This is an automated email from the ASF dual-hosted git repository. jamesnetherton pushed a commit to branch 2.13.x in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit f61cedbfbae362ae2927ea03edc749d8d04c132f Author: Peter Palaga <[email protected]> AuthorDate: Thu Oct 27 11:28:45 2022 +0200 Add WS-Trust test for CXF SOAP --- .../cxf-soap/cxf-soap-ws-trust/pom.xml | 135 +++++++++ .../ws/trust/common/PasswordCallbackHandler.java | 52 ++++ .../it/ws/trust/server/ServerCallbackHandler.java | 30 ++ .../soap/it/ws/trust/server/TrustHelloService.java | 34 +++ .../it/ws/trust/server/WsTrustServerRoutes.java | 70 +++++ .../cxf/soap/it/ws/trust/sts/SampleSTS.java | 86 ++++++ .../soap/it/ws/trust/sts/StsCallbackHandler.java | 32 +++ .../src/main/resources/AsymmetricSAML2Policy.xml | 102 +++++++ .../src/main/resources/Input_Policy.xml | 48 ++++ .../src/main/resources/Output_Policy.xml | 48 ++++ .../src/main/resources/TrustHelloService.wsdl | 182 +++++++++++++ .../main/resources/TrustHelloService_schema1.xsd | 36 +++ .../src/main/resources/application.properties | 25 ++ .../src/main/resources/serviceKeystore.properties | 40 +++ .../src/main/resources/servicestore.jks | Bin 0 -> 3475 bytes .../src/main/resources/stsKeystore.properties | 39 +++ .../src/main/resources/stsstore.jks | Bin 0 -> 5570 bytes .../src/main/resources/ws-trust-1.4-service.wsdl | 303 +++++++++++++++++++++ .../soap/it/ws/trust/ClientCallbackHandler.java | 50 ++++ .../cxf/soap/it/ws/trust/CxfWsTrustIT.java | 24 ++ .../cxf/soap/it/ws/trust/CxfWsTrustTest.java | 167 ++++++++++++ .../src/test/resources/clientKeystore.properties | 40 +++ .../src/test/resources/clientstore.jks | Bin 0 -> 5571 bytes integration-test-groups/cxf-soap/pom.xml | 1 + integration-tests/cxf-soap-grouped/pom.xml | 232 ++++++++++++++++ 25 files changed, 1776 insertions(+) diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml new file mode 100644 index 0000000000..bd2e3516dc --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/pom.xml @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd";> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-build-parent-it</artifactId> + <version>2.14.0-SNAPSHOT</version> + <relativePath>../../../poms/build-parent-it/pom.xml</relativePath> + </parent> + + <artifactId>camel-quarkus-integration-test-cxf-soap-ws-trust</artifactId> + <name>Camel Quarkus :: Integration Tests :: CXF SOAP WS-Trust</name> + <description>Integration tests for Camel Quarkus CXF extension acting as SOAP server having WS-Security enabled</description> + + <dependencies> + <dependency> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-cxf-soap</artifactId> + </dependency> + <dependency> + <groupId>io.quarkiverse.cxf</groupId> + <artifactId>quarkus-cxf-services-sts</artifactId> + </dependency> + <dependency> + <groupId>io.quarkiverse.cxf</groupId> + <artifactId>quarkus-cxf-rt-features-logging</artifactId> + </dependency> + + <dependency> + <groupId>io.quarkus</groupId> + <artifactId>quarkus-junit5</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>io.rest-assured</groupId> + <artifactId>rest-assured</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>io.quarkiverse.cxf</groupId> + <artifactId>quarkus-cxf-test-util</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.assertj</groupId> + <artifactId>assertj-core</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + + <profiles> + <profile> + <id>native</id> + <activation> + <property> + <name>native</name> + </property> + </activation> + <properties> + <quarkus.package.type>native</quarkus.package.type> + </properties> + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-failsafe-plugin</artifactId> + <executions> + <execution> + <goals> + <goal>integration-test</goal> + <goal>verify</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + <profile> + <id>virtualDependencies</id> + <activation> + <property> + <name>!noVirtualDependencies</name> + </property> + </activation> + <dependencies> + <!-- The following dependencies guarantee that this module is built after them. You can update them by running `mvn process-resources -Pformat -N` from the source tree root directory --> + <dependency> + <groupId>org.apache.camel.quarkus</groupId> + <artifactId>camel-quarkus-cxf-soap-deployment</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>*</groupId> + <artifactId>*</artifactId> + </exclusion> + </exclusions> + </dependency> + </dependencies> + </profile> + <profile> + <id>skip-testcontainers-tests</id> + <activation> + <property> + <name>skip-testcontainers-tests</name> + </property> + </activation> + <properties> + <skipTests>true</skipTests> + </properties> + </profile> + </profiles> + +</project> \ No newline at end of file diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/common/PasswordCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/common/PasswordCallbackHandler.java new file mode 100644 index 0000000000..a4c894137f --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/common/PasswordCallbackHandler.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.ext.WSPasswordCallback; + +public class PasswordCallbackHandler implements CallbackHandler { + + private Map<String, String> passwords = new HashMap<String, String>(); + + public PasswordCallbackHandler(Map<String, String> initMap) { + passwords.putAll(initMap); + } + + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + final Callback c = callbacks[i]; + if (c != null && c instanceof WSPasswordCallback) { + final WSPasswordCallback pc = (WSPasswordCallback) c; + + String pass = passwords.get(pc.getIdentifier()); + if (pass != null) { + pc.setPassword(pass); + return; + } + } + } + } + +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java new file mode 100644 index 0000000000..9579a3e249 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/ServerCallbackHandler.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server; + +import java.util.Map; + +import io.quarkus.runtime.annotations.RegisterForReflection; +import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common.PasswordCallbackHandler; + +@RegisterForReflection +public class ServerCallbackHandler extends PasswordCallbackHandler { + + public ServerCallbackHandler() { + super(Map.of("myservicekey", "skpass")); + } +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/TrustHelloService.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/TrustHelloService.java new file mode 100644 index 0000000000..0fe5bdff84 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/TrustHelloService.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server; + +import javax.jws.WebMethod; +import javax.jws.WebService; + +import org.apache.cxf.annotations.Policies; +import org.apache.cxf.annotations.Policy; + +@WebService(targetNamespace = "https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust";) +@Policy(placement = Policy.Placement.BINDING, uri = "classpath:/AsymmetricSAML2Policy.xml") +public interface TrustHelloService { + @WebMethod + @Policies({ + @Policy(placement = Policy.Placement.BINDING_OPERATION_INPUT, uri = "classpath:/Input_Policy.xml"), + @Policy(placement = Policy.Placement.BINDING_OPERATION_OUTPUT, uri = "classpath:/Output_Policy.xml") + }) + String sayHello(); +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/WsTrustServerRoutes.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/WsTrustServerRoutes.java new file mode 100644 index 0000000000..4176f7a384 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/server/WsTrustServerRoutes.java @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server; + +import java.util.HashMap; +import java.util.Map; + +import javax.enterprise.context.ApplicationScoped; +import javax.enterprise.inject.Produces; +import javax.inject.Named; +import javax.xml.namespace.QName; + +import org.apache.camel.builder.RouteBuilder; +import org.apache.camel.component.cxf.jaxws.CxfEndpoint; +import org.apache.cxf.ext.logging.LoggingFeature; + +@ApplicationScoped +public class WsTrustServerRoutes extends RouteBuilder { + + @Override + public void configure() { + + from("cxf:bean:wsTrustHelloService?dataFormat=POJO") + .setBody().constant("WS-Trust Hello World!"); + + } + + @Produces + @ApplicationScoped + @Named + CxfEndpoint wsTrustHelloService() { + final CxfEndpoint result = new CxfEndpoint(); + result.setServiceClass(TrustHelloService.class); + result.setAddress("/jaxws-samples-wsse-policy-trust"); + result.setPortName("TrustHelloServicePort"); + result.setServiceNameAsQName( + new QName("https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust";, "TrustHelloService")); + result.setWsdlURL("TrustHelloService.wsdl"); + + final LoggingFeature lf = new LoggingFeature(); + lf.setPrettyLogging(true); + result.getFeatures().add(lf); + + Map<String, Object> props = new HashMap<>(); + + props.put("ws-security.signature.username", "myservicekey"); + props.put("ws-security.signature.properties", "serviceKeystore.properties"); + props.put("ws-security.encryption.properties", "serviceKeystore.properties"); + props.put("ws-security.callback-handler", + "org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.ServerCallbackHandler"); + result.setProperties(props); + + return result; + } + +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/SampleSTS.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/SampleSTS.java new file mode 100644 index 0000000000..0ad041d4eb --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/SampleSTS.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts; + +import java.util.Arrays; +import java.util.LinkedList; +import java.util.List; + +import javax.xml.ws.WebServiceProvider; + +import io.quarkus.runtime.LaunchMode; +import org.apache.cxf.annotations.EndpointProperties; +import org.apache.cxf.annotations.EndpointProperty; +import org.apache.cxf.sts.StaticSTSProperties; +import org.apache.cxf.sts.operation.TokenIssueOperation; +import org.apache.cxf.sts.operation.TokenValidateOperation; +import org.apache.cxf.sts.service.ServiceMBean; +import org.apache.cxf.sts.service.StaticService; +import org.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler; +import org.apache.cxf.sts.token.provider.SAMLTokenProvider; +import org.apache.cxf.sts.token.validator.SAMLTokenValidator; +import org.apache.cxf.sts.token.validator.UsernameTokenValidator; +import org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider; +import org.eclipse.microprofile.config.Config; +import org.eclipse.microprofile.config.ConfigProvider; + +@WebServiceProvider(serviceName = "SecurityTokenService", portName = "UT_Port", targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";, wsdlLocation = "ws-trust-1.4-service.wsdl") +@EndpointProperties(value = { + @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"), + @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"), + @EndpointProperty(key = "ws-security.callback-handler", value = "org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts.StsCallbackHandler"), + @EndpointProperty(key = "ws-security.validate.token", value = "false") +}) +public class SampleSTS extends SecurityTokenServiceProvider { + + public SampleSTS() throws Exception { + super(); + + StaticSTSProperties props = new StaticSTSProperties(); + props.setSignatureCryptoProperties("stsKeystore.properties"); + props.setSignatureUsername("mystskey"); + props.setCallbackHandlerClass(StsCallbackHandler.class.getName()); + props.setIssuer("DoubleItSTSIssuer"); + + List<ServiceMBean> services = new LinkedList<ServiceMBean>(); + StaticService service = new StaticService(); + final Config config = ConfigProvider.getConfig(); + final int port = LaunchMode.current().equals(LaunchMode.TEST) ? config.getValue("quarkus.http.test-port", Integer.class) + : config.getValue("quarkus.http.port", Integer.class); + service.setEndpoints(Arrays.asList( + "http://localhost:"; + port + "/soapservice/jaxws-samples-wsse-policy-trust/TrustHelloService", + "http://localhost:"; + port + "/soapservice/jaxws-samples-wsse-policy-trust-actas/ActAsService", + "http://localhost:"; + port + "/soapservice/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService")); + services.add(service); + + TokenIssueOperation issueOperation = new TokenIssueOperation(); + issueOperation.setServices(services); + issueOperation.getTokenProviders().add(new SAMLTokenProvider()); + // required for OnBehalfOf + issueOperation.getTokenValidators().add(new UsernameTokenValidator()); + // added for OnBehalfOf and ActAs + issueOperation.getDelegationHandlers().add(new UsernameTokenDelegationHandler()); + issueOperation.setStsProperties(props); + + TokenValidateOperation validateOperation = new TokenValidateOperation(); + validateOperation.getTokenValidators().add(new SAMLTokenValidator()); + validateOperation.setStsProperties(props); + + this.setIssueOperation(issueOperation); + this.setValidateOperation(validateOperation); + } +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java new file mode 100644 index 0000000000..68e4b2e874 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/sts/StsCallbackHandler.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts; + +import java.util.Map; + +import io.quarkus.runtime.annotations.RegisterForReflection; +import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.common.PasswordCallbackHandler; + +@RegisterForReflection(methods = false, fields = false) +public class StsCallbackHandler extends PasswordCallbackHandler { + + public StsCallbackHandler() { + super(Map.of( + "mystskey", "stskpass", + "alice", "clarinet")); + } +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/AsymmetricSAML2Policy.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/AsymmetricSAML2Policy.xml new file mode 100644 index 0000000000..a0aff7d559 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/AsymmetricSAML2Policy.xml @@ -0,0 +1,102 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<wsp:Policy wsu:Id="AsymmetricSAML2Policy" + xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; + xmlns:xsd="http://www.w3.org/2001/XMLSchema"; + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; + xmlns="http://schemas.xmlsoap.org/wsdl/"; + xmlns:wsp="http://www.w3.org/ns/ws-policy"; + xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; + xmlns:wsaws="http://www.w3.org/2005/08/addressing"; + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; + xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy /> + </wsam:Addressing> + <sp:AsymmetricBinding> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:IssuedToken + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference /> + </wsp:Policy> + <sp:Issuer> + <wsaws:Address>http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address> + <wsaws:Metadata xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"; + wsdli:wsdlLocation="http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl";> + <wsaw:ServiceName xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; + xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName> + </wsaws:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:WssX509V3Token10 /> + <sp:RequireIssuerSerialReference /> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp /> + <sp:OnlySignEntireHeadersAndBody /> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256 /> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial /> + <sp:MustSupportRefThumbprint /> + <sp:MustSupportRefEncryptedKey /> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens /> + <sp:RequireClientEntropy /> + <sp:RequireServerEntropy /> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Input_Policy.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Input_Policy.xml new file mode 100644 index 0000000000..c968a184e0 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Input_Policy.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<wsp:Policy wsu:Id="Input_Policy" + xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; + xmlns:xsd="http://www.w3.org/2001/XMLSchema"; + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; + xmlns="http://schemas.xmlsoap.org/wsdl/"; + xmlns:wsp="http://www.w3.org/ns/ws-policy"; + xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; + xmlns:wsaws="http://www.w3.org/2005/08/addressing"; + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; + xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body /> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body /> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Output_Policy.xml b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Output_Policy.xml new file mode 100644 index 0000000000..9b7ab0cfe8 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/Output_Policy.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<wsp:Policy wsu:Id="Output_Policy" + xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; + xmlns:xsd="http://www.w3.org/2001/XMLSchema"; + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; + xmlns="http://schemas.xmlsoap.org/wsdl/"; + xmlns:wsp="http://www.w3.org/ns/ws-policy"; + xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; + xmlns:wsaws="http://www.w3.org/2005/08/addressing"; + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; + xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body /> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body /> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService.wsdl b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService.wsdl new file mode 100644 index 0000000000..60651ab719 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService.wsdl @@ -0,0 +1,182 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<definitions targetNamespace="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; name="TrustHelloService" + xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; + xmlns:xsd="http://www.w3.org/2001/XMLSchema"; + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; + xmlns="http://schemas.xmlsoap.org/wsdl/"; + xmlns:wsp="http://www.w3.org/ns/ws-policy"; + xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"; + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; + xmlns:wsaws="http://www.w3.org/2005/08/addressing"; + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; + xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + <types> + <xsd:schema> + <xsd:import namespace="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; schemaLocation="TrustHelloService_schema1.xsd"/> + </xsd:schema> + </types> + <message name="sayHello"> + <part name="parameters" element="tns:sayHello"/> + </message> + <message name="sayHelloResponse"> + <part name="parameters" element="tns:sayHelloResponse"/> + </message> + <portType name="TrustHelloService"> + <operation name="sayHello"> + <input message="tns:sayHello"/> + <output message="tns:sayHelloResponse"/> + </operation> + </portType> + <binding name="TrustHelloServicePortBinding" type="tns:TrustHelloService"> + <wsp:PolicyReference URI="#AsymmetricSAML2Policy" /> + <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; style="document"/> + <operation name="sayHello"> + <soap:operation soapAction=""/> + <input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#Input_Policy" /> + </input> + <output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#Output_Policy" /> + </output> + </operation> + </binding> + <service name="TrustHelloService"> + <port name="TrustHelloServicePort" binding="tns:TrustHelloServicePortBinding"> + <soap:address location="http://@jboss.bind.address@:@add_int(port-offset.cxf-tests.jboss,8080)@/jaxws-samples-wsse-policy-trust/TrustHelloService"/> + </port> + </service> + + <wsp:Policy wsu:Id="AsymmetricSAML2Policy"> + <wsp:ExactlyOne> + <wsp:All> + <wsam:Addressing wsp:Optional="false"> + <wsp:Policy /> + </wsam:Addressing> + <sp:AsymmetricBinding> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:IssuedToken + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <sp:RequestSecurityTokenTemplate> + <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType> + <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType> + </sp:RequestSecurityTokenTemplate> + <wsp:Policy> + <sp:RequireInternalReference /> + </wsp:Policy> + <sp:Issuer> + <wsaws:Address>http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address> + <wsaws:Metadata xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"; + wsdli:wsdlLocation="http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl";> + <wsaw:ServiceName xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"; + xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName> + </wsaws:Metadata> + </sp:Issuer> + </sp:IssuedToken> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:WssX509V3Token10 /> + <sp:RequireIssuerSerialReference /> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp /> + <sp:OnlySignEntireHeadersAndBody /> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256 /> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefIssuerSerial /> + <sp:MustSupportRefThumbprint /> + <sp:MustSupportRefEncryptedKey /> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13> + <wsp:Policy> + <sp:MustSupportIssuedTokens /> + <sp:RequireClientEntropy /> + <sp:RequireServerEntropy /> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <wsp:Policy wsu:Id="Input_Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body /> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body /> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <wsp:Policy wsu:Id="Output_Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:EncryptedParts> + <sp:Body /> + </sp:EncryptedParts> + <sp:SignedParts> + <sp:Body /> + <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</definitions> diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService_schema1.xsd b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService_schema1.xsd new file mode 100644 index 0000000000..c4297b447f --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/TrustHelloService_schema1.xsd @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<xs:schema version="1.0" targetNamespace="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; xmlns:tns="https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust"; xmlns:xs="http://www.w3.org/2001/XMLSchema";> + + <xs:element name="sayHello" type="tns:sayHello"/> + + <xs:element name="sayHelloResponse" type="tns:sayHelloResponse"/> + + <xs:complexType name="sayHello"> + <xs:sequence/> + </xs:complexType> + + <xs:complexType name="sayHelloResponse"> + <xs:sequence> + <xs:element name="return" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> +</xs:schema> + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties new file mode 100644 index 0000000000..2652146673 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/application.properties @@ -0,0 +1,25 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +quarkus.cxf.path=/soapservice + +quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-sts".implementor=org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.sts.SampleSTS +quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust-sts".features=org.apache.cxf.ext.logging.LoggingFeature + +#quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust".implementor=org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.TrustHelloServiceImpl +#quarkus.cxf.endpoint."/jaxws-samples-wsse-policy-trust".features=org.apache.cxf.ext.logging.LoggingFeature + +quarkus.native.resources.includes=*.properties,*.jks,*.wsdl,*.xml diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties new file mode 100644 index 0000000000..58141f4679 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/serviceKeystore.properties @@ -0,0 +1,40 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=sspass +org.apache.ws.security.crypto.merlin.keystore.alias=myservicekey +org.apache.ws.security.crypto.merlin.keystore.file=servicestore.jks + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks new file mode 100644 index 0000000000..999ee824c3 Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/servicestore.jks differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties new file mode 100644 index 0000000000..c67a29ed4c --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsKeystore.properties @@ -0,0 +1,39 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=stsspass +org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks new file mode 100644 index 0000000000..4ba33e40ef Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/stsstore.jks differ diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/ws-trust-1.4-service.wsdl b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/ws-trust-1.4-service.wsdl new file mode 100644 index 0000000000..76bc7b8ea2 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/main/resources/ws-trust-1.4-service.wsdl @@ -0,0 +1,303 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +--> +<wsdl:definitions targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://www.w3.org/ [...] + + <wsdl:types> + <xs:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512";> + + <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType" /> + <xs:element name="RequestSecurityTokenResponse" type="wst:AbstractRequestSecurityTokenType" /> + + <xs:complexType name="AbstractRequestSecurityTokenType"> + <xs:sequence> + <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + <xs:attribute name="Context" type="xs:anyURI" use="optional" /> + <xs:anyAttribute namespace="##other" processContents="lax" /> + </xs:complexType> + <xs:element name="RequestSecurityTokenCollection" type="wst:RequestSecurityTokenCollectionType" /> + <xs:complexType name="RequestSecurityTokenCollectionType"> + <xs:sequence> + <xs:element name="RequestSecurityToken" type="wst:AbstractRequestSecurityTokenType" minOccurs="2" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + + <xs:element name="RequestSecurityTokenResponseCollection" type="wst:RequestSecurityTokenResponseCollectionType" /> + <xs:complexType name="RequestSecurityTokenResponseCollectionType"> + <xs:sequence> + <xs:element ref="wst:RequestSecurityTokenResponse" minOccurs="1" maxOccurs="unbounded" /> + </xs:sequence> + <xs:anyAttribute namespace="##other" processContents="lax" /> + </xs:complexType> + + </xs:schema> + </wsdl:types> + + <!-- WS-Trust defines the following GEDs --> + <wsdl:message name="RequestSecurityTokenMsg"> + <wsdl:part name="request" element="wst:RequestSecurityToken" /> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponseMsg"> + <wsdl:part name="response" element="wst:RequestSecurityTokenResponse" /> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenCollectionMsg"> + <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection" /> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponseCollectionMsg"> + <wsdl:part name="responseCollection" element="wst:RequestSecurityTokenResponseCollection" /> + </wsdl:message> + + <!-- This portType an example of a Requestor (or other) endpoint that + Accepts SOAP-based challenges from a Security Token Service --> + <wsdl:portType name="WSSecurityRequestor"> + <wsdl:operation name="Challenge"> + <wsdl:input message="tns:RequestSecurityTokenResponseMsg" /> + <wsdl:output message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + </wsdl:portType> + + <!-- This portType is an example of an STS supporting full protocol --> + <wsdl:portType name="STS"> + <wsdl:operation name="Cancel"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"; message="tns:RequestSecurityTokenMsg" /> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"; message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="Issue"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; message="tns:RequestSecurityTokenMsg" /> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"; message="tns:RequestSecurityTokenResponseCollectionMsg" /> + </wsdl:operation> + <wsdl:operation name="Renew"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"; message="tns:RequestSecurityTokenMsg" /> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"; message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="Validate"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"; message="tns:RequestSecurityTokenMsg" /> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"; message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="KeyExchangeToken"> + <wsdl:input wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"; message="tns:RequestSecurityTokenMsg" /> + <wsdl:output wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"; message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="RequestCollection"> + <wsdl:input message="tns:RequestSecurityTokenCollectionMsg" /> + <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg" /> + </wsdl:operation> + </wsdl:portType> + + <!-- This portType is an example of an endpoint that accepts + Unsolicited RequestSecurityTokenResponse messages --> + <wsdl:portType name="SecurityTokenResponseService"> + <wsdl:operation name="RequestSecurityTokenResponse"> + <wsdl:input message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + </wsdl:portType> + + <wsdl:binding name="UT_Binding" type="wstrust:STS"> + <wsp:PolicyReference URI="#UT_policy" /> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"; /> + <wsdl:operation name="Issue"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; /> + <wsdl:input> + <wsp:PolicyReference URI="#Input_policy" /> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <wsp:PolicyReference URI="#Output_policy" /> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Validate"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"; /> + <wsdl:input> + <wsp:PolicyReference URI="#Input_policy" /> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <wsp:PolicyReference URI="#Output_policy" /> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Cancel"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Renew"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="KeyExchangeToken"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="RequestCollection"> + <soap:operation soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + + <wsdl:service name="SecurityTokenService"> + <wsdl:port name="UT_Port" binding="tns:UT_Binding"> + <soap:address location="http://localhost:8081/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService/UT"; /> + </wsdl:port> + </wsdl:service> + + <wsp:Policy wsu:Id="UT_policy"> + <wsp:ExactlyOne> + <wsp:All> + <wsap10:UsingAddressing /> + <sp:SymmetricBinding + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:X509Token + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:RequireDerivedKeys /> + <sp:RequireThumbprintReference /> + <sp:WssX509V3Token10 /> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256 /> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp /> + <sp:EncryptSignature /> + <sp:OnlySignEntireHeadersAndBody /> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:SignedSupportingTokens + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:UsernameToken + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <wsp:Policy> + <sp:WssUsernameToken10 /> + </wsp:Policy> + </sp:UsernameToken> + </wsp:Policy> + </sp:SignedSupportingTokens> + <sp:Wss11 + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier /> + <sp:MustSupportRefIssuerSerial /> + <sp:MustSupportRefThumbprint /> + <sp:MustSupportRefEncryptedKey /> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13 + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:MustSupportIssuedTokens /> + <sp:RequireClientEntropy /> + <sp:RequireServerEntropy /> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="Input_policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SignedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + <sp:Header Name="To" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" + Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + <sp:EncryptedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <wsp:Policy wsu:Id="Output_policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SignedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + <sp:Header Name="To" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" + Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + <sp:EncryptedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</wsdl:definitions> diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java new file mode 100644 index 0000000000..6ede4fa0e2 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/ClientCallbackHandler.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.wss4j.common.ext.WSPasswordCallback; + +public class ClientCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) throws IOException, + UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof WSPasswordCallback) { + WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; + if ("myclientkey".equals(pc.getIdentifier())) { + pc.setPassword("ckpass"); + break; + } else if ("alice".equals(pc.getIdentifier())) { + pc.setPassword("clarinet"); + break; + } else if ("bob".equals(pc.getIdentifier())) { + pc.setPassword("trombone"); + break; + } else if ("myservicekey".equals(pc.getIdentifier())) { // rls test added for bearer test + pc.setPassword("skpass"); + break; + } + } + } + } +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustIT.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustIT.java new file mode 100644 index 0000000000..cf3b6cba8a --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustIT.java @@ -0,0 +1,24 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +public class CxfWsTrustIT extends CxfWsTrustTest { + +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustTest.java b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustTest.java new file mode 100644 index 0000000000..0c1b496f66 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/java/org/apache/camel/quarkus/component/cxf/soap/it/ws/trust/CxfWsTrustTest.java @@ -0,0 +1,167 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.cxf.soap.it.ws.trust; + +import java.net.URL; +import java.util.Map; + +import javax.xml.namespace.QName; +import javax.xml.ws.BindingProvider; +import javax.xml.ws.Service; + +import io.quarkiverse.cxf.test.QuarkusCxfClientTestUtil; +import io.quarkus.test.junit.QuarkusTest; +import io.restassured.RestAssured; +import io.restassured.config.RestAssuredConfig; +import org.apache.camel.quarkus.component.cxf.soap.it.ws.trust.server.TrustHelloService; +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.trust.STSClient; +import org.assertj.core.api.Assertions; +import org.hamcrest.CoreMatchers; +import org.hamcrest.Matchers; +import org.junit.jupiter.api.Test; + +import static io.quarkiverse.cxf.test.QuarkusCxfClientTestUtil.anyNs; +import static io.restassured.RestAssured.given; + +@QuarkusTest +public class CxfWsTrustTest { + + /** + * Make sure the ws-trust-1.4-service.wsdl file is served + */ + @Test + void stsWsdl() { + RestAssuredConfig config = RestAssured.config(); + config.getXmlConfig().namespaceAware(false); + given() + .config(config) + .when().get("/soapservice/jaxws-samples-wsse-policy-trust-sts?wsdl") + .then() + .statusCode(200) + .body( + Matchers.hasXPath( + anyNs("definitions", "Policy") + + "/@*[local-name() = 'Id']", + CoreMatchers.is("UT_policy"))); + } + + @Test + void wsdl() { + RestAssuredConfig config = RestAssured.config(); + config.getXmlConfig().namespaceAware(false); + given() + .config(config) + .when().get("/soapservice/jaxws-samples-wsse-policy-trust?wsdl") + .then() + .statusCode(200) + .body( + Matchers.hasXPath( + anyNs("definitions", "Policy") + + "[1]/@*[local-name() = 'Id']", + CoreMatchers.is("AsymmetricSAML2Policy")), + Matchers.hasXPath( + anyNs("definitions", "Policy") + + "[2]/@*[local-name() = 'Id']", + CoreMatchers.is("Input_Policy")), + Matchers.hasXPath( + anyNs("definitions", "Policy") + + "[3]/@*[local-name() = 'Id']", + CoreMatchers.is("Output_Policy")) + + ); + } + + @Test + public void programmaticSts() throws Exception { + Bus bus = BusFactory.newInstance().createBus(); + try { + BusFactory.setThreadDefaultBus(bus); + + final QName serviceName = new QName("https://quarkiverse.github.io/quarkiverse-docs/quarkus-cxf/test/ws-trust";, + "TrustHelloService"); + final URL wsdlURL = new URL(io.quarkiverse.cxf.test.QuarkusCxfClientTestUtil.getServerUrl() + + "/soapservice/jaxws-samples-wsse-policy-trust/TrustHelloService?wsdl"); + Service service = Service.create(wsdlURL, serviceName); + TrustHelloService proxy = (TrustHelloService) service.getPort(TrustHelloService.class); + + final QName stsServiceName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/";, "SecurityTokenService"); + final QName stsPortName = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/";, "UT_Port"); + + String stsURL = QuarkusCxfClientTestUtil.getServerUrl() + + "/soapservice/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl"; + setupWsseAndSTSClient(proxy, bus, stsURL, stsServiceName, stsPortName); + + Assertions.assertThat(proxy.sayHello()).isEqualTo("WS-Trust Hello World!"); + } finally { + bus.shutdown(true); + } + + } + + public static void setupWsseAndSTSClient(TrustHelloService proxy, Bus bus, String stsWsdlLocation, QName stsService, + QName stsPort) { + Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext(); + setServiceContextAttributes(ctx); + ctx.put(SecurityConstants.STS_CLIENT, createSTSClient(bus, stsWsdlLocation, stsService, stsPort)); + } + + private static void setServiceContextAttributes(Map<String, Object> ctx) { + ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler()); + ctx.put(SecurityConstants.SIGNATURE_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties")); + ctx.put(SecurityConstants.ENCRYPT_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties")); + ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey"); + ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey"); + } + + /** + * Create and configure an STSClient for use by service TrustHelloServiceImpl. + * + * Whenever an "<sp:IssuedToken>" policy is configured on a WSDL port, as is the + * case for TrustHelloServiceImpl, a STSClient must be created and configured in + * order for the service to connect to the STS-server to obtain a token. + * + * @param bus + * @param stsWsdlLocation + * @param stsService + * @param stsPort + * @return + */ + private static STSClient createSTSClient(Bus bus, String stsWsdlLocation, QName stsService, QName stsPort) { + STSClient stsClient = new STSClient(bus); + if (stsWsdlLocation != null) { + stsClient.setWsdlLocation(stsWsdlLocation); + stsClient.setServiceQName(stsService); + stsClient.setEndpointQName(stsPort); + } + Map<String, Object> props = stsClient.getProperties(); + props.put(SecurityConstants.USERNAME, "alice"); + props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler()); + props.put(SecurityConstants.ENCRYPT_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties")); + props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey"); + props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey"); + props.put(SecurityConstants.STS_TOKEN_PROPERTIES, + Thread.currentThread().getContextClassLoader().getResource("clientKeystore.properties")); + props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); + return stsClient; + } +} diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties new file mode 100644 index 0000000000..f864336040 --- /dev/null +++ b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientKeystore.properties @@ -0,0 +1,40 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=cspass +org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey +org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks + diff --git a/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks new file mode 100644 index 0000000000..5c48cb437d Binary files /dev/null and b/integration-test-groups/cxf-soap/cxf-soap-ws-trust/src/test/resources/clientstore.jks differ diff --git a/integration-test-groups/cxf-soap/pom.xml b/integration-test-groups/cxf-soap/pom.xml index 5c6dba708a..05fa61e59d 100644 --- a/integration-test-groups/cxf-soap/pom.xml +++ b/integration-test-groups/cxf-soap/pom.xml @@ -43,6 +43,7 @@ <module>cxf-soap-server</module> <module>cxf-soap-ws-security-client</module> <module>cxf-soap-ws-security-server</module> + <module>cxf-soap-ws-trust</module> </modules> </project> diff --git a/integration-tests/cxf-soap-grouped/pom.xml b/integration-tests/cxf-soap-grouped/pom.xml index 5f78fd1813..e639685990 100644 --- a/integration-tests/cxf-soap-grouped/pom.xml +++ b/integration-tests/cxf-soap-grouped/pom.xml @@ -44,10 +44,18 @@ <groupId>org.apache.camel.quarkus</groupId> <artifactId>camel-quarkus-cxf-soap</artifactId> </dependency> + <dependency> + <groupId>io.quarkiverse.cxf</groupId> + <artifactId>quarkus-cxf-rt-features-logging</artifactId> + </dependency> <dependency> <groupId>io.quarkiverse.cxf</groupId> <artifactId>quarkus-cxf-rt-ws-security</artifactId> </dependency> + <dependency> + <groupId>io.quarkiverse.cxf</groupId> + <artifactId>quarkus-cxf-services-sts</artifactId> + </dependency> <dependency> <groupId>org.apache.cxf.xjc-utils</groupId> <artifactId>cxf-xjc-runtime</artifactId> @@ -106,6 +114,230 @@ <build> <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>keytool-maven-plugin</artifactId> + <configuration> + <keypass>password</keypass> + <validity>365</validity> + <keyalg>RSA</keyalg> + <storepass>password</storepass> + </configuration> + <executions> + <execution> + <id>generate-cxfca-keypair</id> + <phase>generate-sources</phase> + <goals> + <goal>clean</goal> + <goal>generateKeyPair</goal> + </goals> + <configuration> + <alias>cxfca</alias> + <dname>CN=cxfca, OU=eng, O=apache.org</dname> + <exts> + <ext>bc:c=ca:true,pathlen:2147483647</ext> + <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext> + </exts> + <keystore>${project.build.outputDirectory}/cxfca.jks</keystore> + </configuration> + </execution> + <execution> + <id>export-cxfca-certificate</id> + <phase>generate-sources</phase> + <goals> + <goal>exportCertificate</goal> + </goals> + <configuration> + <alias>cxfca</alias> + <keystore>${project.build.outputDirectory}/cxfca.jks</keystore> + <rfc>true</rfc> + <file>${project.build.outputDirectory}/cxfca.pem</file> + </configuration> + </execution> + <execution> + <id>generate-alice-keypair</id> + <phase>generate-sources</phase> + <goals> + <goal>clean</goal> + <goal>generateKeyPair</goal> + </goals> + <configuration> + <alias>alice</alias> + <dname>CN=alice, OU=eng, O=apache.org</dname> + <exts> + <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext> + <ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext> + </exts> + <keystore>${project.build.outputDirectory}/alice.jks</keystore> + </configuration> + </execution> + <execution> + <id>generate-bob-keypair</id> + <phase>generate-sources</phase> + <goals> + <goal>clean</goal> + <goal>generateKeyPair</goal> + </goals> + <configuration> + <alias>bob</alias> + <dname>CN=bob, OU=eng, O=apache.org</dname> + <exts> + <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext> + <ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext> + </exts> + <keystore>${project.build.outputDirectory}/bob.jks</keystore> + </configuration> + </execution> + <execution> + <id>generate-alice-certificate-request</id> + <phase>generate-sources</phase> + <goals> + <goal>generateCertificateRequest</goal> + </goals> + <configuration> + <alias>alice</alias> + <keystore>${project.build.outputDirectory}/alice.jks</keystore> + <file>${project.build.outputDirectory}/alice.csr</file> + </configuration> + </execution> + <execution> + <id>generate-alice-certificate</id> + <phase>generate-sources</phase> + <goals> + <goal>generateCertificate</goal> + </goals> + <configuration> + <alias>cxfca</alias> + <keystore>${project.build.outputDirectory}/cxfca.jks</keystore> + <rfc>true</rfc> + <infile>${project.build.outputDirectory}/alice.csr</infile> + <outfile>${project.build.outputDirectory}/alice.pem</outfile> + </configuration> + </execution> + <execution> + <id>generate-bob-certificate-request</id> + <phase>generate-sources</phase> + <goals> + <goal>generateCertificateRequest</goal> + </goals> + <configuration> + <alias>bob</alias> + <keystore>${project.build.outputDirectory}/bob.jks</keystore> + <file>${project.build.outputDirectory}/bob.csr</file> + </configuration> + </execution> + <execution> + <id>generate-bob-certificate</id> + <phase>generate-sources</phase> + <goals> + <goal>generateCertificate</goal> + </goals> + <configuration> + <alias>cxfca</alias> + <keystore>${project.build.outputDirectory}/cxfca.jks</keystore> + <rfc>true</rfc> + <infile>${project.build.outputDirectory}/bob.csr</infile> + <outfile>${project.build.outputDirectory}/bob.pem</outfile> + </configuration> + </execution> + <execution> + <id>import-cxfca-certificate-to-alice</id> + <phase>generate-sources</phase> + <goals> + <goal>importCertificate</goal> + </goals> + <configuration> + <alias>cxfca</alias> + <trustcacerts>true</trustcacerts> + <noprompt>true</noprompt> + <keystore>${project.build.outputDirectory}/alice.jks</keystore> + <file>${project.build.outputDirectory}/cxfca.pem</file> + </configuration> + </execution> + <execution> + <id>import-cxfca-certificate-to-bob</id> + <phase>generate-sources</phase> + <goals> + <goal>importCertificate</goal> + </goals> + <configuration> + <alias>cxfca</alias> + <trustcacerts>true</trustcacerts> + <noprompt>true</noprompt> + <keystore>${project.build.outputDirectory}/bob.jks</keystore> + <file>${project.build.outputDirectory}/cxfca.pem</file> + </configuration> + </execution> + <execution> + <id>import-alice-certificate</id> + <phase>generate-sources</phase> + <goals> + <goal>importCertificate</goal> + </goals> + <configuration> + <alias>alice</alias> + <trustcacerts>true</trustcacerts> + <noprompt>true</noprompt> + <keystore>${project.build.outputDirectory}/alice.jks</keystore> + <file>${project.build.outputDirectory}/alice.pem</file> + </configuration> + </execution> + <execution> + <id>import-bob-certificate</id> + <phase>generate-sources</phase> + <goals> + <goal>importCertificate</goal> + </goals> + <configuration> + <alias>bob</alias> + <trustcacerts>true</trustcacerts> + <noprompt>true</noprompt> + <keystore>${project.build.outputDirectory}/bob.jks</keystore> + <file>${project.build.outputDirectory}/bob.pem</file> + </configuration> + </execution> + <execution> + <id>import-bob-certificate-to-alice</id> + <phase>generate-sources</phase> + <goals> + <goal>importCertificate</goal> + </goals> + <configuration> + <alias>bob</alias> + <trustcacerts>true</trustcacerts> + <noprompt>true</noprompt> + <keystore>${project.build.outputDirectory}/alice.jks</keystore> + <file>${project.build.outputDirectory}/bob.pem</file> + </configuration> + </execution> + <execution> + <id>import-alice-certificate-to-bob</id> + <phase>generate-sources</phase> + <goals> + <goal>importCertificate</goal> + </goals> + <configuration> + <alias>alice</alias> + <trustcacerts>true</trustcacerts> + <noprompt>true</noprompt> + <keystore>${project.build.outputDirectory}/bob.jks</keystore> + <file>${project.build.outputDirectory}/alice.pem</file> + </configuration> + </execution> +<!-- Uncomment execution block below for local testing --> +<!-- <execution>--> +<!-- <id>list</id>--> +<!-- <phase>generate-sources</phase>--> +<!-- <goals>--> +<!-- <goal>list</goal>--> +<!-- </goals>--> +<!-- <configuration>--> +<!-- <verbose>true</verbose>--> +<!-- <keystore>${project.build.outputDirectory}/bob.jks</keystore>--> +<!-- </configuration>--> +<!-- </execution>--> + </executions> + </plugin> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>build-helper-maven-plugin</artifactId>
