You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/08/14 12:53:09 UTC

cxf git commit: [CXF-6542] - Setting the signature digest algorithm on the SAMLCallback does not work for WS-Security

Repository: cxf
Updated Branches:
  refs/heads/master 456eff588 -> 850a4436a


[CXF-6542] - Setting the signature digest algorithm on the SAMLCallback does not work for WS-Security


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/850a4436
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/850a4436
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/850a4436

Branch: refs/heads/master
Commit: 850a4436adb49fea88b21bdda10fc35da1f236eb
Parents: 456eff5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Aug 14 11:51:20 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Aug 14 11:51:20 2015 +0100

----------------------------------------------------------------------
 .../policyhandlers/AbstractBindingBuilder.java  |  3 +-
 .../cxf/systest/ws/saml/SamlTokenTest.java      | 40 ++++++++++++++++++++
 .../ws/saml/client/SamlCallbackHandler.java     | 21 ++++++++++
 3 files changed, 63 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/850a4436/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 9a93aff8..460f418 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -895,7 +895,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                     crypto,
                     samlCallback.isSendKeyValue(),
                     samlCallback.getCanonicalizationAlgorithm(),
-                    samlCallback.getSignatureAlgorithm()
+                    samlCallback.getSignatureAlgorithm(),
+                    samlCallback.getSignatureDigestAlgorithm()
             );
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/850a4436/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index ff0839b..188d05c 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -48,6 +48,7 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.WSConstants;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 import org.junit.runner.RunWith;
@@ -1153,4 +1154,43 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
         saml2Port.doubleIt(25);
     }
     
+    @org.junit.Test
+    public void testSaml2DifferentAlgorithms() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SamlTokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+        DoubleItPortType saml2Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        String portNumber = PORT2;
+        if (STAX_PORT.equals(test.getPort())) {
+            portNumber = STAX_PORT2;
+        }
+        updateAddressPort(saml2Port, portNumber);
+        
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(saml2Port);
+        }
+        
+        SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+        callbackHandler.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
+        callbackHandler.setDigestAlgorithm(WSConstants.SHA256);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        ((BindingProvider)saml2Port).getRequestContext().put(
+            "security.saml-callback-handler", callbackHandler
+        );
+
+        int result = saml2Port.doubleIt(25);
+        assertTrue(result == 50);
+        
+        ((java.io.Closeable)saml2Port).close();
+        bus.shutdown(true);
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/850a4436/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
index 628e82e..4e17b92 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
@@ -41,6 +41,7 @@ import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.bean.Version;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.WSConstants;
 
 /**
  * A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion.
@@ -54,6 +55,8 @@ public class SamlCallbackHandler implements CallbackHandler {
     private String cryptoAlias = "alice";
     private String cryptoPassword = "password";
     private String cryptoPropertiesFile = "alice.properties";
+    private String signatureAlgorithm = WSConstants.RSA_SHA1;
+    private String digestAlgorithm = WSConstants.SHA1;
     
     public SamlCallbackHandler() {
         //
@@ -123,6 +126,8 @@ public class SamlCallbackHandler implements CallbackHandler {
                 attributeBean.addAttributeValue("system-user");
                 attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
                 callback.setAttributeStatementData(Collections.singletonList(attrBean));
+                callback.setSignatureAlgorithm(signatureAlgorithm);
+                callback.setSignatureDigestAlgorithm(digestAlgorithm);
                 
                 try {
                     Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
@@ -194,5 +199,21 @@ public class SamlCallbackHandler implements CallbackHandler {
     public void setCryptoPropertiesFile(String cryptoPropertiesFile) {
         this.cryptoPropertiesFile = cryptoPropertiesFile;
     }
+
+    public String getSignatureAlgorithm() {
+        return signatureAlgorithm;
+    }
+
+    public void setSignatureAlgorithm(String signatureAlgorithm) {
+        this.signatureAlgorithm = signatureAlgorithm;
+    }
+
+    public String getDigestAlgorithm() {
+        return digestAlgorithm;
+    }
+
+    public void setDigestAlgorithm(String digestAlgorithm) {
+        this.digestAlgorithm = digestAlgorithm;
+    }
     
 }