You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/08/13 18:51:10 UTC
[3/3] cxf git commit: Adding an STS OSGi test
Adding an STS OSGi test
Conflicts:
parent/pom.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2144c1f7
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2144c1f7
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2144c1f7
Branch: refs/heads/3.0.x-fixes
Commit: 2144c1f7811f076c8112c524e487b1c0a35d07a7
Parents: b86ec03
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Aug 13 16:21:37 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Aug 13 17:51:00 2015 +0100
----------------------------------------------------------------------
parent/pom.xml | 6 +
services/sts/systests/pom.xml | 3 +
services/sts/systests/sts-features/pom.xml | 82 +++++
.../src/main/resources/features.xml | 27 ++
services/sts/systests/sts-itests/pom.xml | 167 ++++++++++
.../sts/itests/BasicSTSIntegrationTest.java | 82 +++++
.../sts/itests/unit/CommonCallbackHandler.java | 56 ++++
.../systest/sts/itests/unit/STSUnitTest.java | 132 ++++++++
.../test/resources/clientKeystore.properties | 24 ++
.../src/test/resources/clientstore.jks | Bin 0 -> 4436 bytes
.../resources/etc/org.ops4j.pax.logging.cfg | 25 ++
services/sts/systests/sts-osgi/pom.xml | 40 +++
.../systest/sts/osgi/CommonCallbackHandler.java | 56 ++++
.../resources/OSGI-INF/blueprint/blueprint.xml | 60 ++++
.../sts-osgi/src/main/resources/STSService.wsdl | 318 +++++++++++++++++++
.../src/main/resources/stsKeystore.properties | 23 ++
.../sts-osgi/src/main/resources/stsstore.jks | Bin 0 -> 3978 bytes
services/xkms/xkms-itests/pom.xml | 28 +-
18 files changed, 1119 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index f101fb9..a47bb73 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -137,10 +137,16 @@
<cxf.netty.version.range>[4,5)</cxf.netty.version.range>
<cxf.oauth.bundle.version>20100527_1</cxf.oauth.bundle.version>
<cxf.oauth.version>20100527</cxf.oauth.version>
+<<<<<<< HEAD
<cxf.opensaml.version>2.6.1</cxf.opensaml.version>
<cxf.opensaml.osgi.version>2.6.1_1</cxf.opensaml.osgi.version>
<cxf.opensaml.xmltooling.version>1.4.0_1</cxf.opensaml.xmltooling.version>
<cxf.opensamlws.version>1.5.0_1</cxf.opensamlws.version>
+=======
+ <cxf.opensaml.version>3.1.1_3-SNAPSHOT</cxf.opensaml.version>
+ <cxf.opensaml.osgi.version>3.1.0_1</cxf.opensaml.osgi.version>
+ <cxf.opensaml.osgi.version.range>[3.1,4)</cxf.opensaml.osgi.version.range>
+>>>>>>> cf87907... Adding an STS OSGi test
<cxf.rhino.version>1.7R2</cxf.rhino.version>
<cxf.saaj-api.version>1.3.5</cxf.saaj-api.version>
<cxf.servlet-api.group>org.apache.geronimo.specs</cxf.servlet-api.group>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/pom.xml b/services/sts/systests/pom.xml
index 0c9fc9d..a24a731 100644
--- a/services/sts/systests/pom.xml
+++ b/services/sts/systests/pom.xml
@@ -32,5 +32,8 @@
<modules>
<module>basic</module>
<module>advanced</module>
+ <module>sts-osgi</module>
+ <module>sts-features</module>
+ <module>sts-itests</module>
</modules>
</project>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-features/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-features/pom.xml b/services/sts/systests/sts-features/pom.xml
new file mode 100644
index 0000000..4e729fd
--- /dev/null
+++ b/services/sts/systests/sts-features/pom.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.cxf.services.sts.systests</groupId>
+ <artifactId>cxf-services-sts-systests-features</artifactId>
+
+ <packaging>pom</packaging>
+ <name>Apache CXF STS test Karaf Features</name>
+ <url>http://cxf.apache.org</url>
+ <parent>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-parent</artifactId>
+ <version>3.1.3-SNAPSHOT</version>
+ <relativePath>../../../../parent/pom.xml</relativePath>
+ </parent>
+ <build>
+ <resources>
+ <resource>
+ <directory>${project.basedir}/src/main/resources</directory>
+ <filtering>true</filtering>
+ <includes>
+ <include>**/features.xml</include>
+ <include>**/*.properties</include>
+ </includes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>filter</id>
+ <phase>generate-resources</phase>
+ <goals>
+ <goal>resources</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>attach-artifacts</id>
+ <phase>package</phase>
+ <goals>
+ <goal>attach-artifact</goal>
+ </goals>
+ <configuration>
+ <artifacts>
+ <artifact>
+ <file>target/classes/features.xml</file>
+ <type>xml</type>
+ </artifact>
+ </artifacts>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-features/src/main/resources/features.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-features/src/main/resources/features.xml b/services/sts/systests/sts-features/src/main/resources/features.xml
new file mode 100644
index 0000000..9edf968
--- /dev/null
+++ b/services/sts/systests/sts-features/src/main/resources/features.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<features xmlns="http://karaf.apache.org/xmlns/features/v1.0.0" name="cxf-sts-osgi">
+ <repository>mvn:org.apache.cxf.karaf/apache-cxf/${project.version}/xml/features</repository>
+ <feature name="cxf-sts-service" version="${project.version}">
+ <feature>cxf</feature>
+ <feature>cxf-sts</feature>
+ <bundle>mvn:${project.groupId}/cxf-services-sts-systests-osgi/${project.version}</bundle>
+ </feature>
+</features>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/pom.xml b/services/sts/systests/sts-itests/pom.xml
new file mode 100644
index 0000000..9dd60cd
--- /dev/null
+++ b/services/sts/systests/sts-itests/pom.xml
@@ -0,0 +1,167 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.cxf.services.sts.systests</groupId>
+ <artifactId>cxf-services-sts-systests-itests</artifactId>
+ <name>Apache CXF STS Integration Tests</name>
+ <url>http://cxf.apache.org</url>
+ <parent>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-parent</artifactId>
+ <version>3.1.3-SNAPSHOT</version>
+ <relativePath>../../../../parent/pom.xml</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>org.osgi.core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.services.sts</groupId>
+ <artifactId>cxf-services-sts-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.services.sts.systests</groupId>
+ <artifactId>cxf-services-sts-systests-features</artifactId>
+ <version>${project.version}</version>
+ <type>xml</type>
+ </dependency>
+
+ <!-- to force the karaf cxf feature to be available before testing -->
+ <dependency>
+ <groupId>org.apache.cxf.karaf</groupId>
+ <artifactId>apache-cxf</artifactId>
+ <version>${project.version}</version>
+ <type>pom</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf.karaf</groupId>
+ <artifactId>cxf-karaf-commands</artifactId>
+ <version>${project.version}</version>
+ <type>pom</type>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.ops4j.pax.exam</groupId>
+ <artifactId>pax-exam-junit4</artifactId>
+ <version>${cxf.pax.exam.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.ops4j.pax.exam</groupId>
+ <artifactId>pax-exam</artifactId>
+ <version>${cxf.pax.exam.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.ops4j.pax.exam</groupId>
+ <artifactId>pax-exam-container-karaf</artifactId>
+ <version>${cxf.pax.exam.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.ops4j.pax.exam</groupId>
+ <artifactId>pax-exam-link-mvn</artifactId>
+ <version>${cxf.pax.exam.version}</version>
+ <scope>test</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-jdk14</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <!-- generate dependency versions -->
+ <plugin>
+ <groupId>org.apache.servicemix.tooling</groupId>
+ <artifactId>depends-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>generate-resources</phase>
+ <id>generate-depends-file</id>
+ <goals>
+ <goal>generate-depends-file</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemPropertyVariables>
+ <org.ops4j.pax.logging.DefaultServiceLog.level>WARN</org.ops4j.pax.logging.DefaultServiceLog.level>
+ <karaf.version>${cxf.karaf.version}</karaf.version>
+ <localRepository>${maven.repo.local}</localRepository>
+ </systemPropertyVariables>
+ </configuration>
+ </plugin>
+ </plugins>
+ <pluginManagement>
+ <plugins>
+ <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
+ <plugin>
+ <groupId>org.eclipse.m2e</groupId>
+ <artifactId>lifecycle-mapping</artifactId>
+ <version>1.0.0</version>
+ <configuration>
+ <lifecycleMappingMetadata>
+ <pluginExecutions>
+ <pluginExecution>
+ <pluginExecutionFilter>
+ <groupId>
+ org.apache.servicemix.tooling
+ </groupId>
+ <artifactId>
+ depends-maven-plugin
+ </artifactId>
+ <versionRange>
+ [1.2,)
+ </versionRange>
+ <goals>
+ <goal>
+ generate-depends-file
+ </goal>
+ </goals>
+ </pluginExecutionFilter>
+ <action>
+ <ignore></ignore>
+ </action>
+ </pluginExecution>
+ </pluginExecutions>
+ </lifecycleMappingMetadata>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java
new file mode 100644
index 0000000..f9f0768
--- /dev/null
+++ b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java
@@ -0,0 +1,82 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.itests;
+
+import java.io.File;
+
+import org.ops4j.pax.exam.Configuration;
+import org.ops4j.pax.exam.Option;
+import org.ops4j.pax.exam.options.MavenArtifactUrlReference;
+import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
+import org.ops4j.pax.exam.spi.reactors.PerClass;
+
+import static org.ops4j.pax.exam.CoreOptions.maven;
+import static org.ops4j.pax.exam.CoreOptions.systemProperty;
+import static org.ops4j.pax.exam.CoreOptions.when;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.configureConsole;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.features;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.karafDistributionConfiguration;
+import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.replaceConfigurationFile;
+
+@ExamReactorStrategy(PerClass.class)
+public class BasicSTSIntegrationTest {
+
+ protected static final String HTTP_PORT = "9191";
+ protected static final String STS_ENDPOINT = "http://localhost:" + HTTP_PORT + "/cxf/X509";
+
+ @Configuration
+ public Option[] getConfig() {
+ String karafVersion = System.getProperty("karaf.version", "3.0.4");
+ String localRepository = System.getProperty("localRepository");
+
+ MavenArtifactUrlReference karafUrl = maven() //
+ .groupId("org.apache.karaf") //
+ .artifactId("apache-karaf") //
+ .version(karafVersion)
+ .type("tar.gz");
+ MavenArtifactUrlReference stsFeatures = maven() //
+ .groupId("org.apache.cxf.services.sts.systests") //
+ .artifactId("cxf-services-sts-systests-features") //
+ .versionAsInProject() //
+ .type("xml");
+
+ return new Option[] {
+ karafDistributionConfiguration().frameworkUrl(karafUrl).karafVersion(karafVersion)
+ .unpackDirectory(new File("target/paxexam/unpack/")).useDeployFolder(false),
+ systemProperty("java.awt.headless").value("true"),
+
+ copy("clientKeystore.properties"),
+ copy("clientstore.jks"),
+ copy("etc/org.ops4j.pax.logging.cfg"),
+ editConfigurationFilePut("etc/org.ops4j.pax.web.cfg", "org.osgi.service.http.port", HTTP_PORT),
+ when(localRepository != null)
+ .useOptions(editConfigurationFilePut("etc/org.ops4j.pax.url.mvn.cfg",
+ "org.ops4j.pax.url.mvn.localRepository",
+ localRepository)),
+ features(stsFeatures, "cxf-sts-service"),
+ configureConsole().ignoreLocalConsole(),
+ };
+ }
+
+ protected Option copy(String path) {
+ return replaceConfigurationFile(path, new File("src/test/resources/" + path));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java
new file mode 100644
index 0000000..1ba65db
--- /dev/null
+++ b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.itests.unit;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+public class CommonCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("myservicekey".equals(pc.getIdentifier())) {
+ pc.setPassword("skpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ } else if ("eve".equals(pc.getIdentifier())) {
+ pc.setPassword("evekpass");
+ break;
+ } else if ("mystskey".equals(pc.getIdentifier())) {
+ pc.setPassword("stskpass");
+ break;
+ }
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java
new file mode 100644
index 0000000..8401080
--- /dev/null
+++ b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.itests.unit;
+
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.systest.sts.itests.BasicSTSIntegrationTest;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.processor.Processor;
+import org.apache.wss4j.dom.processor.SAMLTokenProcessor;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.junit.PaxExam;
+
+/**
+ * Some tests to retrieve a SAML token directly from the STS.
+ */
+@RunWith(PaxExam.class)
+public class STSUnitTest extends BasicSTSIntegrationTest {
+
+ private static final String SAML2_TOKEN_TYPE =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+ private static final String BEARER_KEYTYPE =
+ "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
+
+ @Test
+ public void testBearerSAML2Token() throws URISyntaxException, Exception {
+ Bus bus = BusFactory.getDefaultBus();
+
+ // Get a token
+ SecurityToken token =
+ requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, bus, STS_ENDPOINT);
+ Assert.assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType()));
+ Assert.assertTrue(token.getToken() != null);
+
+ // Process the token
+ List<WSSecurityEngineResult> results = processToken(token);
+
+ Assert.assertTrue(results != null && results.size() == 1);
+ SamlAssertionWrapper assertion =
+ (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ Assert.assertTrue(assertion != null);
+ Assert.assertTrue(assertion.getSaml1() == null && assertion.getSaml2() != null);
+ Assert.assertTrue(assertion.isSigned());
+
+ List<String> methods = assertion.getConfirmationMethods();
+ String confirmMethod = null;
+ if (methods != null && methods.size() > 0) {
+ confirmMethod = methods.get(0);
+ }
+ Assert.assertTrue(confirmMethod.contains("bearer"));
+
+ bus.shutdown(true);
+ }
+
+ private SecurityToken requestSecurityToken(
+ String tokenType,
+ String keyType,
+ Bus bus,
+ String endpointAddress
+ ) throws Exception {
+ STSClient stsClient = new STSClient(bus);
+
+ stsClient.setWsdlLocation(endpointAddress + "?wsdl");
+ stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService");
+ stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port");
+ stsClient.setEnableAppliesTo(false);
+
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put(SecurityConstants.USERNAME, "alice");
+ properties.put(
+ SecurityConstants.CALLBACK_HANDLER, new CommonCallbackHandler()
+ );
+ properties.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties");
+ properties.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ properties.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
+
+ stsClient.setProperties(properties);
+ stsClient.setTokenType(tokenType);
+ stsClient.setKeyType(keyType);
+
+ return stsClient.requestSecurityToken(endpointAddress);
+ }
+
+ private List<WSSecurityEngineResult> processToken(SecurityToken token) throws Exception {
+ RequestData requestData = new RequestData();
+ CallbackHandler callbackHandler = new CommonCallbackHandler();
+ requestData.setCallbackHandler(callbackHandler);
+ Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties",
+ this.getClass().getClassLoader());
+ requestData.setSigVerCrypto(crypto);
+
+ Processor processor = new SAMLTokenProcessor();
+ return processor.handleToken(
+ token.getToken(), requestData, new WSDocInfo(token.getToken().getOwnerDocument())
+ );
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties b/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties
new file mode 100644
index 0000000..8ab391e
--- /dev/null
+++ b/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties
@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=cspass
+org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey
+org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/src/test/resources/clientstore.jks
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/src/test/resources/clientstore.jks b/services/sts/systests/sts-itests/src/test/resources/clientstore.jks
new file mode 100644
index 0000000..23168a9
Binary files /dev/null and b/services/sts/systests/sts-itests/src/test/resources/clientstore.jks differ
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg b/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg
new file mode 100644
index 0000000..5355947
--- /dev/null
+++ b/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg
@@ -0,0 +1,25 @@
+# Root logger
+log4j.rootLogger=WARN, stdout, file
+log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer
+
+log4j.logger.org.apache.cxf.xkms=INFO
+log4j.logger.org.apache.cxf.xkms.x509.validator=WARN
+
+# Reduce noisy output
+log4j.logger.org.ops4j.pax.swissbox.bnd.BndUtils=ERROR
+
+# CONSOLE appender
+log4j.appender.stdout.threshold=INFO
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} | %-5.5p | %-50.50c | %m%n
+#log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} | %-5.5p | %-40.40c | %-3.3X{bundle.id} - %-20.20X{bundle.name} | %m%n
+
+
+# File appender
+log4j.appender.file.threshold=DEBUG
+log4j.appender.file=org.apache.log4j.FileAppender
+log4j.appender.file.layout=org.apache.log4j.PatternLayout
+log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} | %-5.5p | %-50.50c | %m%n
+log4j.appender.file.file=${karaf.data}/log/karaf.log
+log4j.appender.file.append=true
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-osgi/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-osgi/pom.xml b/services/sts/systests/sts-osgi/pom.xml
new file mode 100644
index 0000000..1686c03
--- /dev/null
+++ b/services/sts/systests/sts-osgi/pom.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.cxf.services.sts.systests</groupId>
+ <artifactId>cxf-services-sts-systests-osgi</artifactId>
+ <packaging>bundle</packaging>
+ <name>Apache CXF STS test OSGi deployment</name>
+ <url>http://cxf.apache.org</url>
+ <parent>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-parent</artifactId>
+ <version>3.1.3-SNAPSHOT</version>
+ <relativePath>../../../../parent/pom.xml</relativePath>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.cxf.services.sts</groupId>
+ <artifactId>cxf-services-sts-core</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java b/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java
new file mode 100644
index 0000000..306c520
--- /dev/null
+++ b/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.osgi;
+
+import java.io.IOException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+public class CommonCallbackHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if ("myclientkey".equals(pc.getIdentifier())) {
+ pc.setPassword("ckpass");
+ break;
+ } else if ("myservicekey".equals(pc.getIdentifier())) {
+ pc.setPassword("skpass");
+ break;
+ } else if ("alice".equals(pc.getIdentifier())) {
+ pc.setPassword("clarinet");
+ break;
+ } else if ("bob".equals(pc.getIdentifier())) {
+ pc.setPassword("trombone");
+ break;
+ } else if ("eve".equals(pc.getIdentifier())) {
+ pc.setPassword("evekpass");
+ break;
+ } else if ("mystskey".equals(pc.getIdentifier())) {
+ pc.setPassword("stskpass");
+ break;
+ }
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml b/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
new file mode 100644
index 0000000..62fbced
--- /dev/null
+++ b/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cxf="http://cxf.apache.org/blueprint/core" xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws" xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0" xmlns:ext="http://www.osgi.org/xmlns/blueprint-ext/v1.1.0" xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd http://www.osgi.org/xmlns/blueprint-ext/v1.1.0 https://svn.apache.org/repos/asf/aries/tags/blueprint-0.3.1/blueprint-core/src/main/resources/org/apache/aries/blueprint/ext/blueprint-ext.xsd http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd http://cxf.apache.org/blueprint/jaxws http://cxf.apache.org/schemas/blueprint/jaxws.xsd http://cxf.apache.org/blue
print/core http://cxf.apache.org/schemas/blueprint/core.xsd ">
+
+ <bean id="x509STSProviderBean"
+ class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider">
+ <property name="issueOperation" ref="x509IssueDelegate" />
+ </bean>
+
+ <bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation">
+ <property name="tokenProviders">
+ <list>
+ <ref component-id="x509SAMLTokenProvider"/>
+ </list>
+ </property>
+ <property name="stsProperties" ref="x509STSProperties" />
+ <property name="returnReferences" value="false" />
+ </bean>
+
+ <bean id="x509SAMLTokenProvider"
+ class="org.apache.cxf.sts.token.provider.SAMLTokenProvider">
+ </bean>
+
+ <bean id="x509STSProperties" class="org.apache.cxf.sts.StaticSTSProperties">
+ <property name="signaturePropertiesFile" value="stsKeystore.properties" />
+ <property name="signatureUsername" value="mystskey" />
+ <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.osgi.CommonCallbackHandler" />
+ <property name="issuer" value="STSIssuer" />
+ </bean>
+
+ <jaxws:endpoint id="X509STS" implementor="#x509STSProviderBean"
+ address="/X509" wsdlLocation="STSService.wsdl"
+ xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ serviceName="ns1:SecurityTokenService" endpointName="ns1:X509_Port">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.sts.osgi.CommonCallbackHandler" />
+ <entry key="ws-security.signature.properties" value="stsKeystore.properties" />
+ <entry key="ws-security.signature.username" value="mystskey" />
+ <entry key="ws-security.encryption.username" value="useReqSigCert" />
+ </jaxws:properties>
+ </jaxws:endpoint>
+</blueprint>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl b/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl
new file mode 100644
index 0000000..f0a6e03
--- /dev/null
+++ b/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl
@@ -0,0 +1,318 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+ >
+
+ <wsdl:types>
+ <xs:schema elementFormDefault="qualified"
+ targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType' />
+ <xs:element name='RequestSecurityTokenResponse'
+ type='wst:AbstractRequestSecurityTokenType' />
+
+ <xs:complexType name='AbstractRequestSecurityTokenType'>
+ <xs:sequence>
+ <xs:any namespace='##any' processContents='lax'
+ minOccurs='0' maxOccurs='unbounded' />
+ </xs:sequence>
+ <xs:attribute name='Context' type='xs:anyURI'
+ use='optional' />
+ <xs:anyAttribute namespace='##other'
+ processContents='lax' />
+ </xs:complexType>
+ <xs:element name='RequestSecurityTokenCollection'
+ type='wst:RequestSecurityTokenCollectionType' />
+ <xs:complexType name='RequestSecurityTokenCollectionType'>
+ <xs:sequence>
+ <xs:element name='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType'
+ minOccurs='2' maxOccurs='unbounded' />
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name='RequestSecurityTokenResponseCollection'
+ type='wst:RequestSecurityTokenResponseCollectionType' />
+ <xs:complexType name='RequestSecurityTokenResponseCollectionType'>
+ <xs:sequence>
+ <xs:element ref='wst:RequestSecurityTokenResponse'
+ minOccurs='1' maxOccurs='unbounded' />
+ </xs:sequence>
+ <xs:anyAttribute namespace='##other'
+ processContents='lax' />
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:message name="RequestSecurityTokenMsg">
+ <wsdl:part name="request" element="wst:RequestSecurityToken" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseMsg">
+ <wsdl:part name="response" element="wst:RequestSecurityTokenResponse" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenCollectionMsg">
+ <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection" />
+ </wsdl:message>
+ <wsdl:message name="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:part name="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection" />
+ </wsdl:message>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <wsdl:portType name="STS">
+ <wsdl:operation name="Cancel">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"
+ message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"
+ message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="Issue">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
+ message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"
+ message="tns:RequestSecurityTokenResponseCollectionMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"
+ message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"
+ message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"
+ message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"
+ message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"
+ message="tns:RequestSecurityTokenMsg" />
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"
+ message="tns:RequestSecurityTokenResponseMsg" />
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <wsdl:input message="tns:RequestSecurityTokenCollectionMsg" />
+ <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg" />
+ </wsdl:operation>
+ </wsdl:portType>
+
+
+ <wsdl:binding name="X509_Binding" type="wstrust:STS">
+ <wsp:PolicyReference URI="#X509_policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" />
+ <wsdl:input>
+ <wsp:PolicyReference URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate" />
+ <wsdl:input>
+ <wsp:PolicyReference URI="#Input_policy" />
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference URI="#Output_policy" />
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operation name="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsp:Policy wsu:Id="X509_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <wsap10:UsingAddressing />
+ <sp:AsymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ <sp:MustSupportRefIssuerSerial />
+ <sp:MustSupportRefThumbprint />
+ <sp:MustSupportRefEncryptedKey />
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens />
+ <sp:RequireClientEntropy />
+ <sp:RequireServerEntropy />
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+ <wsp:Policy wsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ <sp:Header Name="To"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="From"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ <sp:Header Name="Action"
+ Namespace="http://www.w3.org/2005/08/addressing" />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body />
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsdl:service name="SecurityTokenService">
+ <wsdl:port name="X509_Port" binding="tns:X509_Binding">
+ <soap:address location="dummy_address_actual_value_populated_when_sts_deployed" />
+ </wsdl:port>
+ </wsdl:service>
+
+</wsdl:definitions>
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties b/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties
new file mode 100644
index 0000000..2f132ea
--- /dev/null
+++ b/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=stsspass
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks
----------------------------------------------------------------------
diff --git a/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks b/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks
new file mode 100644
index 0000000..e805906
Binary files /dev/null and b/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks differ
http://git-wip-us.apache.org/repos/asf/cxf/blob/2144c1f7/services/xkms/xkms-itests/pom.xml
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-itests/pom.xml b/services/xkms/xkms-itests/pom.xml
index 07d2b35..cc6bd99 100644
--- a/services/xkms/xkms-itests/pom.xml
+++ b/services/xkms/xkms-itests/pom.xml
@@ -1,14 +1,22 @@
<?xml version="1.0"?>
-<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
- license agreements. See the NOTICE file distributed with this work for additional
- information regarding copyright ownership. The ASF licenses this file to
- you under the Apache License, Version 2.0 (the "License"); you may not use
- this file except in compliance with the License. You may obtain a copy of
- the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
- by applicable law or agreed to in writing, software distributed under the
- License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
- OF ANY KIND, either express or implied. See the License for the specific
- language governing permissions and limitations under the License. -->
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.apache.cxf.services.xkms</groupId>