CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario Thanks to Hugo Trippaers for the patch. Some modifications made to the patch as outlined in the JIRA. This closes #176
# Conflicts: # rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java # rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java # rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/50100ff7 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/50100ff7 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/50100ff7 Branch: refs/heads/3.1.x-fixes Commit: 50100ff72df3a29f21c09405a4262974165fa6d5 Parents: 27ae997 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Mar 28 17:29:22 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Mar 28 17:32:05 2017 +0100 ---------------------------------------------------------------------- .../rs/security/xml/EncryptionProperties.java | 15 +++++++ .../rs/security/xml/SignatureProperties.java | 15 +++++++ .../rs/security/xml/XmlSecOutInterceptor.java | 13 ++++++ .../jaxrs/security/xml/JAXRSXmlSecTest.java | 45 ++++++++++++++++++++ .../systest/jaxrs/security/xml/stax-server.xml | 16 +++++++ 5 files changed, 104 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/50100ff7/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java index 06d3e11..4a5ab1d 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java @@ -25,7 +25,12 @@ public class EncryptionProperties { private String encryptionSymmetricKeyAlgo; private String encryptionDigestAlgo; private String encryptionKeyIdType; +<<<<<<< HEAD +======= + private String encryptionKeyName; + +>>>>>>> b30d620... CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario public void setEncryptionKeyTransportAlgo(String encryptionKeyTransportAlgo) { this.encryptionKeyTransportAlgo = encryptionKeyTransportAlgo; } @@ -50,5 +55,15 @@ public class EncryptionProperties { public String getEncryptionKeyIdType() { return encryptionKeyIdType; } +<<<<<<< HEAD +======= + public String getEncryptionKeyName() { + return encryptionKeyName; + } + public void setEncryptionKeyName(String encryptionKeyName) { + this.encryptionKeyName = encryptionKeyName; + } + +>>>>>>> b30d620... CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario } http://git-wip-us.apache.org/repos/asf/cxf/blob/50100ff7/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java index f8a7980..16aff78 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/SignatureProperties.java @@ -24,7 +24,12 @@ public class SignatureProperties { private String signatureC14nMethod; private String signatureC14nTransform; private String signatureKeyIdType; +<<<<<<< HEAD +======= + private String signatureKeyName; + +>>>>>>> b30d620... CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario public void setSignatureAlgo(String signatureAlgo) { this.signatureAlgo = signatureAlgo; } @@ -71,5 +76,15 @@ public class SignatureProperties { public void setSignatureKeyIdType(String signatureKeyIdType) { this.signatureKeyIdType = signatureKeyIdType; } +<<<<<<< HEAD +======= + public String getSignatureKeyName() { + return signatureKeyName; + } + public void setSignatureKeyName(String signatureKeyName) { + this.signatureKeyName = signatureKeyName; + } + +>>>>>>> b30d620... CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario } http://git-wip-us.apache.org/repos/asf/cxf/blob/50100ff7/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java index 1f5193d..b821eca 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java @@ -48,6 +48,7 @@ import org.apache.cxf.phase.Phase; import org.apache.cxf.rs.security.common.CryptoLoader; import org.apache.cxf.rs.security.common.RSSecurityUtils; import org.apache.cxf.rt.security.SecurityConstants; +import org.apache.cxf.rt.security.utils.SecurityUtils; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.ext.WSPasswordCallback; import org.apache.wss4j.common.ext.WSSecurityException; @@ -159,9 +160,14 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> { properties.setEncryptionKey(getSymmetricKey(symEncAlgo)); if (encryptSymmetricKey) { X509Certificate sendingCert = null; +<<<<<<< HEAD String userName = (String)org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue( SecurityConstants.ENCRYPT_USERNAME, message); +======= + String userName = + (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_USERNAME, message); +>>>>>>> b30d620... CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario if (RSSecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(userName) && !MessageUtils.isRequestor(message)) { sendingCert = @@ -193,7 +199,13 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> { properties.setEncryptionKeyIdentifier( convertKeyIdentifier(encryptionProperties.getEncryptionKeyIdType())); +<<<<<<< HEAD +======= + + properties.setEncryptionKeyName(encryptionProperties.getEncryptionKeyName()); + +>>>>>>> b30d620... CXF-7084 - Pass a value for the KeyName element from the XmlSecOutInterceptor to Santuario if (encryptionProperties.getEncryptionKeyTransportAlgo() != null) { properties.setEncryptionKeyTransportAlgorithm( encryptionProperties.getEncryptionKeyTransportAlgo()); @@ -313,6 +325,7 @@ public class XmlSecOutInterceptor extends AbstractPhaseInterceptor<Message> { if (this.keyInfoMustBeAvailable) { properties.setSignatureKeyIdentifier( convertKeyIdentifier(sigProps.getSignatureKeyIdType())); + properties.setSignatureKeyName(sigProps.getSignatureKeyName()); } else { properties.setSignatureKeyIdentifier(SecurityTokenConstants.KeyIdentifier_NoKeyInfo); } http://git-wip-us.apache.org/repos/asf/cxf/blob/50100ff7/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java index 7eff132..4bdf54f 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java @@ -35,6 +35,7 @@ import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.common.RSSecurityUtils; import org.apache.cxf.rs.security.xml.EncryptionProperties; +import org.apache.cxf.rs.security.xml.SignatureProperties; import org.apache.cxf.rs.security.xml.XmlEncInInterceptor; import org.apache.cxf.rs.security.xml.XmlEncOutInterceptor; import org.apache.cxf.rs.security.xml.XmlSecInInterceptor; @@ -396,6 +397,50 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase { } @Test + public void testPostBookWithEnvelopedSigKeyName() throws Exception { + // This test only applies to StAX - see CXF-7084 + if (!test.streaming || !STAX_PORT.equals(test.port)) { + return; + } + String address = "https://localhost:" + test.port + "/xmlsigkeyname/bookstore/books"; + + JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); + bean.setAddress(address); + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = JAXRSXmlSecTest.class.getResource("client.xml"); + Bus springBus = bf.createBus(busFile.toString()); + bean.setBus(springBus); + + Map<String, Object> properties = new HashMap<>(); + properties.put(SecurityConstants.CALLBACK_HANDLER, + "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"); + properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice"); + properties.put(SecurityConstants.SIGNATURE_PROPERTIES, + "org/apache/cxf/systest/jaxrs/security/alice.properties"); + bean.setProperties(properties); + XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor(); + sigOutInterceptor.setSignRequest(true); + sigOutInterceptor.setKeyInfoMustBeAvailable(true); + + SignatureProperties sigProps = new SignatureProperties(); + sigProps.setSignatureKeyName("alice"); + sigProps.setSignatureKeyIdType("KeyName"); + sigOutInterceptor.setSignatureProperties(sigProps); + + bean.getOutInterceptors().add(sigOutInterceptor); + + XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor(); + sigInInterceptor.setRequireSignature(true); + bean.setProvider(sigInInterceptor); + + WebClient wc = bean.createWebClient(); + WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L); + Book book = wc.post(new Book("CXF", 126L), Book.class); + assertEquals(126L, book.getId()); + } + + @Test public void testPostEncryptedBook() throws Exception { String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books"; Map<String, Object> properties = new HashMap<>(); http://git-wip-us.apache.org/repos/asf/cxf/blob/50100ff7/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml index 2281c60..68816c0 100644 --- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml @@ -148,6 +148,22 @@ under the License. </jaxrs:properties> </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigkeyname"> + <jaxrs:serviceBeans> + <ref bean="serviceBean"/> + </jaxrs:serviceBeans> + <jaxrs:inInterceptors> + <ref bean="xmlSigInHandler"/> + </jaxrs:inInterceptors> + <jaxrs:outInterceptors> + <ref bean="xmlSigOutHandler"/> + </jaxrs:outInterceptors> + <jaxrs:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/> + <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/alice.properties"/> + </jaxrs:properties> + </jaxrs:server> + <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints"> <jaxrs:serviceBeans> <ref bean="serviceBean"/>