You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by ve...@apache.org on 2017/01/28 23:23:57 UTC
svn commit: r1780754 - in /axis/axis2/java/rampart/branches/RAMPART-423: ./
modules/rampart-core/ modules/rampart-core/src/main/java/org/apache/rampart/
modules/rampart-core/src/main/java/org/apache/rampart/builder/
modules/rampart-core/src/main/java/o...
Author: veithen
Date: Sat Jan 28 23:23:57 2017
New Revision: 1780754
URL: http://svn.apache.org/viewvc?rev=1780754&view=rev
Log:
Merge latest changes from trunk.
Added:
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/KerberosConfigBuilder.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/KerberosConfigBuilder.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/KerberosConfig.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/KerberosConfig.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/test/java/org/apache/rampart/policy/
- copied from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/java/org/apache/rampart/policy/
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/test/resources/org/apache/rampart/policy/
- copied from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-core/src/test/resources/org/apache/rampart/policy/
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/KerberosDelegationService.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/KerberosDelegationService.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/KerberosDelegationServiceValidator.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/KerberosDelegationServiceValidator.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/util/
- copied from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/util/
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/resources/kerberos/
- copied from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/kerberos/
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/resources/rampart/kerberos/
- copied from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/kerberos/
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
- copied unchanged from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/test/
- copied from r1780753, axis/axis2/java/rampart/trunk/modules/rampart-policy/src/test/
Removed:
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/main/java/org/apache/axis2/integration/JettyServer.java
Modified:
axis/axis2/java/rampart/branches/RAMPART-423/ (props changed)
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/pom.xml
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/pom.xml
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/pom.xml
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
axis/axis2/java/rampart/branches/RAMPART-423/pom.xml
Propchange: axis/axis2/java/rampart/branches/RAMPART-423/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sat Jan 28 23:23:57 2017
@@ -1 +1,2 @@
-/axis/axis2/java/rampart/trunk:1778774-1780711
+/axis/axis2/java/rampart/branches/RAMPART-433:1778760-1780751
+/axis/axis2/java/rampart/trunk:1778774-1780753
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/pom.xml?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/pom.xml Sat Jan 28 23:23:57 2017
@@ -85,5 +85,10 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-truth</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java Sat Jan 28 23:23:57 2017
@@ -31,12 +31,22 @@ import org.apache.rampart.saml.SAMLAsser
import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
+import org.apache.rampart.policy.model.KerberosConfig;
+import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.KerberosToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.security.*;
import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.validate.KerberosTokenDecoder;
+import org.apache.ws.security.validate.KerberosTokenValidator;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
+
+import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.*;
@@ -88,7 +98,89 @@ public class RampartEngine {
//Set rampart's configuration of WSS4J
engine.setWssConfig(rmd.getConfig());
- ValidatorData data = new ValidatorData(rmd);
+ RampartConfig rampartConfig = rpd.getRampartConfig();
+ if (rampartConfig != null) {
+ WSSConfig config = engine.getWssConfig();
+
+ // Inbound Kerberos authentication for web services
+ // Check the service policy for Kerberos token and add KerberosTokenValidator for BINARY_TOKEN validation
+ SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ if (endSupptokens != null && endSupptokens.getTokens() != null &&
+ endSupptokens.getTokens().size() > 0) {
+
+ log.debug("Processing endorsing supporting tokens");
+
+ for (org.apache.ws.secpolicy.model.Token token : endSupptokens.getTokens()) {
+ if (token instanceof KerberosToken) {
+ log.debug("KerberosToken is found as part of the endorsing supporting tokens.Check for KerberosConfig.");
+ KerberosConfig kerberosConfig = rampartConfig.getKerberosConfig();
+
+ if (null != kerberosConfig){
+ log.debug("KerberosConfig is found.");
+ log.debug("Creating KerberosTokenValidor with the available KerberosConfig.");
+ KerberosTokenValidator kerberosValidator = new KerberosTokenValidator();
+
+ KerberosTokenDecoder kerberosTokenDecoder = RampartUtil.getKerberosTokenDecoder(msgCtx, kerberosConfig);
+ if (kerberosTokenDecoder != null) {
+ kerberosValidator.setKerberosTokenDecoder(kerberosTokenDecoder);
+ }
+ kerberosValidator.setContextName(kerberosConfig.getJaasContext());
+ kerberosValidator.setServiceName(kerberosConfig.getServicePrincipalName());
+ String serviceNameForm = kerberosConfig.getServicePrincipalNameForm();
+
+ if (KerberosConfig.USERNAME_NAME_FORM.equals(serviceNameForm)) {
+ kerberosValidator.setUsernameServiceNameForm(true);
+ }
+
+ String principalName = kerberosConfig.getPrincipalName();
+ if (null == principalName){
+ log.debug("Principal name is not available in the KerberosConfig.Using the Rampart configuration's user.");
+ principalName = rampartConfig.getUser();
+ }
+
+ String password = kerberosConfig.getPrincipalPassword();
+ if (password == null) {
+ log.debug("Principal password is not available in the KerberosConfig.Trying with the configured Rampart password callback.");
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if (handler != null) {
+ WSPasswordCallback[] cb = {
+ new WSPasswordCallback(principalName, WSPasswordCallback.CUSTOM_TOKEN)
+ };
+
+ try {
+ handler.handle(cb);
+ if (cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
+ password = cb[0].getPassword();
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser", new String[] { principalName }, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser", new String[] { principalName }, e);
+ }
+ } else{
+ log.debug("No Rampart password handler is configured.");
+ }
+ }
+
+ if (principalName != null && password != null) {
+ NamePasswordCallbackHandler cb = new NamePasswordCallbackHandler(principalName, password);
+ kerberosValidator.setCallbackHandler(cb);
+ }
+
+ config.setValidator(WSSecurityEngine.BINARY_TOKEN, kerberosValidator);
+ log.debug("KerberosTokenValidator is configured and set for BINARY_TOKEN.");
+ } else {
+ log.debug("KerberosConfig is not found.Skipping configurating and setting of a Kerberos validator.");
+ }
+ }
+ }
+ }
+
+ engine.setWssConfig(config);
+ }
+
+ ValidatorData data = new ValidatorData(rmd);
SOAPHeader header = rmd.getMsgContext().getEnvelope().getHeader();
if(header == null) {
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java Sat Jan 28 23:23:57 2017
@@ -17,7 +17,10 @@
package org.apache.rampart.builder;
import org.apache.axiom.om.OMElement;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.AddressingHelper;
import org.apache.axis2.client.Options;
+import org.apache.axis2.description.AxisEndpoint;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.EncryptedKeyToken;
@@ -28,6 +31,7 @@ import org.apache.rampart.RampartMessage
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.Constants;
import org.apache.ws.secpolicy.SPConstants;
@@ -38,6 +42,7 @@ import org.apache.ws.secpolicy.model.Sup
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.NamePasswordCallbackHandler;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
@@ -53,6 +58,7 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecSignatureConfirmation;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.message.token.KerberosSecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
@@ -846,5 +852,95 @@ public abstract class BindingBuilder {
}
}
-
+ protected KerberosSecurity addKerberosToken(RampartMessageData rmd, Token token)
+ throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ KerberosConfig krbConfig = rpd.getRampartConfig().getKerberosConfig();
+
+ if (krbConfig == null) {
+ throw new RampartException("noKerberosConfigDefined");
+ }
+
+ log.debug("Token inclusion: " + token.getInclusion());
+
+ String user = krbConfig.getPrincipalName();
+ if (user == null) {
+ user = rpd.getRampartConfig().getUser();
+ }
+
+ String password = krbConfig.getPrincipalPassword();
+ if (password == null) {
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if (handler != null) {
+ if (user == null) {
+ log.debug("Password callback is configured but no user value is specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ //TODO We do not have a separate usage type for Kerberos token, let's use custom token
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user, WSPasswordCallback.CUSTOM_TOKEN) };
+ try {
+ handler.handle(cb);
+ if (cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
+ password = cb[0].getPassword();
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser", new String[] { user }, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser", new String[] { user }, e);
+ }
+ }
+ }
+
+ String principalName = null;
+ boolean isUsernameServiceNameForm = KerberosConfig.USERNAME_NAME_FORM.equals(krbConfig.getServicePrincipalNameForm());
+
+ AxisEndpoint endpoint = rmd.getMsgContext().findEndpoint();
+ if (endpoint != null) {
+ if (log.isDebugEnabled()) {
+ log.debug("Identified endpoint: " + endpoint.getName() + ". Looking for SPN identity claim.");
+ }
+
+ OMElement addressingIdentity = AddressingHelper.getAddressingIdentityParameterValue(endpoint);
+ if (addressingIdentity != null) {
+ OMElement spnClaim = addressingIdentity.getFirstChildWithName(AddressingConstants.QNAME_IDENTITY_SPN);
+ if (spnClaim != null) {
+ principalName = spnClaim.getText();
+ isUsernameServiceNameForm = false;
+ if (log.isDebugEnabled()) {
+ log.debug("Found SPN identity claim: " + principalName);
+ }
+ }
+ else {
+ OMElement upnClaim = addressingIdentity.getFirstChildWithName(AddressingConstants.QNAME_IDENTITY_UPN);
+ if (upnClaim != null) {
+ principalName = upnClaim.getText();
+ isUsernameServiceNameForm = true;
+ if (log.isDebugEnabled()) {
+ log.debug("Found UPN identity claim: " + principalName);
+ }
+ } else if (log.isDebugEnabled()) {
+ log.debug(String.format("Neither SPN nor UPN identity claim found in %s EPR element for endpoint %s.", addressingIdentity.getQName().toString(), endpoint.getName()));
+ }
+ }
+ }
+ }
+
+ if (principalName == null) {
+ principalName = krbConfig.getServicePrincipalName();
+ }
+
+ try {
+ KerberosSecurity bst = new KerberosSecurity(rmd.getDocument());
+
+ NamePasswordCallbackHandler cb = new NamePasswordCallbackHandler(user, password);
+ bst.retrieveServiceTicket(krbConfig.getJaasContext(), cb, principalName, isUsernameServiceNameForm,
+ krbConfig.isRequstCredentialDelegation(), krbConfig.getDelegationCredential());
+
+ return bst;
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInBuildingKereberosToken", e);
+ }
+ }
}
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java Sat Jan 28 23:23:57 2017
@@ -32,6 +32,7 @@ import org.apache.ws.secpolicy.SPConstan
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.Header;
import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.KerberosToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SignedEncryptedParts;
import org.apache.ws.secpolicy.model.SupportingToken;
@@ -44,10 +45,16 @@ import org.apache.ws.security.WSSecurity
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.*;
+import org.apache.ws.security.message.token.KerberosSecurity;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.crypto.SecretKey;
import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -138,6 +145,8 @@ public class TransportBindingBuilder ext
} else if (token instanceof SecureConversationToken) {
handleSecureConversationTokens(rmd, (SecureConversationToken) token);
signatureValues.add(doSecureConversationSignature(rmd, token, signdParts));
+ } else if (token instanceof KerberosToken) {
+ signatureValues.add(doKerberosTokenSignature(rmd, (KerberosToken)token, signdParts));
}
}
}
@@ -292,6 +301,77 @@ public class TransportBindingBuilder ext
}
+ /**
+ * Generates a signature over the timestamp element (if any) using the Kerberos client/server session key.
+ *
+ * @param rmd
+ * @param token
+ * @param signdParts
+ */
+ private byte[] doKerberosTokenSignature(RampartMessageData rmd, KerberosToken token, SignedEncryptedParts signdParts) throws RampartException {
+
+ Document doc = rmd.getDocument();
+
+ List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
+
+ //TODO Shall we always include a timestamp?
+ if (this.timestampElement != null) {
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if (signdParts != null) {
+ if (signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+
+ try {
+ KerberosSecurity kerberosBst = addKerberosToken(rmd, token);
+ kerberosBst.setID("Id-" + kerberosBst.hashCode());
+
+ WSSecSignature sign = new WSSecSignature();
+ sign.setSignatureAlgorithm(SignatureMethod.HMAC_SHA1);
+
+ if (token.isRequiresKeyIdentifierReference()) {
+ sign.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+
+ byte[] digestBytes = WSSecurityUtil.generateDigest(kerberosBst.getToken());
+ sign.setCustomTokenId(Base64.encode(digestBytes));
+ sign.setCustomTokenValueType(WSConstants.WSS_KRB_KI_VALUE_TYPE);
+ } else {
+ sign.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+
+ sign.setCustomTokenId(kerberosBst.getID());
+ sign.setCustomTokenValueType(kerberosBst.getValueType());
+ }
+
+ SecretKey secretKey = kerberosBst.getSecretKey();
+ sign.setSecretKey(secretKey.getEncoded());
+
+ sign.prepare(doc, null, rmd.getSecHeader());
+
+ WSSecurityUtil.prependChildElement(rmd.getSecHeader().getSecurityHeader(), kerberosBst.getElement());
+
+ List<Reference> referenceList = sign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ sign.computeSignature(referenceList, false, null);
+
+ return sign.getSignatureValue();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithKerberosToken", e);
+ }
+ }
+
private void appendToHeader(WSSecHeader secHeader, Element appendingChild) {
// TODO this is bit dubious, before migration code was like "dkSig.appendSigToHeader(rmd.getSecHeader())"
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java Sat Jan 28 23:23:57 2017
@@ -22,6 +22,7 @@ import org.apache.neethi.Assertion;
import org.apache.neethi.AssertionBuilderFactory;
import org.apache.neethi.builders.AssertionBuilder;
import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.policy.model.OptimizePartsConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.policy.model.SSLConfig;
@@ -88,6 +89,16 @@ public class RampartConfigBuilder implem
}
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.KERBEROS_CONFIG));
+ if (childElement != null) {
+ KerberosConfig kerberosConfig = (KerberosConfig)new KerberosConfigBuilder().
+ build(childElement,
+ factory);
+ rampartConfig.setKerberosConfig(kerberosConfig);
+
+ }
+
childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.SIG_CRYPTO_LN));
if (childElement != null) {
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java Sat Jan 28 23:23:57 2017
@@ -114,6 +114,8 @@ public class RampartConfig implements As
public final static String SSL_CONFIG = "sslConfig";
+ public final static String KERBEROS_CONFIG = "kerberosConfig";
+
private String user;
private String userCertAlias;
@@ -150,7 +152,17 @@ public class RampartConfig implements As
private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
private SSLConfig sslConfig;
+
+ private KerberosConfig kerberosConfig;
+
+ public KerberosConfig getKerberosConfig() {
+ return kerberosConfig;
+ }
+ public void setKerberosConfig(KerberosConfig kerberosConfig) {
+ this.kerberosConfig = kerberosConfig;
+ }
+
/*To set timeStampStrict in WSSConfig through rampartConfig - default value is false*/
private boolean timeStampStrict = false;
@@ -392,6 +404,12 @@ public class RampartConfig implements As
writer.writeEndElement();
}
+ if (kerberosConfig != null) {
+ writer.writeStartElement(NS, KERBEROS_CONFIG);
+ kerberosConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
writer.writeEndElement();
}
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java Sat Jan 28 23:23:57 2017
@@ -29,6 +29,7 @@ import org.apache.axis2.client.Options;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.dataretrieval.DRConstants;
import org.apache.axis2.dataretrieval.client.MexClient;
+import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.mex.MexConstants;
import org.apache.axis2.mex.MexException;
@@ -55,6 +56,7 @@ import org.apache.rampart.RampartMessage
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.*;
@@ -75,6 +77,7 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.validate.KerberosTokenDecoder;
import org.apache.xml.security.utils.Constants;
import org.jaxen.JaxenException;
import org.jaxen.XPath;
@@ -165,6 +168,64 @@ public class RampartUtil {
return cbHandler;
}
+ /**
+ * Instantiates any Kerberos token decoder implementation configured via {@link KerberosConfig#setKerberosTokenDecoderClass(String)}
+ * using the {@link AxisService#getClassLoader() class loader} of the specified message context's {@link MessageContext#getAxisService() service}.
+ *
+ * @param msgContext The current message context. Must not be null and must contain a valid service instance.
+ * @param kerberosConfig Rampart's Kerberos configuration.
+ *
+ * @return A new instance of {@link KerberosTokenDecoder} implementation configured via {@link KerberosConfig#setKerberosTokenDecoderClass(String)} or <code>null</code>
+ * if no Kerberos token decoder is configured.
+ * @throws RampartException If the class cannot be loaded or instantiated.
+ */
+ public static KerberosTokenDecoder getKerberosTokenDecoder(MessageContext msgContext, KerberosConfig kerberosConfig) throws RampartException {
+ if (kerberosConfig == null) {
+ throw new IllegalArgumentException("Kerberos config must not be null");
+ }
+ else if (msgContext == null) {
+ throw new IllegalArgumentException("Message context must not be null");
+ }
+
+ AxisService service = msgContext.getAxisService();
+ if (service == null) {
+ throw new IllegalArgumentException("No service available in message context: " + msgContext.getLogIDString());
+ }
+
+ KerberosTokenDecoder kerberosTokenDecoder;
+
+ String kerberosTokenDecoderClass = kerberosConfig.getKerberosTokenDecoderClass();
+ if (kerberosTokenDecoderClass == null) {
+ if (log.isDebugEnabled()) {
+ log.debug("No Kerberos token decoder class configured for service: " + service.getName());
+ }
+ return null;
+ }
+
+ if (log.isDebugEnabled()) {
+ log.debug(String.format("Loading Kerberos token decoder class '%s' using class loader of service '%s'", kerberosTokenDecoderClass, service.getName()));
+ }
+
+ ClassLoader classLoader = service.getClassLoader();
+ Class krbTokenDecoderClass;
+ try {
+ krbTokenDecoderClass = Loader.loadClass(classLoader, kerberosTokenDecoderClass);
+ }
+ catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadKrbTokenDecoderClass",
+ new String[] { kerberosTokenDecoderClass }, e);
+ }
+
+ try {
+ kerberosTokenDecoder = (KerberosTokenDecoder) krbTokenDecoderClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException("cannotCreateKrbTokenDecoderInstance",
+ new String[] { kerberosTokenDecoderClass }, e);
+ }
+
+ return kerberosTokenDecoder;
+ }
+
/**
* Returns an instance of PolicyValidatorCallbackHandler to be used to validate ws-security results.
*
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder Sat Jan 28 23:23:57 2017
@@ -1,3 +1,4 @@
org.apache.rampart.policy.builders.CryptoConfigBuilder
org.apache.rampart.policy.builders.RampartConfigBuilder
-org.apache.rampart.policy.builders.SSLConfigBuilder
\ No newline at end of file
+org.apache.rampart.policy.builders.SSLConfigBuilder
+org.apache.rampart.policy.builders.KerberosConfigBuilder
\ No newline at end of file
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties Sat Jan 28 23:23:57 2017
@@ -47,6 +47,7 @@ errorInAddingTokenIntoStore = Error in a
errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
errorInSignatureWithX509Token = Error in signature with X509Token
errorInSignatureWithACustomToken = Error in signature with a custom token
+errorInSignatureWithKerberosToken = Error in signature with KerberosToken
errorCreatingEncryptedKey = Error in creating an encrypted key
errorGettingSignatureValuesForSigconf = Error in getting signature values for signature confirmation
cannotLoadPWCBClass = Cannot load password callback class: {0}
@@ -105,3 +106,10 @@ invalidNonceLifeTime = Invalid value for
invalidIssuerAddress = Invalid value for Issuer
invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding
invalidUsernameTokenType = Invalid UsernameToken Type.
+
+#Rampart Kerberos-specific errors
+invalidServicePrincipalNameForm = Invalid servicePrincipalNameForm found in Rampart configuration ({0}). The supported service principal name forms are: \"{1}\", \"{2}\".
+noKerberosConfigDefined = No kerberosConfig policy assertion defined in rampart config.
+errorInBuildingKereberosToken = Error in building kereberos token.
+cannotLoadKrbTokenDecoderClass = Cannot load Kerberos token decoder class: {0}
+cannotCreateKrbTokenDecoderInstance = Cannot create instance of Kerberos token decoder : {0}
\ No newline at end of file
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/pom.xml?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/pom.xml Sat Jan 28 23:23:57 2017
@@ -161,8 +161,6 @@
<mkdir dir="target/temp-ramp" />
<mkdir dir="target/temp-ramp/META-INF" />
- <copy overwrite="yes" file="target/classes/org/apache/rampart/Service.class" tofile="target/temp-ramp/org/apache/rampart/Service.class" />
- <copy overwrite="yes" file="target/classes/org/apache/rampart/PWCallback.class" tofile="target/temp-ramp/org/apache/rampart/PWCallback.class" />
<copy overwrite="yes" file="src/test/resources/rampart/store.jks" tofile="target/temp-ramp/store.jks" />
<!--path id="ramp.client.props" location="test-resources/rampart"/-->
<!--maven:addPath id="maven.dependency.classpath" refid="ramp.client.props" -->
@@ -313,14 +311,23 @@
<copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties" />
<copy overwrite="yes" file="src/test/resources/rampart/services-sc-6.xml" tofile="target/temp-ramp/META-INF/services.xml" />
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC6.aar" basedir="target/temp-ramp" />
+
+ <!-- Kerberos Services -->
+ <copy overwrite="yes" file="src/test/resources/rampart/kerberos/KerberosOverTransportKeytab.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/KerberosOverTransportKeytab.aar" basedir="target/temp-ramp" />
+
+ <copy overwrite="yes" file="src/test/resources/rampart/kerberos/KerberosOverTransportPWCB.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/KerberosOverTransportPWCB.aar" basedir="target/temp-ramp" />
+
+ <copy overwrite="yes" file="src/test/resources/rampart/kerberos/KerberosDelegation.xml" tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar jarfile="target/test-resources/rampart_service_repo/services/KerberosDelegation.aar" basedir="target/temp-ramp" />
+
<!--
Set up the infra for rahas tests and the rahas client repo
-->
<mkdir dir="target/temp-rahas" />
<mkdir dir="target/temp-rahas/META-INF" />
- <copy overwrite="yes" file="target/classes/org/apache/rahas/Service.class" tofile="target/temp-rahas/org/apache/rahas/Service.class" />
- <copy overwrite="yes" file="target/classes/org/apache/rahas/PWCallback.class" tofile="target/temp-rahas/org/apache/rahas/PWCallback.class" />
<copy overwrite="yes" todir="target/temp-rahas">
<fileset dir="src/test/resources/rahas">
<include name="issuer.properties" />
@@ -484,6 +491,81 @@
<type>mar</type>
</dependency>
<dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-core-annotations</artifactId>
+ <version>2.0.0-M21</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-protocol-shared</artifactId>
+ <version>2.0.0-M21</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-protocol-kerberos</artifactId>
+ <version>2.0.0-M21</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.server</groupId>
+ <artifactId>apacheds-interceptor-kerberos</artifactId>
+ <version>2.0.0-M21</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-codec-standalone</artifactId>
+ <version>1.0.0-M33</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.directory.api</groupId>
+ <artifactId>api-ldap-extras-codec-api</artifactId>
+ <version>1.0.0-M33</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>3.2</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-truth</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
</dependency>
@@ -496,24 +578,9 @@
<artifactId>log4j</artifactId>
</dependency>
<dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-util</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-webapp</artifactId>
- <version>${jetty.version}</version>
- </dependency>
- <dependency>
<groupId>org.apache.axis2</groupId>
<artifactId>axis2-testutils</artifactId>
<version>${axis2.version}</version>
</dependency>
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <version>${bcprov.jdk15.version}</version>
- </dependency>
</dependencies>
</project>
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java Sat Jan 28 23:23:57 2017
@@ -28,10 +28,9 @@ import org.apache.axis2.Constants;
import org.apache.axis2.addressing.AddressingConstants;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.context.ServiceContext;
-import org.apache.axis2.integration.JettyServer;
+import org.apache.axis2.testutils.ClientHelper;
+import org.apache.axis2.testutils.JettyServer;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rampart.RampartMessageData;
@@ -43,40 +42,15 @@ public abstract class TestClient {
@Rule
public final JettyServer server = new JettyServer(TESTING_PATH + getServiceRepo(), false);
+ @Rule
+ public final ClientHelper clientHelper = new ClientHelper(server, TESTING_PATH + "rahas_client_repo");
+
/**
*/
@Test
public void testRequest() throws Exception {
- // Get the repository location from the args
- String repo = TESTING_PATH + "rahas_client_repo";
-
- ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
- null);
- ServiceClient serviceClient = new ServiceClient(configContext, null);
- Options options = new Options();
-
- System.setProperty("javax.net.ssl.keyStorePassword", "password");
- System.setProperty("javax.net.ssl.keyStoreType", "JKS");
- System.setProperty("javax.net.ssl.trustStore", "/home/ruchith/Desktop/interop/certs/interop2.jks");
- System.setProperty("javax.net.ssl.trustStorePassword", "password");
- System.setProperty("javax.net.ssl.trustStoreType","JKS");
-
- options.setTo(server.getEndpointReference("SecureService"));
-// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLHoK"));
-// options.setTo(new EndpointReference("https://www-lk.wso2.com:8443/axis2/services/UTSAMLHoK"));
-// options.setTo(new EndpointReference("https://192.18.49.133:2343/jaxws-s1-sts/sts"));
-// options.setTo(new EndpointReference("https://207.200.37.116/SxSts/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport"));
-// options.setTo(new EndpointReference("http://localhost:9090/SxSts/Scenario_4_IssuedToken_MutualCertificate10"));
-
-// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/MutualCertsSAMLHoK"));
-// options.setTo(new EndpointReference("http://www-lk.wso2.com:8888/axis2/services/MutualCertsSAMLHoK"));
-// options.setTo(new EndpointReference("https://131.107.72.15/trust/Addressing2004/UserName"));
-// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
-// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/trust/X509WSS10"));
-// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
-// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/jaxws-s4-sts/sts"));
-// options.setTo(new EndpointReference("http://127.0.0.1:9090/jaxws-s4/simple"));
-// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLBearer"));
+ ServiceClient serviceClient = clientHelper.createServiceClient("SecureService");
+ Options options = serviceClient.getOptions();
options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
options.setAction(this.getRequestAction());
@@ -90,8 +64,6 @@ public abstract class TestClient {
serviceClient.engageModule("addressing");
serviceClient.engageModule("rampart");
- serviceClient.setOptions(options);
-
//Blocking invocation
OMElement result = serviceClient.sendReceive(getRequest());
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java Sat Jan 28 23:23:57 2017
@@ -30,10 +30,9 @@ import org.apache.axis2.AxisFault;
import org.apache.axis2.Constants;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
-import org.apache.axis2.context.ConfigurationContext;
-import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.context.ServiceContext;
-import org.apache.axis2.integration.JettyServer;
+import org.apache.axis2.testutils.ClientHelper;
+import org.apache.axis2.testutils.JettyServer;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.junit.Rule;
@@ -50,8 +49,26 @@ public class RampartTest {
public final JettyServer server = new JettyServer(TESTING_PATH + "rampart_service_repo", false);
@Rule
+ public final ClientHelper clientHelper = new ClientHelper(server, TESTING_PATH + "rampart_client_repo") {
+ @Override
+ protected void configureServiceClient(ServiceClient serviceClient) throws Exception {
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+ }
+ };
+
+ @Rule
public final JettyServer secureServer = new JettyServer(TESTING_PATH + "rampart_service_repo", true);
+ @Rule
+ public final ClientHelper secureClientHelper = new ClientHelper(secureServer, TESTING_PATH + "rampart_client_repo") {
+ @Override
+ protected void configureServiceClient(ServiceClient serviceClient) throws Exception {
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+ }
+ };
+
static {
try {
resources = ResourceBundle.getBundle("org.apache.rampart.errors");
@@ -60,28 +77,9 @@ public class RampartTest {
}
}
- private ServiceClient getServiceClientInstance() throws AxisFault {
-
- String repository = TESTING_PATH + "rampart_client_repo";
-
- ConfigurationContext configContext = ConfigurationContextFactory.
- createConfigurationContextFromFileSystem(repository, null);
- ServiceClient serviceClient = new ServiceClient(configContext, null);
-
-
- serviceClient.engageModule("addressing");
- serviceClient.engageModule("rampart");
-
- return serviceClient;
-
- }
-
@Test
public void testWithPolicy() {
try {
-
- ServiceClient serviceClient = getServiceClientInstance();
-
//TODO : figure this out !!
boolean basic256Supported = false;
@@ -101,17 +99,15 @@ public class RampartTest {
// Testcase - 25 is failing, for the moment skipping it.
continue;
}
- Options options = new Options();
+
+ ServiceClient serviceClient = (i == 13 ? secureClientHelper : clientHelper).createServiceClient("SecureService" + i);
+ Options options = serviceClient.getOptions();
if( i == 13 ) {
- options.setTo(secureServer.getEndpointReference("SecureService" + i));
//Username token created with user/pass from options
options.setUserName("alice");
options.setPassword("password");
}
- else {
- options.setTo(server.getEndpointReference("SecureService" + i));
- }
System.out.println("Testing WS-Sec: custom scenario " + i);
options.setAction("urn:echo");
@@ -119,7 +115,6 @@ public class RampartTest {
ServiceContext context = serviceClient.getServiceContext();
context.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("/rampart/policy/" + i + ".xml"));
- serviceClient.setOptions(options);
if (i == 31) {
OMNamespace omNamespace = OMAbstractFactory.getOMFactory().createOMNamespace(
@@ -173,24 +168,21 @@ public class RampartTest {
//Skip the Basic256 tests
continue;
}
- Options options = new Options();
+
+ ServiceClient serviceClient = (i == 13 ? secureClientHelper : clientHelper).createServiceClient("SecureService" + i);
+ Options options = serviceClient.getOptions();
if (i == 13) {
- options.setTo(secureServer.getEndpointReference("SecureService" + i));
//Username token created with user/pass from options
options.setUserName("alice");
options.setPassword("password");
}
- else {
- options.setTo(server.getEndpointReference("SecureService" + i));
- }
System.out.println("Testing WS-Sec: negative scenario " + i);
options.setAction("urn:returnError");
ServiceContext context = serviceClient.getServiceContext();
context.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
loadPolicy("/rampart/policy/" + i + ".xml"));
- serviceClient.setOptions(options);
try {
//Blocking invocation
@@ -204,23 +196,19 @@ public class RampartTest {
for (int i = 1; i <= 6; i++) { //<-The number of tests we have
- Options options = new Options();
-
+ ServiceClient serviceClient;
if (i == 3 || i == 6) {
- options.setTo(secureServer.getEndpointReference("SecureServiceSC" + i));
+ serviceClient = secureClientHelper.createServiceClient("SecureServiceSC" + i);
}
else {
- options.setTo(server.getEndpointReference("SecureServiceSC" + i));
+ serviceClient = clientHelper.createServiceClient("SecureServiceSC" + i);
}
+ Options options = serviceClient.getOptions();
System.out.println("Testing WS-SecConv: custom scenario " + i);
options.setAction("urn:echo");
- //Create a new service client instance for each secure conversation scenario
- serviceClient = getServiceClientInstance();
-
serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/rampart/policy/sc-" + i + ".xml"));
- serviceClient.setOptions(options);
//Blocking invocation
serviceClient.sendReceive(getEchoElement());
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/pom.xml?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/pom.xml Sat Jan 28 23:23:57 2017
@@ -43,5 +43,15 @@
<groupId>org.apache.ws.commons.axiom</groupId>
<artifactId>axiom-api</artifactId>
</dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-truth</artifactId>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java Sat Jan 28 23:23:57 2017
@@ -201,6 +201,10 @@ public class Constants {
public static final String XPATH_FILTER20 = "XPathFilter20";
// /////////////////////////////////////////////////////////////////////
+
+ public final static String WSS_KERBEROS_TOKEN11 = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ";
+
+ // /////////////////////////////////////////////////////////////////////
public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, "XPathVersion", Constants.SP_PREFIX);
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java Sat Jan 28 23:23:57 2017
@@ -258,6 +258,15 @@ public class SP11Constants {
public static final QName BODY = new QName(SP11Constants.SP_NS, "Body");
+ public static final QName KERBEROS_TOKEN = new QName(SP11Constants.SP_NS,
+ SPConstants.KERBEROS_TOKEN, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = new QName(SP11Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11, SP11Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_V5_TOKEN_11 = new QName(SP11Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11, SP11Constants.SP_PREFIX);
+
public static int getInclusionFromAttributeValue(String value ) {
if (INCLUDE_ALWAYS.equals(value)) {
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java Sat Jan 28 23:23:57 2017
@@ -317,6 +317,15 @@ public class SP12Constants {
////////////////////////////////////////////////////////////////////////////////////////////////
+ public static final QName KERBEROS_TOKEN = new QName(SP12Constants.SP_NS,
+ SPConstants.KERBEROS_TOKEN, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_GSS_V5_TOKEN_11, SP12Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KERBEROS_V5_TOKEN_11 = new QName(SP12Constants.SP_NS,
+ SPConstants.REQUIRE_KERBEROS_V5_TOKEN_11, SP12Constants.SP_PREFIX);
+
public static int getInclusionFromAttributeValue(String value ) {
if (INCLUDE_ALWAYS.equals(value)) {
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java Sat Jan 28 23:23:57 2017
@@ -131,6 +131,7 @@ public class SPConstants {
public final static String USERNAME_TOKEN11 = "WssUsernameToken11";
+ public final static String KERBEROS_TOKEN = "KerberosToken";
public final static String TRANSPORT_TOKEN = "TransportToken";
@@ -429,7 +430,7 @@ public class SPConstants {
public static final String HASH_PASSWORD = "HashPassword";
-
+ public static final String REQUIRE_KERBEROS_V5_TOKEN_11 = "WssKerberosV5ApReqToken11";
-
+ public static final String REQUIRE_KERBEROS_GSS_V5_TOKEN_11 = "WssGssKerberosV5ApReqToken11";
}
Modified: axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder Sat Jan 28 23:23:57 2017
@@ -23,6 +23,7 @@ org.apache.ws.secpolicy11.builders.Issue
org.apache.ws.secpolicy11.builders.RequiredElementsBuilder
org.apache.ws.secpolicy11.builders.SignatureTokenBuilder
org.apache.ws.secpolicy11.builders.EncryptionTokenBuilder
+org.apache.ws.secpolicy11.builders.KerberosTokenBuilder
org.apache.ws.secpolicy12.builders.AlgorithmSuiteBuilder
org.apache.ws.secpolicy12.builders.AsymmetricBindingBuilder
org.apache.ws.secpolicy12.builders.EncryptedElementsBuilder
@@ -49,4 +50,5 @@ org.apache.ws.secpolicy12.builders.Requi
org.apache.ws.secpolicy12.builders.ContentEncryptedElementsBuilder
org.apache.ws.secpolicy12.builders.HttpsTokenBuilder
org.apache.ws.secpolicy12.builders.SignatureTokenBuilder
-org.apache.ws.secpolicy12.builders.EncryptionTokenBuilder
\ No newline at end of file
+org.apache.ws.secpolicy12.builders.EncryptionTokenBuilder
+org.apache.ws.secpolicy12.builders.KerberosTokenBuilder
\ No newline at end of file
Modified: axis/axis2/java/rampart/branches/RAMPART-423/pom.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-423/pom.xml?rev=1780754&r1=1780753&r2=1780754&view=diff
==============================================================================
--- axis/axis2/java/rampart/branches/RAMPART-423/pom.xml (original)
+++ axis/axis2/java/rampart/branches/RAMPART-423/pom.xml Sat Jan 28 23:23:57 2017
@@ -465,6 +465,11 @@
<artifactId>axiom-dom</artifactId>
<version>${axiom.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-truth</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
<!-- Other Rampart Dependencies -->
<dependency>
@@ -496,6 +501,10 @@
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ </exclusion>
</exclusions>
</dependency>
@@ -615,8 +624,6 @@
<failIfNoTests>false</failIfNoTests>
<jacoco.version>0.7.5.201505241946</jacoco.version>
-
- <jetty.version>7.6.15.v20140411</jetty.version>
</properties>
<pluginRepositories>