Author: veithen
Date: Mon Feb 6 10:28:16 2017
New Revision: 1781870
URL: http://svn.apache.org/viewvc?rev=1781870&view=rev
Log:
RAMPART-402: Apply patch provided by Nathan Clement.
Added:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
Modified:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
Modified:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1781870&r1=1781869&r2=1781870&view=diff
==============================================================================
---
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
(original)
+++
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
Mon Feb 6 10:28:16 2017
@@ -627,11 +627,7 @@ public class PolicyBasedResultsValidator
throw new RampartException("bodyNotSigned");
}
- } else if (wsep.getName().equals(WSConstants.ELEM_HEADER) ||
- wsep.getXpath() != null) {
- // TODO earlier this was wsep.getType() ==
WSConstants.PART_TYPE_ELEMENT
- // This means that encrypted element of an XPath expression
type. Therefore we are checking
- // now whether an XPath expression exists. - Verify
+ } else {
Element element = WSSecurityUtil.findElement(
envelope, wsep.getName(), wsep.getNamespace());
Modified:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java?rev=1781870&r1=1781869&r2=1781870&view=diff
==============================================================================
---
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
(original)
+++
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/src/test/java/org/apache/rampart/PolicyAssertionsTest.java
Mon Feb 6 10:28:16 2017
@@ -83,6 +83,70 @@ public class PolicyAssertionsTest extend
}
+ public void testSignedPartsValid() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml =
"test-resources/policy/rampart-asymm-signed-parts.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new
ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml",
ctx);
+ ctx.setEnvelope(env);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
+
+ }
+
+ public void testSignedPartsInvalid() throws Exception {
+
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml =
"test-resources/policy/rampart-asymm-signed-parts.xml";
+ Policy policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ // Building the SOAP envelope from the OMElement
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new
ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream, "text/xml",
ctx);
+ ctx.setEnvelope(env);
+
+ ctx.setServerSide(true);
+ AxisService axisService = ctx.getAxisService();
+
axisService.removeParameter(axisService.getParameter(RampartMessageData.PARAM_CLIENT_SIDE));
+
+ policyXml = "test-resources/policy/rampart-asymm-signed-parts-2.xml";
+ policy = loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ RampartEngine engine = new RampartEngine();
+
+ try {
+ engine.process(ctx);
+ fail(" This should have thrown RampartException: " +
+ "Element must be signed :
http://schemas.xmlsoap.org/ws/2004/08/addressing:From";);
+ } catch (RampartException expected) {
+ // Ignore intentionally as the test is supposed to throw an
exception
+ }
+
+ }
+
public void testHashedPasswordRequiredValid() throws Exception {
MessageContext ctx = getMsgCtx();
Added:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml?rev=1781870&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
(added)
+++
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts-2.xml
Mon Feb 6 10:28:16 2017
@@ -0,0 +1,78 @@
+<wsp:Policy wsu:Id="policy2"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ <sp:Header Name="To"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="From"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="FaultTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="ReplyTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="MessageID"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="RelatesTo"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ <sp:Header Name="Action"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
Added:
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml?rev=1781870&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
(added)
+++
axis/axis2/java/rampart/branches/RAMPART-402/modules/rampart-tests/test-resources/policy/rampart-asymm-signed-parts.xml
Mon Feb 6 10:28:16 2017
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="policy2"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ <sp:Header Name="To"
Namespace="http://schemas.xmlsoap.org/ws/2004/08/addressing"/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
