You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/03 16:37:27 UTC

svn commit: r1478815 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/ services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/ services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/...

Author: coheigea
Date: Fri May  3 14:37:26 2013
New Revision: 1478815

URL: http://svn.apache.org/r1478815
Log:
Add the ability to set a UseKey certificate directly on the STSClient

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
    cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
    cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1478815&r1=1478814&r2=1478815&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java Fri May  3 14:37:26 2013
@@ -178,6 +178,7 @@ public abstract class AbstractSTSClient 
     protected boolean sendKeyType = true;
     protected Message message;
     protected String context;
+    protected X509Certificate useKeyCertificate;
 
     protected Map<String, Object> ctx = new HashMap<String, Object>();
     
@@ -718,8 +719,13 @@ public abstract class AbstractSTSClient 
         if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey")) {
             requestorEntropy = writeElementsForRSTSymmetricKey(writer, wroteKeySize);
         } else if (keyTypeTemplate != null && keyTypeTemplate.endsWith("PublicKey")) {
-            crypto = createCrypto(false);
-            cert = getCert(crypto);
+            // Use the given cert, or else get it from a Crypto instance
+            if (useKeyCertificate != null) {
+                cert = useKeyCertificate;
+            } else {
+                crypto = createCrypto(false);
+                cert = getCert(crypto);
+            }
             writeElementsForRSTPublicKey(writer, cert);
         } else if (isSpnego) {
             addKeySize(keySize, writer);
@@ -1595,4 +1601,12 @@ public abstract class AbstractSTSClient 
     public void setWspNamespace(String wspNamespace) {
         this.wspNamespace = wspNamespace;
     }
+
+    public X509Certificate getUseKeyCertificate() {
+        return useKeyCertificate;
+    }
+
+    public void setUseKeyCertificate(X509Certificate useKeyCertificate) {
+        this.useKeyCertificate = useKeyCertificate;
+    }
 }

Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java?rev=1478815&r1=1478814&r2=1478815&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java Fri May  3 14:37:26 2013
@@ -19,6 +19,7 @@
 package org.apache.cxf.systest.sts.asymmetric;
 
 import java.net.URL;
+import java.security.cert.X509Certificate;
 
 import javax.xml.namespace.QName;
 import javax.xml.ws.BindingProvider;
@@ -31,6 +32,11 @@ import org.apache.cxf.systest.sts.common
 import org.apache.cxf.systest.sts.common.TokenTestUtils;
 import org.apache.cxf.systest.sts.deployment.STSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
 
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
@@ -152,6 +158,16 @@ public class AsymmetricBindingTest exten
             TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1EncryptedPort, STSPORT2);
         }
         
+        // Set the X509Certificate manually on the STSClient (just to test that we can)
+        BindingProvider bindingProvider = (BindingProvider)asymmetricSaml1EncryptedPort;
+        STSClient stsClient = 
+            (STSClient)bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT);
+        Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("myclientkey");
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        stsClient.setUseKeyCertificate(certs[0]);
+        
         doubleIt(asymmetricSaml1EncryptedPort, 40);
         
         ((java.io.Closeable)asymmetricSaml1EncryptedPort).close();

Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml?rev=1478815&r1=1478814&r2=1478815&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml Fri May  3 14:37:26 2013
@@ -109,8 +109,6 @@ http://cxf.apache.org/configuration/secu
                                   value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
                            <entry key="ws-security.encryption.properties" value="clientKeystore.properties"/> 
                            <entry key="ws-security.encryption.username" value="mystskey"/>
-                           <entry key="ws-security.sts.token.username" value="myclientkey"/>
-                           <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/> 
                            <entry key="ws-security.sts.token.usecert" value="true"/> 
                            <entry key="ws-security.is-bsp-compliant" value="false"/>
                        </map>