You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by bi...@apache.org on 2020/04/15 16:07:24 UTC
[axis-axis2-java-rampart] branch RAMPART-402 created (now f4990fe)
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a change to branch RAMPART-402
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git.
at f4990fe RAMPART-402: Apply patch provided by Nathan Clement.
This branch includes the following new commits:
new 3bf910e Create development branch for RAMPART-402.
new f4990fe RAMPART-402: Apply patch provided by Nathan Clement.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[axis-axis2-java-rampart] 01/02: Create development branch for
RAMPART-402.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-402
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 3bf910e8fe6d8fa1c383db91c15f1896cc6266a7
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Feb 6 10:26:22 2017 +0000
Create development branch for RAMPART-402.
[axis-axis2-java-rampart] 02/02: RAMPART-402: Apply patch provided
by Nathan Clement.
Posted by bi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-402
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit f4990fe8f85cced64f14fb08ca13fd5b5ebeb972
Author: Andreas Veithen <ve...@apache.org>
AuthorDate: Mon Feb 6 10:28:16 2017 +0000
RAMPART-402: Apply patch provided by Nathan Clement.
---
.../rampart/PolicyBasedResultsValidator.java | 6 +-
.../org/apache/rampart/PolicyAssertionsTest.java | 64 ++++++++++++++++++
.../policy/rampart-asymm-signed-parts-2.xml | 78 ++++++++++++++++++++++
.../policy/rampart-asymm-signed-parts.xml | 72 ++++++++++++++++++++
4 files changed, 215 insertions(+), 5 deletions(-)
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
index b6e605f..1b5bd3c 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -627,11 +627,7 @@ public class PolicyBasedResultsValidator implements ExtendedPolicyValidatorCallb
throw new RampartException("bodyNotSigned");
}
- } else if (wsep.getName().equals(WSConstants.ELEM_HEADER) ||
- wsep.getXpath() != null) {
- // TODO earlier this was wsep.getType() == WSConstants.PART_TYPE_ELEMENT
- // This means that encrypted element of an XPath expression type. Therefore we are checking
- // now whether an XPath expression exists. - Verify
+ } else {
Element element = WSSecurityUtil.findElement(
envelope, wsep.getName(), wsep.getNamespace());
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
index 29c62be..5951013 100644
--- a/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
@@ -83,6 +83,70 @@ public class PolicyAssertionsTest extends MessageBuilderTestBase {
}
+ public void testSignedPartsValid() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-signed-parts.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
+
+ }
+
+ public void testSignedPartsInvalid() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-signed-parts.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml", ctx);
+ ctx.setEnvelope(env);
+
+ ctx.setServerSide(true);
+ AxisService axisService = ctx.getAxisService();
+ axisService.removeParameter(axisService.getParameter(RampartMessageData.PARAM_CLIENT_SIDE));
+
+ policyXml = "test-resources/policy/rampart-asymm-signed-parts-2.xml";
+ policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ RampartEngine engine = new RampartEngine();
+
+ try {
+ engine.process(ctx);
+ fail(" This should have thrown RampartException: " +
+ "Element must be signed : http://schemas.xmlsoap.org/ws/2004/08/addressing:From");
+ } catch (RampartException expected) {
+ // Ignore intentionally as the test is supposed to throw an exception
+ }
+
+ }
+
public void testHashedPasswordRequiredValid() throws Exception {
MessageContext ctx = getMsgCtx();
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
new file mode 100644
index 0000000..ba68ec8
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
@@ -0,0 +1,78 @@
+<wsp:Policy wsu:Id="policy2"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
new file mode 100644
index 0000000..967d65a
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="policy2"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Name="To" Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file