Author: coheigea
Date: Mon Nov 14 12:55:26 2011
New Revision: 1201685
URL: http://svn.apache.org/viewvc?rev=1201685&view=rev
Log:
Added a system test for a SAML Token as a SignedEncryptedSupportingToken
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Mon Nov 14 12:55:26 2011
@@ -146,7 +146,7 @@ public abstract class AbstractBindingBui
protected String mainSigId;
protected List<WSEncryptionPart> sigConfList;
- protected Set<String> encryptedTokensIdList = new HashSet<String>();
+ protected Set<WSEncryptionPart> encryptedTokensList = new
HashSet<WSEncryptionPart>();
protected Map<Token, Object> endEncSuppTokMap;
protected Map<Token, Object> endSuppTokMap;
@@ -482,7 +482,9 @@ public abstract class AbstractBindingBui
|| MessageUtils.getContextualBoolean(message,
SecurityConstants.ALWAYS_ENCRYPT_UT,
true)) {
- encryptedTokensIdList.add(utBuilder.getId());
+ WSEncryptionPart part = new
WSEncryptionPart(utBuilder.getId(), "Element");
+ part.setElement(utBuilder.getUsernameTokenElement());
+ encryptedTokensList.add(part);
}
}
} else if (isRequestor()
@@ -504,7 +506,9 @@ public abstract class AbstractBindingBui
id = id.substring(1);
}
if (suppTokens.isEncryptedToken()) {
- this.encryptedTokensIdList.add(id);
+ WSEncryptionPart part = new WSEncryptionPart(id,
"Element");
+ part.setElement(clone);
+ encryptedTokensList.add(part);
}
if (secToken.getX509Certificate() == null) {
@@ -560,20 +564,28 @@ public abstract class AbstractBindingBui
sig.prependBSTElementToHeader(secHeader);
}
if (suppTokens.isEncryptedToken()) {
- encryptedTokensIdList.add(sig.getBSTTokenId());
+ WSEncryptionPart part = new
WSEncryptionPart(sig.getBSTTokenId(), "Element");
+ encryptedTokensList.add(part);
}
ret.put(token, sig);
} else if (token instanceof KeyValueToken) {
WSSecSignature sig = getSignatureBuilder(suppTokens, token,
endorse);
if (suppTokens.isEncryptedToken()) {
- encryptedTokensIdList.add(sig.getBSTTokenId());
+ WSEncryptionPart part = new
WSEncryptionPart(sig.getBSTTokenId(), "Element");
+ encryptedTokensList.add(part);
}
ret.put(token, sig);
} else if (token instanceof SamlToken) {
AssertionWrapper assertionWrapper =
addSamlToken((SamlToken)token);
if (assertionWrapper != null) {
-
addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
+ Element assertionElement =
assertionWrapper.toDOM(saaj.getSOAPPart());
+ addSupportingElement(assertionElement);
ret.put(token, assertionWrapper);
+ if (suppTokens.isEncryptedToken()) {
+ WSEncryptionPart part = new
WSEncryptionPart(assertionWrapper.getId(), "Element");
+ part.setElement(assertionElement);
+ encryptedTokensList.add(part);
+ }
}
}
}
@@ -1679,7 +1691,8 @@ public abstract class AbstractBindingBui
signatures.add(sig.getSignatureValue());
if (isSigProtect) {
- encryptedTokensIdList.add(sig.getId());
+ WSEncryptionPart part = new
WSEncryptionPart(sig.getId(), "Element");
+ encryptedTokensList.add(part);
}
} catch (WSSecurityException e) {
policyNotAsserted(ent.getKey(), e);
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Mon Nov 14 12:55:26 2011
@@ -173,9 +173,7 @@ public class AsymmetricBindingHandler ex
}
if (isRequestor()) {
- for (String id : encryptedTokensIdList) {
- enc.add(new WSEncryptionPart(id, "Element"));
- }
+ enc.addAll(encryptedTokensList);
}
//Do encryption
@@ -303,9 +301,7 @@ public class AsymmetricBindingHandler ex
}
if (isRequestor()) {
- for (String id : encryptedTokensIdList) {
- secondEncrParts.add(new WSEncryptionPart(id,
"Element"));
- }
+ secondEncrParts.addAll(encryptedTokensList);
}
if (encryptionToken.isDerivedKeys() &&
!secondEncrParts.isEmpty()) {
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Mon Nov 14 12:55:26 2011
@@ -222,7 +222,7 @@ public class SymmetricBindingHandler ext
//Check for signature protection and encryption of
UsernameToken
if (sbinding.isSignatureProtection()
- || encryptedTokensIdList.size() > 0 && isRequestor()) {
+ || encryptedTokensList.size() > 0 && isRequestor()) {
List<WSEncryptionPart> secondEncrParts = new
ArrayList<WSEncryptionPart>();
//Now encrypt the signature using the above token
@@ -239,9 +239,7 @@ public class SymmetricBindingHandler ext
}
if (isRequestor()) {
- for (String s : encryptedTokensIdList) {
- secondEncrParts.add(new WSEncryptionPart(s,
"Element"));
- }
+ secondEncrParts.addAll(encryptedTokensList);
}
Element secondRefList = null;
@@ -375,9 +373,7 @@ public class SymmetricBindingHandler ext
}
if (isRequestor()) {
- for (String id : encryptedTokensIdList) {
- enc.add(new WSEncryptionPart(id, "Element"));
- }
+ enc.addAll(encryptedTokensList);
}
doEncryption(encrTokenWrapper,
encrTok,
Modified:
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
(original)
+++
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java
Mon Nov 14 12:55:26 2011
@@ -329,6 +329,32 @@ public class SamlTokenTest extends Abstr
assertTrue(result.equals(BigInteger.valueOf(50)));
}
+
+ @org.junit.Test
+ public void testSaml2OverAsymmetricSignedEncrypted() throws Exception {
+
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SamlTokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ DoubleItService service = new DoubleItService();
+
+ DoubleItPortType saml2Port =
service.getDoubleItSaml2AsymmetricSignedEncryptedPort();
+ updateAddressPort(saml2Port, PORT);
+
+ ((BindingProvider)saml2Port).getRequestContext().put(
+ "ws-security.saml-callback-handler", new SamlCallbackHandler()
+ );
+ BigInteger result = saml2Port.doubleIt(BigInteger.valueOf(25));
+ assertTrue(result.equals(BigInteger.valueOf(50)));
+ }
private boolean checkUnrestrictedPoliciesInstalled() {
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml
Mon Nov 14 12:55:26 2011
@@ -132,4 +132,18 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://WSSec/saml}DoubleItSaml2AsymmetricSignedEncryptedPort";
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ </jaxws:properties>
+ </jaxws:client>
+
</beans>
Modified:
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server/server.xml
Mon Nov 14 12:55:26 2011
@@ -209,4 +209,28 @@
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="Saml2TokenOverAsymmetricSignedEncrypted"
+
address="http://localhost:${testutil.ports.Server}/DoubleItSaml2AsymmetricSignedEncrypted";
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSaml2AsymmetricSignedEncryptedPort"
+ xmlns:s="http://WSSec/saml";
+ implementor="org.apache.cxf.systest.ws.saml.server.DoubleItImpl"
+ wsdlLocation="wsdl_systest_wssec/saml/DoubleItSaml.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.username" value="bob"/>
+ <entry key="ws-security.callback-handler"
+
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.saml2.validator"
+
value="org.apache.cxf.systest.ws.saml.server.CustomSaml2Validator"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
</beans>
Modified:
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl?rev=1201685&r1=1201684&r2=1201685&view=diff
==============================================================================
---
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
(original)
+++
cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/saml/DoubleItSaml.wsdl
Mon Nov 14 12:55:26 2011
@@ -225,6 +225,25 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSaml2AsymmetricSignedEncryptedBinding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference
URI="#DoubleItSaml2AsymmetricSignedEncryptedPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItSaml1TransportPort"
binding="tns:DoubleItSaml1TransportBinding">
@@ -256,6 +275,10 @@
binding="tns:DoubleItSaml2SymmetricSignedElementsBinding">
<soap:address
location="http://localhost:9001/DoubleItSaml2SymmetricSignedElements"; />
</wsdl:port>
+ <wsdl:port name="DoubleItSaml2AsymmetricSignedEncryptedPort"
+ binding="tns:DoubleItSaml2AsymmetricSignedEncryptedBinding">
+ <soap:address
location="http://localhost:9001/DoubleItSaml2AsymmetricSignedEncrypted"; />
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItSaml1TransportPolicy">
@@ -630,6 +653,67 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSaml2AsymmetricSignedEncryptedPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireIssuerSerialReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedEncryptedSupportingTokens>
+ <wsp:Policy>
+ <sp:SamlToken
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssSamlV20Token11/>
+ </wsp:Policy>
+ </sp:SamlToken>
+ </wsp:Policy>
+ </sp:SignedEncryptedSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
