Repository: cxf Updated Branches: refs/heads/master 36eced5b2 -> cf8790764
Adding an STS OSGi test Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/cf879076 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/cf879076 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/cf879076 Branch: refs/heads/master Commit: cf879076498614de7424fc4ec63e62324e0055a6 Parents: 36eced5 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Aug 13 16:21:37 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Aug 13 16:22:08 2015 +0100 ---------------------------------------------------------------------- parent/pom.xml | 2 +- services/sts/systests/pom.xml | 3 + services/sts/systests/sts-features/pom.xml | 82 +++++ .../src/main/resources/features.xml | 27 ++ services/sts/systests/sts-itests/pom.xml | 167 ++++++++++ .../sts/itests/BasicSTSIntegrationTest.java | 82 +++++ .../sts/itests/unit/CommonCallbackHandler.java | 56 ++++ .../systest/sts/itests/unit/STSUnitTest.java | 132 ++++++++ .../test/resources/clientKeystore.properties | 24 ++ .../src/test/resources/clientstore.jks | Bin 0 -> 4436 bytes .../resources/etc/org.ops4j.pax.logging.cfg | 25 ++ services/sts/systests/sts-osgi/pom.xml | 40 +++ .../systest/sts/osgi/CommonCallbackHandler.java | 56 ++++ .../resources/OSGI-INF/blueprint/blueprint.xml | 60 ++++ .../sts-osgi/src/main/resources/STSService.wsdl | 318 +++++++++++++++++++ .../src/main/resources/stsKeystore.properties | 23 ++ .../sts-osgi/src/main/resources/stsstore.jks | Bin 0 -> 3978 bytes services/xkms/xkms-itests/pom.xml | 28 +- 18 files changed, 1114 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/parent/pom.xml ---------------------------------------------------------------------- diff --git a/parent/pom.xml b/parent/pom.xml index 4145315..c816606 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -125,7 +125,7 @@ <cxf.netty.version.range>[4,5)</cxf.netty.version.range> <cxf.oauth.bundle.version>20100527_1</cxf.oauth.bundle.version> <cxf.oauth.version>20100527</cxf.oauth.version> - <cxf.opensaml.version>3.1.1</cxf.opensaml.version> + <cxf.opensaml.version>3.1.1_3-SNAPSHOT</cxf.opensaml.version> <cxf.opensaml.osgi.version>3.1.0_1</cxf.opensaml.osgi.version> <cxf.opensaml.osgi.version.range>[3.1,4)</cxf.opensaml.osgi.version.range> <cxf.rhino.version>1.7R2</cxf.rhino.version> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/pom.xml b/services/sts/systests/pom.xml index 074e4a2..5a001bc 100644 --- a/services/sts/systests/pom.xml +++ b/services/sts/systests/pom.xml @@ -32,5 +32,8 @@ <modules> <module>basic</module> <module>advanced</module> + <module>sts-osgi</module> + <module>sts-features</module> + <module>sts-itests</module> </modules> </project> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-features/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-features/pom.xml b/services/sts/systests/sts-features/pom.xml new file mode 100644 index 0000000..4e729fd --- /dev/null +++ b/services/sts/systests/sts-features/pom.xml @@ -0,0 +1,82 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.cxf.services.sts.systests</groupId> + <artifactId>cxf-services-sts-systests-features</artifactId> + + <packaging>pom</packaging> + <name>Apache CXF STS test Karaf Features</name> + <url>http://cxf.apache.org</url> + <parent> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-parent</artifactId> + <version>3.1.3-SNAPSHOT</version> + <relativePath>../../../../parent/pom.xml</relativePath> + </parent> + <build> + <resources> + <resource> + <directory>${project.basedir}/src/main/resources</directory> + <filtering>true</filtering> + <includes> + <include>**/features.xml</include> + <include>**/*.properties</include> + </includes> + </resource> + </resources> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-resources-plugin</artifactId> + <executions> + <execution> + <id>filter</id> + <phase>generate-resources</phase> + <goals> + <goal>resources</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>build-helper-maven-plugin</artifactId> + <executions> + <execution> + <id>attach-artifacts</id> + <phase>package</phase> + <goals> + <goal>attach-artifact</goal> + </goals> + <configuration> + <artifacts> + <artifact> + <file>target/classes/features.xml</file> + <type>xml</type> + </artifact> + </artifacts> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> +</project> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-features/src/main/resources/features.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-features/src/main/resources/features.xml b/services/sts/systests/sts-features/src/main/resources/features.xml new file mode 100644 index 0000000..9edf968 --- /dev/null +++ b/services/sts/systests/sts-features/src/main/resources/features.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<features xmlns="http://karaf.apache.org/xmlns/features/v1.0.0"; name="cxf-sts-osgi"> + <repository>mvn:org.apache.cxf.karaf/apache-cxf/${project.version}/xml/features</repository> + <feature name="cxf-sts-service" version="${project.version}"> + <feature>cxf</feature> + <feature>cxf-sts</feature> + <bundle>mvn:${project.groupId}/cxf-services-sts-systests-osgi/${project.version}</bundle> + </feature> +</features> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/pom.xml b/services/sts/systests/sts-itests/pom.xml new file mode 100644 index 0000000..9dd60cd --- /dev/null +++ b/services/sts/systests/sts-itests/pom.xml @@ -0,0 +1,167 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.cxf.services.sts.systests</groupId> + <artifactId>cxf-services-sts-systests-itests</artifactId> + <name>Apache CXF STS Integration Tests</name> + <url>http://cxf.apache.org</url> + <parent> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-parent</artifactId> + <version>3.1.3-SNAPSHOT</version> + <relativePath>../../../../parent/pom.xml</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>org.osgi.core</artifactId> + </dependency> + <dependency> + <groupId>org.apache.cxf.services.sts</groupId> + <artifactId>cxf-services-sts-core</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf.services.sts.systests</groupId> + <artifactId>cxf-services-sts-systests-features</artifactId> + <version>${project.version}</version> + <type>xml</type> + </dependency> + + <!-- to force the karaf cxf feature to be available before testing --> + <dependency> + <groupId>org.apache.cxf.karaf</groupId> + <artifactId>apache-cxf</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf.karaf</groupId> + <artifactId>cxf-karaf-commands</artifactId> + <version>${project.version}</version> + <type>pom</type> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-junit4</artifactId> + <version>${cxf.pax.exam.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam</artifactId> + <version>${cxf.pax.exam.version}</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-container-karaf</artifactId> + <version>${cxf.pax.exam.version}</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.ops4j.pax.exam</groupId> + <artifactId>pax-exam-link-mvn</artifactId> + <version>${cxf.pax.exam.version}</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-jdk14</artifactId> + </dependency> + </dependencies> + <build> + <plugins> + <!-- generate dependency versions --> + <plugin> + <groupId>org.apache.servicemix.tooling</groupId> + <artifactId>depends-maven-plugin</artifactId> + <executions> + <execution> + <phase>generate-resources</phase> + <id>generate-depends-file</id> + <goals> + <goal>generate-depends-file</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <systemPropertyVariables> + <org.ops4j.pax.logging.DefaultServiceLog.level>WARN</org.ops4j.pax.logging.DefaultServiceLog.level> + <karaf.version>${cxf.karaf.version}</karaf.version> + <localRepository>${maven.repo.local}</localRepository> + </systemPropertyVariables> + </configuration> + </plugin> + </plugins> + <pluginManagement> + <plugins> + <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.--> + <plugin> + <groupId>org.eclipse.m2e</groupId> + <artifactId>lifecycle-mapping</artifactId> + <version>1.0.0</version> + <configuration> + <lifecycleMappingMetadata> + <pluginExecutions> + <pluginExecution> + <pluginExecutionFilter> + <groupId> + org.apache.servicemix.tooling + </groupId> + <artifactId> + depends-maven-plugin + </artifactId> + <versionRange> + [1.2,) + </versionRange> + <goals> + <goal> + generate-depends-file + </goal> + </goals> + </pluginExecutionFilter> + <action> + <ignore></ignore> + </action> + </pluginExecution> + </pluginExecutions> + </lifecycleMappingMetadata> + </configuration> + </plugin> + </plugins> + </pluginManagement> + </build> +</project> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java new file mode 100644 index 0000000..f9f0768 --- /dev/null +++ b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/BasicSTSIntegrationTest.java @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.itests; + +import java.io.File; + +import org.ops4j.pax.exam.Configuration; +import org.ops4j.pax.exam.Option; +import org.ops4j.pax.exam.options.MavenArtifactUrlReference; +import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy; +import org.ops4j.pax.exam.spi.reactors.PerClass; + +import static org.ops4j.pax.exam.CoreOptions.maven; +import static org.ops4j.pax.exam.CoreOptions.systemProperty; +import static org.ops4j.pax.exam.CoreOptions.when; +import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.configureConsole; +import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.editConfigurationFilePut; +import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.features; +import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.karafDistributionConfiguration; +import static org.ops4j.pax.exam.karaf.options.KarafDistributionOption.replaceConfigurationFile; + +@ExamReactorStrategy(PerClass.class) +public class BasicSTSIntegrationTest { + + protected static final String HTTP_PORT = "9191"; + protected static final String STS_ENDPOINT = "http://localhost:"; + HTTP_PORT + "/cxf/X509"; + + @Configuration + public Option[] getConfig() { + String karafVersion = System.getProperty("karaf.version", "3.0.4"); + String localRepository = System.getProperty("localRepository"); + + MavenArtifactUrlReference karafUrl = maven() // + .groupId("org.apache.karaf") // + .artifactId("apache-karaf") // + .version(karafVersion) + .type("tar.gz"); + MavenArtifactUrlReference stsFeatures = maven() // + .groupId("org.apache.cxf.services.sts.systests") // + .artifactId("cxf-services-sts-systests-features") // + .versionAsInProject() // + .type("xml"); + + return new Option[] { + karafDistributionConfiguration().frameworkUrl(karafUrl).karafVersion(karafVersion) + .unpackDirectory(new File("target/paxexam/unpack/")).useDeployFolder(false), + systemProperty("java.awt.headless").value("true"), + + copy("clientKeystore.properties"), + copy("clientstore.jks"), + copy("etc/org.ops4j.pax.logging.cfg"), + editConfigurationFilePut("etc/org.ops4j.pax.web.cfg", "org.osgi.service.http.port", HTTP_PORT), + when(localRepository != null) + .useOptions(editConfigurationFilePut("etc/org.ops4j.pax.url.mvn.cfg", + "org.ops4j.pax.url.mvn.localRepository", + localRepository)), + features(stsFeatures, "cxf-sts-service"), + configureConsole().ignoreLocalConsole(), + }; + } + + protected Option copy(String path) { + return replaceConfigurationFile(path, new File("src/test/resources/" + path)); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java new file mode 100644 index 0000000..1ba65db --- /dev/null +++ b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/CommonCallbackHandler.java @@ -0,0 +1,56 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.itests.unit; + +import java.io.IOException; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import org.apache.wss4j.common.ext.WSPasswordCallback; + +public class CommonCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) throws IOException, + UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof WSPasswordCallback) { // CXF + WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; + if ("myclientkey".equals(pc.getIdentifier())) { + pc.setPassword("ckpass"); + break; + } else if ("myservicekey".equals(pc.getIdentifier())) { + pc.setPassword("skpass"); + break; + } else if ("alice".equals(pc.getIdentifier())) { + pc.setPassword("clarinet"); + break; + } else if ("bob".equals(pc.getIdentifier())) { + pc.setPassword("trombone"); + break; + } else if ("eve".equals(pc.getIdentifier())) { + pc.setPassword("evekpass"); + break; + } else if ("mystskey".equals(pc.getIdentifier())) { + pc.setPassword("stskpass"); + break; + } + } + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java new file mode 100644 index 0000000..8401080 --- /dev/null +++ b/services/sts/systests/sts-itests/src/test/java/org/apache/cxf/systest/sts/itests/unit/STSUnitTest.java @@ -0,0 +1,132 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.itests.unit; + +import java.net.URISyntaxException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.security.auth.callback.CallbackHandler; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.systest.sts.itests.BasicSTSIntegrationTest; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.trust.STSClient; +import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.dom.WSDocInfo; +import org.apache.wss4j.dom.WSSecurityEngineResult; +import org.apache.wss4j.dom.handler.RequestData; +import org.apache.wss4j.dom.processor.Processor; +import org.apache.wss4j.dom.processor.SAMLTokenProcessor; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.ops4j.pax.exam.junit.PaxExam; + +/** + * Some tests to retrieve a SAML token directly from the STS. + */ +@RunWith(PaxExam.class) +public class STSUnitTest extends BasicSTSIntegrationTest { + + private static final String SAML2_TOKEN_TYPE = + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";; + private static final String BEARER_KEYTYPE = + "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";; + + @Test + public void testBearerSAML2Token() throws URISyntaxException, Exception { + Bus bus = BusFactory.getDefaultBus(); + + // Get a token + SecurityToken token = + requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, bus, STS_ENDPOINT); + Assert.assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType())); + Assert.assertTrue(token.getToken() != null); + + // Process the token + List<WSSecurityEngineResult> results = processToken(token); + + Assert.assertTrue(results != null && results.size() == 1); + SamlAssertionWrapper assertion = + (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + Assert.assertTrue(assertion != null); + Assert.assertTrue(assertion.getSaml1() == null && assertion.getSaml2() != null); + Assert.assertTrue(assertion.isSigned()); + + List<String> methods = assertion.getConfirmationMethods(); + String confirmMethod = null; + if (methods != null && methods.size() > 0) { + confirmMethod = methods.get(0); + } + Assert.assertTrue(confirmMethod.contains("bearer")); + + bus.shutdown(true); + } + + private SecurityToken requestSecurityToken( + String tokenType, + String keyType, + Bus bus, + String endpointAddress + ) throws Exception { + STSClient stsClient = new STSClient(bus); + + stsClient.setWsdlLocation(endpointAddress + "?wsdl"); + stsClient.setServiceName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService";); + stsClient.setEndpointName("{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port";); + stsClient.setEnableAppliesTo(false); + + Map<String, Object> properties = new HashMap<String, Object>(); + properties.put(SecurityConstants.USERNAME, "alice"); + properties.put( + SecurityConstants.CALLBACK_HANDLER, new CommonCallbackHandler() + ); + properties.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey"); + properties.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties"); + properties.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey"); + properties.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties"); + + stsClient.setProperties(properties); + stsClient.setTokenType(tokenType); + stsClient.setKeyType(keyType); + + return stsClient.requestSecurityToken(endpointAddress); + } + + private List<WSSecurityEngineResult> processToken(SecurityToken token) throws Exception { + RequestData requestData = new RequestData(); + CallbackHandler callbackHandler = new CommonCallbackHandler(); + requestData.setCallbackHandler(callbackHandler); + Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties", + this.getClass().getClassLoader()); + requestData.setSigVerCrypto(crypto); + + Processor processor = new SAMLTokenProcessor(); + return processor.handleToken( + token.getToken(), requestData, new WSDocInfo(token.getToken().getOwnerDocument()) + ); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties b/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties new file mode 100644 index 0000000..8ab391e --- /dev/null +++ b/services/sts/systests/sts-itests/src/test/resources/clientKeystore.properties @@ -0,0 +1,24 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=cspass +org.apache.ws.security.crypto.merlin.keystore.alias=myclientkey +org.apache.ws.security.crypto.merlin.keystore.file=clientstore.jks + http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/src/test/resources/clientstore.jks ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/src/test/resources/clientstore.jks b/services/sts/systests/sts-itests/src/test/resources/clientstore.jks new file mode 100644 index 0000000..23168a9 Binary files /dev/null and b/services/sts/systests/sts-itests/src/test/resources/clientstore.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg b/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg new file mode 100644 index 0000000..5355947 --- /dev/null +++ b/services/sts/systests/sts-itests/src/test/resources/etc/org.ops4j.pax.logging.cfg @@ -0,0 +1,25 @@ +# Root logger +log4j.rootLogger=WARN, stdout, file +log4j.throwableRenderer=org.apache.log4j.OsgiThrowableRenderer + +log4j.logger.org.apache.cxf.xkms=INFO +log4j.logger.org.apache.cxf.xkms.x509.validator=WARN + +# Reduce noisy output +log4j.logger.org.ops4j.pax.swissbox.bnd.BndUtils=ERROR + +# CONSOLE appender +log4j.appender.stdout.threshold=INFO +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} | %-5.5p | %-50.50c | %m%n +#log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} | %-5.5p | %-40.40c | %-3.3X{bundle.id} - %-20.20X{bundle.name} | %m%n + + +# File appender +log4j.appender.file.threshold=DEBUG +log4j.appender.file=org.apache.log4j.FileAppender +log4j.appender.file.layout=org.apache.log4j.PatternLayout +log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} | %-5.5p | %-50.50c | %m%n +log4j.appender.file.file=${karaf.data}/log/karaf.log +log4j.appender.file.append=true http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-osgi/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-osgi/pom.xml b/services/sts/systests/sts-osgi/pom.xml new file mode 100644 index 0000000..1686c03 --- /dev/null +++ b/services/sts/systests/sts-osgi/pom.xml @@ -0,0 +1,40 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.cxf.services.sts.systests</groupId> + <artifactId>cxf-services-sts-systests-osgi</artifactId> + <packaging>bundle</packaging> + <name>Apache CXF STS test OSGi deployment</name> + <url>http://cxf.apache.org</url> + <parent> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-parent</artifactId> + <version>3.1.3-SNAPSHOT</version> + <relativePath>../../../../parent/pom.xml</relativePath> + </parent> + <dependencies> + <dependency> + <groupId>org.apache.cxf.services.sts</groupId> + <artifactId>cxf-services-sts-core</artifactId> + <version>${project.version}</version> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java b/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java new file mode 100644 index 0000000..306c520 --- /dev/null +++ b/services/sts/systests/sts-osgi/src/main/java/org/apache/cxf/systest/sts/osgi/CommonCallbackHandler.java @@ -0,0 +1,56 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.osgi; + +import java.io.IOException; +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.CallbackHandler; +import javax.security.auth.callback.UnsupportedCallbackException; +import org.apache.wss4j.common.ext.WSPasswordCallback; + +public class CommonCallbackHandler implements CallbackHandler { + + public void handle(Callback[] callbacks) throws IOException, + UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof WSPasswordCallback) { // CXF + WSPasswordCallback pc = (WSPasswordCallback) callbacks[i]; + if ("myclientkey".equals(pc.getIdentifier())) { + pc.setPassword("ckpass"); + break; + } else if ("myservicekey".equals(pc.getIdentifier())) { + pc.setPassword("skpass"); + break; + } else if ("alice".equals(pc.getIdentifier())) { + pc.setPassword("clarinet"); + break; + } else if ("bob".equals(pc.getIdentifier())) { + pc.setPassword("trombone"); + break; + } else if ("eve".equals(pc.getIdentifier())) { + pc.setPassword("evekpass"); + break; + } else if ("mystskey".equals(pc.getIdentifier())) { + pc.setPassword("stskpass"); + break; + } + } + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml b/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml new file mode 100644 index 0000000..62fbced --- /dev/null +++ b/services/sts/systests/sts-osgi/src/main/resources/OSGI-INF/blueprint/blueprint.xml @@ -0,0 +1,60 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cxf="http://cxf.apache.org/blueprint/core"; xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"; xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"; xmlns:ext="http://www.osgi.org/xmlns/blueprint-ext/v1.1.0"; xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0 http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd http://www.osgi.org/xmlns/blueprint-ext/v1.1.0 https://svn.apache.org/repos/asf/aries/tags/blueprint-0.3.1/blueprint-core/src/main/resources/org/apache/aries/blueprint/ext/blueprint-ext.xsd http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0 http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd http://cxf.apache.org/blueprint/jaxws http://cxf.apache.org/schemas/blueprint/jaxws.xsd http://cxf.apache.org/blue print/core http://cxf.apache.org/schemas/blueprint/core.xsd "> + + <bean id="x509STSProviderBean" + class="org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider"> + <property name="issueOperation" ref="x509IssueDelegate" /> + </bean> + + <bean id="x509IssueDelegate" class="org.apache.cxf.sts.operation.TokenIssueOperation"> + <property name="tokenProviders"> + <list> + <ref component-id="x509SAMLTokenProvider"/> + </list> + </property> + <property name="stsProperties" ref="x509STSProperties" /> + <property name="returnReferences" value="false" /> + </bean> + + <bean id="x509SAMLTokenProvider" + class="org.apache.cxf.sts.token.provider.SAMLTokenProvider"> + </bean> + + <bean id="x509STSProperties" class="org.apache.cxf.sts.StaticSTSProperties"> + <property name="signaturePropertiesFile" value="stsKeystore.properties" /> + <property name="signatureUsername" value="mystskey" /> + <property name="callbackHandlerClass" value="org.apache.cxf.systest.sts.osgi.CommonCallbackHandler" /> + <property name="issuer" value="STSIssuer" /> + </bean> + + <jaxws:endpoint id="X509STS" implementor="#x509STSProviderBean" + address="/X509" wsdlLocation="STSService.wsdl" + xmlns:ns1="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + serviceName="ns1:SecurityTokenService" endpointName="ns1:X509_Port"> + <jaxws:properties> + <entry key="ws-security.callback-handler" + value="org.apache.cxf.systest.sts.osgi.CommonCallbackHandler" /> + <entry key="ws-security.signature.properties" value="stsKeystore.properties" /> + <entry key="ws-security.signature.username" value="mystskey" /> + <entry key="ws-security.encryption.username" value="useReqSigCert" /> + </jaxws:properties> + </jaxws:endpoint> +</blueprint> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl b/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl new file mode 100644 index 0000000..f0a6e03 --- /dev/null +++ b/services/sts/systests/sts-osgi/src/main/resources/STSService.wsdl @@ -0,0 +1,318 @@ +<?xml version="1.0" encoding="UTF-8"?> +<wsdl:definitions targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; + xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"; + xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; + xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"; + xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";> + > + + <wsdl:types> + <xs:schema elementFormDefault="qualified" + targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'> + + <xs:element name='RequestSecurityToken' + type='wst:AbstractRequestSecurityTokenType' /> + <xs:element name='RequestSecurityTokenResponse' + type='wst:AbstractRequestSecurityTokenType' /> + + <xs:complexType name='AbstractRequestSecurityTokenType'> + <xs:sequence> + <xs:any namespace='##any' processContents='lax' + minOccurs='0' maxOccurs='unbounded' /> + </xs:sequence> + <xs:attribute name='Context' type='xs:anyURI' + use='optional' /> + <xs:anyAttribute namespace='##other' + processContents='lax' /> + </xs:complexType> + <xs:element name='RequestSecurityTokenCollection' + type='wst:RequestSecurityTokenCollectionType' /> + <xs:complexType name='RequestSecurityTokenCollectionType'> + <xs:sequence> + <xs:element name='RequestSecurityToken' + type='wst:AbstractRequestSecurityTokenType' + minOccurs='2' maxOccurs='unbounded' /> + </xs:sequence> + </xs:complexType> + + <xs:element name='RequestSecurityTokenResponseCollection' + type='wst:RequestSecurityTokenResponseCollectionType' /> + <xs:complexType name='RequestSecurityTokenResponseCollectionType'> + <xs:sequence> + <xs:element ref='wst:RequestSecurityTokenResponse' + minOccurs='1' maxOccurs='unbounded' /> + </xs:sequence> + <xs:anyAttribute namespace='##other' + processContents='lax' /> + </xs:complexType> + + </xs:schema> + </wsdl:types> + + <!-- WS-Trust defines the following GEDs --> + <wsdl:message name="RequestSecurityTokenMsg"> + <wsdl:part name="request" element="wst:RequestSecurityToken" /> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponseMsg"> + <wsdl:part name="response" element="wst:RequestSecurityTokenResponse" /> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenCollectionMsg"> + <wsdl:part name="requestCollection" element="wst:RequestSecurityTokenCollection" /> + </wsdl:message> + <wsdl:message name="RequestSecurityTokenResponseCollectionMsg"> + <wsdl:part name="responseCollection" + element="wst:RequestSecurityTokenResponseCollection" /> + </wsdl:message> + + <!-- This portType is an example of an STS supporting full protocol --> + <wsdl:portType name="STS"> + <wsdl:operation name="Cancel"> + <wsdl:input + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"; + message="tns:RequestSecurityTokenMsg" /> + <wsdl:output + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"; + message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="Issue"> + <wsdl:input + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; + message="tns:RequestSecurityTokenMsg" /> + <wsdl:output + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"; + message="tns:RequestSecurityTokenResponseCollectionMsg" /> + </wsdl:operation> + <wsdl:operation name="Renew"> + <wsdl:input + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"; + message="tns:RequestSecurityTokenMsg" /> + <wsdl:output + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"; + message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="Validate"> + <wsdl:input + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"; + message="tns:RequestSecurityTokenMsg" /> + <wsdl:output + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"; + message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="KeyExchangeToken"> + <wsdl:input + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"; + message="tns:RequestSecurityTokenMsg" /> + <wsdl:output + wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"; + message="tns:RequestSecurityTokenResponseMsg" /> + </wsdl:operation> + <wsdl:operation name="RequestCollection"> + <wsdl:input message="tns:RequestSecurityTokenCollectionMsg" /> + <wsdl:output message="tns:RequestSecurityTokenResponseCollectionMsg" /> + </wsdl:operation> + </wsdl:portType> + + + <wsdl:binding name="X509_Binding" type="wstrust:STS"> + <wsp:PolicyReference URI="#X509_policy" /> + <soap:binding style="document" + transport="http://schemas.xmlsoap.org/soap/http"; /> + <wsdl:operation name="Issue"> + <soap:operation + soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"; /> + <wsdl:input> + <wsp:PolicyReference URI="#Input_policy" /> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <wsp:PolicyReference URI="#Output_policy" /> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Validate"> + <soap:operation + soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"; /> + <wsdl:input> + <wsp:PolicyReference URI="#Input_policy" /> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <wsp:PolicyReference URI="#Output_policy" /> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Cancel"> + <soap:operation + soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="Renew"> + <soap:operation + soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="KeyExchangeToken"> + <soap:operation + soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + <wsdl:operation name="RequestCollection"> + <soap:operation + soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"; /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + </wsdl:operation> + </wsdl:binding> + + <wsp:Policy wsu:Id="X509_policy"> + <wsp:ExactlyOne> + <wsp:All> + <wsap10:UsingAddressing /> + <sp:AsymmetricBinding + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <wsp:Policy> + <sp:WssX509V3Token10 /> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:WssX509V3Token10 /> + <sp:RequireIssuerSerialReference /> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256 /> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp /> + <sp:EncryptSignature /> + <sp:OnlySignEntireHeadersAndBody /> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss11 + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier /> + <sp:MustSupportRefIssuerSerial /> + <sp:MustSupportRefThumbprint /> + <sp:MustSupportRefEncryptedKey /> + </wsp:Policy> + </sp:Wss11> + <sp:Trust13 + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <wsp:Policy> + <sp:MustSupportIssuedTokens /> + <sp:RequireClientEntropy /> + <sp:RequireServerEntropy /> + </wsp:Policy> + </sp:Trust13> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + + <wsp:Policy wsu:Id="Input_policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SignedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + <sp:Header Name="To" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" + Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + <sp:EncryptedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <wsp:Policy wsu:Id="Output_policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SignedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + <sp:Header Name="To" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="From" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="FaultTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="ReplyTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="MessageID" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="RelatesTo" + Namespace="http://www.w3.org/2005/08/addressing"; /> + <sp:Header Name="Action" + Namespace="http://www.w3.org/2005/08/addressing"; /> + </sp:SignedParts> + <sp:EncryptedParts + xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> + <sp:Body /> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <wsdl:service name="SecurityTokenService"> + <wsdl:port name="X509_Port" binding="tns:X509_Binding"> + <soap:address location="dummy_address_actual_value_populated_when_sts_deployed" /> + </wsdl:port> + </wsdl:service> + +</wsdl:definitions> http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties b/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties new file mode 100644 index 0000000..2f132ea --- /dev/null +++ b/services/sts/systests/sts-osgi/src/main/resources/stsKeystore.properties @@ -0,0 +1,23 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin +org.apache.ws.security.crypto.merlin.keystore.type=jks +org.apache.ws.security.crypto.merlin.keystore.password=stsspass +org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks + http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks ---------------------------------------------------------------------- diff --git a/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks b/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks new file mode 100644 index 0000000..e805906 Binary files /dev/null and b/services/sts/systests/sts-osgi/src/main/resources/stsstore.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/cf879076/services/xkms/xkms-itests/pom.xml ---------------------------------------------------------------------- diff --git a/services/xkms/xkms-itests/pom.xml b/services/xkms/xkms-itests/pom.xml index 22777f5..98e54cb 100644 --- a/services/xkms/xkms-itests/pom.xml +++ b/services/xkms/xkms-itests/pom.xml @@ -1,14 +1,22 @@ <?xml version="1.0"?> -<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor - license agreements. See the NOTICE file distributed with this work for additional - information regarding copyright ownership. The ASF licenses this file to - you under the Apache License, Version 2.0 (the "License"); you may not use - this file except in compliance with the License. You may obtain a copy of - the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required - by applicable law or agreed to in writing, software distributed under the - License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS - OF ANY KIND, either express or implied. See the License for the specific - language governing permissions and limitations under the License. --> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd";> <modelVersion>4.0.0</modelVersion> <groupId>org.apache.cxf.services.xkms</groupId>
