You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ru...@apache.org on 2006/10/07 22:35:51 UTC
svn commit: r454014 - in /webservices/axis2/branches/java/1_1/modules:
integration/ integration/test-resources/rampart/
integration/test-resources/rampart/policy/
integration/test/org/apache/rampart/ rahas/src/org/apache/rahas/client/
secpolicy/src/org...
Author: ruchithf
Date: Sat Oct 7 13:35:50 2006
New Revision: 454014
URL: http://svn.apache.org/viewvc?view=rev&rev=454014
Log:
1.) Supporting the scenario where the protection token of a SymmetricBinding is an X509Token
2.) Added a test scenario to RamaprtTest
3.) Updated TokenCallbackHandler to hold an externally supplied callback handler to use in the cases other than SCTs
NOTE : this requires the latest wss4j-SNAPSHOT.jar
Added:
webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/policy/sc-2.xml
webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/services-sc-2.xml
Modified:
webservices/axis2/branches/java/1_1/modules/integration/maven.xml
webservices/axis2/branches/java/1_1/modules/integration/test/org/apache/rampart/RampartTest.java
webservices/axis2/branches/java/1_1/modules/rahas/src/org/apache/rahas/client/STSClient.java
webservices/axis2/branches/java/1_1/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties
Modified: webservices/axis2/branches/java/1_1/modules/integration/maven.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/integration/maven.xml?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/integration/maven.xml (original)
+++ webservices/axis2/branches/java/1_1/modules/integration/maven.xml Sat Oct 7 13:35:50 2006
@@ -293,6 +293,15 @@
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
basedir="target/temp-ramp"/>
+ <copy overwrite="yes" file="test-resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+
+ <copy overwrite="yes" file="test-resources/rampart/services-sc-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar"
+ basedir="target/temp-ramp"/>
+
<!-- Service classes for the SecConv tests -->
<mkdir dir="target/temp-sc"/>
<mkdir dir="target/temp-sc/META-INF"/>
Added: webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/policy/sc-2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/policy/sc-2.xml?view=auto&rev=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/policy/sc-2.xml (added)
+++ webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/policy/sc-2.xml Sat Oct 7 13:35:50 2006
@@ -0,0 +1,194 @@
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ <ramp:tokenIssuerPolicy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </ramp:tokenIssuerPolicy>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/services-sc-2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/services-sc-2.xml?view=auto&rev=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/services-sc-2.xml (added)
+++ webservices/axis2/branches/java/1_1/modules/integration/test-resources/rampart/services-sc-2.xml Sat Oct 7 13:35:50 2006
@@ -0,0 +1,248 @@
+<service name="SecureService">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ <ramp:tokenIssuerPolicy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </ramp:tokenIssuerPolicy>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
Modified: webservices/axis2/branches/java/1_1/modules/integration/test/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/integration/test/org/apache/rampart/RampartTest.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/integration/test/org/apache/rampart/RampartTest.java (original)
+++ webservices/axis2/branches/java/1_1/modules/integration/test/org/apache/rampart/RampartTest.java Sat Oct 7 13:35:50 2006
@@ -60,19 +60,20 @@
ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo, null);
ServiceClient serviceClient = new ServiceClient(configContext, null);
- Options options = new Options();
+
serviceClient.engageModule(new QName("addressing"));
serviceClient.engageModule(new QName("rampart"));
//TODO : figure this out !!
- boolean basic256Supported = false;
+ boolean basic256Supported = true;
for (int i = 1; i <= 9; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
//Skip the Basic256 tests
continue;
}
+ Options options = new Options();
System.out.println("Testing WS-Sec: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureService" + i));
@@ -84,11 +85,9 @@
}
- for (int i = 1; i <= 1; i++) { //<-The number of tests we have
- if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
- //Skip the Basic256 tests
- continue;
- }
+ for (int i = 1; i <= 2; i++) { //<-The number of tests we have
+
+ Options options = new Options();
System.out.println("Testing WS-SecConv: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
Modified: webservices/axis2/branches/java/1_1/modules/rahas/src/org/apache/rahas/client/STSClient.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/rahas/src/org/apache/rahas/client/STSClient.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/rahas/src/org/apache/rahas/client/STSClient.java (original)
+++ webservices/axis2/branches/java/1_1/modules/rahas/src/org/apache/rahas/client/STSClient.java Sat Oct 7 13:35:50 2006
@@ -21,6 +21,7 @@
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.om.util.Base64;
+import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.AddressingConstants;
import org.apache.axis2.addressing.EndpointReference;
@@ -116,6 +117,7 @@
ServiceClient client = getServiceClient(rstQn, issuerAddress);
client.getOptions().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI);
//TODO : Get the soap version from config
//Process the STS and service policy policy
Modified: webservices/axis2/branches/java/1_1/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java (original)
+++ webservices/axis2/branches/java/1_1/modules/secpolicy/src/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java Sat Oct 7 13:35:50 2006
@@ -83,6 +83,8 @@
} else if (Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
symmetricBinding.setEntireHeadersAndBodySignatures(true);
+ } else if (Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ symmetricBinding.setSignatureProtection(true);
}
}
}
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/RampartEngine.java Sat Oct 7 13:35:50 2006
@@ -56,8 +56,9 @@
results = engine.processSecurityHeader(rmd.getDocument(),
null,
- new TokenCallbackHandler(rmd.getTokenStorage()),
- null);
+ new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
+ RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
} else {
results = engine.processSecurityHeader(rmd.getDocument(),
null,
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/TokenCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/TokenCallbackHandler.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/TokenCallbackHandler.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/TokenCallbackHandler.java Sat Oct 7 13:35:50 2006
@@ -16,17 +16,13 @@
package org.apache.rampart;
-import org.apache.axiom.om.OMElement;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
-import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.message.token.Reference;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.xml.namespace.QName;
import java.io.IOException;
@@ -34,29 +30,40 @@
public class TokenCallbackHandler implements CallbackHandler {
private TokenStorage store;
-
+ private CallbackHandler handler;
- public TokenCallbackHandler(TokenStorage store) {
+ public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
this.store = store;
+ this.handler = handler;
}
- public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof WSPasswordCallback) {
WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
- String id = pc.getIdentifer();
- Token tok;
- try {
- //Pick up the token from the token store
- tok = this.store.getToken(id);
- if(tok != null) {
- //Get the secret and set it in the callback object
- pc.setKey(tok.getSecret());
+ if(pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN &&
+ this.store != null) {
+ String id = pc.getIdentifer();
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.store.getToken(id);
+ if(tok != null) {
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+ } else {
+ //Handle other types of callbacks with the usual handler
+ if(this.handler != null) {
+ handler.handle(new Callback[]{pc});
}
- } catch (Exception e) {
- e.printStackTrace();
- throw new IOException(e.getMessage());
}
} else {
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/AsymmetricBindingBuilder.java Sat Oct 7 13:35:50 2006
@@ -466,7 +466,8 @@
.getSignatureElement());
signatureValues.add(dkSign.getSignatureValue());
-
+
+ signatureElement = dkSign.getSignatureElement();
} catch (WSSecurityException e) {
throw new RampartException("errorInDerivedKeyTokenSignature", e);
} catch (ConversationException e) {
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/BindingBuilder.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/BindingBuilder.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/BindingBuilder.java Sat Oct 7 13:35:50 2006
@@ -447,6 +447,12 @@
try {
sig.addReferencesToSign(sigParts, rmd.getSecHeader());
sig.computeSignature();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
} catch (WSSecurityException e) {
throw new RampartException("errorInSignatureWithX509Token", e);
}
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/builder/SymmetricBindingBuilder.java Sat Oct 7 13:35:50 2006
@@ -31,14 +31,17 @@
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Vector;
@@ -100,6 +103,8 @@
} else if(encryptionToken instanceof SecureConversationToken) {
tokenId = rmd.getSecConvTokenId();
log.debug("SCT Id : " + tokenId);
+ } else if (encryptionToken instanceof X509Token) {
+ tokenId = setupEncryptedKey(rmd, encryptionToken);
}
if(tokenId == null || tokenId.length() == 0) {
@@ -129,6 +134,10 @@
attached = true;
}
+ //In the X509 case we MUST add the EncryptedKey
+ if(encryptionToken instanceof X509Token) {
+ RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ }
Document doc = rmd.getDocument();
if(encryptionToken.isDerivedKeys()) {
@@ -296,6 +305,8 @@
sigTokId = rmd.getSecConvTokenId();
} else if(sigToken instanceof IssuedToken) {
sigTokId = rmd.getIssuedSignatureTokenId();
+ } else if(sigToken instanceof X509Token) {
+ sigTokId = setupEncryptedKey(rmd, sigToken);
}
} else {
throw new RampartException("signatureTokenMissing");
@@ -309,11 +320,23 @@
if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
Constants.INCLUDE_ONCE.equals(sigToken.getInclusion()) ||
- (rmd.isClientSide() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(sigToken.getInclusion()))) {
- sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+ (rmd.isClientSide() &&
+ Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(
+ sigToken.getInclusion()))) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd,
+ sigTok.getToken());
+ this.setInsertionLocation(sigTokElem);
}
+
- this.setInsertionLocation(sigTokElem);
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(sigToken instanceof X509Token) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+
+ //Set the insertion location
+ this.setInsertionLocation(sigTokElem);
+ }
HashMap sigSuppTokMap = null;
@@ -361,6 +384,7 @@
signatureValues.add(iter.next());
}
}
+
//Encryption
Token encrToken = rpd.getEncryptionToken();
Element encrTokElem = null;
@@ -454,6 +478,49 @@
} catch (WSSecurityException e) {
throw new RampartException("errorInEncryption", e);
}
+ }
+ }
+
+ /**
+ * @param rmd
+ * @param sigToken
+ * @return
+ * @throws RampartException
+ */
+ private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
+ throws RampartException {
+ try {
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
+ sigToken);
+ String id = encrKey.getId();
+ //Create a rahas token from this info and store it so we can use
+ //it in the next steps
+
+ Date created = new Date();
+ Date expires = new Date();
+ //TODO make this lifetime configurable ???
+ expires.setTime(System.currentTimeMillis() + 300000);
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ id,
+ (OMElement) encrKey.getEncryptedKeyElement(),
+ created,
+ expires);
+ tempTok.setSecret(encrKey.getEphemeralKey());
+
+ rmd.getTokenStorage().add(tempTok);
+
+ String bstTokenId = encrKey.getBSTTokenId();
+ //If direct ref is used to refer to the cert
+ //then add the cert to the sec header now
+ if(bstTokenId != null && bstTokenId.length() > 0) {
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrKey.getBinarySecurityTokenElement());
+ }
+
+ return id;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
}
}
Modified: webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties?view=diff&rev=454014&r1=454013&r2=454014
==============================================================================
--- webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties (original)
+++ webservices/axis2/branches/java/1_1/modules/security/src/org/apache/rampart/errors.properties Sat Oct 7 13:35:50 2006
@@ -20,6 +20,7 @@
noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
errorExtractingToken = Error extracting token : \"{0}\"
+errorInAddingTokenIntoStore = Error in adding token into store
errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
errorInSignatureWithX509Token = Error in signature with X509Token
errorCreatingEncryptedKey = Error in creating an encrypted key
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org