You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/08/14 12:53:09 UTC
cxf git commit: [CXF-6542] - Setting the signature digest algorithm
on the SAMLCallback does not work for WS-Security
Repository: cxf
Updated Branches:
refs/heads/master 456eff588 -> 850a4436a
[CXF-6542] - Setting the signature digest algorithm on the SAMLCallback does not work for WS-Security
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/850a4436
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/850a4436
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/850a4436
Branch: refs/heads/master
Commit: 850a4436adb49fea88b21bdda10fc35da1f236eb
Parents: 456eff5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Aug 14 11:51:20 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Aug 14 11:51:20 2015 +0100
----------------------------------------------------------------------
.../policyhandlers/AbstractBindingBuilder.java | 3 +-
.../cxf/systest/ws/saml/SamlTokenTest.java | 40 ++++++++++++++++++++
.../ws/saml/client/SamlCallbackHandler.java | 21 ++++++++++
3 files changed, 63 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/850a4436/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 9a93aff8..460f418 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -895,7 +895,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
crypto,
samlCallback.isSendKeyValue(),
samlCallback.getCanonicalizationAlgorithm(),
- samlCallback.getSignatureAlgorithm()
+ samlCallback.getSignatureAlgorithm(),
+ samlCallback.getSignatureDigestAlgorithm()
);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/850a4436/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
index ff0839b..188d05c 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
@@ -48,6 +48,7 @@ import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.WSConstants;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
import org.junit.runner.RunWith;
@@ -1153,4 +1154,43 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase {
saml2Port.doubleIt(25);
}
+ @org.junit.Test
+ public void testSaml2DifferentAlgorithms() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort");
+ DoubleItPortType saml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ String portNumber = PORT2;
+ if (STAX_PORT.equals(test.getPort())) {
+ portNumber = STAX_PORT2;
+ }
+ updateAddressPort(saml2Port, portNumber);
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(saml2Port);
+ }
+
+ SamlCallbackHandler callbackHandler = new SamlCallbackHandler(true, true);
+ callbackHandler.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
+ callbackHandler.setDigestAlgorithm(WSConstants.SHA256);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "security.saml-callback-handler", callbackHandler
+ );
+
+ int result = saml2Port.doubleIt(25);
+ assertTrue(result == 50);
+
+ ((java.io.Closeable)saml2Port).close();
+ bus.shutdown(true);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/850a4436/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
index 628e82e..4e17b92 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/client/SamlCallbackHandler.java
@@ -41,6 +41,7 @@ import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.Version;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.WSConstants;
/**
* A CallbackHandler instance that is used by the STS to mock up a SAML Attribute Assertion.
@@ -54,6 +55,8 @@ public class SamlCallbackHandler implements CallbackHandler {
private String cryptoAlias = "alice";
private String cryptoPassword = "password";
private String cryptoPropertiesFile = "alice.properties";
+ private String signatureAlgorithm = WSConstants.RSA_SHA1;
+ private String digestAlgorithm = WSConstants.SHA1;
public SamlCallbackHandler() {
//
@@ -123,6 +126,8 @@ public class SamlCallbackHandler implements CallbackHandler {
attributeBean.addAttributeValue("system-user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
+ callback.setSignatureAlgorithm(signatureAlgorithm);
+ callback.setSignatureDigestAlgorithm(digestAlgorithm);
try {
Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
@@ -194,5 +199,21 @@ public class SamlCallbackHandler implements CallbackHandler {
public void setCryptoPropertiesFile(String cryptoPropertiesFile) {
this.cryptoPropertiesFile = cryptoPropertiesFile;
}
+
+ public String getSignatureAlgorithm() {
+ return signatureAlgorithm;
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgorithm) {
+ this.signatureAlgorithm = signatureAlgorithm;
+ }
+
+ public String getDigestAlgorithm() {
+ return digestAlgorithm;
+ }
+
+ public void setDigestAlgorithm(String digestAlgorithm) {
+ this.digestAlgorithm = digestAlgorithm;
+ }
}