You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2017/03/22 10:53:49 UTC

svn commit: r1788089 - in /webservices/wss4j/trunk/ws-security-dom/src: main/java/org/apache/wss4j/dom/handler/ test/java/org/apache/wss4j/dom/common/ test/java/org/apache/wss4j/dom/saml/

Author: coheigea
Date: Wed Mar 22 10:53:49 2017
New Revision: 1788089

URL: http://svn.apache.org/viewvc?rev=1788089&view=rev
Log:
WSS-602 - ConfigurationConstants.VALIDATOR_MAP is not supported

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java?rev=1788089&r1=1788088&r2=1788089&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/handler/RequestData.java Wed Mar 22 10:53:49 2017
@@ -25,11 +25,13 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 import java.util.regex.Pattern;
 
 import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
+import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.EncryptionActionToken;
 import org.apache.wss4j.common.SignatureActionToken;
 import org.apache.wss4j.common.bsp.BSPEnforcer;
@@ -383,6 +385,15 @@ public class RequestData {
      * @throws WSSecurityException
      */
     public Validator getValidator(QName qName) throws WSSecurityException {
+        // Check the custom Validator Map first
+        if (getMsgContext() instanceof Map<?,?>) {
+            @SuppressWarnings("unchecked")
+            Map<QName, Validator> validatorMap =
+                (Map<QName, Validator>)((Map<?,?>)getMsgContext()).get(ConfigurationConstants.VALIDATOR_MAP);
+            if (validatorMap != null && validatorMap.containsKey(qName)) {
+                return validatorMap.get(qName);
+            }
+        }
         if (wssConfig != null)  {
             return wssConfig.getValidator(qName);
         }

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1788089&r1=1788088&r2=1788089&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Wed Mar 22 10:53:49 2017
@@ -71,14 +71,6 @@ public abstract class AbstractSAMLCallba
     protected String subjectLocalityDnsAddress;
     protected DateTime sessionNotOnOrAfter;
     protected DateTime authenticationInstant;
-    public DateTime getAuthenticationInstant() {
-        return authenticationInstant;
-    }
-
-    public void setAuthenticationInstant(DateTime authenticationInstant) {
-        this.authenticationInstant = authenticationInstant;
-    }
-
     protected String resource;
     protected List<Object> customAttributeValues;
     protected ConditionsBean conditions;
@@ -144,6 +136,14 @@ public abstract class AbstractSAMLCallba
     public void setCustomAttributeValues(List<Object> customAttributeValues) {
         this.customAttributeValues = customAttributeValues;
     }
+    
+    public DateTime getAuthenticationInstant() {
+        return authenticationInstant;
+    }
+
+    public void setAuthenticationInstant(DateTime authenticationInstant) {
+        this.authenticationInstant = authenticationInstant;
+    }
 
     /**
      * Note that the SubjectBean parameter should be null for SAML2.0

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java?rev=1788089&r1=1788088&r2=1788089&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java Wed Mar 22 10:53:49 2017
@@ -22,7 +22,12 @@ package org.apache.wss4j.dom.saml;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import javax.xml.namespace.QName;
 
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.crypto.Crypto;
@@ -50,6 +55,7 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.WSSecSignature;
 import org.apache.wss4j.dom.validate.SamlAssertionValidator;
+import org.apache.wss4j.dom.validate.Validator;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.transforms.Transforms;
 import org.apache.xml.security.transforms.params.XPath2FilterContainer;
@@ -116,6 +122,68 @@ public class SamlTokenCustomSignatureTes
         // This should pass as we are disabling signature profile validation in the Validator
         verifyWithoutProfile(doc);
     }
+    
+    @Test
+    public void testSAML1AuthnAssertionValidatorMap() throws Exception {
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
+        callbackHandler.setIssuer("www.example.com");
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        Element assertionElement = samlAssertion.toDOM(doc);
+
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+        secHeader.getSecurityHeaderElement().appendChild(assertionElement);
+
+        // Sign
+        signAssertion(doc, assertionElement);
+
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 1.1 Authn Assertion (Bearer):");
+            String outputString = XMLUtils.prettyDocumentToString(doc);
+            LOG.debug(outputString);
+        }
+
+        try {
+            verify(doc);
+            fail("Failure expected on a signature that doesn't conform with the signature profile");
+        } catch (WSSecurityException ex) {
+            assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
+        }
+
+        // This should pass as we are disabling signature profile validation in the Validator,
+        // which is configured via ConfigurationConstants.VALIDATOR_MAP
+        
+        SamlAssertionValidator validator = new SamlAssertionValidator();
+        validator.setValidateSignatureAgainstProfile(false);
+        Map<QName, Validator> validatorMap = new HashMap<>();
+        validatorMap.put(WSConstants.SAML_TOKEN, validator);
+
+        RequestData requestData = new RequestData();
+        Map<String, Object> config = new TreeMap<>();
+        config.put(WSHandlerConstants.SIG_VER_PROP_FILE, "crypto.properties");
+        config.put(WSHandlerConstants.VALIDATOR_MAP, validatorMap);
+        requestData.setMsgContext(config);
+        requestData.setSigVerCrypto(crypto);
+        
+        CustomHandler handler = new CustomHandler();
+
+        List<Integer> actions = new ArrayList<>();
+        actions.add(WSConstants.ST_SIGNED);
+        handler.receive(actions, requestData);
+        
+        WSSecurityEngine secEngine = new WSSecurityEngine();
+        secEngine.processSecurityHeader(doc, requestData);
+        
+        String outputString = XMLUtils.prettyDocumentToString(doc);
+        assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+    }
 
     /**
      * Test that creates, sends and processes a signed SAML 2.0 authentication assertion.
@@ -210,7 +278,7 @@ public class SamlTokenCustomSignatureTes
         reqData.setWssConfig(cfg);
         reqData.setUsername("16c73ab6-b892-458f-abf5-2f875f74882e");
 
-        java.util.Map<String, Object> config = new java.util.TreeMap<String, Object>();
+        Map<String, Object> config = new TreeMap<String, Object>();
         config.put(WSHandlerConstants.SIG_PROP_FILE, "crypto.properties");
         config.put("password", "security");
         config.put(WSHandlerConstants.SIG_KEY_ID, "DirectReference");