Skip to content
Permalink
Browse files
Applying the patch provided by AmilaJ for RAMPART-299.
  • Loading branch information
Thilina Mahesh Buddhika committed Feb 23, 2011
1 parent 2bb20a9 commit 36e35034c7a445befa6d6c2279c9445584b19271
Show file tree
Hide file tree
Showing 9 changed files with 204 additions and 71 deletions.
@@ -26,6 +26,7 @@
import org.apache.axis2.description.AxisService;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.wsdl.WSDLConstants;
import org.apache.neethi.Assertion;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.neethi.PolicyComponent;
@@ -40,6 +41,8 @@
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.SP11Constants;
import org.apache.ws.secpolicy.SP12Constants;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
@@ -56,10 +59,7 @@
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;

import java.util.Date;
import java.util.List;
import java.util.Vector;
import java.util.ArrayList;
import java.util.*;

public class RampartMessageData {

@@ -135,9 +135,9 @@ public class RampartMessageData {
* RahasConstants.VERSION_05_12
*/

private int wstVersion = RahasConstants.VERSION_05_02;
private int wstVersion = RahasConstants.VERSION_05_12;

private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
private int secConvVersion = ConversationConstants.VERSION_05_12;

/*
* IssuedTokens or SecurityContextTokens can be used
@@ -166,16 +166,6 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE
this.msgContext = msgCtx;

try {

//Extract known properties from the msgCtx

if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
}

if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
}

// First obtain the axis service as we have to do a null check, there can be situations
// where Axis Service is null
@@ -193,12 +183,12 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE
msgCtx.getAxisService().addParameter(clientSideParam);
}
}

if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
}


// Checking which flow we are in
int flow = msgCtx.getFLOW();

@@ -262,8 +252,11 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE

//Process policy and build policy data
this.policyData = RampartPolicyBuilder.build(it);

//Set the version
setWSSecurityVersions(this.policyData.getWebServiceSecurityPolicyNS());
}


if(this.policyData != null) {

@@ -274,7 +267,7 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE
msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());

this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());

// Update the Rampart Config if RampartConfigCallbackHandler is present in the
// RampartConfig

@@ -286,34 +279,15 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE
}

//Check for RST and RSTR for an SCT
if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
|| WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
this.policyData.getIssuerPolicy() != null) {

this.servicePolicy = this.policyData.getIssuerPolicy();

RampartConfig rampartConfig = policyData.getRampartConfig();
if(rampartConfig != null) {
/*
* Copy crypto info into the new issuer policy
*/
RampartConfig rc = new RampartConfig();
rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
rc.setUser(rampartConfig.getUser());
rc.setUserCertAlias(rc.getUserCertAlias());
rc.setEncryptionUser(rampartConfig.getEncryptionUser());
rc.setPwCbClass(rampartConfig.getPwCbClass());
rc.setSSLConfig(rampartConfig.getSSLConfig());

this.servicePolicy.addAssertion(rc);
}

List it = (List)this.servicePolicy.getAlternatives().next();

//Process policy and build policy data
this.policyData = RampartPolicyBuilder.build(it);
String wsaAction = msgContext.getWSAAction();
if(WSSHandlerConstants.RST_ACTON_SCT.equals(wsaAction)
|| WSSHandlerConstants.RSTR_ACTON_SCT.equals(wsaAction)) {
//submissive version
setTrustParameters();
}else if(WSSHandlerConstants.RST_ACTON_SCT_STANDARD.equals(wsaAction)
|| WSSHandlerConstants.RSTR_ACTON_SCT_STANDARD.equals(wsaAction)) {
//standard policy spec 1.2
setTrustParameters();
}
}

@@ -379,8 +353,6 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE
secHeader.insertSecurityHeader(this.document);
}

} catch (TrustException e) {
throw new RampartException("errorInExtractingMsgProps", e);
} catch (AxisFault e) {
throw new RampartException("errorInExtractingMsgProps", e);
} catch (WSSPolicyException e) {
@@ -391,6 +363,61 @@ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartE

}

private void setWSSecurityVersions(String namespace) throws RampartException {

if (namespace == null || namespace.equals("")) {
throw new RampartException("Security policy namespace cannot be null.");
}

if (SP11Constants.SP_NS.equals(namespace)) {
this.wstVersion = RahasConstants.VERSION_05_02;
this.secConvVersion = ConversationConstants.VERSION_05_02;
} else if (SP12Constants.SP_NS.equals(namespace)) {
this.wstVersion = RahasConstants.VERSION_05_12;
this.secConvVersion = ConversationConstants.VERSION_05_12;
} else {
throw new RampartException("Invalid namespace received, " + namespace);
}

}

private void setTrustParameters() throws RampartException {

if (this.policyData.getIssuerPolicy() == null) {
return;
}

this.servicePolicy = this.policyData.getIssuerPolicy();

RampartConfig rampartConfig = policyData.getRampartConfig();
if (rampartConfig != null) {
/*
* Copy crypto info into the new issuer policy
*/
RampartConfig rc = new RampartConfig();
rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
rc.setUser(rampartConfig.getUser());
rc.setUserCertAlias(rc.getUserCertAlias());
rc.setEncryptionUser(rampartConfig.getEncryptionUser());
rc.setPwCbClass(rampartConfig.getPwCbClass());
rc.setSSLConfig(rampartConfig.getSSLConfig());

this.servicePolicy.addAssertion(rc);
}

List it = (List) this.servicePolicy.getAlternatives().next();

//Process policy and build policy data
try {
this.policyData = RampartPolicyBuilder.build(it);
} catch (WSSPolicyException e) {
throw new RampartException("errorInExtractingMsgProps", e);
}

}

/**
* @return Returns the document.
*/
@@ -143,6 +143,8 @@ private WSSHandlerConstants() {
//TODO: Get these constants from the WS-Trust impl's constants
public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
public final static String RST_ACTON_SCT_STANDARD = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT";
public final static String RSTR_ACTON_SCT_STANDARD = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT";
public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";

public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
@@ -76,6 +76,9 @@ public static RampartPolicyData build(List topLevelAssertions)
for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
Assertion assertion = (Assertion) iter.next();
if (assertion instanceof Binding) {

setWebServiceSecurityPolicyNS(assertion, rpd);

if (assertion instanceof SymmetricBinding) {
processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
} else if(assertion instanceof AsymmetricBinding) {
@@ -102,6 +105,10 @@ public static RampartPolicyData build(List topLevelAssertions)
} else if (assertion instanceof ContentEncryptedElements) {
processContentEncryptedElements((ContentEncryptedElements) assertion, rpd);
}else if (assertion instanceof SupportingToken) {

//Set policy version. Cos a supporting token can appear along without a binding
setWebServiceSecurityPolicyNS(assertion, rpd);

processSupportingTokens((SupportingToken) assertion, rpd);
} else if (assertion instanceof Trust10) {
processTrust10((Trust10)assertion, rpd);
@@ -120,6 +127,18 @@ public static RampartPolicyData build(List topLevelAssertions)
return rpd;
}

/**
* Sets web service security policy version. The policy version is extracted from an assertion.
* But if namespace is already set this method will just return.
* @param assertion The assertion to get policy namespace.
*/
private static void setWebServiceSecurityPolicyNS(Assertion assertion, RampartPolicyData policyData) {

if (policyData.getWebServiceSecurityPolicyNS() == null) {
policyData.setWebServiceSecurityPolicyNS(assertion.getName().getNamespaceURI());
}
}



/**
@@ -157,7 +176,7 @@ private static void processRampartConfig(RampartConfig config, RampartPolicyData
/**
* Evaluate the symmetric policy binding data.
*
* @param binding
* @param symmBinding
* The binding data
* @param rpd
* The WSS4J data to initialize
@@ -202,7 +221,7 @@ private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
/**
* Populate elements to sign and/or encrypt with the message tokens.
*
* @param sep
* @param see
* The data describing the elements (XPath)
* @param rpd
* The WSS4J data to initialize
@@ -62,6 +62,9 @@ public class RampartPolicyData {

private boolean signatureConfirmation;

//Policy namespace
private String webServiceSecurityPolicyNS = null;

/*
* Message tokens for symmetrical binding
*/
@@ -163,7 +166,17 @@ public class RampartPolicyData {
private Vector supportingPolicyData = new Vector();

private Vector supportingTokens = new Vector();




public String getWebServiceSecurityPolicyNS() {
return webServiceSecurityPolicyNS;
}

public void setWebServiceSecurityPolicyNS(String webServiceSecurityPolicyNS) {
this.webServiceSecurityPolicyNS = webServiceSecurityPolicyNS;
}

public Vector getSupportingPolicyData() {
return supportingPolicyData;
}
@@ -268,6 +268,21 @@
<copy overwrite="yes" file="src/test/resources/rampart/services-sc-3.xml" tofile="target/temp-ramp/META-INF/services.xml" />
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC3.aar" basedir="target/temp-ramp" />

<!-- Service SC-4 This is with standard secure conversation specification -->
<copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
<copy overwrite="yes" file="src/test/resources/rampart/services-sc-4.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC4.aar" basedir="target/temp-ramp"/>

<!-- Service SC-5 This is with standard secure conversation specification -->
<copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
<copy overwrite="yes" file="src/test/resources/rampart/services-sc-5.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC5.aar" basedir="target/temp-ramp"/>

<!-- Service SC-6 This is with standard secure conversation specification -->
<copy overwrite="yes" file="src/test/resources/rampart/issuer.properties" tofile="target/temp-ramp/issuer.properties"/>
<copy overwrite="yes" file="src/test/resources/rampart/services-sc-6.xml" tofile="target/temp-ramp/META-INF/services.xml"/>
<jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC6.aar" basedir="target/temp-ramp"/>

<!--
Set up the infra for rahas tests and the rahas client repo
-->
@@ -57,19 +57,26 @@ protected void tearDown() throws Exception {
UtilServer.stop();
}


private ServiceClient getServiceClientInstance() throws AxisFault {

String repository = Constants.TESTING_PATH + "rampart_client_repo";

ConfigurationContext configContext = ConfigurationContextFactory.
createConfigurationContextFromFileSystem(repository, null);
ServiceClient serviceClient = new ServiceClient(configContext, null);


serviceClient.engageModule("addressing");
serviceClient.engageModule("rampart");

return serviceClient;

}

public void testWithPolicy() {
try {

String repo = Constants.TESTING_PATH + "rampart_client_repo";

ConfigurationContext configContext = ConfigurationContextFactory.
createConfigurationContextFromFileSystem(repo, null);
ServiceClient serviceClient = new ServiceClient(configContext, null);


serviceClient.engageModule("addressing");
serviceClient.engageModule("rampart");
ServiceClient serviceClient = getServiceClientInstance();

//TODO : figure this out !!
boolean basic256Supported = true;
@@ -171,16 +178,20 @@ public void testWithPolicy() {
}


for (int i = 1; i <= 3; i++) { //<-The number of tests we have
for (int i = 1; i <= 6; i++) { //<-The number of tests we have

if (i == 2 || i == 3) {
if (i == 3 || i == 6) {
continue; // Can't test Transport binding scenarios with Simple HTTP Server
}

Options options = new Options();
System.out.println("Testing WS-SecConv: custom scenario " + i);
options.setAction("urn:echo");
options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));

//Create a new service client instance for each secure conversation scenario
serviceClient = getServiceClientInstance();

serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/rampart/policy/sc-" + i + ".xml"));
serviceClient.setOptions(options);

@@ -196,6 +207,8 @@ public void testWithPolicy() {
serviceClient.sendReceive(getEchoElement());
options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
serviceClient.sendReceive(getEchoElement());
serviceClient.cleanupTransport();

}

} catch (Exception e) {

0 comments on commit 36e3503

Please sign in to comment.