You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2011/12/14 16:55:40 UTC
svn commit: r1214309 - in
/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test:
java/org/apache/cxf/systest/wssec/examples/saml/ resources/
resources/org/apache/cxf/systest/wssec/examples/saml/
resources/org/apache/cxf/systest/wssec/example...
Author: coheigea
Date: Wed Dec 14 15:55:39 2011
New Revision: 1214309
URL: http://svn.apache.org/viewvc?rev=1214309&view=rev
Log:
Added some more SAML ws-security-example tests
Modified:
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlCallbackHandler.java Wed Dec 14 15:55:39 2011
@@ -20,16 +20,23 @@
package org.apache.cxf.systest.wssec.examples.saml;
import java.io.IOException;
+import java.security.cert.X509Certificate;
import java.util.Collections;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.saml.ext.SAMLCallback;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
import org.apache.ws.security.saml.ext.builder.SAML2Constants;
import org.opensaml.common.SAMLVersion;
@@ -67,6 +74,15 @@ public class SamlCallbackHandler impleme
new SubjectBean(
subjectName, subjectQualifier, confirmationMethod
);
+ if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)
+ || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
+ try {
+ KeyInfoBean keyInfo = createKeyInfo();
+ subjectBean.setKeyInfo(keyInfo);
+ } catch (Exception ex) {
+ throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
+ }
+ }
callback.setSubject(subjectBean);
@@ -81,5 +97,19 @@ public class SamlCallbackHandler impleme
}
}
}
+
+ protected KeyInfoBean createKeyInfo() throws Exception {
+ Crypto crypto =
+ CryptoFactory.getInstance("alice.properties");
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("alice");
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+
+ KeyInfoBean keyInfo = new KeyInfoBean();
+ keyInfo.setCertificate(certs[0]);
+ keyInfo.setCertIdentifer(CERT_IDENTIFIER.X509_CERT);
+
+ return keyInfo;
+ }
}
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java Wed Dec 14 15:55:39 2011
@@ -78,4 +78,50 @@ public class SamlTokenTest extends Abstr
samlPort.doubleIt(25);
}
+ /**
+ * 2.3.1.2 (WSS1.0) SAML1.1 Assertion (Sender Vouches) over SSL
+ */
+ @org.junit.Test
+ public void testTLSSenderVouches() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesPort");
+ DoubleItPortType samlPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(samlPort, PORT2);
+
+ samlPort.doubleIt(25);
+ }
+
+ /**
+ * 2.3.1.3 (WSS1.0) SAML1.1 Assertion (HK) over SSL
+ */
+ @org.junit.Test
+ public void testTLSHOKSignedEndorsing() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingPort");
+ DoubleItPortType samlPort =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(samlPort, PORT2);
+
+ samlPort.doubleIt(25);
+ }
+
}
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
Files cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks (original) and cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/alice.jks Wed Dec 14 15:55:39 2011 differ
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
Files cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks (original) and cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/bob.jks Wed Dec 14 15:55:39 2011 differ
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl Wed Dec 14 15:55:39 2011
@@ -48,10 +48,52 @@
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItTLSSenderVouchesBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItTLSSenderVouchesPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:binding name="DoubleItTLSHOKSignedEndorsingBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItTLSHOKSignedEndorsingPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItBearerPort" binding="tns:DoubleItBearerBinding">
<soap:address location="http://localhost:9009/DoubleItSamlBearer" />
</wsdl:port>
+ <wsdl:port name="DoubleItTLSSenderVouchesPort" binding="tns:DoubleItTLSSenderVouchesBinding">
+ <soap:address location="https://localhost:9010/DoubleItSamlTLSSenderVouches" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItTLSHOKSignedEndorsingPort" binding="tns:DoubleItTLSHOKSignedEndorsingBinding">
+ <soap:address location="https://localhost:9010/DoubleItSamlTLSHOKSignedEndorsing" />
+ </wsdl:port>
</wsdl:service>
<!-- 2.3.1.1 (WSS1.0) SAML1.1 Assertion (Bearer) -->
@@ -68,6 +110,82 @@
</sp:SupportingTokens>
</wsp:Policy>
+ <!-- 2.3.1.2 (WSS1.0) SAML1.1 Assertion (Sender Vouches) over SSL -->
+ <wsp:Policy wsu:Id="DoubleItTLSSenderVouchesPolicy">
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy>
+ <sp:RequireClientCertificate/>
+ </wsp:Policy>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:SamlToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssSamlV11Token10/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:Policy>
+
+ <!-- 2.3.1.3 (WSS1.0) SAML1.1 Assertion (HK) over SSL -->
+ <wsp:Policy wsu:Id="DoubleItTLSHOKSignedEndorsingPolicy">
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy>
+ <sp:RequireClientCertificate/>
+ </wsp:Policy>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedEndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:SamlToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssSamlV11Token10/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/client/client.xml Wed Dec 14 15:55:39 2011
@@ -47,13 +47,42 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTLSSenderVouchesPort"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.saml-callback-handler" value-ref="saml1SenderVouchesHandler"/>
+ </jaxws:properties>
+ </jaxws:client>
+
+ <bean id="saml1SenderVouchesHandler"
+ class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
+ <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"/>
+ </bean>
+
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTLSHOKSignedEndorsingPort"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.saml-callback-handler" value-ref="saml1HOKHandler"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.wssec.examples.common.CommonPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.self-sign-saml-assertion" value="true"/>
+ </jaxws:properties>
+ </jaxws:client>
+
+ <bean id="saml1HOKHandler"
+ class="org.apache.cxf.systest.wssec.examples.saml.SamlCallbackHandler">
+ <property name="confirmationMethod" value="urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"/>
+ </bean>
+
<http:conduit name="https://localhost:.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="password">
- <sec:keyStore type="jks" password="password" resource="Morpit.jks"/>
+ <sec:keyStore type="jks" password="password" resource="alice.jks"/>
</sec:keyManagers>
<sec:trustManagers>
- <sec:keyStore type="jks" password="password" resource="Truststore.jks"/>
+ <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml?rev=1214309&r1=1214308&r2=1214309&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server/server.xml Wed Dec 14 15:55:39 2011
@@ -55,6 +55,33 @@
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="TLSSenderVouches"
+ address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSSenderVouches"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTLSSenderVouchesPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+ <jaxws:properties>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
+ id="TLSHOKSignedEndorsing"
+ address="https://localhost:${testutil.ports.Server.2}/DoubleItSamlTLSHOKSignedEndorsing"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTLSHOKSignedEndorsingPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.wssec.examples.common.DoubleItPortTypeImpl"
+ wsdlLocation="org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml.wsdl"
+ depends-on="tls-settings">
+ <jaxws:properties>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
<!-- -->
<!-- Any services listening on port ${testutil.ports.Server} must use the following -->
<!-- Transport Layer Security (TLS) settings -->
@@ -63,10 +90,10 @@
<httpj:engine port="${testutil.ports.Server.2}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
- <sec:keyStore type="jks" password="password" resource="Bethal.jks"/>
+ <sec:keyStore type="jks" password="password" resource="bob.jks"/>
</sec:keyManagers>
<sec:trustManagers>
- <sec:keyStore type="jks" password="password" resource="Truststore.jks"/>
+ <sec:keyStore type="jks" password="password" resource="cxfca.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
@@ -76,7 +103,7 @@
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
- <sec:clientAuthentication want="false" required="false"/>
+ <sec:clientAuthentication want="true" required="true"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>