This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/wss4j-saml-refactor in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 245c8a3a1c16cf9be3d139f27b87c8b362619121 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Thu Jul 3 09:10:58 2025 +0100 Fixing advanced STS systests --- .../org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java | 4 ++-- .../org/apache/cxf/systest/sts/claims/ClaimsValidator.java | 4 ++-- .../cxf/systest/sts/cross_domain/CrossDomainValidator.java | 4 ++-- .../org/apache/cxf/systest/sts/custom/CustomParameterTest.java | 6 +++--- .../org/apache/cxf/systest/sts/custom/CustomUTValidator.java | 9 ++++++++- .../systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java | 2 +- .../systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java | 10 +++++++++- .../sts/distributed_caching/CustomUsernameTokenProvider.java | 2 +- .../apache/cxf/systest/sts/realms/DifferentRealmValidator.java | 2 +- .../apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java | 6 +++--- .../org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java | 2 ++ .../test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java | 4 +++- 12 files changed, 37 insertions(+), 18 deletions(-) diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java index 2cccf76e2b..bf7fac841d 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/batch/SimpleBatchSTSClient.java @@ -101,8 +101,8 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.token.Reference; import org.apache.wss4j.common.util.DateUtil; import org.apache.wss4j.common.util.XMLUtils; -import org.apache.wss4j.dom.WSDocInfo; -import org.apache.wss4j.dom.engine.WSSConfig; +import org.apache.wss4j.common.dom.WSDocInfo; +import org.apache.wss4j.common.dom.engine.WSSConfig; import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.dom.processor.EncryptedKeyProcessor; diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java index e85b85f655..e09c5fa238 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsValidator.java @@ -27,7 +27,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.common.dom.validate.Credential; -import org.apache.wss4j.dom.validate.SamlAssertionValidator; +import org.apache.wss4j.common.saml.validate.SamlAssertionValidator; import org.opensaml.core.xml.XMLObject; /** @@ -41,7 +41,7 @@ public class ClaimsValidator extends SamlAssertionValidator { @Override public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); - SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion(); + SamlAssertionWrapper assertion = (SamlAssertionWrapper)validatedCredential.getSamlAssertion(); boolean valid = false; if (assertion.getSaml1() != null) { diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainValidator.java index 7a569ba61e..e5219df5f7 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/cross_domain/CrossDomainValidator.java @@ -22,7 +22,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.common.dom.validate.Credential; -import org.apache.wss4j.dom.validate.SamlAssertionValidator; +import org.apache.wss4j.common.saml.validate.SamlAssertionValidator; /** * This class validates a SAML Assertion by checking the issuer name. @@ -32,7 +32,7 @@ public class CrossDomainValidator extends SamlAssertionValidator { public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); - SamlAssertionWrapper token = validatedCredential.getSamlAssertion(); + SamlAssertionWrapper token = (SamlAssertionWrapper)validatedCredential.getSamlAssertion(); if (token == null || token.getSaml2() == null || !"b-issuer".equals(token.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java index 45458ac3bd..b7ea12faf6 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java @@ -48,11 +48,11 @@ import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.util.DOM2Writer; -import org.apache.wss4j.dom.WSDocInfo; +import org.apache.wss4j.common.dom.WSDocInfo; import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.common.dom.RequestData; -import org.apache.wss4j.dom.processor.Processor; -import org.apache.wss4j.dom.processor.SAMLTokenProcessor; +import org.apache.wss4j.common.dom.processor.Processor; +import org.apache.wss4j.common.saml.processor.SAMLTokenProcessor; import org.example.contract.doubleit.DoubleItPortType; import org.junit.BeforeClass; diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java index 50f167f28b..34c4d579de 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomUTValidator.java @@ -24,6 +24,7 @@ import org.w3c.dom.Element; import jakarta.xml.soap.SOAPException; import jakarta.xml.soap.SOAPMessage; +import javax.xml.namespace.QName; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJUtils; @@ -32,7 +33,7 @@ import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.common.dom.validate.Credential; import org.apache.wss4j.dom.validate.UsernameTokenValidator; -import org.apache.wss4j.dom.validate.Validator; +import org.apache.wss4j.common.dom.validate.Validator; /** * A Validator that checks for a custom "realm" parameter in the RST request and only allows @@ -73,4 +74,10 @@ public class CustomUTValidator implements Validator { SAAJInInterceptor.INSTANCE.handleMessage(msg); return msg.getContent(SOAPMessage.class); } + + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } } diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java index 9b998278ac..313be4c8d1 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/CustomBSTTokenValidator.java @@ -33,7 +33,7 @@ public class CustomBSTTokenValidator extends STSTokenValidator { public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); - SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken(); + SamlAssertionWrapper transformedToken = (SamlAssertionWrapper)validatedCredential.getTransformedToken(); if (transformedToken == null || transformedToken.getSaml2() == null || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java index 324fe5a6ad..2dbf73823d 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom_onbehalfof/LocalBSTTokenValidator.java @@ -18,11 +18,13 @@ */ package org.apache.cxf.systest.sts.custom_onbehalfof; +import javax.xml.namespace.QName; + import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.principal.CustomTokenPrincipal; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.common.dom.validate.Credential; -import org.apache.wss4j.dom.validate.Validator; +import org.apache.wss4j.common.dom.validate.Validator; /** * This class just mocks a local validation of a custom BinarySecurityToken @@ -35,4 +37,10 @@ public class LocalBSTTokenValidator implements Validator { return validatedCredential; } + @Override + public QName[] getSupportedQNames() { + // TODO Auto-generated method stub + throw new UnsupportedOperationException("Unimplemented method 'getSupportedQNames'"); + } + } diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java index b9a555a567..6a0a10d465 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/distributed_caching/CustomUsernameTokenProvider.java @@ -28,7 +28,7 @@ import org.apache.cxf.sts.token.provider.TokenProviderResponse; import org.apache.cxf.ws.security.sts.provider.STSException; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.wss4j.common.WSS4JConstants; -import org.apache.wss4j.dom.message.token.UsernameToken; +import org.apache.wss4j.common.dom.message.token.UsernameToken; /** * A TokenProvider implementation that creates a UsernameToken. diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java index 2d7b82774f..aa270cb044 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/realms/DifferentRealmValidator.java @@ -35,7 +35,7 @@ public class DifferentRealmValidator extends STSTokenValidator { public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); - SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken(); + SamlAssertionWrapper transformedToken = (SamlAssertionWrapper)validatedCredential.getTransformedToken(); if (transformedToken == null || transformedToken.getSaml2() == null || !"B-Issuer".equals(transformedToken.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java index 2f4e0dff37..18c14106e0 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SCTTokenValidator.java @@ -23,7 +23,7 @@ import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.dom.RequestData; -import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor; +import org.apache.wss4j.common.saml.message.WSSSAMLKeyInfoProcessor; import org.apache.wss4j.common.dom.validate.Credential; /** @@ -35,14 +35,14 @@ public class SCTTokenValidator extends STSTokenValidator { public Credential validate(Credential credential, RequestData data) throws WSSecurityException { Credential validatedCredential = super.validate(credential, data); - SamlAssertionWrapper transformedToken = validatedCredential.getTransformedToken(); + SamlAssertionWrapper transformedToken = (SamlAssertionWrapper)validatedCredential.getTransformedToken(); if (transformedToken == null || transformedToken.getSaml2() == null || !"DoubleItSTSIssuer".equals(transformedToken.getIssuerString())) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE); } transformedToken.parseSubject( - new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto() + new WSSSAMLKeyInfoProcessor(), data, data.getSigVerCrypto() ); SAMLKeyInfo keyInfo = transformedToken.getSubjectKeyInfo(); byte[] secret = keyInfo.getSecret(); diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java index 24b94c298a..57668eff8f 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java @@ -63,6 +63,7 @@ import org.apache.wss4j.common.saml.OpenSAMLUtil; import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.dom.WSDocInfo; +import org.apache.wss4j.common.dom.engine.WSSConfig; import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.common.dom.processor.Processor; @@ -586,6 +587,7 @@ public class IssueUnitTest extends AbstractBusClientServerTestBase { private List<WSSecurityEngineResult> processToken(SecurityToken token) throws Exception { RequestData requestData = new RequestData(); requestData.setDisableBSPEnforcement(true); + requestData.setWssConfig(WSSConfig.getNewInstance()); CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler(); requestData.setCallbackHandler(callbackHandler); Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties"); diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java index 18c8883d7a..773f7f6df3 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java @@ -58,6 +58,7 @@ import org.apache.wss4j.common.saml.OpenSAMLUtil; import org.apache.wss4j.common.saml.SAMLKeyInfo; import org.apache.wss4j.common.saml.SamlAssertionWrapper; import org.apache.wss4j.common.dom.WSDocInfo; +import org.apache.wss4j.common.dom.engine.WSSConfig; import org.apache.wss4j.common.dom.engine.WSSecurityEngineResult; import org.apache.wss4j.common.dom.RequestData; import org.apache.wss4j.common.saml.processor.SAMLTokenProcessor; @@ -825,10 +826,11 @@ public class STSRESTTest extends AbstractBusClientServerTestBase { private static List<WSSecurityEngineResult> processToken(Element assertionElement) throws Exception { RequestData requestData = new RequestData(); + requestData.setWssConfig(WSSConfig.getNewInstance()); // requestData.setDisableBSPEnforcement(true); requestData.setCallbackHandler(new org.apache.cxf.systest.sts.common.CommonCallbackHandler()); requestData.setDecCrypto(serviceCrypto); -// requestData.setSigVerCrypto(serviceCrypto); + requestData.setSigVerCrypto(serviceCrypto); requestData.setWsDocInfo(new WSDocInfo(assertionElement.getOwnerDocument())); return new SAMLTokenProcessor().handleToken(assertionElement, requestData);
