You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/10/31 13:09:11 UTC
svn commit: r1537460 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/
Author: coheigea
Date: Thu Oct 31 12:09:10 2013
New Revision: 1537460
URL: http://svn.apache.org/r1537460
Log:
Fixing WS-SC Cancel operation + added unit tests
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java Thu Oct 31 12:09:10 2013
@@ -241,7 +241,12 @@ public final class STSUtils {
MessageInfo.Type.OUTPUT);
oi.setOutput("CancelSecurityTokenResponseMsg", mio);
mpi = mio.addMessagePart("response");
- mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+
+ if (WST_NS_05_02.equals(namespace)) {
+ mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+ } else {
+ mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponseCollection"));
+ }
return oi;
}
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java Thu Oct 31 12:09:10 2013
@@ -19,8 +19,16 @@
package org.apache.cxf.systest.ws.wssc;
+import java.io.IOException;
import java.net.URL;
-
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import javax.xml.ws.Service;
@@ -28,6 +36,22 @@ import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.systest.ws.common.SecurityTestUtil;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.addressing.policy.MetadataConstants;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.DefaultSymmetricBinding;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.ProtectionToken;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.X509Token;
import org.example.contract.doubleit.DoubleItPortType;
import org.junit.BeforeClass;
import org.junit.Test;
@@ -39,6 +63,7 @@ import org.junit.Test;
*/
public class WSSCUnitTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(UnitServer.class);
+ static final String PORT2 = allocatePort(UnitServer.class, 2);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -151,5 +176,154 @@ public class WSSCUnitTest extends Abstra
((java.io.Closeable)port).close();
}
+ @Test
+ public void testIssueUnitTest() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = WSSCUnitTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setSecureConv(true);
+ stsClient.setLocation("https://localhost:" + PORT + "/" + "DoubleItTransport");
+
+ // Add Addressing policy
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+ all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME,
+ false));
+ ea.addPolicyComponent(all);
+
+ stsClient.setPolicy(p);
+
+ stsClient.requestSecurityToken("http://localhost:" + PORT + "/" + "DoubleItTransport");
+ }
+
+ @Test
+ public void testIssueAndCancelUnitTest() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = WSSCUnitTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setSecureConv(true);
+ stsClient.setLocation("http://localhost:" + PORT2 + "/" + "DoubleItSymmetric");
+
+ stsClient.setPolicy(createSymmetricBindingPolicy());
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.encryption.username", "bob");
+ TokenCallbackHandler callbackHandler = new TokenCallbackHandler();
+ properties.put("ws-security.callback-handler", callbackHandler);
+ properties.put("ws-security.signature.properties", "alice.properties");
+ properties.put("ws-security.encryption.properties", "bob.properties");
+ stsClient.setProperties(properties);
+
+ SecurityToken securityToken =
+ stsClient.requestSecurityToken("http://localhost:" + PORT2 + "/" + "DoubleItSymmetric");
+ assertNotNull(securityToken);
+ callbackHandler.setSecurityToken(securityToken);
+
+ assertTrue(stsClient.cancelSecurityToken(securityToken));
+ }
+ // mock up a SymmetricBinding policy to talk to the STS
+ private Policy createSymmetricBindingPolicy() {
+ // Add Addressing policy
+ Policy p = new Policy();
+ ExactlyOne ea = new ExactlyOne();
+ p.addPolicyComponent(ea);
+ All all = new All();
+ all.addPolicyComponent(new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME,
+ false));
+ ea.addPolicyComponent(all);
+
+ // X509 Token
+ final X509Token x509Token =
+ new X509Token(
+ SPConstants.SPVersion.SP12,
+ SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER,
+ null,
+ null,
+ null,
+ new Policy()
+ );
+
+ Policy x509Policy = new Policy();
+ ExactlyOne x509PolicyEa = new ExactlyOne();
+ x509Policy.addPolicyComponent(x509PolicyEa);
+ All x509PolicyAll = new All();
+ x509PolicyAll.addPolicyComponent(x509Token);
+ x509PolicyEa.addPolicyComponent(x509PolicyAll);
+
+ // AlgorithmSuite
+ Policy algSuitePolicy = new Policy();
+ ExactlyOne algSuitePolicyEa = new ExactlyOne();
+ algSuitePolicy.addPolicyComponent(algSuitePolicyEa);
+ All algSuitePolicyAll = new All();
+ algSuitePolicyAll.addAssertion(
+ new PrimitiveAssertion(new QName(SP12Constants.SP_NS, SP12Constants.ALGO_SUITE_BASIC128)));
+ algSuitePolicyEa.addPolicyComponent(algSuitePolicyAll);
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SPVersion.SP12, algSuitePolicy);
+
+ // Symmetric Binding
+ Policy bindingPolicy = new Policy();
+ ExactlyOne bindingPolicyEa = new ExactlyOne();
+ bindingPolicy.addPolicyComponent(bindingPolicyEa);
+ All bindingPolicyAll = new All();
+
+ bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12, x509Policy));
+ bindingPolicyAll.addPolicyComponent(algorithmSuite);
+ bindingPolicyAll.addAssertion(
+ new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
+ bindingPolicyAll.addAssertion(
+ new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
+ bindingPolicyEa.addPolicyComponent(bindingPolicyAll);
+
+ DefaultSymmetricBinding binding =
+ new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, bindingPolicy);
+ binding.setOnlySignEntireHeadersAndBody(true);
+ binding.setProtectTokens(false);
+ all.addPolicyComponent(binding);
+
+ List<Header> headers = new ArrayList<Header>();
+ SignedParts signedParts =
+ new SignedParts(SPConstants.SPVersion.SP12, true, null, headers, false);
+ all.addPolicyComponent(signedParts);
+
+ return p;
+ }
+
+ private static class TokenCallbackHandler implements CallbackHandler {
+
+ private SecurityToken securityToken;
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+ if (securityToken != null && pc.getIdentifier().equals(securityToken.getId())) {
+ pc.setKey(securityToken.getSecret());
+ } else {
+ new org.apache.cxf.systest.ws.common.KeystorePasswordCallback().handle(callbacks);
+ }
+
+ }
+ }
+
+ public void setSecurityToken(SecurityToken securityToken) {
+ this.securityToken = securityToken;
+ }
+
+ };
}
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl Thu Oct 31 12:09:10 2013
@@ -68,6 +68,26 @@
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSymmetricBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSymmetricPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItTransportPort" binding="tns:DoubleItTransportBinding">
<soap:address location="https://localhost:9001/DoubleItTransport" />
@@ -75,6 +95,9 @@
<wsdl:port name="DoubleItTransportSP12Port" binding="tns:DoubleItTransportSP12Binding">
<soap:address location="https://localhost:9001/DoubleItTransportSP12" />
</wsdl:port>
+ <wsdl:port name="DoubleItSymmetricPort" binding="tns:DoubleItSymmetricBinding">
+ <soap:address location="http://localhost:9001/DoubleItSymmetric" />
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItTransportPolicy"
@@ -235,6 +258,116 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSymmetricPolicy"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:SignedParts>
+ <sp:Body />
+ <!--
+ <sp:Header Name="To"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing" />
+ -->
+ </sp:SignedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:All>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/client.xml Thu Oct 31 12:09:10 2013
@@ -53,7 +53,6 @@
</jaxws:properties>
</jaxws:client>
-
<jaxws:client name="{http://WSSec/wssc}AC_IPingService" createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.callback-handler.sct" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml?rev=1537460&r1=1537459&r2=1537460&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server.xml Thu Oct 31 12:09:10 2013
@@ -95,4 +95,21 @@
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="Symmetric"
+ address="http://localhost:${testutil.ports.UnitServer.2}/DoubleItSymmetric"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSymmetricPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/wssc/DoubleItWSSC.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.signature.properties.sct" value="bob.properties"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
</beans>