You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/08 14:38:21 UTC
cxf git commit: Support referencing a SAML PublicKey with the
Asymmetric Binding + KeyValue
Repository: cxf
Updated Branches:
refs/heads/master 8a4e85b24 -> 9754ca7ba
Support referencing a SAML PublicKey with the Asymmetric Binding + KeyValue
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9754ca7b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9754ca7b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9754ca7b
Branch: refs/heads/master
Commit: 9754ca7bab38fc8e73df276488ff63295fcb2b82
Parents: 8a4e85b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Jan 8 12:14:17 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Jan 8 12:14:17 2016 +0000
----------------------------------------------------------------------
.../AsymmetricBindingHandler.java | 6 +++-
.../IssuedTokenPolicyValidator.java | 3 ++
.../sts/asymmetric/AsymmetricBindingTest.java | 35 +++++++++++++++++++-
.../cxf/systest/sts/asymmetric/DoubleIt.wsdl | 3 ++
.../cxf/systest/sts/asymmetric/cxf-client.xml | 30 +++++++++++++++++
.../cxf/systest/sts/asymmetric/cxf-service.xml | 7 ++++
.../systest/sts/asymmetric/cxf-stax-service.xml | 8 +++++
7 files changed, 90 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 2508447..564cece 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.wss4j.policyhandlers;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
@@ -478,10 +479,13 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
if (!isRequestor() && securityToken != null
&& securityToken.getX509Certificate() != null) {
encr.setUseThisCert(securityToken.getX509Certificate());
+ } else if (!isRequestor() && securityToken != null
+ && securityToken.getKey() instanceof PublicKey) {
+ encr.setUseThisPublicKey((PublicKey)securityToken.getKey());
} else {
setEncryptionUser(encr, encrToken, false, crypto);
}
- if (!encr.isCertSet() && crypto == null) {
+ if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) {
unassertPolicy(recToken, "Missing security configuration. "
+ "Make sure jaxws:client element is configured "
+ "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
index 73f3f29..c2c21f2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
@@ -270,6 +270,9 @@ public class IssuedTokenPolicyValidator extends AbstractSamlPolicyValidator {
if (certs != null && certs.length > 0) {
token.setX509Certificate(certs[0], null);
}
+ if (subjectKeyInfo.getPublicKey() != null) {
+ token.setKey(subjectKeyInfo.getPublicKey());
+ }
}
if (assertionWrapper.getSaml1() != null) {
token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
index 6f63830..cb4627c 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java
@@ -105,7 +105,6 @@ public class AsymmetricBindingTest extends AbstractBusClientServerTestBase {
{new TestParam(PORT, true, STSPORT2)},
{new TestParam(STAX_PORT, false, STSPORT2)},
{new TestParam(STAX_PORT, true, STSPORT2)},
-
{new TestParam(PORT, false, STAX_STSPORT2)},
{new TestParam(PORT, true, STAX_STSPORT2)},
{new TestParam(STAX_PORT, false, STAX_STSPORT2)},
@@ -177,6 +176,40 @@ public class AsymmetricBindingTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)asymmetricSaml2Port).close();
bus.shutdown(true);
}
+
+ @org.junit.Test
+ public void testUsernameTokenSAML2KeyValue() throws Exception {
+ // TODO
+ if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = AsymmetricBindingTest.class.getResource("cxf-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2KeyValuePort");
+ DoubleItPortType asymmetricSaml2Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(asymmetricSaml2Port, test.getPort());
+
+ TokenTestUtils.updateSTSPort((BindingProvider)asymmetricSaml2Port, test.getStsPort());
+
+ if (test.isStreaming()) {
+ SecurityTestUtil.enableStreaming(asymmetricSaml2Port);
+ }
+
+ doubleIt(asymmetricSaml2Port, 30);
+ TokenTestUtils.verifyToken(asymmetricSaml2Port);
+
+ ((java.io.Closeable)asymmetricSaml2Port).close();
+ bus.shutdown(true);
+ }
@org.junit.Test
public void testUsernameTokenSAML1Encrypted() throws Exception {
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
index 2f78416..c6f7c1a 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl
@@ -56,6 +56,9 @@
<wsdl:port name="DoubleItAsymmetricSAML2Port" binding="tns:DoubleItAsymmetricSAML2Binding">
<soap:address location="http://localhost:8082/doubleit/services/doubleitasymmetricsaml2"/>
</wsdl:port>
+ <wsdl:port name="DoubleItAsymmetricSAML2KeyValuePort" binding="tns:DoubleItAsymmetricSAML2Binding">
+ <soap:address location="http://localhost:8082/doubleit/services/doubleitasymmetricsaml2keyvalue"/>
+ </wsdl:port>
<wsdl:port name="DoubleItAsymmetricSAML1EncryptedPort" binding="tns:DoubleItAsymmetricSAML1Binding">
<soap:address location="http://localhost:8082/doubleit/services/doubleitasymmetricsaml1encrypted"/>
</wsdl:port>
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
index e98ffba..ed6013b 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-client.xml
@@ -61,6 +61,36 @@
<entry key="security.sts.client" value-ref="stsClient"/>
</jaxws:properties>
</jaxws:client>
+
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSAML2KeyValuePort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.signature.properties" value="clientKeystore.properties"/>
+ <entry key="security.signature.username" value="myclientkey"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.encryption.properties" value="clientKeystore.properties"/>
+ <entry key="security.encryption.username" value="myservicekey"/>
+ <entry key="security.sts.client">
+ <bean class="org.apache.cxf.ws.security.trust.STSClient">
+ <constructor-arg ref="cxf"/>
+ <property name="wsdlLocation" value="http://localhost:8080/SecurityTokenService/UT?wsdl"/>
+ <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+ <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}UT_Port"/>
+ <property name="properties">
+ <map>
+ <entry key="security.username" value="alice"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.encryption.username" value="mystskey"/>
+ <entry key="security.encryption.properties" value="clientKeystore.properties"/>
+ <entry key="security.sts.token.username" value="myclientkey"/>
+ <entry key="security.sts.token.properties" value="clientKeystore.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </map>
+ </property>
+ </bean>
+ </entry>
+ </jaxws:properties>
+ </jaxws:client>
+
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSAML1EncryptedPort" createdFromAPI="true">
<jaxws:properties>
<entry key="security.signature.properties" value="clientKeystore.properties"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
index 3c3e88b..cbc183c 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service.xml
@@ -34,6 +34,13 @@
<entry key="security.signature.properties" value="serviceKeystore.properties"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml2keyvalue" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML2KeyValuePort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.Server}/doubleit/services/doubleitasymmetricsaml2keyvalue" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="security.signature.username" value="myservicekey"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml1encrypted" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML1EncryptedPort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.Server}/doubleit/services/doubleitasymmetricsaml1encrypted" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
<jaxws:properties>
<entry key="security.signature.username" value="myservicekey"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
index d484007..3c6ca76 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service.xml
@@ -36,6 +36,14 @@
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml2keyvalue" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML2KeyValuePort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.StaxServer}/doubleit/services/doubleitasymmetricsaml2keyvalue" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
+ <jaxws:properties>
+ <entry key="security.signature.username" value="myservicekey"/>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+ <entry key="security.signature.properties" value="serviceKeystore.properties"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="doubleitasymmetricsaml1encrypted" implementor="org.apache.cxf.systest.sts.common.DoubleItPortTypeImpl" endpointName="s:DoubleItAsymmetricSAML1EncryptedPort" serviceName="s:DoubleItService" address="http://localhost:${testutil.ports.asymmetric.StaxServer}/doubleit/services/doubleitasymmetricsaml1encrypted" wsdlLocation="org/apache/cxf/systest/sts/asymmetric/DoubleIt.wsdl">
<jaxws:properties>
<entry key="security.signature.username" value="myservicekey"/>