You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/01/17 15:26:45 UTC
[cxf] branch 3.1.x-fixes updated (c3d6d23 -> c79a793)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from c3d6d23 Fixing merge
new d47efd2 CXF-7613 - Support Derived keys policy validation for EndorsingSupportingTokens
new c79a793 Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../AbstractBindingPolicyValidator.java | 8 +-
.../AbstractSupportingTokenPolicyValidator.java | 9 +++
.../AsymmetricBindingPolicyValidator.java | 15 +---
.../EndorsingEncryptedTokenPolicyValidator.java | 6 ++
.../EndorsingTokenPolicyValidator.java | 6 ++
...gnedEndorsingEncryptedTokenPolicyValidator.java | 6 ++
.../SignedEndorsingTokenPolicyValidator.java | 6 ++
.../SymmetricBindingPolicyValidator.java | 21 +----
.../sts/transport/TransportBindingTest.java | 40 +++++++++-
.../apache/cxf/systest/sts/transport/DoubleIt.wsdl | 93 +++++++++++++++++++++-
.../cxf/systest/sts/transport/cxf-client.xml | 8 ++
.../cxf/systest/sts/transport/cxf-service.xml | 7 ++
.../cxf/systest/sts/transport/cxf-stax-service.xml | 9 +++
14 files changed, 199 insertions(+), 36 deletions(-)
--
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <co...@cxf.apache.org>'].
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit c79a793fbd98e0461e2b3fbd8c47de2a3aa6453f
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 17 12:15:37 2018 +0000
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
.../policyvalidators/AbstractSupportingTokenPolicyValidator.java | 1 -
.../org/apache/cxf/systest/sts/transport/TransportBindingTest.java | 4 ++--
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index ec06e8f..1255991 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -1046,6 +1046,7 @@ M ee248ce7a4a1b04bcbddbdcef82d695ccc140160
M ee62e3c371cd7d41796cba09f110f5cff12f5060
M eeae04330ebd610be9cb46891e9f05851afad2a4
M eec5aaf5a7974dffef5c25ddcbd1d0b3721660d0
+M ef477b7225535a3182694f4a99a949c7e4ce8803
M ef562f6c17a417081651d55364c4dc17191aa741
M ef8dda985d1fbe31812b932650026658032d3ec4
M efa3c8a93e85278a2f6eca5740b1b5aca6dd8f15
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index 69afb7e..6ef9efc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -49,7 +49,6 @@ import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.PolicyUtils;
-import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.BinarySecurity;
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
index b87199c..92a170e 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
@@ -459,8 +459,8 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase {
URL busFile = TransportBindingTest.class.getResource("cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.
[cxf] 01/02: CXF-7613 - Support Derived keys policy validation for
EndorsingSupportingTokens
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit d47efd2b073a7cbfa8bbd29cd8b666e330cfa952
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Jan 17 11:32:04 2018 +0000
CXF-7613 - Support Derived keys policy validation for EndorsingSupportingTokens
(cherry picked from commit ef477b7225535a3182694f4a99a949c7e4ce8803)
# Conflicts:
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
# rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
# services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
---
.../AbstractBindingPolicyValidator.java | 8 +-
.../AbstractSupportingTokenPolicyValidator.java | 10 +++
.../AsymmetricBindingPolicyValidator.java | 15 +---
.../EndorsingEncryptedTokenPolicyValidator.java | 6 ++
.../EndorsingTokenPolicyValidator.java | 6 ++
...gnedEndorsingEncryptedTokenPolicyValidator.java | 6 ++
.../SignedEndorsingTokenPolicyValidator.java | 6 ++
.../SymmetricBindingPolicyValidator.java | 21 +----
.../sts/transport/TransportBindingTest.java | 40 +++++++++-
.../apache/cxf/systest/sts/transport/DoubleIt.wsdl | 93 +++++++++++++++++++++-
.../cxf/systest/sts/transport/cxf-client.xml | 8 ++
.../cxf/systest/sts/transport/cxf-service.xml | 7 ++
.../cxf/systest/sts/transport/cxf-stax-service.xml | 9 +++
13 files changed, 199 insertions(+), 36 deletions(-)
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
index c85ed23..e7a30bd 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
@@ -432,5 +432,11 @@ public abstract class AbstractBindingPolicyValidator implements SecurityPolicyVa
}
return false;
}
-
+
+ protected void assertDerivedKeys(AbstractToken token, AssertionInfoMap aim) {
+ DerivedKeys derivedKeys = token.getDerivedKeys();
+ if (derivedKeys != null) {
+ PolicyUtils.assertPolicy(aim, new QName(token.getName().getNamespaceURI(), derivedKeys.name()));
+ }
+ }
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
index 4a7c096..69afb7e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
@@ -48,6 +48,8 @@ import org.apache.cxf.message.Message;
import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.policy.PolicyUtils;
+import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.BinarySecurity;
@@ -61,6 +63,8 @@ import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractSecuredParts;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
import org.apache.wss4j.policy.model.EncryptedElements;
import org.apache.wss4j.policy.model.EncryptedParts;
import org.apache.wss4j.policy.model.Header;
@@ -891,4 +895,10 @@ public abstract class AbstractSupportingTokenPolicyValidator extends AbstractSec
this.enforceEncryptedTokens = enforceEncryptedTokens;
}
+ protected void assertDerivedKeys(AbstractToken token, AssertionInfoMap aim) {
+ DerivedKeys derivedKeys = token.getDerivedKeys();
+ if (derivedKeys != null) {
+ PolicyUtils.assertPolicy(aim, new QName(token.getName().getNamespaceURI(), derivedKeys.name()));
+ }
+ }
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
index 95fba63..b2c54c3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
@@ -33,7 +33,6 @@ import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.AbstractToken;
-import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
import org.apache.wss4j.policy.model.AbstractTokenWrapper;
import org.apache.wss4j.policy.model.AsymmetricBinding;
import org.apache.wss4j.policy.model.X509Token;
@@ -156,7 +155,7 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid
ai.setNotAsserted("Message fails the DerivedKeys requirement");
return false;
}
- assertToken(wrapper, aim);
+ assertDerivedKeys(wrapper.getToken(), aim);
return true;
}
@@ -184,19 +183,9 @@ public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValid
ai.setNotAsserted("Message fails the DerivedKeys requirement");
return false;
}
- assertToken(wrapper, aim);
+ assertDerivedKeys(wrapper.getToken(), aim);
return true;
}
- private void assertToken(AbstractTokenWrapper tokenWrapper, AssertionInfoMap aim) {
- String namespace = tokenWrapper.getName().getNamespaceURI();
-
- AbstractToken token = tokenWrapper.getToken();
- DerivedKeys derivedKeys = token.getDerivedKeys();
- if (derivedKeys != null) {
- PolicyUtils.assertPolicy(aim, new QName(namespace, derivedKeys.name()));
- }
- }
-
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
index 333094c..e1b5e96 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
@@ -26,6 +26,7 @@ import javax.xml.namespace.QName;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.security.policy.PolicyUtils;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractToken;
@@ -79,6 +80,7 @@ public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTo
List<AbstractToken> tokens = binding.getTokens();
for (AbstractToken token : tokens) {
if (!isTokenRequired(token, parameters.getMessage())) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
continue;
}
@@ -122,6 +124,10 @@ public class EndorsingEncryptedTokenPolicyValidator extends AbstractSupportingTo
);
continue;
}
+
+ if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
+ }
}
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
index 47cdceb..c6e109a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.List;
import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.AbstractToken;
@@ -68,6 +69,7 @@ public class EndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicy
List<AbstractToken> tokens = binding.getTokens();
for (AbstractToken token : tokens) {
if (!isTokenRequired(token, parameters.getMessage())) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
continue;
}
@@ -110,6 +112,10 @@ public class EndorsingTokenPolicyValidator extends AbstractSupportingTokenPolicy
);
continue;
}
+
+ if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
+ }
}
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
index a57fbf4..92bbb1f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
@@ -26,6 +26,7 @@ import javax.xml.namespace.QName;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.security.policy.PolicyUtils;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractToken;
@@ -79,6 +80,7 @@ public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSuppor
List<AbstractToken> tokens = binding.getTokens();
for (AbstractToken token : tokens) {
if (!isTokenRequired(token, parameters.getMessage())) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
continue;
}
@@ -122,6 +124,10 @@ public class SignedEndorsingEncryptedTokenPolicyValidator extends AbstractSuppor
);
continue;
}
+
+ if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
+ }
}
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
index 77e7ebd..7b65962 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
@@ -23,6 +23,7 @@ import java.util.Collection;
import java.util.List;
import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.model.AbstractToken;
@@ -68,6 +69,7 @@ public class SignedEndorsingTokenPolicyValidator extends AbstractSupportingToken
List<AbstractToken> tokens = binding.getTokens();
for (AbstractToken token : tokens) {
if (!isTokenRequired(token, parameters.getMessage())) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
continue;
}
@@ -110,6 +112,10 @@ public class SignedEndorsingTokenPolicyValidator extends AbstractSupportingToken
);
continue;
}
+
+ if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
+ assertDerivedKeys(token, parameters.getAssertionInfoMap());
+ }
}
}
}
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
index ab2fecd..15a85ac 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
@@ -22,8 +22,6 @@ package org.apache.cxf.ws.security.wss4j.policyvalidators;
import java.util.Collection;
import java.util.List;
-import javax.xml.namespace.QName;
-
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.PolicyUtils;
@@ -31,9 +29,6 @@ import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.policy.SP11Constants;
import org.apache.wss4j.policy.SP12Constants;
-import org.apache.wss4j.policy.model.AbstractToken;
-import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
-import org.apache.wss4j.policy.model.AbstractTokenWrapper;
import org.apache.wss4j.policy.model.SymmetricBinding;
/**
@@ -101,7 +96,7 @@ public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValida
ai.setNotAsserted("Message fails the DerivedKeys requirement");
return false;
}
- assertToken(binding.getEncryptionToken(), aim);
+ assertDerivedKeys(binding.getEncryptionToken().getToken(), aim);
}
if (binding.getSignatureToken() != null) {
@@ -112,7 +107,7 @@ public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValida
ai.setNotAsserted("Message fails the DerivedKeys requirement");
return false;
}
- assertToken(binding.getSignatureToken(), aim);
+ assertDerivedKeys(binding.getSignatureToken().getToken(), aim);
}
if (binding.getProtectionToken() != null) {
@@ -123,19 +118,9 @@ public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValida
ai.setNotAsserted("Message fails the DerivedKeys requirement");
return false;
}
- assertToken(binding.getProtectionToken(), aim);
+ assertDerivedKeys(binding.getProtectionToken().getToken(), aim);
}
return true;
}
-
- private void assertToken(AbstractTokenWrapper tokenWrapper, AssertionInfoMap aim) {
- String namespace = tokenWrapper.getName().getNamespaceURI();
-
- AbstractToken token = tokenWrapper.getToken();
- DerivedKeys derivedKeys = token.getDerivedKeys();
- if (derivedKeys != null) {
- PolicyUtils.assertPolicy(aim, new QName(namespace, derivedKeys.name()));
- }
- }
}
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
index c492171..b87199c 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java
@@ -385,8 +385,8 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
- public void testSAML2EndorsingX509() throws Exception {
-
+ public void testSAML2X509Endorsing() throws Exception {
+
// Only works for DOM (clients)
if (test.isStreaming()) {
return;
@@ -419,7 +419,7 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
- public void testSAML2EndorsingSymmetric() throws Exception {
+ public void testSAML2SymmetricEndorsing() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = TransportBindingTest.class.getResource("cxf-client.xml");
@@ -447,6 +447,40 @@ public class TransportBindingTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testSAML2SymmetricEndorsingDerived() throws Exception {
+
+ // Only works for DOM (clients)
+ if (test.isStreaming()) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = TransportBindingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2SymmetricEndorsingDerivedPort");
+ DoubleItPortType transportSaml1Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(transportSaml1Port, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)transportSaml1Port, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(transportSaml1Port);
+ }
+
+ doubleIt(transportSaml1Port, 25);
+
+ ((java.io.Closeable)transportSaml1Port).close();
+ bus.shutdown(true);
+ }
+
private DOMSource createDOMRequest() throws ParserConfigurationException {
// Creating a DOMSource Object for the request
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
index 083f672..4da85f5 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt.wsdl
@@ -94,6 +94,21 @@
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItTransportSAML2SymmetricEndorsingDerivedBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItBindingTransportSAML2SymmetricEndorsingDerivedPolicy"/>
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItTransportSAML1Port" binding="tns:DoubleItTransportSAML1Binding">
<soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml1"/>
@@ -112,6 +127,10 @@
binding="tns:DoubleItTransportSAML2SymmetricEndorsingBinding">
<soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2symmetricendorsing"/>
</wsdl:port>
+ <wsdl:port name="DoubleItTransportSAML2SymmetricEndorsingDerivedPort"
+ binding="tns:DoubleItTransportSAML2SymmetricEndorsingDerivedBinding">
+ <soap:address location="https://localhost:8081/doubleit/services/doubleittransportsaml2symmetricendorsingderived"/>
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItBindingTransportSAML1Policy">
<wsp:ExactlyOne>
@@ -429,7 +448,79 @@
</sp:RequestSecurityTokenTemplate>
<wsp:Policy>
<sp:RequireInternalReference/>
- <!-- <sp:RequireDerivedKeys/> -->
+ </wsp:Policy>
+ <sp:Issuer>
+ <wsaw:Address>http://localhost:8080/STS/STSUT
+ </wsaw:Address>
+ <wsaw:Metadata>
+ <wsx:Metadata>
+ <wsx:MetadataSection>
+ <wsx:MetadataReference>
+ <wsaw:Address>http://localhost:8080/SecurityTokenService/UT/mex
+ </wsaw:Address>
+ </wsx:MetadataReference>
+ </wsx:MetadataSection>
+ </wsx:Metadata>
+ </wsaw:Metadata>
+ </sp:Issuer>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItBindingTransportSAML2SymmetricEndorsingDerivedPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsam:Addressing wsp:Optional="false">
+ <wsp:Policy/>
+ </wsam:Addressing>
+ <sp:TransportBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ <sp:RequireDerivedKeys/>
</wsp:Policy>
<sp:Issuer>
<wsaw:Address>http://localhost:8080/STS/STSUT
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
index e241cbd..567d845 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-client.xml
@@ -89,6 +89,14 @@
<entry key="security.sts.client" value-ref="stsClient"/>
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2SymmetricEndorsingDerivedPort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.username" value="myclientkey"/>
+ <entry key="security.signature.properties" value="clientKeystore.properties"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.sts.client" value-ref="stsClient"/>
+ </jaxws:properties>
+ </jaxws:client>
<http:conduit name="https://localhost.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="ckpass">
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
index 3bf0fc6..ebb1bcb 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service.xml
@@ -59,6 +59,13 @@
<entry key="ws-security.enable.timestamp.cache" value="false"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2symmetricderived" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2SymmetricEndorsingDerivedPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.transport.Server}/doubleit/services/doubleittransportsaml2symmetricendorsingderived" wsdlLocation="org/apache/cxf/systest/sts/ [...]
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.enable.timestamp.cache" value="false"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
<httpj:engine port="${testutil.ports.transport.Server}">
<httpj:tlsServerParameters>
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
index 9d17c9f..6142c9e 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service.xml
@@ -66,6 +66,15 @@
<entry key="ws-security.enable.timestamp.cache" value="false"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleittransportsaml2symmetricendorsingderived" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItTransportSAML2SymmetricEndorsingDerivedPort" serviceName="s:DoubleItService" depends-on="ClientAuthHttpsSettings" address="https://localhost:${testutil.ports.transport.StaxServer}/doubleit/services/doubleittransportsaml2symmetricendorsingderived" wsdlLocation="org/apache/cxf [...]
+ <jaxws:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ <entry key="ws-security.enable.timestamp.cache" value="false"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
<httpj:engine port="${testutil.ports.transport.StaxServer}">
<httpj:tlsServerParameters>
--
To stop receiving notification emails like this one, please contact
"commits@cxf.apache.org" <co...@cxf.apache.org>.