You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2017/03/22 11:19:33 UTC
svn commit: r1788094 - in
/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src:
main/java/org/apache/wss4j/dom/handler/
test/java/org/apache/wss4j/dom/common/ test/java/org/apache/wss4j/dom/saml/
Author: coheigea
Date: Wed Mar 22 11:19:33 2017
New Revision: 1788094
URL: http://svn.apache.org/viewvc?rev=1788094&view=rev
Log:
WSS-602 - ConfigurationConstants.VALIDATOR_MAP is not supported
Modified:
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1788094&r1=1788093&r2=1788094&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Wed Mar 22 11:19:33 2017
@@ -25,11 +25,13 @@ import java.util.Collection;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
+import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
+import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SignatureActionToken;
import org.apache.wss4j.common.bsp.BSPRule;
@@ -351,6 +353,15 @@ public class RequestData {
* @throws WSSecurityException
*/
public Validator getValidator(QName qName) throws WSSecurityException {
+ // Check the custom Validator Map first
+ if (getMsgContext() instanceof Map<?,?>) {
+ @SuppressWarnings("unchecked")
+ Map<QName, Validator> validatorMap =
+ (Map<QName, Validator>)((Map<?,?>)getMsgContext()).get(ConfigurationConstants.VALIDATOR_MAP);
+ if (validatorMap != null && validatorMap.containsKey(qName)) {
+ return validatorMap.get(qName);
+ }
+ }
if (wssConfig != null) {
return wssConfig.getValidator(qName);
}
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1788094&r1=1788093&r2=1788094&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Wed Mar 22 11:19:33 2017
@@ -71,13 +71,6 @@ public abstract class AbstractSAMLCallba
protected String subjectLocalityDnsAddress = null;
protected DateTime sessionNotOnOrAfter = null;
protected DateTime authenticationInstant;
- public DateTime getAuthenticationInstant() {
- return authenticationInstant;
- }
-
- public void setAuthenticationInstant(DateTime authenticationInstant) {
- this.authenticationInstant = authenticationInstant;
- }
protected String resource = null;
protected List<Object> customAttributeValues = null;
@@ -145,6 +138,14 @@ public abstract class AbstractSAMLCallba
this.customAttributeValues = customAttributeValues;
}
+ public DateTime getAuthenticationInstant() {
+ return authenticationInstant;
+ }
+
+ public void setAuthenticationInstant(DateTime authenticationInstant) {
+ this.authenticationInstant = authenticationInstant;
+ }
+
/**
* Note that the SubjectBean parameter should be null for SAML2.0
*/
Modified: webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java?rev=1788094&r1=1788093&r2=1788094&view=diff
==============================================================================
--- webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java (original)
+++ webservices/wss4j/branches/2_0_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java Wed Mar 22 11:19:33 2017
@@ -22,7 +22,12 @@ package org.apache.wss4j.dom.saml;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
@@ -50,6 +55,7 @@ import org.apache.wss4j.dom.handler.WSHa
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.dom.validate.Validator;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.XPath2FilterContainer;
@@ -116,6 +122,68 @@ public class SamlTokenCustomSignatureTes
verifyWithoutProfile(doc);
}
+ @org.junit.Test
+ public void testSAML1AuthnAssertionValidatorMap() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
+ callbackHandler.setIssuer("www.example.com");
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ Element assertionElement = samlAssertion.toDOM(doc);
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+ secHeader.getSecurityHeader().appendChild(assertionElement);
+
+ // Sign
+ signAssertion(doc, assertionElement);
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SAML 1.1 Authn Assertion (Bearer):");
+ String outputString = XMLUtils.PrettyDocumentToString(doc);
+ LOG.debug(outputString);
+ }
+
+ try {
+ verify(doc);
+ fail("Failure expected on a signature that doesn't conform with the signature profile");
+ } catch (WSSecurityException ex) {
+ assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
+ }
+
+ // This should pass as we are disabling signature profile validation in the Validator,
+ // which is configured via ConfigurationConstants.VALIDATOR_MAP
+
+ SamlAssertionValidator validator = new SamlAssertionValidator();
+ validator.setValidateSignatureAgainstProfile(false);
+ Map<QName, Validator> validatorMap = new HashMap<QName, Validator>();
+ validatorMap.put(WSSecurityEngine.SAML_TOKEN, validator);
+
+ RequestData requestData = new RequestData();
+ Map<String, Object> config = new TreeMap<String, Object>();
+ config.put(WSHandlerConstants.SIG_VER_PROP_FILE, "crypto.properties");
+ config.put(WSHandlerConstants.VALIDATOR_MAP, validatorMap);
+ requestData.setMsgContext(config);
+ requestData.setSigVerCrypto(crypto);
+
+ CustomHandler handler = new CustomHandler();
+
+ List<Integer> actions = new ArrayList<Integer>();
+ actions.add(WSConstants.ST_SIGNED);
+ handler.receive(actions, requestData);
+
+ WSSecurityEngine secEngine = new WSSecurityEngine();
+ secEngine.processSecurityHeader(doc, "", requestData);
+
+ String outputString = XMLUtils.PrettyDocumentToString(doc);
+ assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+ }
+
/**
* Test that creates, sends and processes a signed SAML 2.0 authentication assertion.
*/
@@ -212,7 +280,7 @@ public class SamlTokenCustomSignatureTes
reqData.setWssConfig(cfg);
reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
- java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+ Map<String, Object> config = new TreeMap<String, Object>();
config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
config.put("password", "security");
config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");