You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/02/06 10:28:17 UTC
svn commit: r1781870 - in
/axis/axis2/java/rampart/branches/RAMPART-402/modules:
rampart-core/src/main/java/org/apache/rampart/
rampart-tests/src/test/java/org/apache/rampart/
rampart-tests/test-resources/policy/
Author: veithen
Date: Mon Feb 6 10:28:16 2017
New Revision: 1781870
URL: http://svn.apache.org/viewvc?rev=1781870&view=rev
Log:
RAMPART-402: Apply patch provided by Nathan Clement.
Added:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
Modified:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
Modified: axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1781870&r1=1781869&r2=1781870&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java Mon Feb 6 10:28:16 2017
@@ -627,11 +627,7 @@ public class PolicyBasedResultsValidator
throw new RampartException("bodyNotSigned");
}
- } else if (wsep.getName().equals(WSConstants.ELEM_HEADER) ||
- wsep.getXpath() != null) {
- // TODO earlier this was wsep.getType() == WSConstants.PART_TYPE_ELEMENT
- // This means that encrypted element of an XPath expression type. Therefore we are checking
- // now whether an XPath expression exists. - Verify
+ } else {
Element element = WSSecurityUtil.findElement(
envelope, wsep.getName(), wsep.getNamespace());
Modified: axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java?rev=1781870&r1=1781869&r2=1781870&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java Mon Feb 6 10:28:16 2017
@@ -83,6 +83,70 @@ public class PolicyAssertionsTest extend
}
+ public void testSignedPartsValid() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-signed-parts.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
+
+ }
+
+ public void testSignedPartsInvalid() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-signed-parts.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ ctx.setServerSide(true);
+ AxisService axisService = ctx.getAxisService();
+ axisService.removeParameter(axisService.getParameter(RampartMessageData.PARAM_CLIENT_SIDE));
+
+ policyXml = "test-resources/policy/rampart-asymm-signed-parts-2.xml";
+ policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ RampartEngine engine = new RampartEngine();
+
+ try {
+ engine.process(ctx);
+ fail(" This should have thrown RampartException: " +
+ "Element must be signed : http://schemas.xmlsoap.org/ws/2004/08/addressing:From");
+ } catch (RampartException expected) {
+ // Ignore intentionally as the test is supposed to throw an exception
+ }
+
+ }
+
public void testHashedPasswordRequiredValid() throws Exception {
MessageContext ctx = getMsgCtx();
Added: axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml?rev=1781870&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml (added)
+++ axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml Mon Feb 6 10:28:16 2017
@@ -0,0 +1,78 @@
+<wsp:Policy wsu:Id="policy2"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
Added: axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml?rev=1781870&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml (added)
+++ axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml Mon Feb 6 10:28:16 2017
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="policy2"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file