You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/09/27 12:54:43 UTC
svn commit: r450394 - in /webservices/axis2/trunk/java/modules: integration/
integration/test-resources/rahas/policy/ integration/test-resources/rampart/
integration/test-resources/rampart/policy/
integration/test/org/apache/rahas/ integration/test/org...
Author: ruchithf
Date: Wed Sep 27 03:54:42 2006
New Revision: 450394
URL: http://svn.apache.org/viewvc?view=rev&rev=450394
Log:
Got one WS-SecureConversation scenario working with WS-securityPolicy :-)
Added:
webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/store.jks (with props)
webservices/axis2/trunk/java/modules/integration/test-resources/rampart/issuer.properties (with props)
webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-1.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-1.xml
Modified:
webservices/axis2/trunk/java/modules/integration/maven.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-symm-binding.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-transport-binding.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-asymm-binding.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-symm-binding.xml
webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-transport-binding.xml
webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java
webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
webservices/axis2/trunk/java/modules/rahas/maven.xml
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/Token.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenStorage.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/builders/RampartConfigBuilder.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/model/RampartConfig.java
webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
Modified: webservices/axis2/trunk/java/modules/integration/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/maven.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/maven.xml Wed Sep 27 03:54:42 2006
@@ -262,6 +262,16 @@
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar"
basedir="target/temp-ramp"/>
+ <!-- Service SC-1 -->
+ <copy overwrite="yes" file="test-resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+
+ <copy overwrite="yes" file="test-resources/rampart/services-sc-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
+ basedir="target/temp-ramp"/>
+
<!-- Service classes for the SecConv tests -->
<mkdir dir="target/temp-sc"/>
<mkdir dir="target/temp-sc/META-INF"/>
@@ -272,7 +282,7 @@
tofile="target/temp-sc/org/apache/axis2/security/sc/PWCallback.class"/>
<copy overwrite="yes" todir="target/temp-sc">
- <fileset dir="test-resources/security">
+ <fileset dir="test-resources/security/sc">
<include name="sctIssuer.properties"/>
<include name="sts.jks"/>
</fileset>
Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-symm-binding.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-symm-binding.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-symm-binding.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-symm-binding.xml Wed Sep 27 03:54:42 2006
@@ -45,7 +45,26 @@
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
- <wspe:Utf816FFFECharacterEncoding xmlns:wspe="http://schemas.xmlsoap.org/ws/2004/09/policy/encoding"/>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-transport-binding.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-transport-binding.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-transport-binding.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/service-policy-transport-binding.xml Wed Sep 27 03:54:42 2006
@@ -48,6 +48,26 @@
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Added: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/store.jks
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/store.jks?view=auto&rev=450394
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/store.jks
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-asymm-binding.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-asymm-binding.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-asymm-binding.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-asymm-binding.xml Wed Sep 27 03:54:42 2006
@@ -41,6 +41,26 @@
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-symm-binding.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-symm-binding.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-symm-binding.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-symm-binding.xml Wed Sep 27 03:54:42 2006
@@ -48,6 +48,26 @@
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Modified: webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-transport-binding.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-transport-binding.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-transport-binding.xml (original)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rahas/policy/sts-policy-transport-binding.xml Wed Sep 27 03:54:42 2006
@@ -38,6 +38,26 @@
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/issuer.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/issuer.properties?view=auto&rev=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/issuer.properties (added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/issuer.properties Wed Sep 27 03:54:42 2006
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=store.jks
Propchange: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/issuer.properties
------------------------------------------------------------------------------
svn:executable = *
Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-1.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-1.xml?view=auto&rev=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-1.xml (added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/policy/sc-1.xml Wed Sep 27 03:54:42 2006
@@ -0,0 +1,198 @@
+<wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ <ramp:tokenIssuerPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </ramp:tokenIssuerPolicy>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-1.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-1.xml?view=auto&rev=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-1.xml (added)
+++ webservices/axis2/trunk/java/modules/integration/test-resources/rampart/services-sc-1.xml Wed Sep 27 03:54:42 2006
@@ -0,0 +1,217 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ <ramp:tokenIssuerPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </ramp:tokenIssuerPolicy>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+
+</service>
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rahas/TestClient.java Wed Sep 27 03:54:42 2006
@@ -28,7 +28,6 @@
import org.apache.axis2.integration.UtilServer;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
-import org.apache.rahas.client.STSClient;
import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.rampart.handler.config.InflowConfiguration;
import org.apache.rampart.handler.config.OutflowConfiguration;
@@ -135,50 +134,40 @@
public abstract void validateRsponse(OMElement resp);
-
- /**
- * This test will use WS-SecPolicy
- */
- public void testWithStsClient() {
-
- // Get the repository location from the args
- String repo = Constants.TESTING_PATH + "rahas_client_repo";
-
- try {
- ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
- null);
-
- STSClient client = new STSClient(configContext);
-
- Options options = new Options();
- OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
- if (clientOutflowConfiguration != null) {
- options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
- }
- InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
- if (clientInflowConfiguration != null) {
- options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, clientInflowConfiguration.getProperty());
- }
-
- client.setAction(this.getRequestAction());
- client.setOptions(options);
- client.setRstTemplate(this.getRSTTemplate());
- client.setVersion(this.getTrstVersion());
-
- Token tok =
- client.requestSecurityToken(this.getServicePolicy(),
- "http://127.0.0.1:" + port + "/axis2/services/SecureService",
- this.getSTSPolicy(),
- "http://localhost:5555/axis2/services/SecureService");
-
- assertNotNull("Response token missing", tok);
-
- } catch (Exception e) {
- e.printStackTrace();
- fail(e.getMessage());
- }
-
- }
+//
+// /**
+// * This test will use WS-SecPolicy
+// */
+// public void testWithStsClient() {
+//
+// // Get the repository location from the args
+// String repo = Constants.TESTING_PATH + "rahas_client_repo";
+//
+// try {
+// ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+// null);
+//
+// STSClient client = new STSClient(configContext);
+//
+// client.setAction(this.getRequestAction());
+//
+// client.setRstTemplate(this.getRSTTemplate());
+// client.setVersion(this.getTrstVersion());
+//
+// Token tok =
+// client.requestSecurityToken(this.getServicePolicy(),
+// "http://127.0.0.1:" + port + "/axis2/services/SecureService",
+// this.getSTSPolicy(),
+// "http://localhost:5555/axis2/services/SecureService");
+//
+// assertNotNull("Response token missing", tok);
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+//
+// }
public abstract int getTrstVersion();
Modified: webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java (original)
+++ webservices/axis2/trunk/java/modules/integration/test/org/apache/rampart/RampartTest.java Wed Sep 27 03:54:42 2006
@@ -79,10 +79,22 @@
//Blocking invocation
serviceClient.sendReceive(getEchoElement());
-
-
}
+
+ for (int i = 1; i <= 1; i++) { //<-The number of tests we have
+ if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
+ //Skip the Basic256 tests
+ continue;
+ }
+ options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("test-resources/rampart/policy/sc-" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ }
+
} catch (Exception e) {
e.printStackTrace();
fail(e.getMessage());
Modified: webservices/axis2/trunk/java/modules/rahas/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/maven.xml?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/maven.xml (original)
+++ webservices/axis2/trunk/java/modules/rahas/maven.xml Wed Sep 27 03:54:42 2006
@@ -19,7 +19,7 @@
<!-- Copy classes -->
<copy todir="target/sts">
<fileset dir="target/classes">
- <include name="*.class"/>
+ <include name="**/*.class"/>
</fileset>
</copy>
<!-- copy jars -->
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/Token.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/Token.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/Token.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/Token.java Wed Sep 27 03:54:42 2006
@@ -151,7 +151,7 @@
OMElement expiresElem =
lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.CREATED_LN));
+ WSConstants.EXPIRES_LN));
this.expires = zulu.parse(expiresElem.getText());
} catch (OMException e) {
throw new TrustException("lifeTimeProcessingError",
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenStorage.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenStorage.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenStorage.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/TokenStorage.java Wed Sep 27 03:54:42 2006
@@ -16,7 +16,6 @@
package org.apache.rahas;
-import java.util.List;
/**
* The storage interface to store security tokens and
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/client/STSClient.java Wed Sep 27 03:54:42 2006
@@ -48,8 +48,10 @@
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.signature.XMLSignature;
import org.w3c.dom.Element;
import javax.security.auth.callback.Callback;
@@ -64,6 +66,8 @@
public class STSClient {
+ private static final String RAMPART_POLICY = "rampartPolicy";
+
private static Log log = LogFactory.getLog(STSClient.class);
private String action;
@@ -109,10 +113,10 @@
QName rstQn = new QName("requestSecurityToken");
String requestType =
TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_ISSUE;
+
ServiceClient client = getServiceClient(rstQn, issuerAddress);
-
- //TODO Set policy in the options to be picked up by the modules
- //such as rampart
+
+ client.getOptions().setProperty(RAMPART_POLICY, issuerPolicy);
//Process the STS and service policy policy
this.processPolicy(issuerPolicy, servicePolicy);
@@ -239,7 +243,7 @@
BINARY_SECRET))) {
//First check for the binary secret
String b64Secret = child.getText();
- token.setSecret(Base64.decode(b64Secret));
+ secret = Base64.decode(b64Secret);
} else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
try {
Element domChild = (Element) new StAXOMBuilder(
@@ -346,9 +350,15 @@
*/
private String getIdFromSTR(OMElement refElem) {
//ASSUMPTION:SecurityTokenReference/KeyIdentifier
- OMElement ki = refElem.getFirstElement();
- if (ki != null) {
- return ki.getText();
+ OMElement child = refElem.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI"));
} else {
return null;
}
Modified: webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java (original)
+++ webservices/axis2/trunk/java/modules/rahas/src/org/apache/rahas/impl/SCTIssuer.java Wed Sep 27 03:54:42 2006
@@ -18,6 +18,7 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
@@ -34,6 +35,7 @@
import java.text.DateFormat;
import java.util.Date;
+import java.util.Hashtable;
public class SCTIssuer implements TokenIssuer {
@@ -173,7 +175,13 @@
rstrElem,
sctToken,
doc);
+
+ sctToken.setState(Token.ISSUED);
TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+ this.getContextMap(data.getInMessageContext()).put(
+ this.getContextIdentifierKey(data.getInMessageContext()),
+ sctToken.getId());
+
return env;
} catch (ConversationException e) {
throw new TrustException(e.getMessage(), e);
@@ -215,5 +223,35 @@
} else {
throw new ConversationException("unsupportedSecConvVersion");
}
+ }
+
+ /**
+ * Creates the unique (reproducible) id for to hold the context identifier
+ * of the message exchange.
+ * @return
+ */
+ private String getContextIdentifierKey(MessageContext msgContext) {
+ return msgContext.getAxisService().getName();
+ }
+
+
+ /**
+ * Returns the map of security context token identifiers
+ * @return
+ */
+ private Hashtable getContextMap(MessageContext msgContext) {
+ //Fist check whether its there
+ Object map = msgContext.getConfigurationContext().getProperty(
+ ConversationConstants.KEY_CONTEXT_MAP);
+
+ if(map == null) {
+ //If not create a new one
+ map = new Hashtable();
+ //Set the map globally
+ msgContext.getConfigurationContext().setProperty(
+ ConversationConstants.KEY_CONTEXT_MAP, map);
+ }
+
+ return (Hashtable)map;
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartEngine.java Wed Sep 27 03:54:42 2006
@@ -16,6 +16,7 @@
package org.apache.rampart;
+import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.MessageContext;
import org.apache.rampart.policy.RampartPolicyData;
@@ -30,6 +31,8 @@
public class RampartEngine {
+
+
public Vector process(MessageContext msgCtx) throws WSSPolicyException,
RampartException, WSSecurityException, AxisFault {
@@ -64,6 +67,7 @@
msgCtx.getAxisService().getClassLoader()));
}
+ msgCtx.setEnvelope((SOAPEnvelope)rmd.getDocument().getDocumentElement());
return results;
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/RampartMessageData.java Wed Sep 27 03:54:42 2006
@@ -31,8 +31,10 @@
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
+import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.rampart.policy.RampartPolicyBuilder;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
@@ -69,14 +71,9 @@
* Key to hold the WS-SecConv version
*/
public final static String KEY_WSSC_VERSION = "wscVersion";
-
- /**
- * Key to hod the map of security context identifiers against the
- * service epr addresses (service scope) or wsa:Action values (operation
- * scope).
- */
- public final static String KEY_CONTEXT_MAP = "contextMap";
+ public static final String KEY_SCT_ISSUER_POLICY = "sct-issuer-policy";
+
private MessageContext msgContext = null;
private RampartPolicyData policyData = null;
@@ -189,12 +186,40 @@
}
-
if(this.servicePolicy != null){
List it = (List)this.servicePolicy.getAlternatives().next();
//Process policy and build policy data
this.policyData = RampartPolicyBuilder.build(it);
+ }
+
+ if(this.policyData != null) {
+ //Check for RST and RSTR for an SCT
+ RampartConfig rampartConfig = this.policyData.getRampartConfig();
+ if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
+ rampartConfig.getTokenIssuerPolicy() != null) {
+
+ this.servicePolicy = rampartConfig.getTokenIssuerPolicy();
+
+ /*
+ * Copy crypto info from the into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+
+ this.servicePolicy.addAssertion(rc);
+
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
}
this.isClientSide = !msgCtx.isServerSide();
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/TokenCallbackHandler.java Wed Sep 27 03:54:42 2006
@@ -16,13 +16,17 @@
package org.apache.rampart;
+import org.apache.axiom.om.OMElement;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.message.token.Reference;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.namespace.QName;
import java.io.IOException;
@@ -46,8 +50,26 @@
try {
//Pick up the token from the token store
tok = this.store.getToken(id);
- //Get the secret and set it in the callback object
- pc.setKey(tok.getSecret());
+ if(tok != null) {
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ } else {
+ //Try the unattached refs
+ Token[] tokens = store.getValidTokens();
+ for (int j = 0; j < tokens.length; j++) {
+ OMElement elem = tokens[j].getAttachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ pc.setKey(tokens[j].getSecret());
+ return;
+ }
+ elem = tokens[j].getUnattachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ pc.setKey(tokens[j].getSecret());
+ return;
+ }
+
+ }
+ }
} catch (Exception e) {
e.printStackTrace();
@@ -58,6 +80,22 @@
throw new UnsupportedCallbackException(callbacks[i],
"Unrecognized Callback");
}
+ }
+ }
+
+ private String getIdFromSTR(OMElement str) {
+// ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = str.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI"));
+ } else {
+ return null;
}
}
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/BindingBuilder.java Wed Sep 27 03:54:42 2006
@@ -482,7 +482,7 @@
dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
- dkSign.prepare(doc);
+ dkSign.prepare(doc, rmd.getSecHeader());
sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java Wed Sep 27 03:54:42 2006
@@ -115,7 +115,8 @@
Element encrDKTokenElem = null;
if(Constants.INCLUDE_ALWAYS.equals(encryptionToken.getInclusion()) ||
- Constants.INCLUDE_ONCE.equals(encryptionToken.getInclusion())) {
+ Constants.INCLUDE_ONCE.equals(encryptionToken.getInclusion()) ||
+ (rmd.isClientSide() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encryptionToken.getInclusion()))) {
encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
attached = true;
}
@@ -284,9 +285,9 @@
if(sigToken != null) {
if(sigToken instanceof SecureConversationToken) {
- sigTokId = rmd.getIssuedSignatureTokenId();
- } else if(sigToken instanceof IssuedToken) {
sigTokId = rmd.getSecConvTokenId();
+ } else if(sigToken instanceof IssuedToken) {
+ sigTokId = rmd.getIssuedSignatureTokenId();
}
} else {
throw new RampartException("signatureTokenMissing");
@@ -295,7 +296,8 @@
sigTok = this.getToken(rmd, sigTokId);
if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
- Constants.INCLUDE_ONCE.equals(sigToken.getInclusion())) {
+ Constants.INCLUDE_ONCE.equals(sigToken.getInclusion()) ||
+ (rmd.isClientSide() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(sigToken.getInclusion()))) {
sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
}
@@ -350,7 +352,7 @@
//Encryption
Token encrToken = rpd.getEncryptionToken();
Element encrTokElem = null;
- if(sigToken.equal(encrToken)) {
+ if(sigToken.equals(encrToken)) {
//Use the same token
encrTokId = sigTokId;
encrTok = sigTok;
@@ -360,7 +362,8 @@
encrTok = this.getToken(rmd, encrTokId);
if(Constants.INCLUDE_ALWAYS.equals(encrToken.getInclusion()) ||
- Constants.INCLUDE_ONCE.equals(encrToken.getInclusion())) {
+ Constants.INCLUDE_ONCE.equals(encrToken.getInclusion()) ||
+ (rmd.isClientSide() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encrToken.getInclusion()))) {
encrTokElem = (Element)encrTok.getToken();
//Add the encrToken element before the sigToken element
@@ -397,17 +400,21 @@
dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
}
+ dkEncr.prepare(doc);
Element encrDKTokenElem = null;
encrDKTokenElem = dkEncr.getdktElement();
- RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
- dkEncr.prepare(doc);
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
+ } else {
+ RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem);
+ }
refList = dkEncr.encryptForExternalRef(null, encrParts);
RampartUtil.insertSiblingAfter(rmd,
encrDKTokenElem,
refList);
-
+
} catch (WSSecurityException e) {
throw new RampartException("errorInDKEncr");
} catch (ConversationException e) {
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/errors.properties Wed Sep 27 03:54:42 2006
@@ -36,6 +36,8 @@
encryptionTokenMissing = Encryption token missing
signatureTokenMissing = Signature token missging
errorInEncryption = Error during encryption
+sctIssuerPolicyMissing = sct-issuer-policy parameter missing
+
#Errors in processors
errorProcessingUT = Error in processing UsernameToken
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/builders/RampartConfigBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/builders/RampartConfigBuilder.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/builders/RampartConfigBuilder.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/builders/RampartConfigBuilder.java Wed Sep 27 03:54:42 2006
@@ -19,6 +19,7 @@
import org.apache.neethi.Assertion;
import org.apache.neethi.AssertionBuilderFactory;
import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
import org.apache.neethi.builders.AssertionBuilder;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
@@ -62,8 +63,7 @@
childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.TOKEN_ISSUER_POLICY_LN));
if (childElement != null) {
- rampartConfig.setTokenIssuerPolicy((Policy) factory
- .build(childElement));
+ rampartConfig.setTokenIssuerPolicy((Policy) PolicyEngine.getPolicy((childElement.getFirstElement())));
}
return rampartConfig;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/model/RampartConfig.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/model/RampartConfig.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/model/RampartConfig.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/policy/model/RampartConfig.java Wed Sep 27 03:54:42 2006
@@ -59,6 +59,8 @@
*/
public class RampartConfig implements Assertion {
+ private static final String DEFAULT_TIMESTAMP_TTL = "300000";
+
public final static String NS = "http://ws.apache.org/rampart/policy";
public final static String PREFIX = "rampart";
@@ -95,7 +97,7 @@
private CryptoConfig decCryptoConfig;
- private String timestampTTL;
+ private String timestampTTL = DEFAULT_TIMESTAMP_TTL;
private String tokenStoreClass;
Modified: webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java?view=diff&rev=450394&r1=450393&r2=450394
==============================================================================
--- webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java (original)
+++ webservices/axis2/trunk/java/modules/security/src/org/apache/rampart/util/RampartUtil.java Wed Sep 27 03:54:42 2006
@@ -28,6 +28,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.client.STSClient;
@@ -320,9 +321,12 @@
RahasConstants.RST_ACTION_SCT);
// Get sts epr
- String issuerEprAddress = RampartUtil
- .processIssuerAddress(secConvTok.getIssuerEpr());
-
+ OMElement issuerEpr = secConvTok.getIssuerEpr();
+ String issuerEprAddress = rmd.getMsgContext().getTo().getAddress();
+ if(issuerEpr != null) {
+ issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr);
+ }
+
//Find SC version
int conversationVersion = rmd.getSecConvVersion();
@@ -330,25 +334,21 @@
conversationVersion,
rmd.getWstVersion());
- //Check to see whether there's a specific issuer
Policy stsPolicy = null;
- if (issuerEprAddress.equals(rmd.getMsgContext().getOptions().getTo().getAddress())) {
- log.debug("Issuer address is the same as service " +
- "address");
- stsPolicy = rmd.getServicePolicy();
+
+ //Try boot strap policy
+ Policy bsPol = secConvTok.getBootstrapPolicy();
+
+ if(bsPol != null) {
+ log.debug("BootstrapPolicy found");
+ bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
+ stsPolicy = bsPol;
} else {
- //Try boot strap policy
- Policy bsPol = secConvTok.getBootstrapPolicy();
- if(bsPol != null) {
- log.debug("BootstrapPolicy found");
- stsPolicy = bsPol;
- } else {
- //No bootstrap policy
- //Use issuer policy specified in rampart config
- log.debug("No bootstrap policy, using issuer" +
- " policy specified in rampart config");
- rmd.getPolicyData().getRampartConfig().getTokenIssuerPolicy();
- }
+ //No bootstrap policy
+ //Use issuer policy specified in rampart config
+ log.debug("No bootstrap policy, using issuer" +
+ " policy specified in rampart config");
+ stsPolicy = rmd.getPolicyData().getRampartConfig().getTokenIssuerPolicy();
}
String id = getToken(rmd, rstTemplate,
@@ -436,6 +436,7 @@
servceEprAddress);
//Add the token to token storage
+ rst.setState(Token.ISSUED);
rmd.getTokenStorage().add(rst);
return rst.getId();
@@ -574,10 +575,7 @@
* @return
*/
public static String getContextIdentifierKey(MessageContext msgContext) {
- String service = msgContext.getTo().getAddress();
- String action = msgContext.getOptions().getAction();
-
- return service + ":" + action;
+ return msgContext.getAxisService().getName();
}
@@ -588,14 +586,14 @@
public static Hashtable getContextMap(MessageContext msgContext) {
//Fist check whether its there
Object map = msgContext.getConfigurationContext().getProperty(
- RampartMessageData.KEY_CONTEXT_MAP);
+ ConversationConstants.KEY_CONTEXT_MAP);
if(map == null) {
//If not create a new one
map = new Hashtable();
//Set the map globally
msgContext.getConfigurationContext().setProperty(
- RampartMessageData.KEY_CONTEXT_MAP, map);
+ ConversationConstants.KEY_CONTEXT_MAP, map);
}
return (Hashtable)map;
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org