This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-385
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 9a1991b214f494d33292ae9bcbb6830b2b0a87c2
Author: Andreas Veithen <veit...@apache.org>
AuthorDate: Mon Jan 30 18:25:09 2017 +0000
RAMPART-385: Apply patch provided by Suresh Attanayake.
---
.../secpolicy11/builders/UsernameTokenBuilder.java | 16 ++++-
.../secpolicy12/builders/UsernameTokenBuilder.java | 32 ++++++++-
.../builders/UsernameTokenBuilderTest.java | 47 ++++++++++++++
.../builders/UsernameTokenBuilderTest.java | 75 ++++++++++++++++++++++
.../username-token-assertion-1.1-nopolicy.xml | 2 +
.../username-token-assertion-1.1-ut11prof.xml | 6 ++
.../username-token-assertion-1.2-hashpwd.xml | 8 +++
.../username-token-assertion-1.2-nopolicy.xml | 4 ++
.../username-token-assertion-1.2-nopwd.xml | 9 +++
9 files changed, 196 insertions(+), 3 deletions(-)
diff --git
a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
index 74a70e7..9b76ff5 100644
---
a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
+++
b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilder.java
@@ -22,6 +22,8 @@ import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Assertion;
import org.apache.neethi.AssertionBuilderFactory;
import org.apache.neethi.Constants;
@@ -34,6 +36,7 @@ import org.apache.ws.secpolicy.model.UsernameToken;
public class UsernameTokenBuilder implements AssertionBuilder<OMElement> {
+ private static Log log = LogFactory.getLog(UsernameTokenBuilder.class);
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
UsernameToken usernameToken = new UsernameToken(SPConstants.SP_V11);
@@ -53,7 +56,7 @@ public class UsernameTokenBuilder implements
AssertionBuilder<OMElement> {
OMElement policyElement = element.getFirstElement();
- if (policyElement != null &&
!policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLICY)) {
+ if (policyElement != null &&
policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLICY)) {
Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
policy = (Policy) policy.normalize(false);
@@ -76,6 +79,10 @@ public class UsernameTokenBuilder implements
AssertionBuilder<OMElement> {
}
private void processAlternative(List assertions, UsernameToken parent) {
+
+ // UT profile version
+ boolean usernameToken10Set = false;
+ boolean usernameToken11Set = false;
for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
Assertion assertion = (Assertion) iterator.next();
@@ -83,10 +90,17 @@ public class UsernameTokenBuilder implements
AssertionBuilder<OMElement> {
if (SP11Constants.WSS_USERNAME_TOKEN10.equals(qname)) {
parent.setUseUTProfile10(true);
+ usernameToken10Set = true;
} else if (SP11Constants.WSS_USERNAME_TOKEN11.equals(qname)) {
parent.setUseUTProfile11(true);
+ usernameToken11Set = true;
}
}
+
+ // doing a policy validation
+ if(usernameToken10Set && usernameToken11Set) {
+ log.warn("Invalid UsernameToken Assertion in the policy. This may
result an unexpected behaviour!");
+ }
}
}
diff --git
a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
index f3d901b..c593ecd 100755
---
a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
+++
b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilder.java
@@ -22,6 +22,8 @@ import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Assertion;
import org.apache.neethi.AssertionBuilderFactory;
import org.apache.neethi.Constants;
@@ -33,7 +35,8 @@ import org.apache.ws.secpolicy.SP12Constants;
import org.apache.ws.secpolicy.model.UsernameToken;
public class UsernameTokenBuilder implements AssertionBuilder<OMElement> {
-
+
+ private static Log log = LogFactory.getLog(UsernameTokenBuilder.class);
public Assertion build(OMElement element, AssertionBuilderFactory factory)
throws IllegalArgumentException {
UsernameToken usernameToken = new UsernameToken(SPConstants.SP_V12);
@@ -76,26 +79,51 @@ public class UsernameTokenBuilder implements
AssertionBuilder<OMElement> {
}
private void processAlternative(List assertions, UsernameToken parent) {
+
+ // UT profile version
+ boolean usernameToken10Set = false;
+ boolean usernameToken11Set = false;
+ // password options
+ boolean noPasswordSet = false;
+ boolean hasPasswordSet = false;
+ // derived keys conf
+ boolean derivedKeysSet = false;
+ boolean expDerivedKeysSet = false;
+ boolean impDerivedKeysSet = false;
for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
Assertion assertion = (Assertion) iterator.next();
QName qname = assertion.getName();
if (SP12Constants.WSS_USERNAME_TOKEN10.equals(qname)) {
- parent.setUseUTProfile10(true);
+ parent.setUseUTProfile10(true);
+ usernameToken10Set = true;
} else if (SP12Constants.WSS_USERNAME_TOKEN11.equals(qname)) {
parent.setUseUTProfile11(true);
+ usernameToken11Set = true;
} else if (SP12Constants.NO_PASSWORD.equals(qname)) {
parent.setNoPassword(true);
+ noPasswordSet = true;
} else if (SP12Constants.HASH_PASSWORD.equals(qname)) {
parent.setHashPassword(true);
+ hasPasswordSet = true;
} else if (SP12Constants.REQUIRE_DERIVED_KEYS.equals(qname)) {
parent.setDerivedKeys(true);
+ derivedKeysSet = true;
} else if
(SP12Constants.REQUIRE_EXPLICIT_DERIVED_KEYS.equals(qname)) {
parent.setExplicitDerivedKeys(true);
+ expDerivedKeysSet = true;
} else if
(SP12Constants.REQUIRE_IMPLIED_DERIVED_KEYS.equals(qname)) {
parent.setImpliedDerivedKeys(true);
+ impDerivedKeysSet = true;
}
}
+
+ // doing a policy validation
+ if(usernameToken10Set && usernameToken11Set || noPasswordSet &&
hasPasswordSet ||
+ derivedKeysSet && expDerivedKeysSet || derivedKeysSet &&
impDerivedKeysSet ||
+ impDerivedKeysSet && expDerivedKeysSet) {
+ log.warn("Invalid UsernameToken Assertion in the policy. This may
result an unexpected behaviour!");
+ }
}
}
diff --git
a/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilderTest.java
b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilderTest.java
new file mode 100644
index 0000000..caefb30
--- /dev/null
+++
b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy11/builders/UsernameTokenBuilderTest.java
@@ -0,0 +1,47 @@
+package org.apache.ws.secpolicy11.builders;
+
+import java.io.FileInputStream;
+
+import junit.framework.TestCase;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMXMLBuilderFactory;
+import org.apache.axiom.om.OMXMLParserWrapper;
+import org.apache.neethi.AssertionBuilderFactoryImpl;
+import org.apache.neethi.PolicyBuilder;
+import org.apache.ws.secpolicy.model.UsernameToken;
+
+public class UsernameTokenBuilderTest extends TestCase {
+
+ public UsernameTokenBuilderTest(String name){
+ super(name);
+ }
+
+ AssertionBuilderFactoryImpl factory = new AssertionBuilderFactoryImpl(new
PolicyBuilder());
+ UsernameTokenBuilder utBuilder = new UsernameTokenBuilder();
+ OMElement utElement = null;
+ UsernameToken ut = null;
+
+ public void testNoPolicyAlternatives() throws Exception {
+
+ String xmlPath =
"test-resources/policy/assertions/username-token-assertion-1.1-nopolicy.xml";
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new
FileInputStream(xmlPath));
+ utElement = builder.getDocumentElement();
+ ut = (UsernameToken) utBuilder.build(utElement, factory);
+
+ assertEquals(false, ut.isUseUTProfile10());
+ assertEquals(false, ut.isUseUTProfile11());
+ }
+
+ public void testUT11Profile() throws Exception {
+
+ String xmlPath =
"test-resources/policy/assertions/username-token-assertion-1.1-ut11prof.xml";
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new
FileInputStream(xmlPath));
+ utElement = builder.getDocumentElement();
+ ut = (UsernameToken) utBuilder.build(utElement, factory);
+
+ assertEquals(false, ut.isUseUTProfile10());
+ assertEquals(true, ut.isUseUTProfile11());
+ }
+
+}
diff --git
a/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilderTest.java
b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilderTest.java
new file mode 100644
index 0000000..158c113
--- /dev/null
+++
b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy12/builders/UsernameTokenBuilderTest.java
@@ -0,0 +1,75 @@
+package org.apache.ws.secpolicy12.builders;
+
+import java.io.FileInputStream;
+
+import junit.framework.TestCase;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMXMLBuilderFactory;
+import org.apache.axiom.om.OMXMLParserWrapper;
+import org.apache.neethi.AssertionBuilderFactoryImpl;
+import org.apache.neethi.PolicyBuilder;
+import org.apache.ws.secpolicy.model.UsernameToken;
+
+public class UsernameTokenBuilderTest extends TestCase {
+
+ public UsernameTokenBuilderTest(String name){
+ super(name);
+ }
+
+ AssertionBuilderFactoryImpl factory = new AssertionBuilderFactoryImpl(new
PolicyBuilder());
+ UsernameTokenBuilder utBuilder = new UsernameTokenBuilder();
+ OMElement utElement = null;
+ UsernameToken ut = null;
+
+ public void testNoPolicyAlternatives() throws Exception {
+
+ String xmlPath =
"test-resources/policy/assertions/username-token-assertion-1.2-nopolicy.xml";
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new
FileInputStream(xmlPath));
+ utElement = builder.getDocumentElement();
+ ut = (UsernameToken) utBuilder.build(utElement, factory);
+
+ assertEquals(false, ut.isNoPassword());
+ assertEquals(false, ut.isHashPassword());
+ assertEquals(false, ut.isDerivedKeys());
+ assertEquals(false, ut.isExplicitDerivedKeys());
+ assertEquals(false, ut.isImpliedDerivedKeys());
+ assertEquals(false, ut.isUseUTProfile10());
+ assertEquals(false, ut.isUseUTProfile11());
+
+ }
+
+ public void testNoPassword() throws Exception {
+
+ String xmlPath =
"test-resources/policy/assertions/username-token-assertion-1.2-nopwd.xml";
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new
FileInputStream(xmlPath));
+ utElement = builder.getDocumentElement();
+ ut = (UsernameToken) utBuilder.build(utElement, factory);
+
+ assertEquals(true, ut.isNoPassword());
+ assertEquals(false, ut.isHashPassword());
+ assertEquals(true, ut.isDerivedKeys());
+ assertEquals(false, ut.isExplicitDerivedKeys());
+ assertEquals(false, ut.isImpliedDerivedKeys());
+ assertEquals(true, ut.isUseUTProfile10());
+ assertEquals(false, ut.isUseUTProfile11());
+ }
+
+ public void testHashPassword() throws Exception {
+
+ String xmlPath =
"test-resources/policy/assertions/username-token-assertion-1.2-hashpwd.xml";
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new
FileInputStream(xmlPath));
+ utElement = builder.getDocumentElement();
+ ut = (UsernameToken) utBuilder.build(utElement, factory);
+
+ assertEquals(false, ut.isNoPassword());
+ assertEquals(true, ut.isHashPassword());
+ assertEquals(false, ut.isDerivedKeys());
+ assertEquals(false, ut.isExplicitDerivedKeys());
+ assertEquals(false, ut.isImpliedDerivedKeys());
+ assertEquals(false, ut.isUseUTProfile10());
+ assertEquals(true, ut.isUseUTProfile11());
+
+ }
+
+}
diff --git
a/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.1-nopolicy.xml
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.1-nopolicy.xml
new file mode 100644
index 0000000..c0200ca
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.1-nopolicy.xml
@@ -0,0 +1,2 @@
+<sp:UsernameToken
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";
/>
\ No newline at end of file
diff --git
a/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.1-ut11prof.xml
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.1-ut11prof.xml
new file mode 100644
index 0000000..de3355b
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.1-ut11prof.xml
@@ -0,0 +1,6 @@
+<sp:UsernameToken
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <sp:WssUsernameToken11/>
+ </wsp:Policy>
+</sp:UsernameToken>
\ No newline at end of file
diff --git
a/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-hashpwd.xml
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-hashpwd.xml
new file mode 100644
index 0000000..c378341
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-hashpwd.xml
@@ -0,0 +1,8 @@
+<sp:UsernameToken
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <sp:HashPassword />
+ <sp:WssUsernameToken11 />
+ </wsp:Policy>
+</sp:UsernameToken>
\ No newline at end of file
diff --git
a/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-nopolicy.xml
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-nopolicy.xml
new file mode 100644
index 0000000..3b52493
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-nopolicy.xml
@@ -0,0 +1,4 @@
+<sp:UsernameToken
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+</sp:UsernameToken>
\ No newline at end of file
diff --git
a/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-nopwd.xml
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-nopwd.xml
new file mode 100644
index 0000000..2cc178b
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/assertions/username-token-assertion-1.2-nopwd.xml
@@ -0,0 +1,9 @@
+<sp:UsernameToken
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <sp:NoPassword />
+ <sp:RequireDerivedKeys />
+ <sp:WssUsernameToken10 />
+ </wsp:Policy>
+</sp:UsernameToken>
\ No newline at end of file
