That change causes a builds failure (see the mails from Jenkins). Can you please fix that?
Andreas On Sun, Jan 8, 2012 at 16:34, <[email protected]> wrote: > Author: amilaj > Date: Sun Jan 8 15:34:56 2012 > New Revision: 1228870 > > URL: http://svn.apache.org/viewvc?rev=1228870&view=rev > Log: > Fixing issue RAMPART-269. Also added an integration test case > > Added: > > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/34.xml > > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-34.xml > Modified: > > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java > > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties > axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml > > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java > > Modified: > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java > URL: > http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java?rev=1228870&r1=1228869&r2=1228870&view=diff > ============================================================================== > --- > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java > (original) > +++ > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java > Sun Jan 8 15:34:56 2012 > @@ -311,6 +311,16 @@ public class RampartEngine { > } > } else if (WSConstants.SIGN == actInt.intValue()) { > X509Certificate cert = (X509Certificate) > wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE); > + > + if (rpd.isAsymmetricBinding() && cert == null && > rpd.getInitiatorToken() != null > + && !rpd.getInitiatorToken().isDerivedKeys()) { > + > + // If symmetric binding is used, the certificate should > be null. > + // If certificate is not null then probably initiator and > + // recipient are using 2 different bindings. > + throw new RampartException("invalidSignatureAlgo"); > + } > + > msgCtx.setProperty(RampartMessageData.X509_CERT, cert); > } > > > Modified: > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties > URL: > http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties?rev=1228870&r1=1228869&r2=1228870&view=diff > ============================================================================== > --- > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties > (original) > +++ > axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties > Sun Jan 8 15:34:56 2012 > @@ -99,4 +99,5 @@ invalidTransport = Expected transport is > requiredElementsMissing = Required Elements not found in the incoming > message : {0} > repeatingNonceValue = Nonce value : {0}, already seen before for user name : > {1}. Possibly this could be a replay attack. > invalidNonceLifeTime = Invalid value for nonceLifeTime in rampart > configuration file. > -invalidIssuerAddress = Invalid value for Issuer > \ No newline at end of file > +invalidIssuerAddress = Invalid value for Issuer > +invalidSignatureAlgo=Invalid signature algorithm for Asymmetric binding > \ No newline at end of file > > Modified: axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml > URL: > http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml?rev=1228870&r1=1228869&r2=1228870&view=diff > ============================================================================== > --- axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml > (original) > +++ axis/axis2/java/rampart/trunk/modules/rampart-integration/pom.xml Sun Jan > 8 15:34:56 2012 > @@ -273,6 +273,11 @@ > <copy overwrite="yes" > file="src/test/resources/rampart/services-33.xml" > tofile="target/temp-ramp/META-INF/services.xml" /> > <jar > jarfile="target/test-resources/rampart_service_repo/services/SecureService33.aar" > basedir="target/temp-ramp" /> > > + <!-- Service 34 --> > + <copy overwrite="yes" > file="src/test/resources/rampart/services-34.xml" > tofile="target/temp-ramp/META-INF/services.xml" /> > + <jar > jarfile="target/test-resources/rampart_service_repo/services/SecureService34.aar" > basedir="target/temp-ramp" /> > + > + > <!-- Service SC-1 --> > <copy overwrite="yes" > file="src/test/resources/rampart/issuer.properties" > tofile="target/temp-ramp/issuer.properties" /> > <copy overwrite="yes" > file="src/test/resources/rampart/services-sc-1.xml" > tofile="target/temp-ramp/META-INF/services.xml" /> > > Modified: > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java > URL: > http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java?rev=1228870&r1=1228869&r2=1228870&view=diff > ============================================================================== > --- > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java > (original) > +++ > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java > Sun Jan 8 15:34:56 2012 > @@ -36,11 +36,24 @@ import org.apache.axis2.integration.Util > import org.apache.neethi.Policy; > import org.apache.neethi.PolicyEngine; > > +import java.util.MissingResourceException; > +import java.util.ResourceBundle; > + > > public class RampartTest extends TestCase { > > public final static int PORT = UtilServer.TESTING_PORT; > > + private static ResourceBundle resources; > + > + static { > + try { > + resources = > ResourceBundle.getBundle("org.apache.rampart.errors"); > + } catch (MissingResourceException e) { > + throw new RuntimeException(e.getMessage()); > + } > + } > + > public RampartTest(String name) { > super(name); > } > @@ -83,7 +96,7 @@ public class RampartTest extends TestCas > "Unlimited Strength Jurisdiction Policy !!!"); > } > > - for (int i = 1; i <= 33; i++) { //<-The number of tests we have > + for (int i = 1; i <= 34; i++) { //<-The number of tests we have > if(!basic256Supported && (i == 3 || i == 4 || i == 5)) { > //Skip the Basic256 tests > continue; > @@ -122,18 +135,32 @@ public class RampartTest extends TestCas > serviceClient.addHeader(header); > } > > - // Invoking the serive in the TestCase-28 should fail. So > handling it differently.. > - if (i == 28) { > + // Invoking the service in the TestCase-28 should fail. So > handling it differently.. > + if (i == 28 || i == 34) { > try { > + > //Blocking invocation > serviceClient.sendReceive(getOMElement()); > - fail("Service Should throw an error.."); > + > + String message = ""; > + > + if (i == 34) { > + message = "Test case 34 should fail. We are > running the service in symmetric binding mode " + > + "and client in asymmetric binding > mode. Therefore test case 34 should fail."; > + } > + > + fail("Service Should throw an error - " + message); > > } catch (AxisFault axisFault) { > - assertEquals("Expected encrypted part missing", > axisFault.getMessage()); > + > + if (i == 28) { > + > assertEquals(resources.getString("encryptionMissing"), > axisFault.getMessage()); > + } else if (i == 34) { > + > assertEquals(resources.getString("invalidSignatureAlgo"), > axisFault.getMessage()); > + } > + > } > } > - > else{ > //Blocking invocation > serviceClient.sendReceive(getEchoElement()); > > Added: > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/34.xml > URL: > http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/34.xml?rev=1228870&view=auto > ============================================================================== > --- > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/34.xml > (added) > +++ > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/policy/34.xml > Sun Jan 8 15:34:56 2012 > @@ -0,0 +1,102 @@ > +<?xml version="1.0" encoding="UTF-8"?> > +<!-- > + ! > + ! Copyright 2006 The Apache Software Foundation. > + ! > + ! Licensed under the Apache License, Version 2.0 (the "License"); > + ! you may not use this file except in compliance with the License. > + ! You may obtain a copy of the License at > + ! > + ! http://www.apache.org/licenses/LICENSE-2.0 > + ! > + ! Unless required by applicable law or agreed to in writing, software > + ! distributed under the License is distributed on an "AS IS" BASIS, > + ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > + ! See the License for the specific language governing permissions and > + ! limitations under the License. > + !--> > + > +<wsp:Policy wsu:Id="SigEncr" > + > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > + xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > + xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <wsp:ExactlyOne> > + <wsp:All> > + <sp:SymmetricBinding> > + <wsp:Policy> > + <sp:ProtectionToken> > + <wsp:Policy> > + <sp:X509Token > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > + <wsp:Policy> > + > <sp:RequireThumbprintReference/> > + > <sp:WssX509V3Token10/> > + </wsp:Policy> > + </sp:X509Token> > + </wsp:Policy> > + </sp:ProtectionToken> > + <sp:AlgorithmSuite> > + <wsp:Policy> > + <sp:Basic256/> > + </wsp:Policy> > + </sp:AlgorithmSuite> > + <sp:Layout> > + <wsp:Policy> > + <sp:Lax/> > + </wsp:Policy> > + </sp:Layout> > + <sp:IncludeTimestamp/> > + <sp:OnlySignEntireHeadersAndBody/> > + </wsp:Policy> > + </sp:SymmetricBinding> > + <sp:Wss10 > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <wsp:Policy> > + <sp:MustSupportRefKeyIdentifier/> > + <sp:MustSupportRefIssuerSerial/> > + </wsp:Policy> > + </sp:Wss10> > + <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <sp:Body/> > + </sp:SignedParts> > + <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <sp:Body/> > + </sp:EncryptedParts> > + > + <ramp:RampartConfig > xmlns:ramp="http://ws.apache.org/rampart/policy";> > + <ramp:user>alice</ramp:user> > + <ramp:encryptionUser>bob</ramp:encryptionUser> > + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback > + </ramp:passwordCallbackClass> > + > + <ramp:signatureCrypto> > + <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > + </ramp:property> > + <ramp:property > name="org.apache.ws.security.crypto.merlin.file"> > + rampart/store.jks > + </ramp:property> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.password"> > + password > + </ramp:property> > + </ramp:crypto> > + </ramp:signatureCrypto> > + <ramp:encryptionCypto> > + <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > + </ramp:property> > + <ramp:property > name="org.apache.ws.security.crypto.merlin.file"> > + rampart/store.jks > + </ramp:property> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.password"> > + password > + </ramp:property> > + </ramp:crypto> > + </ramp:encryptionCypto> > + </ramp:RampartConfig> > + > + </wsp:All> > + </wsp:ExactlyOne> > +</wsp:Policy> > \ No newline at end of file > > Added: > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-34.xml > URL: > http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-34.xml?rev=1228870&view=auto > ============================================================================== > --- > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-34.xml > (added) > +++ > axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/resources/rampart/services-34.xml > Sun Jan 8 15:34:56 2012 > @@ -0,0 +1,113 @@ > +<service name="SecureService34"> > + > + <module ref="addressing"/> > + <module ref="rampart"/> > + > + <parameter locked="false" > name="ServiceClass">org.apache.rampart.Service</parameter> > + > + <operation name="echo"> > + <messageReceiver > class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> > + <actionMapping>urn:echo</actionMapping> > + </operation> > + > + <operation name="returnError"> > + <messageReceiver > class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> > + <actionMapping>urn:returnError</actionMapping> > + </operation> > + > + <wsp:Policy wsu:Id="SigEncr" > + > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > + xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > + <wsp:ExactlyOne> > + <wsp:All> > + <sp:AsymmetricBinding > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <wsp:Policy> > + <sp:InitiatorToken> > + <wsp:Policy> > + <sp:X509Token > + > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> > + <wsp:Policy> > + <sp:RequireThumbprintReference/> > + <sp:WssX509V3Token10/> > + </wsp:Policy> > + </sp:X509Token> > + </wsp:Policy> > + </sp:InitiatorToken> > + <sp:RecipientToken> > + <wsp:Policy> > + <sp:X509Token > + > sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> > + <wsp:Policy> > + <sp:RequireThumbprintReference/> > + <sp:WssX509V3Token10/> > + </wsp:Policy> > + </sp:X509Token> > + </wsp:Policy> > + </sp:RecipientToken> > + <sp:AlgorithmSuite> > + <wsp:Policy> > + <sp:TripleDesRsa15/> > + </wsp:Policy> > + </sp:AlgorithmSuite> > + <sp:Layout> > + <wsp:Policy> > + <sp:Strict/> > + </wsp:Policy> > + </sp:Layout> > + <sp:IncludeTimestamp/> > + <sp:OnlySignEntireHeadersAndBody/> > + </wsp:Policy> > + </sp:AsymmetricBinding> > + <sp:Wss10 > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <wsp:Policy> > + <sp:MustSupportRefKeyIdentifier/> > + <sp:MustSupportRefIssuerSerial/> > + </wsp:Policy> > + </sp:Wss10> > + <sp:SignedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <sp:Body/> > + </sp:SignedParts> > + <sp:EncryptedParts > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > + <sp:Body/> > + </sp:EncryptedParts> > + > + <ramp:RampartConfig > xmlns:ramp="http://ws.apache.org/rampart/policy";> > + <ramp:user>alice</ramp:user> > + <ramp:encryptionUser>bob</ramp:encryptionUser> > + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback > + </ramp:passwordCallbackClass> > + > + <ramp:signatureCrypto> > + <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > + </ramp:property> > + <ramp:property > name="org.apache.ws.security.crypto.merlin.file"> > + rampart/store.jks > + </ramp:property> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.password"> > + password > + </ramp:property> > + </ramp:crypto> > + </ramp:signatureCrypto> > + <ramp:encryptionCypto> > + <ramp:crypto > provider="org.apache.ws.security.components.crypto.Merlin"> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.type">JKS > + </ramp:property> > + <ramp:property > name="org.apache.ws.security.crypto.merlin.file"> > + rampart/store.jks > + </ramp:property> > + <ramp:property > + > name="org.apache.ws.security.crypto.merlin.keystore.password"> > + password > + </ramp:property> > + </ramp:crypto> > + </ramp:encryptionCypto> > + </ramp:RampartConfig> > + </wsp:All> > + </wsp:ExactlyOne> > + </wsp:Policy> > + > +</service> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
