You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/07/24 22:48:10 UTC
svn commit: r797645 - in /cxf/branches/2.2.x-fixes: ./
distribution/src/main/release/samples/ws_security/interopfest/wssc/
distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/
distribution/src/main/release/sa...
Author: dkulp
Date: Fri Jul 24 20:48:10 2009
New Revision: 797645
URL: http://svn.apache.org/viewvc?rev=797645&view=rev
Log:
Merged revisions 797640 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r797640 | dkulp | 2009-07-24 16:40:45 -0400 (Fri, 24 Jul 2009) | 2 lines
[CXF-2359] Fixes to properly check all the signatures and timestamps.
Part of it is a patch from Colm O hEigeartaigh
........
Modified:
cxf/branches/2.2.x-fixes/ (props changed)
cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml
cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java
cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Jul 24 20:48:10 2009
@@ -1 +1 @@
-/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792265,792271,792604,792683-792685,792975,792985,793059,793570,794297,794396,794680,794728,794771,794778-794780,794892,795044,795104,795160,795583,795907,796022-796023,796352,796593,796741,796780,796994-796997,797117,797159,797192,797194,797231-797233,797442,797505,797517,797534,797581-797583,797587
+/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792265,792271,792604,792683-792685,792975,792985,793059,793570,794297,794396,794680,794728,794771,794778-794780,794892,795044,795104,795160,795583,795907,796022-796023,796352,796593,796741,796780,796994-796997,797117,797159,797192,797194,797231-797233,797442,797505,797517,797534,797581-797583,797587,797640
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml (original)
+++ cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/pom.xml Fri Jul 24 20:48:10 2009
@@ -90,7 +90,7 @@
<plugin>
<groupId>org.apache.cxf</groupId>
<artifactId>cxf-codegen-plugin</artifactId>
- <version>LATEST</version>
+ <version>2.3.0-SNAPSHOT</version>
<executions>
<execution>
<id>generate-sources</id>
Modified: cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java (original)
+++ cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/server/Server.java Fri Jul 24 20:48:10 2009
@@ -84,6 +84,10 @@
if (url.contains("X10_I")) {
ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "etc/bob.properties");
ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "etc/alice.properties");
+ } else if (url.contains("MutualCert")) {
+ ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "etc/bob.properties");
+ ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "etc/alice.properties");
+ ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
}
ep.publish(url);
}
Modified: cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl (original)
+++ cxf/branches/2.2.x-fixes/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/style/makelocal.xsl Fri Jul 24 20:48:10 2009
@@ -34,6 +34,32 @@
<xsl:when test="@schemaLocation='http://ndgo-introp-s24/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd3'">
<xsl:attribute name="schemaLocation">WSSecureConversation_3.xsd</xsl:attribute>
</xsl:when>
+
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd0'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_0.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd0'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_0.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd1'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_1.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd1'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_1.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd2'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_2.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd2'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_2.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?xsd=xsd3'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_3.xsd</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@schemaLocation='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?xsd=xsd3'">
+ <xsl:attribute name="schemaLocation">WSSecureConversation_3.xsd</xsl:attribute>
+ </xsl:when>
+
<xsl:otherwise>
<xsl:attribute name="schemaLocation">
<xsl:value-of select="@schemaLocation"/>
@@ -53,6 +79,12 @@
<xsl:when test="@location='http://ndgo-introp-s24/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?wsdl'">
<xsl:attribute name="location">WSSecureConversation.wsdl</xsl:attribute>
</xsl:when>
+ <xsl:when test="@location='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversation.svc?wsdl'">
+ <xsl:attribute name="location">WSSecureConversation.wsdl</xsl:attribute>
+ </xsl:when>
+ <xsl:when test="@location='http://131.107.153.205/Security_WsSecurity_Service_Indigo/WSSecureConversationSign.svc?wsdl'">
+ <xsl:attribute name="location">WSSecureConversation.wsdl</xsl:attribute>
+ </xsl:when>
<xsl:otherwise>
<xsl:attribute name="location">WSSecureConversation_policy.wsdl</xsl:attribute>
</xsl:otherwise>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Jul 24 20:48:10 2009
@@ -262,9 +262,9 @@
Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
if (abinding.getProtectionToken() != null) {
- if (e != null) {
+ if (e != null && s == null) {
s = e;
- } else if (s != null) {
+ } else if (s != null && e == null) {
e = s;
}
}
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Jul 24 20:48:10 2009
@@ -233,18 +233,24 @@
*/
// Extract the signature action result from the action vector
- WSSecurityEngineResult actionResult = WSSecurityUtil
- .fetchActionResult(wsResult, WSConstants.SIGN);
-
- if (actionResult != null) {
- X509Certificate returnCert = (X509Certificate)actionResult
- .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-
- if (returnCert != null && !verifyTrust(returnCert, reqData)) {
- LOG.warning("The certificate used for the signature is not trusted");
- throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
+ Vector signatureResults = new Vector();
+ signatureResults =
+ WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN, signatureResults);
+
+ if (!signatureResults.isEmpty()) {
+ for (int i = 0; i < signatureResults.size(); i++) {
+ WSSecurityEngineResult result =
+ (WSSecurityEngineResult) signatureResults.get(i);
+
+ X509Certificate returnCert = (X509Certificate)result
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+ if (returnCert != null && !verifyTrust(returnCert, reqData)) {
+ LOG.warning("The certificate used for the signature is not trusted");
+ throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
+ }
+ msg.put(SIGNATURE_RESULT, result);
}
- msg.put(SIGNATURE_RESULT, actionResult);
}
/*
@@ -257,16 +263,22 @@
*/
// Extract the timestamp action result from the action vector
- actionResult = WSSecurityUtil.fetchActionResult(wsResult, WSConstants.TS);
-
- if (actionResult != null) {
- Timestamp timestamp = (Timestamp)actionResult.get(WSSecurityEngineResult.TAG_TIMESTAMP);
-
- if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
- LOG.warning("The timestamp could not be validated");
- throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
+ Vector timestampResults = new Vector();
+ timestampResults =
+ WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, timestampResults);
+
+ if (!timestampResults.isEmpty()) {
+ for (int i = 0; i < timestampResults.size(); i++) {
+ WSSecurityEngineResult result =
+ (WSSecurityEngineResult) timestampResults.get(i);
+ Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP);
+
+ if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
+ LOG.warning("The timestamp could not be validated");
+ throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
+ }
+ msg.put(TIMESTAMP_RESULT, result);
}
- msg.put(TIMESTAMP_RESULT, actionResult);
}
/*
Modified: cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java (original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCTest.java Fri Jul 24 20:48:10 2009
@@ -129,8 +129,12 @@
ping.setScenario("Scenario5");
ping.setText("ping");
params.setPing(ping);
- PingResponse output = port.ping(params);
- assertEquals(OUT, output.getPingResponse().getText());
+ try {
+ PingResponse output = port.ping(params);
+ assertEquals(OUT, output.getPingResponse().getText());
+ } catch (Exception ex) {
+ throw new Exception("Error doing " + portPrefix, ex);
+ }
}
}
Modified: cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java?rev=797645&r1=797644&r2=797645&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java (original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java Fri Jul 24 20:48:10 2009
@@ -106,6 +106,12 @@
"org/apache/cxf/systest/ws/wssec11/server/bob.properties");
ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct",
"org/apache/cxf/systest/ws/wssec11/server/alice.properties");
+ } else if (url.contains("MutualCert")) {
+ ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct",
+ "org/apache/cxf/systest/ws/wssec11/server/bob.properties");
+ ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct",
+ "org/apache/cxf/systest/ws/wssec11/server/alice.properties");
+ ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
}
ep.publish(url);
}