You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/11/18 13:14:15 UTC
svn commit: r1543012 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/
Author: coheigea
Date: Mon Nov 18 12:14:15 2013
New Revision: 1543012
URL: http://svn.apache.org/r1543012
Log:
Fixing a bug with the streaming SymmetricBinding when there are no EncryptedParts
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Mon Nov 18 12:14:15 2013
@@ -402,7 +402,7 @@ public class StaxSymmetricBindingHandler
List<SecurePart> encrParts,
boolean externalRef) throws SOAPException {
//Do encryption
- if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
+ if (recToken != null && recToken.getToken() != null) {
AbstractToken encrToken = recToken.getToken();
AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
@@ -440,10 +440,12 @@ public class StaxSymmetricBindingHandler
}
}
- for (SecurePart part : encrParts) {
- QName name = part.getName();
- parts += "{" + part.getModifier() + "}{"
- + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ if (encrParts != null) {
+ for (SecurePart part : encrParts) {
+ QName name = part.getName();
+ parts += "{" + part.getModifier() + "}{"
+ + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+ }
}
config.put(ConfigurationConstants.ENCRYPTION_PARTS, parts);
@@ -636,6 +638,23 @@ public class StaxSymmetricBindingHandler
}
}
}
+
+ // Fall back to a Signature in case there was no encrypted Element in the request
+ for (SecurityEvent incomingEvent : incomingEventList) {
+ if (WSSecurityEventConstants.SignedPart == incomingEvent.getSecurityEventType()
+ || WSSecurityEventConstants.SignedElement
+ == incomingEvent.getSecurityEventType()) {
+ org.apache.xml.security.stax.securityToken.SecurityToken token =
+ ((AbstractSecuredElementSecurityEvent)incomingEvent).getSecurityToken();
+ if (token.getKeyWrappingToken() != null && token.getKeyWrappingToken().getSecretKey() != null
+ && token.getKeyWrappingToken().getSha1Identifier() != null) {
+ return token.getKeyWrappingToken();
+ } else if (token != null && token.getSecretKey() != null
+ && token.getSha1Identifier() != null) {
+ return token;
+ }
+ }
+ }
}
return null;
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java Mon Nov 18 12:14:15 2013
@@ -1068,4 +1068,32 @@ public class StaxX509TokenTest extends A
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testSymmetricSignature() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = StaxX509TokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = StaxX509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSignaturePort");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, PORT);
+
+ // DOM
+ x509Port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
+
+ ((java.io.Closeable)x509Port).close();
+ bus.shutdown(true);
+ }
+
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Mon Nov 18 12:14:15 2013
@@ -1129,5 +1129,32 @@ public class X509TokenTest extends Abstr
((java.io.Closeable)port).close();
bus.shutdown(true);
}
-
+
+ @org.junit.Test
+ public void testSymmetricSignature() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSignaturePort");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, PORT);
+
+ // DOM
+ x509Port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
+
+ ((java.io.Closeable)x509Port).close();
+ bus.shutdown(true);
+ }
}
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl Mon Nov 18 12:14:15 2013
@@ -73,6 +73,24 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSymmetricSignatureBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSymmetricPolicy"/>
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItAsymmetricSignaturePort" binding="tns:DoubleItAsymmetricSignatureBinding">
<soap:address location="http://localhost:9001/DoubleItX509AsymmetricSignature"/>
@@ -83,6 +101,9 @@
<wsdl:port name="DoubleItAsymmetricEncryptionPort" binding="tns:DoubleItAsymmetricEncryptionBinding">
<soap:address location="http://localhost:9001/DoubleItX509AsymmetricEncryption"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSymmetricSignaturePort" binding="tns:DoubleItSymmetricSignatureBinding">
+ <soap:address location="http://localhost:9001/DoubleItX509SymmetricSignature"/>
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItAsymmetricSignaturePolicy">
<wsp:ExactlyOne>
@@ -205,6 +226,38 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSymmetricPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml Mon Nov 18 12:14:15 2013
@@ -318,6 +318,13 @@
</p:policies>
</jaxws:features>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricSignaturePort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
+
<http:conduit name="https://localhost:.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml Mon Nov 18 12:14:15 2013
@@ -312,4 +312,11 @@
</p:policies>
</jaxws:features>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignature" address="http://localhost:${testutil.ports.Server}/DoubleItX509SymmetricSignature" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSignaturePort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
</beans>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml?rev=1543012&r1=1543011&r2=1543012&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml Mon Nov 18 12:14:15 2013
@@ -346,4 +346,12 @@
</p:policies>
</jaxws:features>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricSignature" address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509SymmetricSignature" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricSignaturePort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
</beans>