You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/05/03 16:37:27 UTC
svn commit: r1478815 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/
services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/
services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/...
Author: coheigea
Date: Fri May 3 14:37:26 2013
New Revision: 1478815
URL: http://svn.apache.org/r1478815
Log:
Add the ability to set a UseKey certificate directly on the STSClient
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java?rev=1478815&r1=1478814&r2=1478815&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/AbstractSTSClient.java Fri May 3 14:37:26 2013
@@ -178,6 +178,7 @@ public abstract class AbstractSTSClient
protected boolean sendKeyType = true;
protected Message message;
protected String context;
+ protected X509Certificate useKeyCertificate;
protected Map<String, Object> ctx = new HashMap<String, Object>();
@@ -718,8 +719,13 @@ public abstract class AbstractSTSClient
if (keyTypeTemplate != null && keyTypeTemplate.endsWith("SymmetricKey")) {
requestorEntropy = writeElementsForRSTSymmetricKey(writer, wroteKeySize);
} else if (keyTypeTemplate != null && keyTypeTemplate.endsWith("PublicKey")) {
- crypto = createCrypto(false);
- cert = getCert(crypto);
+ // Use the given cert, or else get it from a Crypto instance
+ if (useKeyCertificate != null) {
+ cert = useKeyCertificate;
+ } else {
+ crypto = createCrypto(false);
+ cert = getCert(crypto);
+ }
writeElementsForRSTPublicKey(writer, cert);
} else if (isSpnego) {
addKeySize(keySize, writer);
@@ -1595,4 +1601,12 @@ public abstract class AbstractSTSClient
public void setWspNamespace(String wspNamespace) {
this.wspNamespace = wspNamespace;
}
+
+ public X509Certificate getUseKeyCertificate() {
+ return useKeyCertificate;
+ }
+
+ public void setUseKeyCertificate(X509Certificate useKeyCertificate) {
+ this.useKeyCertificate = useKeyCertificate;
+ }
}
Modified: cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java?rev=1478815&r1=1478814&r2=1478815&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java Fri May 3 14:37:26 2013
@@ -19,6 +19,7 @@
package org.apache.cxf.systest.sts.asymmetric;
import java.net.URL;
+import java.security.cert.X509Certificate;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
@@ -31,6 +32,11 @@ import org.apache.cxf.systest.sts.common
import org.apache.cxf.systest.sts.common.TokenTestUtils;
import org.apache.cxf.systest.sts.deployment.STSServer;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
@@ -152,6 +158,16 @@ public class AsymmetricBindingTest exten
TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml1EncryptedPort, STSPORT2);
}
+ // Set the X509Certificate manually on the STSClient (just to test that we can)
+ BindingProvider bindingProvider = (BindingProvider)asymmetricSaml1EncryptedPort;
+ STSClient stsClient =
+ (STSClient)bindingProvider.getRequestContext().get(SecurityConstants.STS_CLIENT);
+ Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("myclientkey");
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ stsClient.setUseKeyCertificate(certs[0]);
+
doubleIt(asymmetricSaml1EncryptedPort, 40);
((java.io.Closeable)asymmetricSaml1EncryptedPort).close();
Modified: cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml?rev=1478815&r1=1478814&r2=1478815&view=diff
==============================================================================
--- cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml (original)
+++ cxf/trunk/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml Fri May 3 14:37:26 2013
@@ -109,8 +109,6 @@ http://cxf.apache.org/configuration/secu
value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
<entry key="ws-security.encryption.properties" value="clientKeystore.properties"/>
<entry key="ws-security.encryption.username" value="mystskey"/>
- <entry key="ws-security.sts.token.username" value="myclientkey"/>
- <entry key="ws-security.sts.token.properties" value="clientKeystore.properties"/>
<entry key="ws-security.sts.token.usecert" value="true"/>
<entry key="ws-security.is-bsp-compliant" value="false"/>
</map>