From 5d72c8df422e453c414a8c8c839c46ae05c43e4d Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Mon, 9 May 2022 10:15:22 +0100
Subject: [PATCH] Adding a test for the NPE fix in AbstractSTSClient

---
 .../sts/claims/ClaimsCallbackHandler.java     | 30 +++++++-
 .../cxf/systest/sts/claims/ClaimsTest.java    | 26 +++++++
 .../sts/claims/cxf-client-cbhandler2.xml      | 69 +++++++++++++++++++
 3 files changed, 123 insertions(+), 2 deletions(-)
 create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml

diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
index 457e2802e32..358405e05b4 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsCallbackHandler.java
@@ -29,6 +29,8 @@
 import org.w3c.dom.Element;
 
 import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.rt.security.claims.Claim;
+import org.apache.cxf.rt.security.claims.ClaimCollection;
 import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
 
 /**
@@ -37,13 +39,18 @@
  */
 public class ClaimsCallbackHandler implements CallbackHandler {
 
+    private boolean createClaimCollection;
+
     public void handle(Callback[] callbacks)
         throws IOException, UnsupportedCallbackException {
         for (int i = 0; i < callbacks.length; i++) {
             if (callbacks[i] instanceof ClaimsCallback) {
                 ClaimsCallback callback = (ClaimsCallback) callbacks[i];
-                callback.setClaims(createClaims());
-
+                if (isCreateClaimCollection()) {
+                    callback.setClaims(createClaimCollection());
+                } else {
+                    callback.setClaims(createClaims());
+                }
             } else {
                 throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
             }
@@ -65,4 +72,23 @@ private Element createClaims() {
         return claimsElement;
     }
 
+    /**
+     * Create a Claims Element for a "role"
+     */
+    private ClaimCollection createClaimCollection() {
+        ClaimCollection claimCollection = new ClaimCollection();
+        Claim claim = new Claim();
+        claim.setClaimType("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+        claimCollection.add(claim);
+
+        return claimCollection;
+    }
+
+    public boolean isCreateClaimCollection() {
+        return createClaimCollection;
+    }
+
+    public void setCreateClaimCollection(boolean createClaimCollection) {
+        this.createClaimCollection = createClaimCollection;
+    }
 }
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
index 3d3a55fb15e..d877cd65ba1 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/claims/ClaimsTest.java
@@ -288,6 +288,32 @@ public void testSaml2ClaimsCallbackHandler() throws Exception {
         ((java.io.Closeable)transportClaimsPort).close();
     }
 
+    // In this test, the WSDL the client is using has no Claims Element (however the service
+    // is using a WSDL that requires Claims). A CallbackHandler is used to send the Claims
+    // Element to the STS.
+    @org.junit.Test
+    public void testSaml2ClaimsCallbackHandler2() throws Exception {
+        createBus(getClass().getResource("cxf-client-cbhandler2.xml").toString());
+
+        URL wsdl = ClaimsTest.class.getResource("DoubleItNoClaims.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2ClaimsPort");
+        DoubleItPortType transportClaimsPort =
+                service.getPort(portQName, DoubleItPortType.class);
+
+        updateAddressPort(transportClaimsPort, test.getPort());
+
+        SecurityTestUtil.updateSTSPort((BindingProvider)transportClaimsPort, test.getStsPort());
+
+        if (test.isStreaming()) {
+            SecurityTestUtil.enableStreaming(transportClaimsPort);
+        }
+
+        doubleIt(transportClaimsPort, 25);
+
+        ((java.io.Closeable)transportClaimsPort).close();
+    }
+
     @org.junit.Test
     public void testSaml2ChildClaims() throws Exception {
         createBus(getClass().getResource("cxf-client.xml").toString());
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
new file mode 100644
index 00000000000..f55f083de36
--- /dev/null
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/claims/cxf-client-cbhandler2.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:jaxws="http://cxf.apache.org/jaxws"
+    xmlns:cxf="http://cxf.apache.org/core"
+    xmlns:http="http://cxf.apache.org/transports/http/configuration"
+    xmlns:sec="http://cxf.apache.org/configuration/security"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd">
+    <bean class="org.springframework.context.support.PropertySourcesPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <bean id="roleClaimsCallbackHandler" class="org.apache.cxf.systest.sts.claims.ClaimsCallbackHandler">
+        <property name="createClaimCollection" value="true"/>
+    </bean>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportSAML2ClaimsPort" createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+            <entry key="security.sts.client">
+                <bean class="org.apache.cxf.ws.security.trust.STSClient">
+                    <constructor-arg ref="cxf"/>
+                    <property name="wsdlLocation" value="https://localhost:${testutil.ports.STSServer}/SecurityTokenService/Transport?wsdl"/>
+                    <property name="serviceName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"/>
+                    <property name="endpointName" value="{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"/>
+                    <property name="claimsCallbackHandler" ref="roleClaimsCallbackHandler"/>
+                    <property name="properties">
+                        <map>
+                            <entry key="security.username" value="alice"/>
+                            <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
+                            <entry key="security.sts.token.username" value="myclientkey"/>
+                            <entry key="security.sts.token.properties" value="clientKeystore.properties"/>
+                            <entry key="security.sts.token.usecert" value="true"/>
+                        </map>
+                    </property>
+                </bean>
+            </entry>
+        </jaxws:properties>
+    </jaxws:client>
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+            </sec:trustManagers>
+            <sec:keyManagers keyPassword="ckpass">
+                <sec:keyStore type="jks" password="cspass" resource="keys/clientstore.jks"/>
+            </sec:keyManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>
\ No newline at end of file