Re-enabling SAML tests in ws-security
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7aa3f2da Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7aa3f2da Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7aa3f2da Branch: refs/heads/2.6.x-fixes Commit: 7aa3f2da2b6bb50e1a252cccfc72bd1b305c9c2e Parents: 7b5c17f Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Jun 15 18:20:14 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Jun 15 18:20:14 2017 +0100 ---------------------------------------------------------------------- .../cxf/systest/ws/saml/SamlTokenTest.java | 174 +++++++++---------- .../cxf/systest/ws/saml/client/client.xml | 1 + 2 files changed, 87 insertions(+), 88 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7aa3f2da/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java index 8f67f48..b7f8674 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java @@ -36,7 +36,6 @@ import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER; import org.apache.ws.security.saml.ext.builder.SAML2Constants; import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; -import org.junit.Ignore; /** * A set of tests for SAML Tokens. @@ -44,7 +43,7 @@ import org.junit.Ignore; public class SamlTokenTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(Server.class); static final String PORT2 = allocatePort(Server.class, 2); - + private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";; private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); @@ -57,7 +56,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { launchServer(Server.class, true) ); } - + @org.junit.AfterClass public static void cleanup() throws Exception { SecurityTestUtil.cleanup(); @@ -77,17 +76,17 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort"); - DoubleItPortType saml1Port = + DoubleItPortType saml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml1Port, PORT2); - + try { saml1Port.doubleIt(25); fail("Expected failure on an invocation with no SAML Assertion"); } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().contains("No SAML CallbackHandler available")); } - + ((BindingProvider)saml1Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); @@ -103,16 +102,16 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { ); int result = saml1Port.doubleIt(25); assertTrue(result == 50); - + // Don't send any Token...failure expected portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort2"); saml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml1Port, PORT2); - + ((BindingProvider)saml1Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); - + try { saml1Port.doubleIt(25); fail("Failure expected on no token"); @@ -120,11 +119,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { String error = "The received token does not match the token inclusion requirement"; assertTrue(ex.getMessage().contains(error)); } - + ((java.io.Closeable)saml1Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml1Supporting() throws Exception { @@ -138,21 +137,21 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SupportingPort"); - DoubleItPortType saml1Port = + DoubleItPortType saml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml1Port, PORT2); - + ((BindingProvider)saml1Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); - + int result = saml1Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml1Port).close(); bus.shutdown(true); } - + // Self-signing (see CXF-5248) @org.junit.Test public void testSaml1SupportingSelfSigned() throws Exception { @@ -167,14 +166,14 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SupportingPort"); - DoubleItPortType saml1Port = + DoubleItPortType saml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml1Port, PORT2); - + ((BindingProvider)saml1Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); - + ((BindingProvider)saml1Port).getRequestContext().put( SecurityConstants.SELF_SIGN_SAML_ASSERTION, true ); @@ -182,21 +181,21 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { SecurityConstants.SIGNATURE_USERNAME, "alice" ); ((BindingProvider)saml1Port).getRequestContext().put( - SecurityConstants.SIGNATURE_PROPERTIES, + SecurityConstants.SIGNATURE_PROPERTIES, "org/apache/cxf/systest/ws/wssec10/client/alice.properties" ); ((BindingProvider)saml1Port).getRequestContext().put( - SecurityConstants.CALLBACK_HANDLER, + SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback" ); - + int result = saml1Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml1Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml2OverSymmetric() throws Exception { @@ -210,17 +209,17 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); - + try { saml2Port.doubleIt(25); fail("Expected failure on an invocation with no SAML Assertion"); } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().contains("No SAML CallbackHandler available")); } - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); @@ -230,15 +229,15 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().contains("Wrong SAML Version")); } - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + try { - SamlCallbackHandler callbackHandler = + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); ((BindingProvider)saml2Port).getRequestContext().put( @@ -249,11 +248,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { } catch (javax.xml.ws.soap.SOAPFaultException ex) { // assertTrue(ex.getMessage().contains("SAML token security failure")); } - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + /** * Some negative tests. Send a sender-vouches assertion as a SupportingToken...this will * fail as the provider will demand that there is a signature covering both the assertion @@ -272,21 +271,21 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSupportingPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); - + try { saml2Port.doubleIt(25); fail("Expected failure on an invocation with an unsigned SAML SV Assertion"); } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().contains("Assertion fails sender-vouches requirements")); } - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } @@ -304,7 +303,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); @@ -314,7 +313,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().contains("No SAML CallbackHandler available")); } - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); @@ -324,22 +323,22 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { } catch (javax.xml.ws.soap.SOAPFaultException ex) { assertTrue(ex.getMessage().contains("Wrong SAML Version")); } - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + // Don't send any Token...failure expected portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort2"); saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); - + try { saml2Port.doubleIt(25); fail("Failure expected on no token"); @@ -347,11 +346,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { String error = "The received token does not match the token inclusion requirement"; assertTrue(ex.getMessage().contains(error)); } - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml1SelfSignedOverTransport() throws Exception { @@ -365,20 +364,20 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort"); - DoubleItPortType saml1Port = + DoubleItPortType saml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml1Port, PORT2); - + ((BindingProvider)saml1Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); int result = saml1Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml1Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml1SelfSignedOverTransportSP11() throws Exception { @@ -392,20 +391,20 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port"); - DoubleItPortType saml1Port = + DoubleItPortType saml1Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml1Port, PORT2); - + ((BindingProvider)saml1Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler(false) ); int result = saml1Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml1Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testAsymmetricSamlInitiator() throws Exception { @@ -419,10 +418,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSamlInitiatorPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); - + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); ((BindingProvider)saml2Port).getRequestContext().put( @@ -430,11 +429,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { ); int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml2OverSymmetricSignedElements() throws Exception { @@ -448,20 +447,20 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSignedElementsPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml2EndorsingOverTransport() throws Exception { @@ -475,10 +474,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT2); - + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); ((BindingProvider)saml2Port).getRequestContext().put( @@ -487,11 +486,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml2EndorsingPKOverTransport() throws Exception { @@ -505,10 +504,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT2); - + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); callbackHandler.setKeyInfoIdentifier(CERT_IDENTIFIER.KEY_VALUE); @@ -518,11 +517,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testSaml2EndorsingOverTransportSP11() throws Exception { @@ -536,10 +535,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT2); - + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); ((BindingProvider)saml2Port).getRequestContext().put( @@ -548,7 +547,7 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } @@ -566,21 +565,20 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); - + ((BindingProvider)saml2Port).getRequestContext().put( "ws-security.saml-callback-handler", new SamlCallbackHandler() ); int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - @Ignore("invalid") @org.junit.Test public void testSaml2OverAsymmetricEncrypted() throws Exception { @@ -594,10 +592,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricEncryptedPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT); - + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); ((BindingProvider)saml2Port).getRequestContext().put( @@ -605,12 +603,12 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { ); int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - - + + @org.junit.Test public void testSaml2EndorsingEncryptedOverTransport() throws Exception { @@ -624,10 +622,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT2); - + SamlCallbackHandler callbackHandler = new SamlCallbackHandler(); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY); ((BindingProvider)saml2Port).getRequestContext().put( @@ -636,11 +634,11 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { int result = saml2Port.doubleIt(25); assertTrue(result == 50); - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - + @org.junit.Test public void testNoSamlToken() throws Exception { @@ -654,10 +652,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort"); - DoubleItPortType saml2Port = + DoubleItPortType saml2Port = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(saml2Port, PORT2); - + try { saml2Port.doubleIt(25); fail("Failure expected on no SamlToken"); @@ -665,10 +663,10 @@ public class SamlTokenTest extends AbstractBusClientServerTestBase { String error = "The received token does not match the token inclusion requirement"; assertTrue(ex.getMessage().contains(error)); } - + ((java.io.Closeable)saml2Port).close(); bus.shutdown(true); } - - + + } http://git-wip-us.apache.org/repos/asf/cxf/blob/7aa3f2da/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml index 9dc839f..ba5f93b 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client/client.xml @@ -212,6 +212,7 @@ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> <entry key="ws-security.signature.username" value="alice"/> + <entry key="ws-security.self-sign-saml-assertion" value="true"/> </jaxws:properties> </jaxws:client>
