You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/30 17:08:20 UTC
svn commit: r1780946 [4/5] - in
/axis/axis2/java/rampart/branches/RAMPART-289: ./ modules/distribution/
modules/documentation/src/site/ modules/documentation/src/site/resources/
modules/documentation/src/site/resources/css/ modules/documentation/src/si...
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/services.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/services.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/services.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/services.xml Mon Jan 30 17:08:19 2017
@@ -16,11 +16,11 @@
! limitations under the License.
!-->
<!-- services.xml of Sample 06 : Trust sample with mex -->
-<serviceGroup>
+<serviceGroup>
<service name="STS">
<module ref="rampart" />
- <module ref="addressing" />
- <module ref="rahas" />
+ <module ref="addressing" />
+ <module ref="rahas" />
<parameter name="saml-issuer-config">
<saml-issuer-config>
<issuerName>SAMPLE_STS</issuerName>
@@ -54,7 +54,7 @@
-->
<proofKeyType>BinarySecret</proofKeyType>
<trusted-services>
- <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
+ <!-- <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
<service alias="sts">*</service>
</trusted-services>
</saml-issuer-config>
@@ -118,136 +118,133 @@
<ramp:property name="org.apache.ws.security.crypto.merlin.file">sts.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
- </ramp:signatureCrypto>
-
+ </ramp:signatureCrypto>
+
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
- </wsp:Policy>
+ </wsp:Policy>
+
+
+</service>
+<service name="sample06">
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SgnOnlyAnonymous"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
+ <Metadata xmlns="http://www.w3.org/2005/08/addressing">
+ <mex:Metadata
+ xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
+ <mex:MetadataReference>
+ <Address
+ xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
+ </mex:MetadataReference>
+ </mex:MetadataSection>
+ </mex:Metadata>
+ </Metadata>
+ </Issuer>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SupportingTokens>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
+<service name="mex">
+
+ <operation name="get">
+ <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
+ </service>
-</service>
-<service name="sample06">
- <operation name="echo">
- <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
-
- <module ref="rampart" />
- <module ref="addressing" />
-
- <wsp:Policy wsu:Id="SgnOnlyAnonymous"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
- xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
- <Metadata xmlns="http://www.w3.org/2005/08/addressing">
- <mex:Metadata
- xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
- <mex:MetadataReference>
- <Address
- xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
- </mex:MetadataReference>
- </mex:MetadataSection>
- </mex:Metadata>
- </Metadata>
- </Issuer>
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
- <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
- <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
- </sp:IssuedToken>
- <sp:SignedParts>
- <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:Policy>
- </sp:SupportingTokens>
- <sp:SignedParts>
- <sp:Body/>
- </sp:SignedParts>
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- <sp:RequireSignatureConfirmation/>
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
- <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
- <ramp:user>service</ramp:user>
- <ramp:encryptionUser>client</ramp:encryptionUser>
- <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
- <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
-</service>
-<service name="mex">
-
- <operation name="get">
- <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
- <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
- </operation>
- <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>
-
- </service>
-
</serviceGroup>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-samples/policy/sample06/src/org/apache/rampart/samples/policy/sample06/MexService.java Mon Jan 30 17:08:19 2017
@@ -1,3 +1,19 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.apache.rampart.samples.policy.sample06;
import java.io.File;
Propchange: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Jan 30 17:08:19 2017
@@ -0,0 +1,4 @@
+.settings
+target
+.classpath
+.project
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java Mon Jan 30 17:08:19 2017
@@ -16,11 +16,19 @@
package org.apache.rahas;
-import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import junit.framework.TestCase;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
import java.util.Date;
public class SimpleTokenStoreTest extends TestCase {
@@ -30,8 +38,7 @@ public class SimpleTokenStoreTest extend
try {
store.add(getTestToken("id-1"));
} catch (TrustException e) {
- fail("Adding a new token to an empty store should not fail, " +
- "message : " + e.getMessage());
+ fail("Adding a new token to an empty store should not fail, " + "message : " + e.getMessage());
}
Token token = null;
try {
@@ -40,8 +47,7 @@ public class SimpleTokenStoreTest extend
fail("Adding an existing token must throw an exception");
} catch (TrustException e) {
assertEquals("Incorrect exception message",
- TrustException.getMessage("tokenAlreadyExists",
- new String[]{token.getId()}), e.getMessage());
+ TrustException.getMessage("tokenAlreadyExists", new String[]{token.getId()}), e.getMessage());
}
}
@@ -76,9 +82,8 @@ public class SimpleTokenStoreTest extend
store.update(token1);
fail("An exception must be thrown at this point : noTokenToUpdate");
} catch (TrustException e) {
- assertEquals("Incorrect exception message", TrustException
- .getMessage("noTokenToUpdate", new String[]{token1
- .getId()}), e.getMessage());
+ assertEquals("Incorrect exception message",
+ TrustException.getMessage("noTokenToUpdate", new String[]{token1.getId()}), e.getMessage());
}
try {
store.add(token1);
@@ -133,11 +138,13 @@ public class SimpleTokenStoreTest extend
}
}
- private Token getTestToken(String tokenId) throws TrustException {
+ private Token getTestToken(String tokenId)
+ throws TrustException {
return getTestToken(tokenId, new Date());
}
- private Token getTestToken(String tokenId, Date expiry) throws TrustException {
+ private Token getTestToken(String tokenId, Date expiry)
+ throws TrustException {
OMFactory factory = DOOMAbstractFactory.getOMFactory();
OMElement tokenEle = factory.createOMElement("testToken", "", "");
Token token = new Token(tokenId, tokenEle, new Date(), expiry);
@@ -147,4 +154,48 @@ public class SimpleTokenStoreTest extend
token.setSecret("Top secret!".getBytes());
return token;
}
+
+ public void testSerialize()
+ throws Exception {
+ String fileName = "test.ser";
+
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns1 = factory.createOMNamespace("bar", "x");
+ OMElement elt11 = factory.createOMElement("foo1", ns1);
+
+ Token t = new Token("#1232122", elt11, new Date(), new Date());
+
+ SimpleTokenStore store = new SimpleTokenStore();
+ store.add(t);
+
+ FileOutputStream fos = null;
+ ObjectOutputStream out = null;
+
+ try {
+ fos = new FileOutputStream(fileName);
+ out = new ObjectOutputStream(fos);
+ out.writeObject(store);
+ } finally {
+ out.close();
+ }
+
+ SimpleTokenStore store2 = null;
+ FileInputStream fis = null;
+ ObjectInputStream in = null;
+ try {
+ fis = new FileInputStream(fileName);
+ in = new ObjectInputStream(fis);
+ store2 = (SimpleTokenStore)in.readObject();
+ in.close();
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ } catch (ClassNotFoundException ex) {
+ ex.printStackTrace();
+ }
+
+ assertEquals(store.getToken("#1232122").getId(), store2.getToken("#1232122").getId());
+ assertEquals(store.getToken("#1232122").getCreated(), store2.getToken("#1232122").getCreated());
+
+ }
+
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java Mon Jan 30 17:08:19 2017
@@ -19,6 +19,8 @@ package org.apache.rampart;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
@@ -63,8 +65,28 @@ public class MessageBuilderTestBase exte
* @throws AxisFault
*/
protected MessageContext getMsgCtx() throws Exception {
+ return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ }
+
+ /**
+ * Return a message context initialized with a SOAP 1.2 message.
+ *
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ protected MessageContext getMsgCtx12() throws Exception {
+ return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ }
+
+ /**
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ private MessageContext initMsgCtxFromMessage(String messageResource) throws Exception {
MessageContext ctx = new MessageContext();
-
+
AxisConfiguration axisConfiguration = new AxisConfiguration();
AxisService axisService = new AxisService("TestService");
axisConfiguration.addService(axisService);
@@ -88,7 +110,7 @@ public class MessageBuilderTestBase exte
XMLStreamReader reader =
XMLInputFactory.newInstance().
- createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
+ createXMLStreamReader(new FileInputStream(messageResource));
ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
return ctx;
}
@@ -121,4 +143,15 @@ public class MessageBuilderTestBase exte
}
}
+ public String getContentTypeForEnvelope(SOAPEnvelope env) {
+ String contentType = SOAP11Constants.SOAP_11_CONTENT_TYPE; //default
+ if (SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(env.getNamespace().getNamespaceURI())) {
+ contentType = SOAP11Constants.SOAP_11_CONTENT_TYPE;
+ }
+ else if (SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(env.getNamespace().getNamespaceURI())) {
+ contentType = SOAP12Constants.SOAP_12_CONTENT_TYPE;
+ }
+ return contentType;
+ }
+
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java Mon Jan 30 17:08:19 2017
@@ -18,14 +18,23 @@ package org.apache.rampart;
import java.io.ByteArrayInputStream;
import java.util.Vector;
+import java.util.ArrayList;
+import java.security.cert.X509Certificate;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.builder.SOAPBuilder;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.engine.AxisEngine;
+import org.apache.axis2.namespace.Constants;
import org.apache.neethi.Policy;
import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import javax.xml.namespace.QName;
public class RampartEngineTest extends MessageBuilderTestBase {
@@ -45,9 +54,10 @@ public class RampartEngineTest extends M
RampartEngine engine = new RampartEngine();
engine.process(ctx);
- } catch (RampartException e) {
+ }
+ catch (RampartException e) {
assertEquals("Expected rampart to complain about missing security header",
- "Missing wsse:Security header in request", e.getMessage());
+ "Missing wsse:Security header in request", e.getMessage());
}
}
@@ -64,14 +74,74 @@ public class RampartEngineTest extends M
builder.build(ctx);
// Building the SOAP envelope from the OMElement
+ buildSOAPEnvelope(ctx);
+
+ RampartEngine engine = new RampartEngine();
+ Vector results = engine.process(ctx);
+
+ /*
+ The principle purpose of the test case is to verify that the above processes
+ without throwing an exception. However, perform a minimal amount of validation on the
+ results.
+ */
+ assertNotNull("RampartEngine returned null result", results);
+ //verify cert was stored
+ X509Certificate usedCert = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
+ Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action.intValue() == WSConstants.SIGN) {
+ //the result is for the signature, which contains the used certificate
+ usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ break;
+ }
+ }
+ assertNotNull("Result of processing did not include a certificate", usedCert);
+ }
+
+ public void testValidSOAP12Message() throws Exception {
+
+ MessageContext ctx = getMsgCtx12();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ buildSOAPEnvelope(ctx);
+
+ RampartEngine engine = new RampartEngine();
+ Vector results = engine.process(ctx);
+
+ /*
+ The principle purpose of the test case is to verify that the above processes
+ without throwing an exception. However, perform a minimal amount of validation on the
+ results.
+ */
+ assertNotNull("RampartEngine returned null result", results);
+ //verify cert was stored
+ X509Certificate usedCert = null;
+ for (int i = 0; i < results.size(); i++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(i);
+ Integer action = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (action.intValue() == WSConstants.SIGN) {
+ //the result is for the signature, which contains the used certificate
+ usedCert = (X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ break;
+ }
+ }
+ assertNotNull("Result of processing did not include a certificate", usedCert);
+ }
+
+ private void buildSOAPEnvelope(MessageContext ctx) throws Exception {
SOAPBuilder soapBuilder = new SOAPBuilder();
SOAPEnvelope env = ctx.getEnvelope();
ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
- env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, getContentTypeForEnvelope(env), ctx);
ctx.setEnvelope(env);
-
- RampartEngine engine = new RampartEngine();
- engine.process(ctx);
-
}
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-asymm-binding.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-asymm-binding.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-asymm-binding.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-asymm-binding.xml Mon Jan 30 17:08:19 2017
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-symm-binding.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-symm-binding.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-symm-binding.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-symm-binding.xml Mon Jan 30 17:08:19 2017
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-transport-binding.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-transport-binding.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-transport-binding.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy-transport-binding.xml Mon Jan 30 17:08:19 2017
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml Mon Jan 30 17:08:19 2017
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml Mon Jan 30 17:08:19 2017
@@ -24,7 +24,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml Mon Jan 30 17:08:19 2017
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml Mon Jan 30 17:08:19 2017
@@ -25,7 +25,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml Mon Jan 30 17:08:19 2017
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-1.xml Mon Jan 30 17:08:19 2017
@@ -15,7 +15,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-2-dk.xml Mon Jan 30 17:08:19 2017
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-3-dk-es.xml Mon Jan 30 17:08:19 2017
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-4-ebs.xml Mon Jan 30 17:08:19 2017
@@ -15,7 +15,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-symm-binding-5-dk-ebs.xml Mon Jan 30 17:08:19 2017
@@ -16,7 +16,7 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml Mon Jan 30 17:08:19 2017
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml Mon Jan 30 17:08:19 2017
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml Mon Jan 30 17:08:19 2017
@@ -10,7 +10,7 @@
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
Propchange: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Jan 30 17:08:19 2017
@@ -0,0 +1,4 @@
+.settings
+target
+.classpath
+.project
Propchange: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust-mar/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Mon Jan 30 17:08:19 2017
@@ -0,0 +1,3 @@
+.settings
+target
+.project
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/EncryptedKeyToken.java Mon Jan 30 17:08:19 2017
@@ -16,6 +16,9 @@
package org.apache.rahas;
+import java.io.IOException;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
import java.util.Date;
import org.apache.axiom.om.OMElement;
@@ -35,6 +38,10 @@ public class EncryptedKeyToken extends T
* SHA1 value of the encrypted key
*/
private String sha;
+
+ public EncryptedKeyToken(){
+ super();
+ }
public EncryptedKeyToken (String id,Date created, Date expires) {
super(id,created,expires);
@@ -59,4 +66,20 @@ public class EncryptedKeyToken extends T
return sha;
}
+ public void writeExternal(ObjectOutput out)
+ throws IOException {
+
+ super.writeExternal(out);
+ out.writeObject(this.sha);
+ }
+
+ public void readExternal(ObjectInput in)
+ throws ClassNotFoundException, IOException {
+
+ super.readExternal(in);
+ this.sha = (String)in.readObject();
+
+ }
+
+
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java Mon Jan 30 17:08:19 2017
@@ -334,6 +334,8 @@ public class RahasData {
SecurityTokenReference str = new SecurityTokenReference((Element)elem);
if (str.containsReference()) {
tokenId = str.getReference().getURI();
+ } else if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
}
} catch (WSSecurityException e) {
throw new TrustException("errorExtractingTokenId",e);
@@ -358,6 +360,13 @@ public class RahasData {
SecurityTokenReference str = new SecurityTokenReference((Element)elem);
if (str.containsReference()) {
tokenId = str.getReference().getURI();
+ } else if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
+ }
+ if(tokenId == null){
+ if(str.containsKeyIdentifier()){
+ tokenId = str.getKeyIdentifierValue();
+ }
}
} catch (WSSecurityException e) {
throw new TrustException("errorExtractingTokenId",e);
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java Mon Jan 30 17:08:19 2017
@@ -21,6 +21,8 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.message.token.Reference;
import javax.xml.namespace.QName;
+
+import java.io.Serializable;
import java.util.*;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
@@ -29,7 +31,7 @@ import java.util.concurrent.locks.Reentr
/**
* In-memory implementation of the token storage
*/
-public class SimpleTokenStore implements TokenStorage {
+public class SimpleTokenStore implements TokenStorage, Serializable {
protected Map tokens = new Hashtable();
@@ -185,8 +187,7 @@ public class SimpleTokenStore implements
} finally {
readLock.unlock();
- }
-
+ }
return token;
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java Mon Jan 30 17:08:19 2017
@@ -18,164 +18,169 @@ package org.apache.rahas;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMException;
+import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import javax.xml.namespace.QName;
-
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.ByteArrayInputStream;
+import java.io.Externalizable;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInput;
+import java.io.ObjectOutput;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.UnsupportedEncodingException;
import java.text.DateFormat;
import java.text.ParseException;
import java.util.Date;
import java.util.Properties;
/**
- * This represents a security token which can have either one of 4 states.
- * <ul>
- * <li>ISSUED</li>
- * <li>EXPIRED</li>
- * <li>CACELLED</li>
- * <li>RENEWED</li>
- * </ul>
- * Also this holds the <code>OMElement</code>s representing the token in its
+ * This represents a security token which can have either one of 4 states. <ul> <li>ISSUED</li> <li>EXPIRED</li>
+ * <li>CACELLED</li> <li>RENEWED</li> </ul> Also this holds the <code>OMElement</code>s representing the token in its
* present state and the previous state.
- *
- * These tokens are stored using the storage mechanism provided via the
- * <code>TokenStorage</code> interface.
+ * <p/>
+ * These tokens are stored using the storage mechanism provided via the <code>TokenStorage</code> interface.
+ *
* @see org.apache.rahas.TokenStorage
*/
-public class Token {
-
+public class Token implements Externalizable {
+
+ private static Log log = LogFactory.getLog(Token.class);
+
public final static int ISSUED = 1;
+
public final static int EXPIRED = 2;
+
public final static int CANCELLED = 3;
+
public final static int RENEWED = 4;
-
+
/**
* Token identifier
*/
private String id;
-
+
/**
* Current state of the token
*/
private int state = -1;
-
+
/**
* The actual token in its current state
*/
private OMElement token;
-
+
/**
* The token in its previous state
*/
private OMElement previousToken;
-
+
/**
- * The RequestedAttachedReference element
- * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
- * an extensibility mechanism for wsse:SecurityTokenReference and
- * wsse:Reference. Hence we cannot limit to the
- * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
- * the ValueType values.
+ * The RequestedAttachedReference element NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows an
+ * extensibility mechanism for wsse:SecurityTokenReference and wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and the ValueType values.
*/
private OMElement attachedReference;
-
+
/**
- * The RequestedUnattachedReference element
- * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
- * an extensibility mechanism for wsse:SecurityTokenRefence and
- * wsse:Reference. Hence we cannot limit to the
- * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
- * the ValueType values.
+ * The RequestedUnattachedReference element NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows an
+ * extensibility mechanism for wsse:SecurityTokenRefence and wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and the ValueType values.
*/
private OMElement unattachedReference;
-
+
/**
* A bag to hold any other properties
*/
- private Properties properties;
+ private Properties properties;
/**
* A flag to assist the TokenStorage
*/
private boolean changed;
-
+
/**
* The secret associated with the Token
*/
private byte[] secret;
-
+
/**
* Created time
*/
private Date created;
-
+
/**
* Expiration time
*/
private Date expires;
-
+
/**
* Issuer end point address
*/
private String issuerAddress;
-
+
private String encrKeySha1Value;
-
+
+ public Token() {
+ }
+
public Token(String id, Date created, Date expires) {
- this.id = id;
- this.created = created;
- this.expires = expires;
- }
-
- public Token(String id,
- OMElement tokenElem,
- Date created,
- Date expires) throws TrustException {
this.id = id;
- StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- tokenElem.getXMLStreamReader());
+ this.created = created;
+ this.expires = expires;
+ }
+
+ public Token(String id, OMElement tokenElem, Date created, Date expires)
+ throws TrustException {
+ this.id = id;
+ StAXOMBuilder stAXOMBuilder =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), tokenElem.getXMLStreamReader());
stAXOMBuilder.setNamespaceURIInterning(true);
this.token = stAXOMBuilder.getDocumentElement();
this.created = created;
this.expires = expires;
}
- public Token(String id,
- OMElement tokenElem,
- OMElement lifetimeElem) throws TrustException {
+ public Token(String id, OMElement tokenElem, OMElement lifetimeElem)
+ throws TrustException {
this.id = id;
- StAXOMBuilder stAXOMBuilder = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- tokenElem.getXMLStreamReader());
+ StAXOMBuilder stAXOMBuilder =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), tokenElem.getXMLStreamReader());
stAXOMBuilder.setNamespaceURIInterning(true);
this.token = stAXOMBuilder.getDocumentElement();
this.processLifeTime(lifetimeElem);
}
-
+
/**
* @param lifetimeElem
- * @throws TrustException
+ * @throws TrustException
*/
- private void processLifeTime(OMElement lifetimeElem) throws TrustException {
+ private void processLifeTime(OMElement lifetimeElem)
+ throws TrustException {
try {
DateFormat zulu = new XmlSchemaDateFormat();
OMElement createdElem =
- lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.CREATED_LN));
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.CREATED_LN));
this.created = zulu.parse(createdElem.getText());
-
+
OMElement expiresElem =
- lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
- WSConstants.EXPIRES_LN));
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS, WSConstants.EXPIRES_LN));
this.expires = zulu.parse(expiresElem.getText());
} catch (OMException e) {
- throw new TrustException("lifeTimeProcessingError",
- new String[]{lifetimeElem.toString()}, e);
+ throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
} catch (ParseException e) {
- throw new TrustException("lifeTimeProcessingError",
- new String[]{lifetimeElem.toString()}, e);
+ throw new TrustException("lifeTimeProcessingError", new String[]{lifetimeElem.toString()}, e);
}
}
@@ -192,7 +197,7 @@ public class Token {
public void setChanged(boolean chnaged) {
this.changed = chnaged;
}
-
+
/**
* @return Returns the properties.
*/
@@ -253,8 +258,8 @@ public class Token {
* @param presivousToken The presivousToken to set.
*/
public void setPreviousToken(OMElement presivousToken) {
- this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
- presivousToken.getXMLStreamReader()).getDocumentElement();
+ this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), presivousToken.getXMLStreamReader())
+ .getDocumentElement();
}
/**
@@ -282,9 +287,9 @@ public class Token {
* @param attachedReference The attachedReference to set.
*/
public void setAttachedReference(OMElement attachedReference) {
- if(attachedReference != null) {
- this.attachedReference = new StAXOMBuilder(DOOMAbstractFactory
- .getOMFactory(), attachedReference.getXMLStreamReader())
+ if (attachedReference != null) {
+ this.attachedReference =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), attachedReference.getXMLStreamReader())
.getDocumentElement();
}
}
@@ -300,9 +305,9 @@ public class Token {
* @param unattachedReference The unattachedReference to set.
*/
public void setUnattachedReference(OMElement unattachedReference) {
- if(unattachedReference != null) {
- this.unattachedReference = new StAXOMBuilder(DOOMAbstractFactory
- .getOMFactory(), unattachedReference.getXMLStreamReader())
+ if (unattachedReference != null) {
+ this.unattachedReference =
+ new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(), unattachedReference.getXMLStreamReader())
.getDocumentElement();
}
}
@@ -335,4 +340,150 @@ public class Token {
public void setIssuerAddress(String issuerAddress) {
this.issuerAddress = issuerAddress;
}
+
+ /**
+ * Implementing serialize logic according to our own protocol. We had to follow this, because
+ * OMElement class is not serializable. Making OMElement serializable will have an huge impact
+ * on other components. Therefore implementing serialization logic according to a manual
+ * protocol.
+ * @param out Stream which writes serialized bytes.
+ * @throws IOException If unable to serialize particular member.
+ */
+ public void writeExternal(ObjectOutput out)
+ throws IOException {
+
+ out.writeObject(this.id);
+
+ out.writeInt(this.state);
+
+ String stringElement = convertOMElementToString(this.token);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.previousToken);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.attachedReference);
+ out.writeObject(stringElement);
+
+ stringElement = convertOMElementToString(this.unattachedReference);
+ out.writeObject(stringElement);
+
+ out.writeObject(this.properties);
+
+ out.writeBoolean(this.changed);
+
+ int secretLength = 0;
+ if (null != this.secret) {
+ secretLength = this.secret.length;
+ }
+
+ // First write the length of secret
+ out.writeInt(secretLength);
+ if (0 != secretLength) {
+ out.write(this.secret);
+ }
+
+ out.writeObject(this.created);
+
+ out.writeObject(this.expires);
+
+ out.writeObject(this.issuerAddress);
+
+ out.writeObject(this.encrKeySha1Value);
+ }
+
+ /**
+ * Implementing de-serialization logic in accordance with the serialization logic.
+ * @param in Stream which used to read data.
+ * @throws IOException If unable to de-serialize particular data member.
+ * @throws ClassNotFoundException
+ */
+ public void readExternal(ObjectInput in)
+ throws IOException, ClassNotFoundException {
+
+ this.id = (String)in.readObject();
+
+ this.state = in.readInt();
+
+ String stringElement = (String)in.readObject();
+ this.token = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.previousToken = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.attachedReference = convertStringToOMElement(stringElement);
+
+ stringElement = (String)in.readObject();
+ this.unattachedReference = convertStringToOMElement(stringElement);
+
+ this.properties = (Properties)in.readObject();
+
+ this.changed = in.readBoolean();
+
+ // Read the length of the secret
+ int secretLength = in.readInt();
+
+ if (0 != secretLength) {
+ byte[] buffer = new byte[secretLength];
+ if (secretLength != in.read(buffer)) {
+ throw new IllegalStateException("Bytes read from the secret key is not equal to serialized length");
+ }
+ this.secret = buffer;
+ }else{
+ this.secret = null;
+ }
+
+ this.created = (Date)in.readObject();
+
+ this.expires = (Date)in.readObject();
+
+ this.issuerAddress = (String)in.readObject();
+
+ this.encrKeySha1Value = (String)in.readObject();
+ }
+
+ private String convertOMElementToString(OMElement element)
+ throws IOException {
+ String serializedToken = "";
+
+ if (null == element) {
+ return serializedToken;
+ }
+
+ try {
+ serializedToken = element.toStringWithConsume();
+ } catch (XMLStreamException e) {
+ throw new IOException("Could not serialize token OM element");
+ }
+
+ return serializedToken;
+ }
+
+ private OMElement convertStringToOMElement(String stringElement)
+ throws IOException {
+
+ if (null == stringElement || stringElement.trim().equals("")) {
+ return null;
+ }
+
+ try {
+ Reader in = new StringReader(stringElement);
+ XMLStreamReader parser = XMLInputFactory.newInstance().createXMLStreamReader(in);
+ StAXOMBuilder builder = new StAXOMBuilder(parser);
+ OMElement documentElement = builder.getDocumentElement();
+
+ XMLStreamReader llomReader = documentElement.getXMLStreamReader();
+ OMFactory doomFactory = DOOMAbstractFactory.getOMFactory();
+ StAXOMBuilder doomBuilder = new StAXOMBuilder(doomFactory, llomReader);
+ return doomBuilder.getDocumentElement();
+
+ } catch (XMLStreamException e) {
+ log.error("Cannot convert de-serialized string to OMElement. Could not create XML stream.", e);
+ // IOException only has a constructor supporting exception chaining starting with Java 1.6
+ IOException ex = new IOException("Cannot convert de-serialized string to OMElement. Could not create XML stream.");
+ ex.initCause(e);
+ throw ex;
+ }
+ }
}
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java Mon Jan 30 17:08:19 2017
@@ -17,10 +17,9 @@
package org.apache.rahas.client;
import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Vector;
+import java.util.*;
+import java.text.DateFormat;
+import java.text.ParseException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -29,6 +28,7 @@ import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.OMException;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.om.util.Base64;
@@ -66,6 +66,7 @@ import org.apache.ws.security.conversati
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Element;
public class STSClient {
@@ -142,10 +143,14 @@ public class STSClient {
//Process the STS and service policy policy
this.processPolicy(issuerPolicy, servicePolicy);
- OMElement response = client.sendReceive(rstQn,
- createIssueRequest(requestType, appliesTo));
-
- return processIssueResponse(version, response, issuerAddress);
+ try {
+ OMElement response = client.sendReceive(rstQn,
+ createIssueRequest(requestType, appliesTo));
+
+ return processIssueResponse(version, response, issuerAddress);
+ } finally {
+ client.cleanupTransport();
+ }
} catch (AxisFault e) {
log.error("errorInObtainingToken", e);
throw new TrustException("errorInObtainingToken", new String[]{issuerAddress},e);
@@ -243,7 +248,120 @@ public class STSClient {
}
}
-
+
+ /**
+ * Renews the token referenced by the token id, updates the token store
+ * @param tokenId
+ * @param issuerAddress
+ * @param issuerPolicy
+ * @param store
+ * @return status
+ * @throws TrustException
+ */
+ public boolean renewToken(String tokenId,
+ String issuerAddress,
+ Policy issuerPolicy, TokenStorage store) throws TrustException {
+
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ if (this.addressingNs != null) {
+ client.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.addressingNs);
+ }
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ this.processPolicy(issuerPolicy, null);
+
+ String tokenType = RahasConstants.TOK_TYPE_SAML_10;
+
+ OMElement response = client.sendReceive(rstQn,
+ createRenewRequest(tokenType, tokenId));
+ store.update(processRenewResponse(version, response, store, tokenId));
+
+ return true;
+
+ } catch (AxisFault e) {
+ log.error("errorInRenewingToken", e);
+ throw new TrustException("errorInRenewingToken", new String[]{issuerAddress}, e);
+ }
+
+ }
+
+ /**
+ * Processes the response and update the token store
+ * @param version
+ * @param elem
+ * @param store
+ * @param id
+ * @return
+ * @throws TrustException
+ */
+ private Token processRenewResponse(int version, OMElement elem, TokenStorage store, String id) throws TrustException {
+ OMElement rstr = elem;
+ if (version == RahasConstants.VERSION_05_12) {
+ //The WS-SX result will be an RSTRC
+ rstr = elem.getFirstElement();
+ }
+ //get the corresponding WS-Trust NS
+ String ns = TrustUtil.getWSTNamespace(version);
+
+ //Get the RequestedAttachedReference
+ OMElement reqSecToken = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.REQUESTED_SECURITY_TOKEN));
+
+ if (reqSecToken == null) {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ //Extract the life-time element
+ OMElement lifeTimeEle = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.LIFETIME));
+
+ if (lifeTimeEle == null) {
+ throw new TrustException("lifeTimeElemMissing");
+ }
+
+ //update the existing token
+ OMElement tokenElem = reqSecToken.getFirstElement();
+ Token token = store.getToken(id);
+ token.setPreviousToken(token.getToken());
+ token.setToken(tokenElem);
+ token.setState(Token.RENEWED);
+ token.setExpires(extractExpiryDate(lifeTimeEle));
+
+ return token;
+ }
+
+ /**
+ * extracts the expiry date from the Lifetime element of the RSTR
+ * @param lifetimeElem
+ * @return
+ * @throws TrustException
+ */
+ private Date extractExpiryDate(OMElement lifetimeElem) throws TrustException {
+ try {
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ OMElement expiresElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN));
+ Date expires = zulu.parse(expiresElem.getText());
+ return expires;
+ } catch (OMException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ } catch (ParseException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ }
+ }
+
+
private ServiceClient getServiceClient(QName rstQn,
String issuerAddress) throws AxisFault {
AxisService axisService =
@@ -429,6 +547,11 @@ public class STSClient {
} else {
//Return wsu:Id of the token element
id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
+ if ( id == null )
+ {
+ // If we are dealing with a SAML Assetion, look for AssertionID.
+ id = token.getAttributeValue(new QName( "AssertionID"));
+ }
}
return id;
}
@@ -794,7 +917,7 @@ public class STSClient {
this.rstTemplate = rstTemplate;
}
- private class CBHandler implements CallbackHandler {
+ private static class CBHandler implements CallbackHandler {
private String passwd;
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties Mon Jan 30 17:08:19 2017
@@ -85,4 +85,6 @@ tokenNotFound = Token with ID \"{0}\" ca
configurationIsNull = Configuration is null
errorInCancelingToken = Error occurred while trying to cancel token
-errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
\ No newline at end of file
+errorExtractingTokenId = Error occurred while extracting token id from the Security Token Reference
+lifeTimeElemMissing = Lifetime element is missing in the RSTR
+lifeTimeElemMissing = Lifetime element is missing in the RSTR
\ No newline at end of file
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java Mon Jan 30 17:08:19 2017
@@ -16,72 +16,72 @@
package org.apache.rahas.impl;
-import org.apache.rahas.*;
-import org.apache.rahas.TrustException;
-import org.apache.rahas.impl.util.SignKeyHolder;
-import org.apache.rahas.impl.util.SAMLAttributeCallback;
-import org.apache.rahas.impl.util.SAMLCallbackHandler;
-import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
-import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.*;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SignKeyHolder;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.opensaml.*;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.joda.time.DateTime;
import org.opensaml.Configuration;
-import org.opensaml.saml1.core.NameIdentifier;
-import org.opensaml.xml.*;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.security.x509.X509Credential;
-import org.opensaml.xml.signature.*;
-import org.opensaml.xml.io.*;
-import org.opensaml.common.SAMLVersion;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.SAMLException;
import org.opensaml.common.SAMLObjectBuilder;
-import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.common.SAMLVersion;
+import org.opensaml.saml1.core.NameIdentifier;
+import org.opensaml.saml2.core.*;
import org.opensaml.saml2.core.impl.AssertionBuilder;
+import org.opensaml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.NameIDBuilder;
-import org.opensaml.saml2.core.impl.SubjectBuilder;
-import org.opensaml.saml2.core.*;
-import org.opensaml.saml2.metadata.EntitiesDescriptor;
-import org.joda.time.DateTime;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.XMLObjectBuilder;
+import org.opensaml.xml.XMLObjectBuilderFactory;
+import org.opensaml.xml.io.*;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import org.opensaml.xml.signature.*;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Text;
import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
-import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import javax.xml.namespace.QName;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
-import java.util.Date;
-import java.util.List;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.security.cert.X509Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.PrivateKey;
-import java.text.DateFormat;
-import java.io.InputStream;
+import javax.xml.parsers.DocumentBuilderFactory;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
+import java.security.PrivateKey;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
public class SAML2TokenIssuer implements TokenIssuer {
@@ -97,8 +97,24 @@ public class SAML2TokenIssuer implements
private boolean isSymmetricKeyBasedHoK = false;
- private Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+ private static Log log = LogFactory.getLog(SAML2TokenIssuer.class);
+ static {
+ try {
+ // Set the "javax.xml.parsers.DocumentBuilderFactory" system property
+ // to the endorsed JAXP impl.
+ System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
+ "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
+ DefaultBootstrap.bootstrap();
+ } catch (ConfigurationException e) {
+ log.error("SAML2TokenIssuerBootstrapError", e);
+ throw new RuntimeException(e);
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+ }
+
public SOAPEnvelope issue(RahasData data) throws TrustException {
MessageContext inMsgCtx = data.getInMessageContext();
@@ -158,14 +174,6 @@ public class SAML2TokenIssuer implements
keySize = (keySize == -1) ? config.keySize : keySize;
- // Set the "javax.xml.parsers.DocumentBuilderFactory" sys. property to the endorsed JAMP impl.
- String property = System.getProperty("javax.xml.parsers.DocumentBuilderFactory");
- System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
-
-
- //start building SAML 2.0 token
- DefaultBootstrap.bootstrap();
-
//Build the assertion
AssertionBuilder assertionBuilder = new AssertionBuilder();
Assertion assertion = assertionBuilder.buildObject();
@@ -191,6 +199,11 @@ public class SAML2TokenIssuer implements
Date creationTime = creationDate.toDate();
Date expirationTime = expirationDate.toDate();
+ Conditions conditions = new ConditionsBuilder().buildObject();
+ conditions.setNotBefore(creationDate);
+ conditions.setNotOnOrAfter(expirationDate);
+ assertion.setConditions(conditions);
+
// Create the subject
Subject subject = createSubject(config, doc, crypto, creationDate, expirationDate, data);
@@ -443,10 +456,9 @@ public class SAML2TokenIssuer implements
x509CertElem.appendChild(base64CertText);
Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS,
"ds:X509Data");
- x509DataElem.appendChild(x509CertElem);
-
-
+
if (x509DataElem != null) {
+ x509DataElem.appendChild(x509CertElem);
keyInfoElem = doc.createElementNS(WSConstants.SIG_NS, "ds:KeyInfo");
((OMElement) x509DataElem).declareNamespace(
WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
@@ -596,7 +608,7 @@ public class SAML2TokenIssuer implements
* @return
* @throws TrustException
*/
- public SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto) throws TrustException {
+ private SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig config, Crypto crypto) throws TrustException {
SignKeyHolder signKeyHolder = new SignKeyHolder();
@@ -634,28 +646,52 @@ public class SAML2TokenIssuer implements
* @return
* @throws SAMLException
*/
- public AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config) throws SAMLException {
+ private AttributeStatement createAttributeStatement(RahasData data, SAMLTokenIssuerConfig config) throws SAMLException, TrustException {
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
SAMLObjectBuilder<AttributeStatement> attrStmtBuilder =
(SAMLObjectBuilder<AttributeStatement>) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
+ SAMLObjectBuilder<Attribute> attrBuilder =
+ (SAMLObjectBuilder<Attribute>) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
+
AttributeStatement attrstmt = attrStmtBuilder.buildObject();
Attribute[] attributes = null;
//Call the attribute callback handlers to get any attributes if exists
- if (config.getCallbackHander() != null) {
+ if (config.getCallbackHandler() != null) {
SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
- SAMLCallbackHandler handler = config.getCallbackHander();
+ SAMLCallbackHandler handler = config.getCallbackHandler();
handler.handle(cb);
attributes = cb.getSAML2Attributes();
}
+ else if (config.getCallbackHandlerName() != null
+ && config.getCallbackHandlerName().trim().length() > 0) {
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = null;
+ MessageContext msgContext = data.getInMessageContext();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+ Class cbClass = null;
+ try {
+ cbClass = Loader.loadClass(classLoader, config.getCallbackHandlerName());
+ } catch (ClassNotFoundException e) {
+ throw new TrustException("cannotLoadPWCBClass", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ try {
+ handler = (SAMLCallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new TrustException("cannotCreatePWCBInstance", new String[]{config
+ .getCallbackHandlerName()}, e);
+ }
+ handler.handle(cb);
+ attributes = cb.getSAML2Attributes();
+ // else add the attribute with a default value
+ }
//else add the attribute with a default value
else {
- SAMLObjectBuilder<Attribute> attrBuilder =
- (SAMLObjectBuilder<Attribute>) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
Attribute attribute = attrBuilder.buildObject();
attribute.setName("Name");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
@@ -685,7 +721,7 @@ public class SAML2TokenIssuer implements
* @param data
* @return
*/
- public AuthnStatement createAuthnStatement(RahasData data) {
+ private AuthnStatement createAuthnStatement(RahasData data) {
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
MessageContext inMsgCtx = data.getInMessageContext();
Modified: axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java?rev=1780946&r1=1780945&r2=1780946&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-289/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java Mon Jan 30 17:08:19 2017
@@ -254,10 +254,10 @@ public class SAMLTokenIssuer implements
// In the case where the principal is a UT
if (principal instanceof WSUsernameTokenPrincipal) {
SAMLNameIdentifier nameId = null;
- if(config.getCallbackHander() != null){
+ if(config.getCallbackHandler() != null){
SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data);
cb.setUserId(principal.getName());
- SAMLCallbackHandler callbackHandler = config.getCallbackHander();
+ SAMLCallbackHandler callbackHandler = config.getCallbackHandler();
callbackHandler.handle(cb);
nameId = cb.getNameId();
}else{
@@ -338,7 +338,7 @@ public class SAMLTokenIssuer implements
String subjectNameId = data.getPrincipal().getName();
SAMLNameIdentifier nameId = new SAMLNameIdentifier(
- subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_X509);
// Create the ds:KeyValue element with the ds:X509Data
X509Certificate clientCert = data.getClientCert();
@@ -432,9 +432,9 @@ public class SAMLTokenIssuer implements
SAMLAttribute[] attrs = null;
- if(config.getCallbackHander() != null){
+ if(config.getCallbackHandler() != null){
SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
- SAMLCallbackHandler handler = config.getCallbackHander();
+ SAMLCallbackHandler handler = config.getCallbackHandler();
handler.handle(cb);
attrs = cb.getAttributes();
} else if (config.getCallbackHandlerName() != null