Author: dvaleri
Date: Thu Apr 1 14:52:54 2010
New Revision: 929993
URL: http://svn.apache.org/viewvc?rev=929993&view=rev
Log:
[CXF-2639] Expose Cryptographic coverage checking code from
PolicyBasedWSS4JInInterceptor in a non-WS-Policy based interceptor
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
(with props)
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
(with props)
Modified:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
Added:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=929993&view=auto
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
(added)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
Thu Apr 1 14:52:54 2010
@@ -0,0 +1,300 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.binding.soap.SoapFault;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+
+/**
+ * Utility to enable the checking of WS-Security signature/encryption
+ * coverage based on the results of the WSS4J processors. This interceptor
+ * provides an alternative to using WS-Policy based configuration for crypto
+ * coverage enforcement.
+ * <p/>
+ * Note that the processor must properly address the Security Token
+ * Reference Dereference transform in the case of a signed security token
+ * such as a SAML assertion. Consequently, a version of WSS4J that properly
+ * addresses this transform must be used with this utility if you wish to
+ * check coverage over a message part referenced through the Security Token
+ * Reference Dereference transform.
+ * See <a href="https://issues.apache.org/jira/browse/WSS-222">WSS-222</a>
+ * for more details.
+ */
+public class CryptoCoverageChecker extends AbstractSoapInterceptor {
+
+ /**
+ * The XPath expressions for locating elements in SOAP messages
+ * that must be covered. See {...@link #prefixMap}
+ * for namespace prefixes available.
+ */
+ protected List<XPathExpression> xPaths = new ArrayList<XPathExpression>();
+
+ /**
+ * Mapping of namespace prefixes to namespace URIs.
+ */
+ protected Map<String, String> prefixMap = new HashMap<String, String>();
+
+ /**
+ * Creates a new instance. See {...@link #setPrefixes()} and {...@link
#setXpaths()}
+ * for providing configuration options.
+ */
+ public CryptoCoverageChecker() {
+ this(null, null);
+ }
+
+ /**
+ * Creates a new instance that checks for signature coverage over matches
to
+ * the provided XPath expressions making defensive copies of provided
arguments.
+ *
+ * @param prefixes
+ * mapping of namespace prefixes to namespace URIs
+ * @param xPaths
+ * a list of XPath expressions
+ */
+ public CryptoCoverageChecker(Map<String, String> prefixes,
List<XPathExpression> xPaths)
+ {
+ super(Phase.PRE_PROTOCOL);
+ this.addAfter(WSS4JInInterceptor.class.getName());
+ this.setPrefixes(prefixes);
+ this.setXPaths(xPaths);
+ }
+
+ /**
+ * Checks that the WSS4J results refer to the required signed/encrypted
+ * elements as defined by the XPath expressions in {...@link #xPaths}.
+ *
+ * @param message
+ * the SOAP message containing the signature
+ *
+ * @throws SoapFault
+ * if there is an error evaluating an XPath or an element is
not
+ * covered by the required cryptographic operation
+ */
+ @Override
+ public void handleMessage(SoapMessage message) throws Fault {
+ final Collection<WSDataRef> signed = new HashSet<WSDataRef>();
+ final Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
+
+ List<Object> results = CastUtils.cast(
+ (List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
+
+ for (Object result : results) {
+
+ final WSHandlerResult wshr = (WSHandlerResult) result;
+ final Vector<Object> wsSecurityEngineSignResults = new
Vector<Object>();
+ final Vector<Object> wsSecurityEngineEncResults = new
Vector<Object>();
+
+ WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
+ WSConstants.SIGN, wsSecurityEngineSignResults);
+
+ WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
+ WSConstants.ENCR, wsSecurityEngineEncResults);
+
+ for (Object o : wsSecurityEngineSignResults) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) o;
+
+ List<WSDataRef> sl = CastUtils.cast((List<?>) wser
+ .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+ if (sl != null) {
+ if (sl.size() == 1
+ && sl.get(0).getName().equals(new
QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) {
+ //endorsing the signature so don't include
+ break;
+ }
+
+ for (WSDataRef r : sl) {
+ signed.add(r);
+ }
+ }
+ }
+
+ for (Object o : wsSecurityEngineEncResults) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) o;
+
+ List<WSDataRef> el = CastUtils.cast((List<?>) wser
+ .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+
+ if (el != null) {
+ for (WSDataRef r : el) {
+ encrypted.add(r);
+ }
+ }
+ }
+ }
+
+ for (XPathExpression xPathExpression : this.xPaths) {
+ Collection<WSDataRef> refsToCheck = null;
+
+ switch (xPathExpression.getType()) {
+ case SIGNED:
+ refsToCheck = signed;
+ break;
+ case ENCRYPTED:
+ refsToCheck = encrypted;
+ break;
+ default:
+ throw new IllegalStateException("Unexpected crypto type: "
+ + xPathExpression.getType());
+ }
+
+ try {
+ CryptoCoverageUtil.checkCoverage(
+ message.getContent(SOAPMessage.class),
+ refsToCheck,
+ this.prefixMap,
+ xPathExpression.getXPath(),
+ xPathExpression.getType(),
+ xPathExpression.getScope());
+ } catch (WSSecurityException e) {
+ throw new SoapFault("No " + xPathExpression.getType()
+ + " element found matching XPath "
+ + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
+ }
+ }
+ }
+
+ /**
+ * Sets the XPath expressions to check for, clearing all previously
+ * set expressions.
+ *
+ * @param xPaths the XPath expressions to check for
+ */
+ public final void setXPaths(List<XPathExpression> xPaths) {
+ this.xPaths.clear();
+ if (xPaths != null) {
+ this.xPaths.addAll(xPaths);
+ }
+ }
+
+ /**
+ * Sets the mapping of namespace prefixes to namespace URIs, clearing all
previously
+ * set mappings.
+ *
+ * @param prefixes the mapping of namespace prefixes to namespace URIs
+ */
+ public final void setPrefixes(Map<String, String> prefixes) {
+ this.prefixMap.clear();
+ if (prefixes != null) {
+ this.prefixMap.putAll(prefixes);
+ }
+ }
+
+ /**
+ * A simple wrapper for an XPath expression and coverage type / scope
+ * indicating how the XPath expression should be enforced as a
cryptographic
+ * coverage requirement.
+ */
+ public static class XPathExpression {
+
+ /**
+ * The XPath expression.
+ */
+ private final String xPath;
+
+ /**
+ * The type of coverage that is being enforced.
+ */
+ private final CoverageType type;
+
+ /**
+ * The scope of the coverage that is being enforced.
+ */
+ private final CoverageScope scope;
+
+ /**
+ * Create a new expression indicating a cryptographic coverage
+ * requirement. If {...@code type} is {...@link CoverageType#SIGNED},
the
+ * {...@code scope} {...@link CoverageScope#CONTENT} does not
represent a
+ * configuration supported in WS-Security.
+ *
+ * @param xPath
+ * the XPath expression
+ * @param type
+ * the type of coverage that the expression is meant to
+ * enforce
+ * @param scope
+ * the scope of coverage that the expression is meant to
+ * enforce, defaults to {...@link CoverageScope#ELEMENT}
+ *
+ * @throws NullPointerException
+ * if {...@code xPath} or {...@code type} is {...@code
null}
+ */
+ public XPathExpression(String xPath, CoverageType type, CoverageScope
scope) {
+ if (xPath == null) {
+ throw new NullPointerException("xPath cannot be null.");
+ } else if (type == null) {
+ throw new NullPointerException("type cannot be null.");
+ }
+
+ this.xPath = xPath;
+ this.type = type;
+ this.scope = scope;
+ }
+
+ /**
+ * Returns the XPath expression.
+ * @return the XPath expression
+ */
+ public String getXPath() {
+ return this.xPath;
+ }
+
+ /**
+ * Returns the coverage type.
+ * @return the coverage type
+ */
+ public CoverageType getType() {
+ return this.type;
+ }
+
+ /**
+ * Returns the coverage scope.
+ * @return the coverage scope
+ */
+ public CoverageScope getScope() {
+ return this.scope;
+ }
+ }
+}
Propchange:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java?rev=929993&r1=929992&r2=929993&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
(original)
+++
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
Thu Apr 1 14:52:54 2010
@@ -21,20 +21,30 @@ package org.apache.cxf.ws.security.wss4j
import java.io.IOException;
import java.io.InputStream;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
import org.apache.cxf.binding.soap.Soap11;
+import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.MessageImpl;
import org.apache.cxf.test.AbstractCXFTest;
import org.apache.ws.security.WSConstants;
+
public abstract class AbstractSecurityTest extends AbstractCXFTest {
public AbstractSecurityTest() {
super();
@@ -47,16 +57,59 @@ public abstract class AbstractSecurityTe
addNamespace("wsu", WSConstants.WSU_NS);
}
+ /**
+ * Reads a classpath resource into a Document.
+ * @param name the name of the classpath resource
+ */
protected Document readDocument(String name) throws SAXException,
IOException,
ParserConfigurationException {
InputStream inStream = getClass().getResourceAsStream(name);
return DOMUtils.readXml(inStream);
}
-
+ /**
+ * Reads a classpath resource into a SAAJ structure.
+ * @param name the name of the classpath resource
+ */
protected SOAPMessage readSAAJDocument(String name) throws SAXException,
IOException,
ParserConfigurationException, SOAPException {
InputStream inStream = getClass().getResourceAsStream(name);
return MessageFactory.newInstance().createMessage(null, inStream);
}
+
+ /**
+ * Creates a {...@link SoapMessage} from the contents of a document.
+ * @param doc the document containing the SOAP content.
+ */
+ protected SoapMessage getSoapMessageForDom(Document doc) throws
SOAPException {
+ SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
+ SOAPPart part = saajMsg.getSOAPPart();
+ part.setContent(new DOMSource(doc));
+ saajMsg.saveChanges();
+
+ SoapMessage msg = new SoapMessage(new MessageImpl());
+ Exchange ex = new ExchangeImpl();
+ ex.setInMessage(msg);
+ msg.setContent(SOAPMessage.class, saajMsg);
+ return msg;
+ }
+
+ protected static boolean checkUnrestrictedPoliciesInstalled() {
+ try {
+ byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+ SecretKey key192 = new SecretKeySpec(
+ new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+ "AES");
+ Cipher c = Cipher.getInstance("AES");
+ c.init(Cipher.ENCRYPT_MODE, key192);
+ c.doFinal(data);
+ return true;
+ } catch (Exception e) {
+ //ignore
+ }
+ return false;
+ }
}
Added:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java?rev=929993&view=auto
==============================================================================
---
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
(added)
+++
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
Thu Apr 1 14:52:54 2010
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor;
+import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.Interceptor;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker.XPathExpression;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.junit.Test;
+
+
+
+public class CryptoCoverageCheckerTest extends AbstractSecurityTest {
+
+ @Test
+ public void testOrder() throws Exception {
+ //make sure the interceptors get ordered correctly
+ SortedSet<Phase> phases = new TreeSet<Phase>();
+ phases.add(new Phase(Phase.PRE_PROTOCOL, 1));
+
+ List<Interceptor<? extends Message>> lst =
+ new ArrayList<Interceptor<? extends Message>>();
+ lst.add(new MustUnderstandInterceptor());
+ lst.add(new WSS4JInInterceptor());
+ lst.add(new SAAJInInterceptor());
+ lst.add(new CryptoCoverageChecker());
+ PhaseInterceptorChain chain = new PhaseInterceptorChain(phases);
+ chain.add(lst);
+ String output = chain.toString();
+ assertTrue(output.contains("MustUnderstandInterceptor,
SAAJInInterceptor, "
+ + "WSS4JInInterceptor, CryptoCoverageChecker"));
+ }
+
+ @Test
+ public void testSignedWithIncompleteCoverage() throws Exception {
+ this.runInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_header.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//ser:Header", CoverageType.SIGNED,
CoverageScope.ELEMENT)),
+ false);
+
+ // This is mostly testing that things work with no prefixes.
+ this.runInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_header.xml",
+ null,
+ Arrays.asList(new XPathExpression(
+ "//*", CoverageType.SIGNED, CoverageScope.ELEMENT)),
+ false);
+
+ // This is mostly testing that things work with no expressions.
+ this.runInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_header.xml",
+ null,
+ null,
+ true);
+ }
+
+ @Test
+ public void testSignedWithCompleteCoverage() throws Exception {
+ this.runInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
+ null,
+ null,
+ true);
+
+ this.runInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//ser:Header", CoverageType.SIGNED,
CoverageScope.ELEMENT)),
+ true);
+ }
+
+ @Test
+ public void testEncryptedWithIncompleteCoverage() throws Exception {
+ this.runInterceptorAndValidate(
+ "encrypted_missing_enc_header.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//ser:Header", CoverageType.ENCRYPTED,
CoverageScope.ELEMENT)),
+ false);
+
+ this.runInterceptorAndValidate(
+ "encrypted_body_content.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//soap:Body", CoverageType.ENCRYPTED,
CoverageScope.ELEMENT)),
+ false);
+
+ this.runInterceptorAndValidate(
+ "encrypted_body_element.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//soap:Body", CoverageType.ENCRYPTED,
CoverageScope.CONTENT)),
+ false);
+ }
+
+ @Test
+ public void testEncryptedWithCompleteCoverage() throws Exception {
+ this.runInterceptorAndValidate(
+ "encrypted_body_content.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//ser:Header", CoverageType.ENCRYPTED,
CoverageScope.ELEMENT)),
+ true);
+
+ this.runInterceptorAndValidate(
+ "encrypted_body_element.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//soap:Body", CoverageType.ENCRYPTED,
CoverageScope.ELEMENT)),
+ true);
+
+ this.runInterceptorAndValidate(
+ "encrypted_body_content.xml",
+ this.getPrefixes(),
+ Arrays.asList(new XPathExpression(
+ "//soap:Body", CoverageType.ENCRYPTED,
CoverageScope.CONTENT)),
+ true);
+ }
+
+ private Map<String, String> getPrefixes() {
+ final Map<String, String> prefixes = new HashMap<String, String>();
+ prefixes.put("ser", "http://www.sdj.pl");
+ prefixes.put("soap", "http://schemas.xmlsoap.org/soap/envelope/");
+
+ return prefixes;
+ }
+
+ private void runInterceptorAndValidate(
+ String document,
+ Map<String, String> prefixes,
+ List<XPathExpression> xpaths,
+ boolean pass) throws Exception {
+
+ final Document doc = this.readDocument(document);
+ final SoapMessage msg = this.getSoapMessageForDom(doc);
+ final CryptoCoverageChecker checker = new
CryptoCoverageChecker(prefixes, xpaths);
+ final PhaseInterceptor<SoapMessage> wss4jInInterceptor =
this.getWss4jInInterceptor();
+
+ wss4jInInterceptor.handleMessage(msg);
+
+ try {
+ checker.handleMessage(msg);
+ if (!pass) {
+ fail("Passed interceptor erroneously.");
+ }
+ } catch (Fault e) {
+ if (pass) {
+ fail("Failed interceptor erroneously.");
+ }
+
+ assertTrue(e.getMessage().contains("element found matching
XPath"));
+ }
+ }
+
+ private PhaseInterceptor<SoapMessage> getWss4jInInterceptor() {
+ final WSS4JInInterceptor inHandler = new WSS4JInInterceptor(true);
+ final String action = WSHandlerConstants.SIGNATURE + " " +
WSHandlerConstants.ENCRYPT;
+
+ inHandler.setProperty(WSHandlerConstants.ACTION, action);
+ inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE,
+ "META-INF/cxf/insecurity.properties");
+ inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
+ "META-INF/cxf/insecurity.properties");
+ inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
+ TestPwdCallback.class.getName());
+
+ return inHandler;
+ }
+}
Propchange:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=929993&r1=929992&r2=929993&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
(original)
+++
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
Thu Apr 1 14:52:54 2010
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.cxf.ws.security.wss4j;
@@ -27,15 +26,9 @@ import java.util.Map;
import java.util.Vector;
import java.util.concurrent.Executor;
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
-import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
-import javax.xml.soap.SOAPPart;
-import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -46,10 +39,7 @@ import org.apache.cxf.binding.soap.SoapM
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.feature.AbstractFeature;
import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider;
-import org.apache.cxf.message.Exchange;
-import org.apache.cxf.message.ExchangeImpl;
import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.EndpointInfo;
@@ -74,26 +64,7 @@ import org.junit.Test;
public class PolicyBasedWss4JInOutTest extends AbstractSecurityTest {
private PolicyBuilder policyBuilder;
-
- public static boolean checkUnrestrictedPoliciesInstalled() {
- try {
- byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
- SecretKey key192 = new SecretKeySpec(
- new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
- "AES");
- Cipher c = Cipher.getInstance("AES");
- c.init(Cipher.ENCRYPT_MODE, key192);
- c.doFinal(data);
- return true;
- } catch (Exception e) {
- //ignore
- }
- return false;
- }
-
@Test
public void testSignedElementsPolicyWithIncompleteCoverage() throws
Exception {
this.runInInterceptorAndValidate(
@@ -828,15 +799,8 @@ public class PolicyBasedWss4JInOutTest e
private SoapMessage getSoapMessageForDom(Document doc, AssertionInfoMap
aim)
throws SOAPException {
- SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
- SOAPPart part = saajMsg.getSOAPPart();
- part.setContent(new DOMSource(doc));
- saajMsg.saveChanges();
-
- SoapMessage msg = new SoapMessage(new MessageImpl());
- Exchange ex = new ExchangeImpl();
- ex.setInMessage(msg);
- msg.setContent(SOAPMessage.class, saajMsg);
+
+ SoapMessage msg = this.getSoapMessageForDom(doc);
if (aim != null) {
msg.put(AssertionInfoMap.class, aim);
}