
+ assertEquals(10, pt.doubleIt(5));
((java.io.Closeable)pt).close();
bus.shutdown(true);
@@ -485,8 +522,14 @@ public class SecurityPolicyTest extends
getClass().getResource("alice.properties"));
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("alice.properties"));
+
+ // DOM
assertEquals(10, pt.doubleIt(5));
+ // TODO See WSS-458 Streaming
+ // SecurityTestUtil.enableStreaming(pt);
+ // assertEquals(10, pt.doubleIt(5));
+
((java.io.Closeable)pt).close();
bus.shutdown(true);
}
@@ -589,11 +632,8 @@ public class SecurityPolicyTest extends
SpringBusFactory.setThreadDefaultBus(bus);
Service service = Service.create(wsdl, SERVICE_QNAME);
- DoubleItPortType pt;
-
- QName
- portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
- pt = service.getPort(portQName, DoubleItPortType.class);
+ QName portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
+ DoubleItPortType pt = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(pt, PORT);
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new KeystorePasswordCallback());
@@ -601,6 +641,7 @@ public class SecurityPolicyTest extends
getClass().getResource("revocation.properties"));
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
getClass().getResource("bob.properties"));
+ // DOM
try {
pt.doubleIt(5);
fail("should fail on server side when do signature validation due the revoked certificates");
@@ -612,6 +653,18 @@ public class SecurityPolicyTest extends
|| errorMessage.contains("Error during certificate path validation"));
}
+ // TODO EncryptBeforeSigning + EncryptSignature not working
+ /*
+ SecurityTestUtil.enableStreaming(pt);
+ try {
+ pt.doubleIt(5);
+ fail("should fail on server side when do signature validation due the revoked certificates");
+ } catch (Exception ex) {
+ String errorMessage = ex.getMessage();
+ // Different errors using different JDKs...
+ System.out.println("ERR1: " + errorMessage);
+ }
+ */
((java.io.Closeable)pt).close();
ep.stop();
epBus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity111Test.java Thu Jul 4 10:24:26 2013
@@ -30,7 +30,9 @@ import org.junit.Test;
/**
* This class runs the first half of the tests, as having all in
- * the one class causes an out of memory problem in eclipse
+ * the one class causes an out of memory problem in eclipse.
+ *
+ * It tests both DOM + StAX clients against the DOM server.
*/
public class WSSecurity111Test extends WSSecurity11Common {
private static boolean unrestrictedPoliciesInstalled;
@@ -91,6 +93,28 @@ public class WSSecurity111Test extends W
runClientServer(argv, unrestrictedPoliciesInstalled, false);
}
+ @Test
+ public void testClientServerStreaming() throws IOException {
+ if ((!unrestrictedPoliciesInstalled)
+ && (WSSecurity11Common.isIBMJDK16())) {
+ System.out.println("Not running as there is a problem with 1.6 jdk and restricted jars");
+ return;
+ }
+ String[] argv = new String[] {
+ "A",
+ "A-NoTimestamp",
+ // TODO Derived "AD",
+ // TODO EncryptBeforeSigning not working "A-ES",
+ // TODO Derived "AD-ES",
+ "UX",
+ "UX-NoTimestamp",
+ // TODO Derived "UXD",
+ "UX-SEES",
+ // TODO Derived "UXD-SEES",
+ };
+ runClientServerStreaming(argv, unrestrictedPoliciesInstalled, false);
+ }
+
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity11Common.java Thu Jul 4 10:24:26 2013
@@ -25,6 +25,7 @@ import java.net.MalformedURLException;
import java.net.URL;
import javax.xml.namespace.QName;
+import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
@@ -32,6 +33,7 @@ import org.apache.cxf.bus.spring.SpringB
import org.apache.cxf.systest.ws.wssec11.server.Server11;
import org.apache.cxf.systest.ws.wssec11.server.Server12;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
import wssec.wssec11.IPingService;
import wssec.wssec11.PingService11;
@@ -88,8 +90,59 @@ public class WSSecurity11Common extends
bus.shutdown(true);
}
-
-
+ public void runClientServerStreaming(
+ String[] argv, boolean unrestrictedPoliciesInstalled, boolean wssecurity12
+ ) throws IOException {
+
+ Bus bus = null;
+ if (unrestrictedPoliciesInstalled) {
+ bus = new SpringBusFactory().createBus("org/apache/cxf/systest/ws/wssec11/client/client.xml");
+ } else {
+ bus = new SpringBusFactory().createBus(
+ "org/apache/cxf/systest/ws/wssec11/client/client_restricted.xml");
+ }
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ String portNumber = null;
+ if (wssecurity12) {
+ portNumber = Server12.PORT;
+ } else {
+ portNumber = Server11.PORT;
+ }
+
+ URL wsdlLocation = null;
+ for (String portPrefix : argv) {
+ PingService11 svc = null;
+ wsdlLocation = getWsdlLocation(portPrefix, portNumber);
+ svc = new PingService11(wsdlLocation);
+ final IPingService port =
+ svc.getPort(
+ new QName(
+ "http://WSSec/wssec11",
+ portPrefix + "_IPingService"
+ ),
+ IPingService.class
+ );
+
+ ((BindingProvider)port).getRequestContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+ ((BindingProvider)port).getResponseContext().put(
+ SecurityConstants.ENABLE_STREAMING_SECURITY, "true"
+ );
+
+ final String output = port.echo(INPUT);
+ assertEquals(INPUT, output);
+
+ ((java.io.Closeable)port).close();
+ }
+
+ bus.shutdown(true);
+ }
+
+
+
private static URL getWsdlLocation(String portPrefix, String portNumber) {
try {
return new URL("http://localhost:" + portNumber + "/" + portPrefix + "PingService?wsdl");
@@ -98,7 +151,7 @@ public class WSSecurity11Common extends
}
}
-
+
public static boolean isIBMJDK16() {
String fullVersion = System.getProperty("java.fullversion");
if (fullVersion == null) {
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl?rev=1499714&r1=1499713&r2=1499714&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl Thu Jul 4 10:24:26 2013
@@ -461,7 +461,7 @@
<sp:X509Token
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
<wsp:Policy>
- <sp:WssX509V3Token10 />
+ <sp:WssX509V1Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -471,7 +471,7 @@
<sp:X509Token
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
<wsp:Policy>
- <sp:WssX509V3Token10 />
+ <sp:WssX509V1Token11 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
@@ -565,7 +565,7 @@
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:WssX509V3Token10 />
+ <sp:WssX509V1Token11 />
<sp:RequireThumbprintReference/> <!-- needed for V1 certs -->
</wsp:Policy>
</sp:X509Token>
@@ -575,7 +575,7 @@
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
- <sp:WssX509V3Token10 />
+ <sp:WssX509V1Token11 />
<sp:RequireThumbprintReference/>
</wsp:Policy>
</sp:X509Token>