Author: asoldano Date: 2014-04-03 06:32:26 -0400 (Thu, 03 Apr 2014) New Revision: 18565 Modified: stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/SamlCallbackHandler.java stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/WSSecurityPolicyExamples23xTestCase.java Log: Fixing issues with SAML signatures in WS-SecurityPolicy Examples testcase Modified: stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/SamlCallbackHandler.java =================================================================== --- stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/SamlCallbackHandler.java 2014-04-03 10:31:38 UTC (rev 18564) +++ stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/SamlCallbackHandler.java 2014-04-03 10:32:26 UTC (rev 18565) @@ -13,6 +13,7 @@ import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.crypto.CryptoType; +import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.AttributeBean; import org.apache.wss4j.common.saml.bean.AttributeStatementBean; @@ -28,6 +29,8 @@ private String confirmationMethod = SAML2Constants.CONF_BEARER; private boolean saml2; + + private boolean signed; public SamlCallbackHandler() { @@ -88,9 +91,21 @@ attributeBean.setSimpleName("subject-role"); attributeBean.setQualifiedName("http://custom-ns"); } - attributeBean.setAttributeValues(Collections.singletonList((Object)"system-user")); //TODO verify + + attributeBean.addAttributeValue("system-user"); attrBean.setSamlAttributes(Collections.singletonList(attributeBean)); callback.setAttributeStatementData(Collections.singletonList(attrBean)); + + try { + String file = "META-INF/alice.properties"; + Crypto crypto = CryptoFactory.getInstance(file); + callback.setIssuerCrypto(crypto); + callback.setIssuerKeyName("alice"); + callback.setIssuerKeyPassword("password"); + callback.setSignAssertion(signed); + } catch (WSSecurityException e) { + throw new IOException(e); + } } } } @@ -119,4 +134,13 @@ return keyInfo; } + public boolean isSigned() + { + return signed; + } + + public void setSigned(boolean signed) + { + this.signed = signed; + } } Modified: stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/WSSecurityPolicyExamples23xTestCase.java =================================================================== --- stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/WSSecurityPolicyExamples23xTestCase.java 2014-04-03 10:31:38 UTC (rev 18564) +++ stack/cxf/branches/asoldano/modules/testsuite/cxf-tests/src/test/java/org/jboss/test/ws/jaxws/samples/wsse/policy/oasis/WSSecurityPolicyExamples23xTestCase.java 2014-04-03 10:32:26 UTC (rev 18565) @@ -130,11 +130,11 @@ Map<String, Object> reqCtx = ((BindingProvider) proxy).getRequestContext(); SamlCallbackHandler cbh = new SamlCallbackHandler(); cbh.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"); + cbh.setSigned(true); reqCtx.put(SecurityConstants.SAML_CALLBACK_HANDLER, cbh); reqCtx.put(SecurityConstants.SIGNATURE_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource("META-INF/alice.properties")); reqCtx.put(SecurityConstants.SIGNATURE_USERNAME, "alice"); reqCtx.put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); - reqCtx.put(SecurityConstants.SELF_SIGN_SAML_ASSERTION, "true"); assertTrue(proxy.sayHello().equals("Hello - (WSS1.0) SAML1.1 Assertion (HK) over SSL")); } @@ -175,13 +175,13 @@ Map<String, Object> reqCtx = ((BindingProvider) proxy).getRequestContext(); SamlCallbackHandler cbh = new SamlCallbackHandler(); cbh.setConfirmationMethod("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"); + cbh.setSigned(true); reqCtx.put(SecurityConstants.SAML_CALLBACK_HANDLER, cbh); reqCtx.put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); reqCtx.put(SecurityConstants.SIGNATURE_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource("META-INF/alice.properties")); reqCtx.put(SecurityConstants.ENCRYPT_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource("META-INF/alice.properties")); reqCtx.put(SecurityConstants.SIGNATURE_USERNAME, "alice"); reqCtx.put(SecurityConstants.ENCRYPT_USERNAME, "bob"); - reqCtx.put(SecurityConstants.SELF_SIGN_SAML_ASSERTION, "true"); try { assertTrue(proxy.sayHello().equals("Hello - (WSS1.0) SAML1.1 Holder of Key, Sign, Optional Encrypt")); } catch (Exception e) { @@ -240,11 +240,11 @@ SamlCallbackHandler cbh = new SamlCallbackHandler(); cbh.setConfirmationMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"); cbh.setSaml2(true); + cbh.setSigned(true); reqCtx.put(SecurityConstants.SAML_CALLBACK_HANDLER, cbh); reqCtx.put(SecurityConstants.SIGNATURE_PROPERTIES, Thread.currentThread().getContextClassLoader().getResource("META-INF/alice.properties")); reqCtx.put(SecurityConstants.SIGNATURE_USERNAME, "alice"); reqCtx.put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback()); - reqCtx.put(SecurityConstants.SELF_SIGN_SAML_ASSERTION, "true"); assertTrue(proxy.sayHello().equals("Hello - (WSS1.1) SAML2.0 HoK over SSL")); }