You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/14 12:22:56 UTC
svn commit: r1778761 [2/3] - in
/axis/axis2/java/rampart/branches/RAMPART-433: ./ modules/rampart-core/
modules/rampart-core/src/main/java/org/apache/rampart/
modules/rampart-core/src/main/java/org/apache/rampart/builder/
modules/rampart-core/src/main/...
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2004 - 2014 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import static org.apache.axis2.integration.JettyServer.CLIENT_KEYSTORE;
+import static org.apache.axis2.integration.JettyServer.KEYSTORE_PASSWORD;
+
+import java.net.URL;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+import junit.framework.TestCase;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.integration.JettyServer;
+import org.apache.axis2.transport.http.HTTPConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+/**
+ * Base test class for integration tests that require Axis2 web application running in a web container.
+ * The class uses Axis2 web application deployed via {@link JettyServer}.
+ */
+public abstract class AbstractRampartTest extends TestCase {
+
+ /**
+ * Default client connection timeout in milliseconds: {@value}
+ */
+ public static final int DEFAULT_CLIENT_CONNECTION_TIMEOUT_MILLIS = 200000;
+
+ protected static final String RAMPART_CLIENT_REPO_PATH = "target/test-resources/rampart_client_repo";
+
+ protected static final String RAMPART_SERVICE_REPO_PATH = "target/test-resources/rampart_service_repo";
+
+ protected static ResourceBundle resources;
+ protected String trustStore;
+ protected String trustStorePassword;
+ protected String trustStoreType;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public AbstractRampartTest() {
+
+ }
+
+ public AbstractRampartTest(String name) {
+ super(name);
+ }
+
+ /* (non-Javadoc)
+ * @see junit.framework.TestCase#setUp()
+ */
+ protected void setUp() throws Exception {
+ trustStore = System.getProperty("javax.net.ssl.trustStore");
+ System.setProperty("javax.net.ssl.trustStore", CLIENT_KEYSTORE);
+
+ trustStorePassword = System.getProperty("javax.net.ssl.trustStorePassword");
+ System.setProperty("javax.net.ssl.trustStorePassword", KEYSTORE_PASSWORD);
+
+ trustStoreType = System.getProperty("javax.net.ssl.trustStoreType");
+ System.setProperty("javax.net.ssl.trustStoreType", "JKS");
+
+ JettyServer.start(RAMPART_SERVICE_REPO_PATH, isEnableHttp(), isEnableHttps());
+ }
+
+
+ /* (non-Javadoc)
+ * @see junit.framework.TestCase#tearDown()
+ */
+ protected void tearDown() throws Exception {
+ try {
+ JettyServer.stop();
+ }
+ finally {
+ if (trustStore != null) {
+ System.setProperty("javax.net.ssl.trustStore", trustStore);
+ }
+ else {
+ System.clearProperty("javax.net.ssl.trustStore");
+ }
+
+ if (trustStorePassword != null) {
+ System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ }
+ else {
+ System.clearProperty("javax.net.ssl.trustStorePassword");
+ }
+
+ if (trustStoreType != null) {
+ System.setProperty("javax.net.ssl.trustStoreType", trustStoreType);
+ }
+ else {
+ System.clearProperty("javax.net.ssl.trustStoreType");
+ }
+ }
+ }
+
+ /**
+ * @return Jetty http port, see {@link JettyServer#getHttpPort()}
+ */
+ protected int getHttpPort() {
+ return JettyServer.getHttpPort();
+ }
+
+ /**
+ * @return Jetty https port, see {@link JettyServer#getHttpsPort()}
+ */
+ protected int getHttpsPort() {
+ return JettyServer.getHttpsPort();
+ }
+
+ protected ServiceClient getServiceClientInstance() throws AxisFault {
+ return getServiceClientInstance(null);
+ }
+
+ /**
+ * Creates an Axis2 service client using the specified <code>wsdlUrl</code> and {@link #DEFAULT_CLIENT_CONNECTION_TIMEOUT_MILLIS}.
+ * The service client will use Axis2 repository at {@link #RAMPART_CLIENT_REPO_PATH}.
+ * @param wsdlUrl The wsdl url to initialize the service client with. Can be null in which case the client must be configured additionally (with policy, action etc.).
+ * @return
+ * @throws AxisFault
+ */
+ protected ServiceClient getServiceClientInstance(URL wsdlUrl) throws AxisFault {
+ return getServiceClientInstance(wsdlUrl, DEFAULT_CLIENT_CONNECTION_TIMEOUT_MILLIS);
+ }
+
+ /**
+ * Creates an Axis2 service client using the specified <code>wsdlUrl</code> and specified <code>connectionTimeoutMillis</code>.
+ * The service client will use Axis2 repository at {@link #RAMPART_CLIENT_REPO_PATH}.
+ * @param wsdlUrl The wsdl url to initialize the service client with. Can be null in which case the client must be configured additionally (with policy, action etc.).
+ * @return
+ * @throws AxisFault
+ */
+ protected ServiceClient getServiceClientInstance(URL wsdlUrl, int connectionTimeoutMillis) throws AxisFault {
+
+ ConfigurationContext configContext = ConfigurationContextFactory.
+ createConfigurationContextFromFileSystem(RAMPART_CLIENT_REPO_PATH, null);
+
+ ServiceClient serviceClient;
+ if (wsdlUrl == null) {
+ serviceClient = new ServiceClient(configContext, null);
+ }
+ else {
+ serviceClient = new ServiceClient(configContext, wsdlUrl, null, null);
+ }
+
+ serviceClient.getOptions().setTimeOutInMilliSeconds(connectionTimeoutMillis);
+ serviceClient.getOptions().setProperty(HTTPConstants.SO_TIMEOUT, connectionTimeoutMillis);
+ serviceClient.getOptions().setProperty(HTTPConstants.CONNECTION_TIMEOUT, connectionTimeoutMillis);
+
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+
+ return serviceClient;
+
+ }
+
+ protected OMElement getEchoElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("echo", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, "Testing Rampart with WS-SecPolicy"));
+ method.addChild(value);
+
+ return method;
+ }
+
+ protected OMElement getOMElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("returnError", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, "Testing Rampart with WS-SecPolicy"));
+ method.addChild(value);
+
+ return method;
+ }
+
+ protected Policy loadPolicy(String xmlPath) {
+ return PolicyEngine.getPolicy(this.getClass().getResourceAsStream(xmlPath));
+ }
+
+ /**
+ * @return Implementations must return <code>true</code> to enable startup of web container's http connector or false otherwise.
+ */
+ protected abstract boolean isEnableHttp();
+
+ /**
+ * @return Implementations must return <code>true</code> to enable startup of web container's https connector or false otherwise.
+ */
+ protected abstract boolean isEnableHttps();
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/AbstractRampartTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,269 @@
+package org.apache.rampart;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.commons.io.IOUtils;
+import org.apache.neethi.Policy;
+import org.apache.rampart.policy.model.KerberosConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.KerberosServer;
+import org.custommonkey.xmlunit.XMLAssert;
+import org.xml.sax.SAXException;
+
+/**
+ * Tests Kerberos authentication over transport binding using a Kerberos token as supporting endorsing token.
+ * The test will use Apache DS Kerberos server, see {@link KerberosServer}.
+ *
+ * The test is tailored for Oracle Java execution since it uses <code>com.sun.security.auth.module.Krb5LoginModule</code> JAAS login module for Kerberos authentication.
+ */
+public class RampartKerberosTest extends AbstractRampartTest {
+
+ /**
+ * Java system property for setting JAAS configuration file: {@value}
+ */
+ public static final String JAAS_CONF_SYS_PROP = "java.security.auth.login.config";
+
+ /**
+ * Java system property for setting Kerberos 5 configuration file: {@value}
+ */
+ public static final String KRB5_CONF_SYS_PROP = "java.security.krb5.conf";
+
+ /**
+ * JAAS configuration file to use: {@value}
+ * <p>
+ * Contains Kerberos login module entries for authenticating client and server principals:
+ * </p>
+ */
+ public static final String KERBEROS_JAAS_CONF = "src/test/resources/kerberos/jaas.conf";
+
+ /**
+ * Kerberos configuration file <b>template</b> to use: {@value}
+ * <p>
+ * Specifies the Kerberos realm and KDC server to use, the configuration must contain a <code>KDC_PORT</code> literal
+ * which will be replaced with actual KDC server port.
+ * </p>
+ */
+ public static final String KERBEROS_CONF_TEMPLATE = "src/test/resources/kerberos/krb5.conf.template";
+
+ /**
+ * A token literal in kerberos5 configuration file template that must be replaced with actual KDC port value: {@value}
+ */
+ public static final String KERBEROS_CONF_KDC_PORT_TOKEN = "KDC_PORT";
+
+ /**
+ * Stores any original JAAS configuration set via {@link #JAAS_CONF_SYS_PROP} property to restore it after test execution.
+ */
+ protected String jaasConf;
+
+ /**
+ * Stores any original Kerberos 5 configuration set via {@link #KRB5_CONF_SYS_PROP} property to restore it after test execution.
+ */
+ protected String krb5Conf;
+
+ public void testKerberosOverTransportKeytab() throws XMLStreamException, SAXException, IOException {
+ final String serviceName = "KerberosOverTransportKeytab";
+ URL serviceUrl = new URL(String.format("https://localhost:%s/axis2/services/%s?wsdl", getHttpsPort(), serviceName));
+
+ ServiceClient serviceClient = getServiceClientInstance(serviceUrl);
+
+ System.out.println("Testing WS-Sec: Kerberos scenario: " + serviceName);
+
+
+ RampartConfig rampartConfig = new RampartConfig();
+ KerberosConfig kerberosConfig = new KerberosConfig();
+ rampartConfig.setKerberosConfig(kerberosConfig);
+
+ kerberosConfig.setJaasContext(serviceName + "Client");
+
+ Policy policy = new Policy();
+ policy.addAssertion(rampartConfig);
+ serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(policy);
+
+ //Blocking invocation
+ QName operation = new QName("http://rampart.apache.org", "echo");
+ OMElement echoElement = getEchoElement();
+ OMElement result = serviceClient.sendReceive(operation, echoElement);
+ XMLAssert.assertXMLEqual(echoElement.toStringWithConsume(), result.toStringWithConsume());
+ }
+
+ public void testKerberosOverTransportPWCB() throws XMLStreamException, SAXException, IOException {
+ final String serviceName = "KerberosOverTransportPWCB";
+ URL serviceUrl = new URL(String.format("https://localhost:%s/axis2/services/%s?wsdl", getHttpsPort(), serviceName));
+
+ ServiceClient serviceClient = getServiceClientInstance(serviceUrl);
+
+ System.out.println("Testing WS-Sec: Kerberos scenario: " + serviceName);
+
+ RampartConfig rampartConfig = new RampartConfig();
+ rampartConfig.setUser("alice");
+ rampartConfig.setPwCbClass(org.apache.rahas.PWCallback.class.getName());
+
+ KerberosConfig kerberosConfig = new KerberosConfig();
+ rampartConfig.setKerberosConfig(kerberosConfig);
+
+ kerberosConfig.setJaasContext(serviceName + "Client");
+
+ Policy policy = new Policy();
+ policy.addAssertion(rampartConfig);
+ serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(policy);
+
+ //Blocking invocation
+ QName operation = new QName("http://rampart.apache.org", "echo");
+ OMElement echoElement = getEchoElement();
+ OMElement result = serviceClient.sendReceive(operation, echoElement);
+ XMLAssert.assertXMLEqual(echoElement.toStringWithConsume(), result.toStringWithConsume());
+ }
+
+
+ public void testKerberosDelegation() throws XMLStreamException, SAXException, IOException {
+ final String serviceName = "KerberosDelegation";
+ URL serviceUrl = new URL(String.format("https://localhost:%s/axis2/services/%s?wsdl", getHttpsPort(), serviceName));
+
+ ServiceClient serviceClient = getServiceClientInstance(serviceUrl);
+
+ System.out.println("Testing WS-Sec: Kerberos scenario: " + serviceName);
+
+
+ RampartConfig rampartConfig = new RampartConfig();
+ KerberosConfig kerberosConfig = new KerberosConfig();
+ rampartConfig.setKerberosConfig(kerberosConfig);
+
+ kerberosConfig.setJaasContext(serviceName + "Client");
+ kerberosConfig.setRequstCredentialDelegation(true);
+
+ Policy policy = new Policy();
+ policy.addAssertion(rampartConfig);
+ serviceClient.getAxisService().getPolicySubject().attachPolicyComponent(policy);
+
+ //Blocking invocation
+ QName operation = new QName("http://rampart.apache.org", "echo");
+ OMElement echoElement = getEchoElement();
+ OMElement result = serviceClient.sendReceive(operation, echoElement);
+ XMLAssert.assertXMLEqual(echoElement.toStringWithConsume(), result.toStringWithConsume());
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rampart.AbstractRampartTest#setUp()
+ */
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ System.setProperty("sun.security.krb5.debug", "true");
+ System.setProperty("sun.security.jgss.debug", "true");
+
+ KerberosServer.startKerberosServer();
+
+ //configure JGSS
+ krb5Conf = System.getProperty(KRB5_CONF_SYS_PROP);
+
+ File krb5ConfFile = generateKerberosConf();
+ System.out.println("Using Kerberos configuration file: " + krb5ConfFile.getAbsolutePath());
+ System.setProperty(KRB5_CONF_SYS_PROP, krb5ConfFile.getAbsolutePath());
+
+ //configure JAAS
+ jaasConf = System.getProperty(JAAS_CONF_SYS_PROP);
+ System.out.println("Using Kerberos JAAS configuration file: " + new File(KERBEROS_JAAS_CONF).getAbsolutePath());
+ System.setProperty(JAAS_CONF_SYS_PROP, KERBEROS_JAAS_CONF);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rampart.AbstractRampartTest#tearDown()
+ */
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+
+ KerberosServer.stopKerberosServer();
+
+ if (jaasConf != null) {
+ System.setProperty(JAAS_CONF_SYS_PROP, jaasConf);
+ }
+ else {
+ System.clearProperty(JAAS_CONF_SYS_PROP);
+ }
+
+ if (krb5Conf != null) {
+ System.setProperty(KRB5_CONF_SYS_PROP, krb5Conf);
+ }
+ else {
+ System.clearProperty(KRB5_CONF_SYS_PROP);
+ }
+ }
+
+ /**
+ * Generates a Kerberos configuration file (krb5.conf) out of the {@link #KERBEROS_CONF_TEMPLATE} file,
+ * replacing the {@link #KERBEROS_CONF_KDC_PORT_TOKEN} with actual KDC port.
+ *
+ * @return The generated Kerberos configuration file. It will be generated under the following path:
+ * <code>target/tmp/{thisClassSimpleName}_krb5.conf</code>
+ *
+ * @throws IOException
+ */
+ protected File generateKerberosConf() throws IOException {
+ File tmpDir = new File("target" + File.separator + "tmp");
+ if (!tmpDir.exists() && !tmpDir.mkdirs()) {
+ throw new RuntimeException("Failed to create temp directory: " + tmpDir.getAbsolutePath());
+ }
+
+ File krb5ConfTemplate = new File(KERBEROS_CONF_TEMPLATE);
+ if (!krb5ConfTemplate.exists()) {
+ throw new IllegalArgumentException("Cannot find kerberos configuration file template: " + krb5ConfTemplate.getAbsolutePath());
+ }
+
+ FileInputStream krb5ConfTemplateIn = null;
+ String krb5ConfContent;
+ try {
+ krb5ConfTemplateIn = new FileInputStream(krb5ConfTemplate);
+ krb5ConfContent = IOUtils.toString(krb5ConfTemplateIn);
+ }
+ finally {
+ IOUtils.closeQuietly(krb5ConfTemplateIn);
+ }
+
+ if (krb5ConfContent.indexOf(KERBEROS_CONF_KDC_PORT_TOKEN) == -1) {
+ throw new IllegalArgumentException(String.format("Cannot find any %s token in kerberos configuration file template: %s",
+ KERBEROS_CONF_KDC_PORT_TOKEN, krb5ConfTemplate.getAbsolutePath()));
+ }
+
+ krb5ConfContent = krb5ConfContent.replace(KERBEROS_CONF_KDC_PORT_TOKEN, String.valueOf(KerberosServer.getPort()));
+
+ File krb5Conf = new File(tmpDir, this.getClass().getSimpleName() + "_krb5.conf");
+ FileOutputStream krb5ConfOut = null;
+ try {
+ krb5ConfOut = new FileOutputStream(krb5Conf);
+ IOUtils.write(krb5ConfContent, krb5ConfOut);
+ }
+ finally {
+ IOUtils.closeQuietly(krb5ConfOut);
+ }
+
+ return krb5Conf;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rampart.AbstractRampartTest#isEnableHttp()
+ */
+ @Override
+ protected boolean isEnableHttp() {
+ //Kerberos test does not use http
+ return false;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rampart.AbstractRampartTest#isEnableHttps()
+ */
+ @Override
+ protected boolean isEnableHttps() {
+ return true;
+ }
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,214 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.util;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.DatagramSocket;
+import java.nio.file.Files;
+import java.security.Provider;
+import java.security.Security;
+import java.util.List;
+
+import org.apache.axis2.testutils.PortAllocator;
+import org.apache.commons.io.FileUtils;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.ldif.LdifEntry;
+import org.apache.directory.api.ldap.model.ldif.LdifReader;
+import org.apache.directory.server.core.api.DirectoryService;
+import org.apache.directory.server.core.api.interceptor.Interceptor;
+import org.apache.directory.server.core.api.partition.Partition;
+import org.apache.directory.server.core.factory.DefaultDirectoryServiceFactory;
+import org.apache.directory.server.core.factory.DirectoryServiceFactory;
+import org.apache.directory.server.core.factory.PartitionFactory;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
+import org.apache.directory.server.kerberos.KerberosConfig;
+import org.apache.directory.server.kerberos.kdc.KdcServer;
+import org.apache.directory.server.protocol.shared.transport.Transport;
+import org.apache.directory.server.protocol.shared.transport.UdpTransport;
+import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Runs an Apache DS Kerberos server.
+ * @see org.apache.wss4j.integration.test.common.KerberosServiceStarter
+ */
+public class KerberosServer {
+
+ private static final Logger logger = LoggerFactory.getLogger(KerberosServer.class);
+
+ /**
+ * The used DirectoryService instance
+ */
+ private static DirectoryService directoryService;
+
+ /**
+ * The used KdcServer instance
+ */
+ private static KdcServer kdcServer;
+
+ private static Provider provider = null;
+ private static int providerPos = 2;
+
+ private static File workDir = null;
+
+ /**
+ * Starts an Apache DS Kerberos server with dynamically allocated port.
+ *
+ * @return
+ * @throws Exception
+ */
+ public static synchronized void startKerberosServer() throws Exception {
+ int kdcPort = PortAllocator.allocatePort();
+
+ DatagramSocket datagramSocket = new DatagramSocket(kdcPort);
+ datagramSocket.setReuseAddress(true);
+ datagramSocket.close();
+
+ //Ok, apache ds doesn't like the bouncy castle provider at position 2
+ //Caused by: KrbException: Integrity check on decrypted field failed (31) - Integrity check on decrypted field failed
+ Provider[] installedProviders = Security.getProviders();
+ for (int i = 0; i < installedProviders.length; i++) {
+ Provider installedProvider = installedProviders[i];
+ if ("BC".equals(installedProvider.getName())) {
+ provider = installedProvider;
+ providerPos = i;
+ Security.removeProvider("BC");
+ break;
+ }
+ }
+ if (provider != null) {
+ Security.addProvider(provider);
+ }
+
+ workDir = Files.createTempDirectory("server-work").toFile();
+
+ DirectoryServiceFactory directoryServiceFactory = new DefaultDirectoryServiceFactory();
+ directoryService = directoryServiceFactory.getDirectoryService();
+ directoryService.setAccessControlEnabled(false);
+ directoryService.setAllowAnonymousAccess(false);
+ directoryService.getChangeLog().setEnabled(true);
+
+ List<Interceptor> interceptors = directoryService.getInterceptors();
+ interceptors.add(new KeyDerivationInterceptor());
+ directoryService.setInterceptors(interceptors);
+ directoryServiceFactory.init("defaultDS");
+
+ PartitionFactory partitionFactory = directoryServiceFactory.getPartitionFactory();
+ Partition partition = partitionFactory.createPartition(directoryService.getSchemaManager(),
+ directoryService.getDnFactory(), "example", "dc=example,dc=com", 1000, workDir);
+
+ partitionFactory.addIndex(partition, "objectClass", 1000);
+ partitionFactory.addIndex(partition, "dc", 1000);
+ partitionFactory.addIndex(partition, "ou", 1000);
+
+ partition.setSchemaManager(directoryService.getSchemaManager());
+ // Inject the partition into the DirectoryService
+ directoryService.addPartition(partition);
+
+ InputStream is = KerberosServer.class.getClassLoader().getResourceAsStream("kerberos/users.ldif");
+ LdifReader ldifReader = new LdifReader(is);
+ for (LdifEntry entry : ldifReader) {
+ directoryService.getAdminSession().add(new DefaultEntry(directoryService.getSchemaManager(), entry.getEntry()));
+ }
+ ldifReader.close();
+
+ KerberosConfig kerberosConfig = new KerberosConfig();
+ kerberosConfig.setServicePrincipal("krbtgt/EXAMPLE.COM@EXAMPLE.COM");
+ kerberosConfig.setPrimaryRealm("EXAMPLE.COM");
+ kerberosConfig.setSearchBaseDn("dc=example,dc=com");
+ kerberosConfig.setMaximumTicketLifetime(60000 * 1440);
+ kerberosConfig.setMaximumRenewableLifetime(60000 * 10080);
+ kerberosConfig.setEncryptionTypes(new EncryptionType[]{EncryptionType.AES128_CTS_HMAC_SHA1_96});
+
+ kdcServer = new KdcServer(kerberosConfig);
+ kdcServer.setServiceName("DefaultKrbServer");
+
+ final String kdcHostname = "localhost";
+ logger.info(String.format("Starting service on %s:%s", kdcHostname, kdcPort));
+
+ UdpTransport udp = new UdpTransport(kdcHostname, kdcPort);
+ kdcServer.addTransports(udp);
+ kdcServer.setDirectoryService(directoryService);
+ kdcServer.start();
+ }
+
+ /**
+ * @return The Apache DS Kerberos server port.
+ * @throws IllegalArgumentException If server or respective transport are not initialized
+ */
+ public static synchronized int getPort() throws IllegalArgumentException {
+ if (kdcServer == null) {
+ throw new IllegalStateException("Kerberos server is not initialized");
+ }
+
+ Transport[] transports = kdcServer.getTransports();
+ if (transports == null || transports.length == 0) {
+ throw new IllegalStateException("Kerberos server does not configure any transports");
+ }
+
+ for (Transport transport : transports) {
+ if (transport instanceof UdpTransport) {
+ return transport.getPort();
+ }
+ }
+
+ throw new IllegalStateException(
+ String.format("Cannot identify Kerberos server port. List of transports does not contain an %s instance",
+ UdpTransport.class.getName()));
+ }
+
+ /**
+ * Stops the Apache DS Kerberos server.
+ * @throws Exception
+ */
+ public static synchronized void stopKerberosServer() throws Exception {
+ logger.info("Stop called");
+ try {
+ if (directoryService != null) {
+ try {
+ directoryService.shutdown();
+ }
+ finally {
+ try {
+ FileUtils.deleteDirectory(workDir);
+ }
+ catch (IOException e) {
+ logger.error("Failed to delete Apache DS working directory: " + workDir.getAbsolutePath() , e);
+ }
+ }
+ directoryService = null;
+ }
+ }
+ finally {
+ if (kdcServer != null) {
+ kdcServer.stop();
+ kdcServer = null;
+ }
+
+ if (provider != null) {
+ //restore BC position
+ Security.removeProvider("BC");
+ Security.insertProviderAt(provider, providerPos);
+ }
+ }
+ }
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosServer.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,156 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.rampart.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.security.auth.Subject;
+
+import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
+import org.apache.directory.shared.kerberos.components.EncTicketPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.validate.KerberosTokenDecoder;
+
+/**
+ * A copy of wss4j 2.0 Kerberos token decoder implementation.
+ *
+ * @see org.apache.wss4j.common.kerberos.KerberosTokenDecoderImpl
+ *
+ * TODO Once Rampart adopts wss4j 2.0, this class must be removed in favor of wss4j's
+ */
+public class KerberosTokenDecoderImpl implements KerberosTokenDecoder {
+
+ private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
+
+ private byte[] serviceTicket;
+ private Subject subject;
+
+ private boolean decoded = false;
+ private EncTicketPart encTicketPart;
+
+ /**
+ * Clear all internal information
+ */
+ public void clear() {
+ serviceTicket = null;
+ subject = null;
+ decoded = false;
+ encTicketPart = null;
+ }
+
+ /**
+ * Set the AP-REQ Kerberos Token
+ *
+ * @param token the AP-REQ Kerberos Token
+ */
+ public void setToken(byte[] token) {
+ serviceTicket = token;
+ }
+
+ /**
+ * Set the Subject
+ *
+ * @param subject the Subject
+ */
+ public void setSubject(Subject subject) {
+ this.subject = subject;
+ }
+
+ /**
+ * Get the session key from the token
+ *
+ * @return the session key from the token
+ */
+ public byte[] getSessionKey() {
+ if (!decoded) {
+ decodeServiceTicket();
+ }
+ if (encTicketPart != null && encTicketPart.getKey() != null) {
+ return encTicketPart.getKey().getKeyValue();
+ }
+ return null;
+ }
+
+ /**
+ * Get the client principal name from the decoded service ticket.
+ *
+ * @return the client principal name
+ */
+ public String getClientPrincipalName() {
+ if (!decoded) {
+ decodeServiceTicket();
+ }
+ return encTicketPart.getCName().toString();
+ }
+
+ // Decode the service ticket.
+ private synchronized void decodeServiceTicket() {
+ parseServiceTicket(serviceTicket);
+ decoded = true;
+ }
+
+ // Parses the service ticket (GSS AP-REQ token)
+ private void parseServiceTicket(byte[] ticket) {
+ try {
+ // I didn't find a better way how to parse this Kerberos Message...
+ org.bouncycastle.asn1.ASN1InputStream asn1InputStream =
+ new org.bouncycastle.asn1.ASN1InputStream(new ByteArrayInputStream(ticket));
+ org.bouncycastle.asn1.DERApplicationSpecific derToken =
+ (org.bouncycastle.asn1.DERApplicationSpecific) asn1InputStream.readObject();
+ if (derToken == null || !derToken.isConstructed()) {
+ asn1InputStream.close();
+ throw new WSSecurityException("invalid kerberos token");
+ }
+ asn1InputStream.close();
+
+ asn1InputStream = new org.bouncycastle.asn1.ASN1InputStream(new ByteArrayInputStream(derToken.getContents()));
+ org.bouncycastle.asn1.DERObjectIdentifier kerberosOid =
+ (org.bouncycastle.asn1.DERObjectIdentifier) asn1InputStream.readObject();
+ if (!kerberosOid.getId().equals(KERBEROS_OID)) {
+ asn1InputStream.close();
+ throw new WSSecurityException("invalid kerberos token");
+ }
+
+ int readLowByte = asn1InputStream.read() & 0xff;
+ int readHighByte = asn1InputStream.read() & 0xff;
+ int read = (readHighByte << 8) + readLowByte; //NOPMD
+ if (read != 0x01) {
+ throw new WSSecurityException("invalid kerberos token");
+ }
+
+ this.encTicketPart = KerberosDecoder.decodeEncTicketPart(toByteArray(asn1InputStream));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private static byte[] toByteArray(InputStream inputStream) throws IOException {
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+ int read;
+ byte[] buf = new byte[1024];
+ while ((read = inputStream.read(buf)) != -1) {
+ byteArrayOutputStream.write(buf, 0, read);
+ }
+ return byteArrayOutputStream.toByteArray();
+ }
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/java/org/apache/rampart/util/KerberosTokenDecoderImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/alice.keytab
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/alice.keytab?rev=1778761&view=auto
==============================================================================
Binary file - no diff available.
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/alice.keytab
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/bob.keytab
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/bob.keytab?rev=1778761&view=auto
==============================================================================
Binary file - no diff available.
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/bob.keytab
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/jaas.conf Sat Jan 14 12:22:55 2017
@@ -0,0 +1,49 @@
+KerberosOverTransportKeytab {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="target/test-classes/kerberos/bob.keytab"
+ principal=bob
+ storeKey=true
+ isInitiator=false
+ refreshKrb5Config=true;
+};
+
+KerberosOverTransportKeytabClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="target/test-classes/kerberos/alice.keytab"
+ principal=alice
+ refreshKrb5Config=true;
+};
+
+KerberosOverTransportPWCB {
+ com.sun.security.auth.module.Krb5LoginModule required
+ principal=bob
+ storeKey=true
+ isInitiator=false
+ refreshKrb5Config=true;
+};
+
+KerberosOverTransportPWCBClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ principal=alice
+ refreshKrb5Config=true;
+};
+
+KerberosDelegation {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="target/test-classes/kerberos/bob.keytab"
+ principal=bob
+ storeKey=true
+ isInitiator=true
+ refreshKrb5Config=true;
+};
+
+KerberosDelegationClient {
+ com.sun.security.auth.module.Krb5LoginModule required
+ useKeyTab=true
+ keyTab="target/test-classes/kerberos/alice.keytab"
+ principal=alice
+ refreshKrb5Config=true;
+};
\ No newline at end of file
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/krb5.conf.template Sat Jan 14 12:22:55 2017
@@ -0,0 +1,8 @@
+[libdefaults]
+ default_realm = EXAMPLE.COM
+ forwardable = true
+
+[realms]
+ EXAMPLE.COM = {
+ kdc = localhost:KDC_PORT
+ }
\ No newline at end of file
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/readme Sat Jan 14 12:22:55 2017
@@ -0,0 +1,9 @@
+In order to create alice.keytab and bob.keytab, in src/test/resources/kerberos directory, execute the following commands depending on the underlying OS:
+
+Windows:
+<java_home>/bin/ktab.exe -a alice@EXAMPLE.COM password -k alice.keytab
+<java_home>/bin/ktab.exe -a bob@EXAMPLE.COM password -k bob.keytab
+
+Unix (requires ktutil)
+ktutil add_entry -password -p alice@EXAMPLE.COM -k 1 -e aes128-cts-hmac-sha1-96\npassword\n write_kt alice.keytab\n quit
+ktutil add_entry -password -p bob@EXAMPLE.COM -k 1 -e aes128-cts-hmac-sha1-96\npassword\n write_kt bob.keytab\n quit
\ No newline at end of file
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/kerberos/users.ldif Sat Jan 14 12:22:55 2017
@@ -0,0 +1,60 @@
+version: 1
+
+dn: dc=example,dc=com
+objectClass: top
+objectClass: domain
+objectClass: extensibleObject
+dc: example
+
+dn: ou=users,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: users
+
+dn: ou=services,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: services
+
+dn: krb5PrincipalName=bob@EXAMPLE.COM+uid=bob+sn=bob+cn=bob,ou=services,dc=example,dc=com
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: krb5KDCEntry
+objectClass: uidObject
+objectClass: person
+objectClass: krb5Principal
+objectClass: organizationalPerson
+cn: bob
+krb5KeyVersionNumber: 0
+krb5PrincipalName: bob@EXAMPLE.COM
+sn: bob
+uid: bob
+userPassword: password
+
+dn: uid=krbtgt+krb5PrincipalName=krbtgt/EXAMPLE.COM@EXAMPLE.COM+ou=TGT,ou=se
+ rvices,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+objectClass: krb5KDCEntry
+objectClass: uidObject
+objectClass: krb5Principal
+krb5KeyVersionNumber: 0
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+ou: TGT
+uid: krbtgt
+userPassword: randomKey
+
+dn: cn=alice+krb5PrincipalName=alice@EXAMPLE.COM+uid=alice,ou=users,dc=example,dc=com
+objectClass: top
+objectClass: krb5KDCEntry
+objectClass: inetOrgPerson
+objectClass: uidObject
+objectClass: krb5Principal
+objectClass: person
+objectClass: organizationalPerson
+cn: alice
+krb5KeyVersionNumber: 0
+krb5PrincipalName: alice@EXAMPLE.COM
+sn: alice
+uid: alice
+userPassword: password
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml Sat Jan 14 12:22:55 2017
@@ -0,0 +1,86 @@
+<service name="KerberosDelegation">
+
+ <module ref="addressing" />
+ <module ref="rampart" />
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.KerberosDelegationService</parameter>
+
+ <transports>
+ <transport>https</transport>
+ </transports>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+
+ <wsp:AppliesTo>
+ <policy-subject identifier="binding:soap" />
+ <policy-subject identifier="binding:soap12" />
+ </wsp:AppliesTo>
+
+ <wsp:Policy wsu:Id="KerberosOverTransport"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11 />
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy />
+ </sp:Wss11>
+ <wsaw:UsingAddressing />
+
+ <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
+ <rampart:kerberosConfig>
+ <rampart:jaasContext>KerberosDelegation</rampart:jaasContext>
+ <rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
+ <rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
+ </rampart:kerberosConfig>
+ <rampart:policyValidatorCbClass>org.apache.rampart.KerberosDelegationServiceValidator</rampart:policyValidatorCbClass>
+ </rampart:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </wsp:PolicyAttachment>
+
+ <!-- Configure SPN using addressingIdentity extensibility element -->
+ <parameter name="addressingIdentity">
+ <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
+ <Upn>bob@EXAMPLE.COM</Upn>
+ </Identity>
+ </parameter>
+
+</service>
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosDelegation.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml Sat Jan 14 12:22:55 2017
@@ -0,0 +1,85 @@
+<service name="KerberosOverTransportKeytab">
+
+ <module ref="addressing" />
+ <module ref="rampart" />
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <transports>
+ <transport>https</transport>
+ </transports>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+
+ <wsp:AppliesTo>
+ <policy-subject identifier="binding:soap" />
+ <policy-subject identifier="binding:soap12" />
+ </wsp:AppliesTo>
+
+ <wsp:Policy wsu:Id="KerberosOverTransport"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11 />
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy />
+ </sp:Wss11>
+ <wsaw:UsingAddressing />
+
+ <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
+ <rampart:kerberosConfig>
+ <rampart:jaasContext>KerberosOverTransportKeytab</rampart:jaasContext>
+ <rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
+ <rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
+ </rampart:kerberosConfig>
+ </rampart:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </wsp:PolicyAttachment>
+
+ <!-- Configure SPN using addressingIdentity extensibility element -->
+ <parameter name="addressingIdentity">
+ <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
+ <Upn>bob@EXAMPLE.COM</Upn>
+ </Identity>
+ </parameter>
+
+</service>
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml Sat Jan 14 12:22:55 2017
@@ -0,0 +1,88 @@
+<service name="KerberosOverTransportPWCB">
+
+ <module ref="addressing" />
+ <module ref="rampart" />
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <transports>
+ <transport>https</transport>
+ </transports>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" />
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+
+ <wsp:AppliesTo>
+ <policy-subject identifier="binding:soap" />
+ <policy-subject identifier="binding:soap12" />
+ </wsp:AppliesTo>
+
+ <wsp:Policy wsu:Id="KerberosOverTransport"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp />
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once">
+ <wsp:Policy>
+ <sp:WssGssKerberosV5ApReqToken11 />
+ </wsp:Policy>
+ </sp:KerberosToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy />
+ </sp:Wss11>
+ <wsaw:UsingAddressing />
+
+ <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
+ <rampart:user>alice</rampart:user>
+ <rampart:passwordCallbackClass>org.apache.rampart.PWCallback</rampart:passwordCallbackClass>
+
+ <rampart:kerberosConfig>
+ <rampart:jaasContext>KerberosOverTransportPWCB</rampart:jaasContext>
+ <rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm>
+ <rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass>
+ </rampart:kerberosConfig>
+ </rampart:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </wsp:PolicyAttachment>
+
+ <!-- Configure SPN using addressingIdentity extensibility element -->
+ <parameter name="addressingIdentity">
+ <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
+ <Upn>bob@EXAMPLE.COM</Upn>
+ </Identity>
+ </parameter>
+
+</service>
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-integration/src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml
------------------------------------------------------------------------------
svn:eol-style = native
Modified: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/pom.xml Sat Jan 14 12:22:55 2017
@@ -43,5 +43,15 @@
<groupId>org.apache.ws.commons.axiom</groupId>
<artifactId>axiom-api</artifactId>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>xmlunit</groupId>
+ <artifactId>xmlunit</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
Modified: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java Sat Jan 14 12:22:55 2017
@@ -201,6 +201,10 @@ public class Constants {
public static final String XPATH_FILTER20 = "XPathFilter20";
// /////////////////////////////////////////////////////////////////////
+
+ public final static String WSS_KERBEROS_TOKEN11 = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ";
+
+ // /////////////////////////////////////////////////////////////////////
public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, "XPathVersion", Constants.SP_PREFIX);
Modified: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java Sat Jan 14 12:22:55 2017
@@ -258,6 +258,15 @@ public class SP11Constants {
public static final QName BODY = new QName(SP11Constants.SP_NS, "Body");
+ public static final QName KERBEROS_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.KERBEROS_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = new QName(SP11Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_V5_TOKEN_11 = new QName(SP11Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11, SP11Constants.SP_PREFIX);
+
public static int getInclusionFromAttributeValue(String value ) {
if (INCLUDE_ALWAYS.equals(value)) {
Modified: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java Sat Jan 14 12:22:55 2017
@@ -317,6 +317,15 @@ public class SP12Constants {
////////////////////////////////////////////////////////////////////////////////////////////////
+ public static final QName KERBEROS_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.KERBEROS_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_V5_TOKEN_11 = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11, SP12Constants.SP_PREFIX);
+
public static int getInclusionFromAttributeValue(String value ) {
if (INCLUDE_ALWAYS.equals(value)) {
Modified: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java Sat Jan 14 12:22:55 2017
@@ -131,6 +131,7 @@ public class SPConstants {
public final static String USERNAME_TOKEN11 = "WssUsernameToken11";
+ public final static String KERBEROS_TOKEN = "KerberosToken";
public final static String TRANSPORT_TOKEN = "TransportToken";
@@ -429,7 +430,7 @@ public class SPConstants {
public static final String HASH_PASSWORD = "HashPassword";
-
+ public static final String REQUIRE_KERBEROS_V5_TOKEN_11 = "WssKerberosV5ApReqToken11";
-
+ public static final String REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = "WssGssKerberosV5ApReqToken11";
}
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2001-2014 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+
+public class KerberosToken extends Token {
+
+ private boolean requiresKerberosV5Token;
+
+ private boolean requiresGssKerberosV5Token;
+
+ private boolean requiresKeyIdentifierReference;
+
+ private String tokenVersionAndType = Constants.WSS_KERBEROS_TOKEN11;
+
+ public String getTokenVersionAndType() {
+ return tokenVersionAndType;
+ }
+
+ public void setTokenVersionAndType(String tokenVersionAndType) {
+ this.tokenVersionAndType = tokenVersionAndType;
+ }
+
+ public boolean isRequiresKerberosV5Token() {
+ return requiresKerberosV5Token;
+ }
+
+ public void setRequiresKerberosV5Token(boolean requiresKerberosV5Token) {
+ this.requiresKerberosV5Token = requiresKerberosV5Token;
+ }
+
+ public boolean isRequiresGssKerberosV5Token() {
+ return requiresGssKerberosV5Token;
+ }
+
+ public void setRequiresGssKerberosV5Token(boolean requiresGssKerberosV5Token) {
+ this.requiresGssKerberosV5Token = requiresGssKerberosV5Token;
+ }
+
+ public boolean isRequiresKeyIdentifierReference() {
+ return requiresKeyIdentifierReference;
+ }
+
+ public void setRequiresKeyIdentifierReference(boolean
+ requiresKeyIdentifierReference) {
+ this.requiresKeyIdentifierReference = requiresKeyIdentifierReference;
+ }
+
+ public KerberosToken(int version) {
+ setVersion(version);
+ }
+
+ public QName getName() {
+ if (version == SPConstants.SP_V12) {
+ return SP12Constants.KERBEROS_TOKEN;
+ }
+ else {
+ return SP11Constants.KERBEROS_TOKEN;
+ }
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:KerberosToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String inclusion;
+
+ if (version == SPConstants.SP_V12) {
+ inclusion = SP12Constants.getAttributeValueFromInclusion(getInclusion());
+ } else {
+ inclusion = SP11Constants.getAttributeValueFromInclusion(getInclusion());
+ }
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI,
+ SPConstants.ATTR_INCLUDE_TOKEN, inclusion);
+ }
+
+ String pPrefix = writer.getPrefix(SPConstants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = SPConstants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, SPConstants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(),
+ SPConstants.POLICY.getNamespaceURI());
+
+ if (isRequiresKerberosV5Token()) {
+ // <sp:WssKerberosV5ApReqToken11 />
+ writer.writeStartElement(prefix,SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequiresGssKerberosV5Token()) {
+ // <sp:WssGssKerberosV5ApReqToken11 ... />
+ writer.writeStartElement(prefix,
+ SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequiresKeyIdentifierReference()) {
+ // <sp:RequireKeyIdentifierReference />
+ writer.writeStartElement(prefix,
+ SPConstants.REQUIRE_KEY_IDENTIFIRE_REFERENCE,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:KerberosToken>
+ writer.writeEndElement();
+ }
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2001-2014 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy11.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.KerberosToken;
+
+/**
+ * Builder for {@link KerberosToken} assertion (WS Security Policy version 1.1)
+ */
+public class KerberosTokenBuilder implements AssertionBuilder<OMElement> {
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.neethi.builders.AssertionBuilder#build(java.lang.Object,
+ * org.apache.neethi.AssertionBuilderFactory)
+ */
+ public Assertion build(OMElement element, AssertionBuilderFactory arg1)
+ throws IllegalArgumentException {
+ KerberosToken kerberosToken = new KerberosToken(SPConstants.SP_V11);
+
+ OMElement policyElement = element.getFirstElement();
+
+ // Process token inclusion
+ OMAttribute includeAttr = element.getAttribute(SP11Constants.INCLUDE_TOKEN);
+
+ if (includeAttr != null) {
+ int inclusion = SP11Constants.getInclusionFromAttributeValue(
+ includeAttr.getAttributeValue());
+ kerberosToken.setInclusion(inclusion);
+ }
+
+ if (policyElement != null) {
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), kerberosToken);
+ // there should be only one alternative
+ break;
+ }
+ }
+ return kerberosToken;
+ }
+
+ private void processAlternative(List assertions, KerberosToken parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+ if (SP11Constants.REQUIRE_KERBEROS_V5_TOKEN_11.equals(name)) {
+ parent.setRequiresKerberosV5Token(true);
+ } else if (SP11Constants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11.equals(name)) {
+ parent.setRequiresGssKerberosV5Token(true);
+ } else if (SP11Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+ parent.setRequiresKeyIdentifierReference(true);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { SP11Constants.KERBEROS_TOKEN };
+ }
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java?rev=1778761&view=auto
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java (added)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java Sat Jan 14 12:22:55 2017
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2001-2014 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy12.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.SP12Constants;
+import org.apache.ws.secpolicy.SPConstants;
+import org.apache.ws.secpolicy.model.KerberosToken;
+
+/**
+ * Builder for {@link KerberosToken} assertion (WS Security Policy version 1.2)
+ */
+public class KerberosTokenBuilder implements AssertionBuilder<OMElement> {
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.neethi.builders.AssertionBuilder#build(java.lang.Object,
+ * org.apache.neethi.AssertionBuilderFactory)
+ */
+ public Assertion build(OMElement element, AssertionBuilderFactory arg1)
+ throws IllegalArgumentException {
+ KerberosToken kerberosToken = new KerberosToken(SPConstants.SP_V12);
+
+ OMElement policyElement = element.getFirstElement();
+
+ // Process token inclusion
+ OMAttribute includeAttr = element.getAttribute(SP12Constants.INCLUDE_TOKEN);
+
+ if (includeAttr != null) {
+ int inclusion = SP12Constants.getInclusionFromAttributeValue(
+ includeAttr.getAttributeValue());
+ kerberosToken.setInclusion(inclusion);
+ }
+
+ if (policyElement != null) {
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), kerberosToken);
+ // there should be only one alternative
+ break;
+ }
+ }
+ return kerberosToken;
+ }
+
+ private void processAlternative(List assertions, KerberosToken parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+ if (SP12Constants.REQUIRE_KERBEROS_V5_TOKEN_11.equals(name)) {
+ parent.setRequiresKerberosV5Token(true);
+ } else if (SP12Constants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11.equals(name)) {
+ parent.setRequiresGssKerberosV5Token(true);
+ } else if (SP12Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+ parent.setRequiresKeyIdentifierReference(true);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { SP12Constants.KERBEROS_TOKEN };
+ }
+}
Propchange: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder?rev=1778761&r1=1778760&r2=1778761&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder (original)
+++ axis/axis2/java/rampart/branches/RAMPART-433/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder Sat Jan 14 12:22:55 2017
@@ -23,6 +23,7 @@ org.apache.ws.secpolicy11.builders.Issue
org.apache.ws.secpolicy11.builders.RequiredElementsBuilder
org.apache.ws.secpolicy11.builders.SignatureTokenBuilder
org.apache.ws.secpolicy11.builders.EncryptionTokenBuilder
+org.apache.ws.secpolicy11.builders.KerberosTokenBuilder
org.apache.ws.secpolicy12.builders.AlgorithmSuiteBuilder
org.apache.ws.secpolicy12.builders.AsymmetricBindingBuilder
org.apache.ws.secpolicy12.builders.EncryptedElementsBuilder
@@ -49,4 +50,5 @@ org.apache.ws.secpolicy12.builders.Requi
org.apache.ws.secpolicy12.builders.ContentEncryptedElementsBuilder
org.apache.ws.secpolicy12.builders.HttpsTokenBuilder
org.apache.ws.secpolicy12.builders.SignatureTokenBuilder
-org.apache.ws.secpolicy12.builders.EncryptionTokenBuilder
\ No newline at end of file
+org.apache.ws.secpolicy12.builders.EncryptionTokenBuilder
+org.apache.ws.secpolicy12.builders.KerberosTokenBuilder
\ No newline at end of file