You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/03/28 16:31:41 UTC
cxf git commit: CXF-7084 - Pass a value for the KeyName element from
the XmlSecOutInterceptor to Santuario Thanks to Hugo Trippaers for the patch.
Some modifications made to the patch as outlined in the JIRA. This closes
#176
Repository: cxf
Updated Branches:
refs/heads/master 9df8cbc09 -> b30d620d9
CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario
Thanks to Hugo Trippaers for the patch. Some modifications made to the patch as outlined in the JIRA.
This closes #176
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b30d620d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b30d620d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b30d620d
Branch: refs/heads/master
Commit: b30d620d90593f52b79ae578373597defc89e80d
Parents: 9df8cbc
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 17:29:22 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 17:31:37 2017 +0100
----------------------------------------------------------------------
.../rs/security/xml/EncryptionProperties.java | 7 +++
.../rs/security/xml/SignatureProperties.java | 7 +++
.../rs/security/xml/XmlSecOutInterceptor.java | 7 ++-
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 45 ++++++++++++++++++++
.../systest/jaxrs/security/xml/stax-server.xml | 16 +++++++
5 files changed, 80 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
index e7c0fdf..4de9e8e 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java
@@ -25,6 +25,7 @@ public class EncryptionProperties {
private String encryptionSymmetricKeyAlgo;
private String encryptionDigestAlgo;
private String encryptionKeyIdType;
+ private String encryptionKeyName;
public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) {
this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo;
@@ -50,5 +51,11 @@ public class EncryptionProperties {
public String getEncryptionKeyIdType() {
return encryptionKeyIdType;
}
+ public String getEncryptionKeyName() {
+ return encryptionKeyName;
+ }
+ public void setEncryptionKeyName(String encryptionKeyName) {
+ this.encryptionKeyName = encryptionKeyName;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
index dc81c8a..8c861ab 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java
@@ -24,6 +24,7 @@ public class SignatureProperties {
private String signatureC14nMethod;
private String signatureC14nTransform;
private String signatureKeyIdType;
+ private String signatureKeyName;
public void setSignatureAlgo(String signatureAlgo) {
this.signatureAlgo = signatureAlgo;
@@ -71,5 +72,11 @@ public class SignatureProperties {
public void setSignatureKeyIdType(String signatureKeyIdType) {
this.signatureKeyIdType = signatureKeyIdType;
}
+ public String getSignatureKeyName() {
+ return signatureKeyName;
+ }
+ public void setSignatureKeyName(String signatureKeyName) {
+ this.signatureKeyName = signatureKeyName;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
index 4688537..904a92b 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java
@@ -48,6 +48,7 @@ import org.apache.cxf.phase.Phase;
import org.apache.cxf.rs.security.common.CryptoLoader;
import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rt.security.SecurityConstants;
+import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
@@ -160,8 +161,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
if (encryptSymmetricKey) {
X509Certificate sendingCert = null;
String userName =
- (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(
- SecurityConstants.ENCRYPT_USERNAME, message);
+ (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message);
if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName)
&& !MessageUtils.isRequestor(message)) {
sendingCert =
@@ -194,6 +194,8 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
properties.setEncryptionKeyIdentifier(
convertKeyIdentifier(encryptionProperties.getEncryptionKeyIdType()));
+ properties.setEncryptionKeyName(encryptionProperties.getEncryptionKeyName());
+
if (encryptionProperties.getEncryptionKeyTransportAlgo() != null) {
properties.setEncryptionKeyTransportAlgorithm(
encryptionProperties.getEncryptionKeyTransportAlgo());
@@ -313,6 +315,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> {
if (this.keyInfoMustBeAvailable) {
properties.setSignatureKeyIdentifier(
convertKeyIdentifier(sigProps.getSignatureKeyIdType()));
+ properties.setSignatureKeyName(sigProps.getSignatureKeyName());
} else {
properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_NoKeyInfo);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index ea6f547..bb08668 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -35,6 +35,7 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.rs.security.common.RSSecurityUtils;
import org.apache.cxf.rs.security.xml.EncryptionProperties;
+import org.apache.cxf.rs.security.xml.SignatureProperties;
import org.apache.cxf.rs.security.xml.XmlEncInInterceptor;
import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor;
import org.apache.cxf.rs.security.xml.XmlSecInInterceptor;
@@ -396,6 +397,50 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
}
@Test
+ public void testPostBookWithEnvelopedSigKeyName() throws Exception {
+ // This test only applies to StAX - see CXF-7084
+ if (!test.streaming || !STAX_PORT.equals(test.port)) {
+ return;
+ }
+ String address = "https://localhost:" + test.port + "/xmlsigkeyname/bookstore/books";
+
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put(SecurityConstants.CALLBACK_HANDLER,
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
+ properties.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ "org/apache/cxf/systest/jaxrs/security/alice.properties");
+ bean.setProperties(properties);
+ XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+ sigOutInterceptor.setSignRequest(true);
+ sigOutInterceptor.setKeyInfoMustBeAvailable(true);
+
+ SignatureProperties sigProps = new SignatureProperties();
+ sigProps.setSignatureKeyName("alice");
+ sigProps.setSignatureKeyIdType("KeyName");
+ sigOutInterceptor.setSignatureProperties(sigProps);
+
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+ sigInInterceptor.setRequireSignature(true);
+ bean.setProvider(sigInInterceptor);
+
+ WebClient wc = bean.createWebClient();
+ WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+ Book book = wc.post(new Book("CXF", 126L), Book.class);
+ assertEquals(126L, book.getId());
+ }
+
+ @Test
public void testPostEncryptedBook() throws Exception {
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<>();
http://git-wip-us.apache.org/repos/asf/cxf/blob/b30d620d/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
index fedc4f5..3ff5b4e 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
@@ -148,6 +148,22 @@ under the License.
</jaxrs:properties>
</jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigkeyname">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>