You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/06/10 13:20:08 UTC
svn commit: r1491417 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/
systests/ws-se...
Author: coheigea
Date: Mon Jun 10 11:20:08 2013
New Revision: 1491417
URL: http://svn.apache.org/r1491417
Log:
Fixed AlgorithmSuite bug + enabled a load of streaming ws-security tests following recent fixes in WSS4J
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java Mon Jun 10 11:20:08 2013
@@ -68,7 +68,51 @@ public class DefaultAlgorithmSuiteLoader
return new GCMAlgorithmSuite(version, nestedPolicy);
}
- private static class GCMAlgorithmSuite extends AlgorithmSuite {
+ public static class GCMAlgorithmSuite extends AlgorithmSuite {
+
+ static {
+ algorithmSuiteTypes.put(
+ "Basic128GCM",
+ new AlgorithmSuiteType(
+ "Basic128GCM",
+ SPConstants.SHA1,
+ "http://www.w3.org/2009/xmlenc11#aes128-gcm",
+ SPConstants.KW_AES128,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L128,
+ SPConstants.P_SHA1_L128,
+ 128, 128, 128, 256, 1024, 4096
+ )
+ );
+
+ algorithmSuiteTypes.put(
+ "Basic192GCM",
+ new AlgorithmSuiteType(
+ "Basic192GCM",
+ SPConstants.SHA1,
+ "http://www.w3.org/2009/xmlenc11#aes192-gcm",
+ SPConstants.KW_AES192,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L192,
+ SPConstants.P_SHA1_L192,
+ 192, 192, 192, 256, 1024, 4096
+ )
+ );
+
+ algorithmSuiteTypes.put(
+ "Basic256GCM",
+ new AlgorithmSuiteType(
+ "Basic256GCM",
+ SPConstants.SHA1,
+ "http://www.w3.org/2009/xmlenc11#aes256-gcm",
+ SPConstants.KW_AES256,
+ SPConstants.KW_RSA_OAEP,
+ SPConstants.P_SHA1_L256,
+ SPConstants.P_SHA1_L192,
+ 256, 192, 256, 256, 1024, 4096
+ )
+ );
+ }
GCMAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) {
super(version, nestedPolicy);
@@ -88,38 +132,13 @@ public class DefaultAlgorithmSuiteLoader
}
if ("Basic128GCM".equals(assertionName)) {
- setAlgorithmSuiteType(new AlgorithmSuiteType(
- "Basic128GCM",
- SPConstants.SHA1,
- "http://www.w3.org/2009/xmlenc11#aes128-gcm",
- SPConstants.KW_AES128,
- SPConstants.KW_RSA_OAEP,
- SPConstants.P_SHA1_L128,
- SPConstants.P_SHA1_L128,
- 128, 128, 128, 256, 1024, 4096
- ));
+ setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic128GCM"));
getAlgorithmSuiteType().setNamespace(assertionNamespace);
} else if ("Basic192GCM".equals(assertionName)) {
- setAlgorithmSuiteType(new AlgorithmSuiteType(
- "Basic192GCM",
- SPConstants.SHA1,
- "http://www.w3.org/2009/xmlenc11#aes192-gcm",
- SPConstants.KW_AES192,
- SPConstants.KW_RSA_OAEP,
- SPConstants.P_SHA1_L192,
- SPConstants.P_SHA1_L192,
- 192, 192, 192, 256, 1024, 4096));
+ setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic192GCM"));
getAlgorithmSuiteType().setNamespace(assertionNamespace);
} else if ("Basic256GCM".equals(assertionName)) {
- setAlgorithmSuiteType(new AlgorithmSuiteType(
- "Basic256GCM",
- SPConstants.SHA1,
- "http://www.w3.org/2009/xmlenc11#aes256-gcm",
- SPConstants.KW_AES256,
- SPConstants.KW_RSA_OAEP,
- SPConstants.P_SHA1_L256,
- SPConstants.P_SHA1_L192,
- 256, 192, 256, 256, 1024, 4096));
+ setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic256GCM"));
getAlgorithmSuiteType().setNamespace(assertionNamespace);
}
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyStaxActionInInterceptor.java Mon Jun 10 11:20:08 2013
@@ -34,6 +34,7 @@ import org.apache.wss4j.policy.SP12Const
import org.apache.wss4j.policy.SP13Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
@@ -167,9 +168,8 @@ public class PolicyStaxActionInIntercept
assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION);
assertAllAssertionsByLocalname(aim, SPConstants.ALGORITHM_SUITE);
- for (String s : AlgorithmSuite.getSupportedAlgorithmSuiteNames()) {
- assertAllAssertionsByLocalname(aim, s);
- }
+ assertAllAlgorithmSuites(SP11Constants.SP_NS, aim);
+ assertAllAlgorithmSuites(SP12Constants.SP_NS, aim);
assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_INTERNAL_REFERENCE);
assertAllAssertionsByLocalname(aim, SPConstants.REQUIRE_EXTERNAL_REFERENCE);
@@ -207,5 +207,29 @@ public class PolicyStaxActionInIntercept
}
}
}
+
+ private void assertAllAlgorithmSuites(String spNamespace, AssertionInfoMap aim) {
+ Collection<AssertionInfo> sp11Ais =
+ aim.get(new QName(spNamespace, SPConstants.ALGORITHM_SUITE));
+ if (sp11Ais != null) {
+ for (AssertionInfo ai : sp11Ais) {
+ ai.setAsserted(true);
+ AlgorithmSuite algorithmSuite = (AlgorithmSuite)ai.getAssertion();
+ AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
+ String namespace = algorithmSuiteType.getNamespace();
+ if (namespace == null) {
+ namespace = spNamespace;
+ }
+ Collection<AssertionInfo> algAis =
+ aim.get(new QName(namespace, algorithmSuiteType.getName()));
+ if (algAis != null) {
+ for (AssertionInfo algAi : algAis) {
+ algAi.setAsserted(true);
+ }
+ }
+ }
+ }
+ }
+
}
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java Mon Jun 10 11:20:08 2013
@@ -93,9 +93,8 @@ public class GCMTest extends AbstractBus
gcmPort.doubleIt(25);
// Streaming
- // TODO - See WSS-442
- // SecurityTestUtil.enableStreaming(gcmPort);
- // gcmPort.doubleIt(25);
+ SecurityTestUtil.enableStreaming(gcmPort);
+ gcmPort.doubleIt(25);
((java.io.Closeable)gcmPort).close();
bus.shutdown(true);
@@ -137,9 +136,8 @@ public class GCMTest extends AbstractBus
gcmPort.doubleIt(25);
// Streaming
- // TODO - See WSS-442
- // SecurityTestUtil.enableStreaming(gcmPort);
- // gcmPort.doubleIt(25);
+ SecurityTestUtil.enableStreaming(gcmPort);
+ gcmPort.doubleIt(25);
((java.io.Closeable)gcmPort).close();
bus.shutdown(true);
@@ -181,9 +179,8 @@ public class GCMTest extends AbstractBus
gcmPort.doubleIt(25);
// Streaming
- // TODO - See WSS-442
- // SecurityTestUtil.enableStreaming(gcmPort);
- // gcmPort.doubleIt(25);
+ SecurityTestUtil.enableStreaming(gcmPort);
+ gcmPort.doubleIt(25);
((java.io.Closeable)gcmPort).close();
bus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxSamlTokenTest.java Mon Jun 10 11:20:08 2013
@@ -258,7 +258,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
+ // TODO
@org.junit.Test
@org.junit.Ignore
public void testSaml2OverSymmetric() throws Exception {
@@ -320,7 +320,7 @@ public class StaxSamlTokenTest extends A
// Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will
// fail as the provider will demand that there is a signature covering both the assertion
// and the message body.
- // TODO See WSS-442
+ // TODO
@org.junit.Test
@org.junit.Ignore
public void testSaml2OverSymmetricSupporting() throws Exception {
@@ -588,9 +588,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricSamlInitiator() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -619,7 +617,7 @@ public class StaxSamlTokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
+ // TODO
@org.junit.Test
@org.junit.Ignore
public void testSaml2OverSymmetricSignedElements() throws Exception {
@@ -981,7 +979,7 @@ public class StaxSamlTokenTest extends A
// In this test-case, the WSP is configured with a XACML PEP interceptor, which in this
// case just mocks the call to the PDP + enforces the decision
- // TODO See WSS-442
+ // TODO
@org.junit.Test
@org.junit.Ignore
public void testSaml2PEP() throws Exception {
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java Mon Jun 10 11:20:08 2013
@@ -217,9 +217,7 @@ public class StaxX509TokenTest extends A
}
*/
- // TODO - See WSS-442
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricIssuerSerial() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -247,9 +245,7 @@ public class StaxX509TokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-449
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricThumbprint() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -334,9 +330,7 @@ public class StaxX509TokenTest extends A
bus.shutdown(true);
}
- // TODO - See WSS-442
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricProtectTokens() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -615,9 +609,7 @@ public class StaxX509TokenTest extends A
bus.shutdown(true);
}
- // TODO See WSS-442
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricEncryption() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Mon Jun 10 11:20:08 2013
@@ -236,9 +236,8 @@ public class X509TokenTest extends Abstr
x509Port.doubleIt(25);
// Streaming
- // TODO - See WSS-442
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
@@ -265,9 +264,8 @@ public class X509TokenTest extends Abstr
x509Port.doubleIt(25);
// Streaming
- // TODO - See WSS-442
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
@@ -350,9 +348,8 @@ public class X509TokenTest extends Abstr
x509Port.doubleIt(25);
// Streaming
- // TODO - See WSS-442
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
@@ -625,9 +622,8 @@ public class X509TokenTest extends Abstr
x509Port.doubleIt(25);
// Streaming
- // TODO See WSS-442
- // SecurityTestUtil.enableStreaming(x509Port);
- // x509Port.doubleIt(25);
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
((java.io.Closeable)x509Port).close();
bus.shutdown(true);
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/client/client.xml Mon Jun 10 11:20:08 2013
@@ -64,6 +64,7 @@
<entry key="ws-security.signature.username" value="alice"/>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
</jaxws:properties>
</jaxws:client>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml?rev=1491417&r1=1491416&r2=1491417&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server/server.xml Mon Jun 10 11:20:08 2013
@@ -79,6 +79,7 @@
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="useReqSigCert"/>
<entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
</jaxws:properties>
</jaxws:endpoint>