svn commit: r1074447 - in /axis/axis2/java/rampart/trunk/modules: rampart-integration/src/test/java/org/apache/rahas/ rampart-trust/src/main/java/org/apache/rahas/impl/

[thilinamb]

Author: thilinamb
Date: Fri Feb 25 09:14:38 2011
New Revision: 1074447

URL: http://svn.apache.org/viewvc?rev=1074447&view=rev
Log:
- Fixing some issues related to Bearer subject confirmation method in SAML 1.1. 
- Adding support for bearer subject confirmation in SAML 2.0.
- Adding a new integration test to cover bearer subject confirmation with SAML 
2.0
- Improving the existing SAML 1.0 bearer subject confirmation test.

Added:

axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
Modified:

axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java

axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java

axis/axis2/java/rampart/trunk/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java

Added: 
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java?rev=1074447&view=auto
==
--- 
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
 (added)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
 Fri Feb 25 09:14:38 2011
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.ByteArrayInputStream;
+import java.util.List;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.ferna...@gmail.com)
+ */
+public class RahasSAML2TokenUTForBearerTest extends TestClient {
+
+public RahasSAML2TokenUTForBearerTest(String name) {
+super(name);
+}
+
+public OMElement getRequest() {
+try {
+OMElement rstElem = 
TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, 
rstElem, RahasConstants.REQ_TYPE_ISSUE);
+OMElement tokenTypeElem = 
TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
+TrustUtil.createAppliesToElement(rstElem, 
"http://localhost:/axis2/services/SecureService";, this.getWSANamespace());
+TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+rstElem, RahasConstants.KEY_TYPE_BEARER);
+TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, 
rstElem, 256);
+
+return rstElem;
+
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+public OutflowConfiguration getClientOutflowConfiguration() {
+OutflowConfiguration ofc = new OutflowConfiguration();
+
+ofc.setActionItems("UsernameToken Timestamp");
+ofc.setUser("joe");
+ofc.setPasswordCallbackClass(PWCallback.class.getName());
+return ofc;
+}
+
+public InflowConfiguration getClientInflowConfiguration() {
+InflowConfiguration ifc = new InflowConfiguration();
+
+ifc.setActionItems("Timestamp");
+
+return ifc;
+}
+
+public String getServiceRepo() {
+return "rahas_service_repo_3";
+}
+
+public String getRequestAction() throws Trus

svn commit: r1074452 - in /axis/axis2/java/rampart/branches/1_6/modules: rampart-integration/src/test/java/org/apache/rahas/ rampart-trust/src/main/java/org/apache/rahas/impl/

[thilinamb]

Author: thilinamb
Date: Fri Feb 25 09:23:19 2011
New Revision: 1074452

URL: http://svn.apache.org/viewvc?rev=1074452&view=rev
Log:
- Fixing some issues related to Bearer subject confirmation method in SAML 1.1.
- Adding support for bearer subject confirmation in SAML 2.0.
- Adding a new integration test to cover bearer subject confirmation with SAML 
2.0
- Improving the existing SAML 1.0 bearer subject confirmation test.


Added:

axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
Modified:

axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java

axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAML2TokenIssuer.java

axis/axis2/java/rampart/branches/1_6/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java

Added: 
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java?rev=1074452&view=auto
==
--- 
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
 (added)
+++ 
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenUTForBearerTest.java
 Fri Feb 25 09:23:19 2011
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.ByteArrayInputStream;
+import java.util.List;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.ferna...@gmail.com)
+ */
+public class RahasSAML2TokenUTForBearerTest extends TestClient {
+
+public RahasSAML2TokenUTForBearerTest(String name) {
+super(name);
+}
+
+public OMElement getRequest() {
+try {
+OMElement rstElem = 
TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, 
rstElem, RahasConstants.REQ_TYPE_ISSUE);
+OMElement tokenTypeElem = 
TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
+TrustUtil.createAppliesToElement(rstElem, 
"http://localhost:/axis2/services/SecureService";, this.getWSANamespace());
+TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+rstElem, RahasConstants.KEY_TYPE_BEARER);
+TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, 
rstElem, 256);
+
+return rstElem;
+
+} catch (Exception e) {
+throw new RuntimeException(e);
+}
+}
+
+public OutflowConfiguration getClientOutflowConfiguration() {
+OutflowConfiguration ofc = new OutflowConfiguration();
+
+ofc.setActionItems("UsernameToken Timestamp");
+ofc.setUser("joe");
+ofc.setPasswordCallbackClass(PWCallback.class.getName());
+return ofc;
+}
+
+public InflowConfiguration getClientInflowConfiguration() {
+InflowConfiguration ifc = new InflowConfiguration();
+
+ifc.setActionItems("Timestamp");
+
+return ifc;
+}
+
+public String getServiceRepo() {
+return "rahas_service_repo_3";
+ 

svn commit: r1074534 - in /axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart: PolicyBasedResultsValidator.java RampartMessageData.java

[thilinamb]

Author: thilinamb
Date: Fri Feb 25 14:26:19 2011
New Revision: 1074534

URL: http://svn.apache.org/viewvc?rev=1074534&view=rev
Log:
Adding alias of the certificate used for the signature[in asymmetric binding 
scenarios] as a msg.ctx property. This also a fix for RAMPART-201

Modified:

axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java

axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1074534&r1=1074533&r2=1074534&view=diff
==
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 Fri Feb 25 14:26:19 2011
@@ -729,11 +729,13 @@ public class PolicyBasedResultsValidator
 }
 
 // If certificates have been found, the certificates must be 
compared
-// to ensure againgst phony DNs (compare encoded form including 
signature)
+// to ensure against phony DNs (compare encoded form including 
signature)
 if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
 if (doDebug) {
 log.debug("Direct trust for certificate with " + 
subjectString);
 }
+// Set the alias of the cert used for the msg. sig. as a msg. 
cxt. property
+
rmd.getMsgContext().setProperty(RampartMessageData.SIGNATURE_CERT_ALIAS, alias);
 return true;
 }
 } else {

Modified: 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=1074534&r1=1074533&r2=1074534&view=diff
==
--- 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 (original)
+++ 
axis/axis2/java/rampart/trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 Fri Feb 25 14:26:19 2011
@@ -19,22 +19,19 @@ package org.apache.rampart;
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axis2.AxisFault;
-import org.apache.axis2.util.PolicyUtil;
-import org.apache.axis2.engine.AxisConfiguration;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.context.OperationContext;
 import org.apache.axis2.description.AxisService;
 import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.util.PolicyUtil;
 import org.apache.axis2.wsdl.WSDLConstants;
-import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
-import org.apache.neethi.PolicyEngine;
 import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyEngine;
 import org.apache.rahas.RahasConstants;
 import org.apache.rahas.SimpleTokenStore;
 import org.apache.rahas.TokenStorage;
-import org.apache.rahas.TrustException;
-import org.apache.rahas.TrustUtil;
 import org.apache.rampart.handler.WSSHandlerConstants;
 import org.apache.rampart.policy.RampartPolicyBuilder;
 import org.apache.rampart.policy.RampartPolicyData;
@@ -59,7 +56,9 @@ import org.apache.ws.security.util.WSSec
 import org.opensaml.SAMLAssertion;
 import org.w3c.dom.Document;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Vector;
 
 public class RampartMessageData {
 
@@ -88,7 +87,12 @@ public class RampartMessageData {
  * Key to hold username which was used to authenticate
  */
 public final static String USERNAME = "username";
-
+
+/**
+ *
+ */
+public final static String SIGNATURE_CERT_ALIAS = "signatureCertAlias";
+
 /**
  * Key to hold the WS-Trust version
  */

svn commit: r1074538 - in /axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart: PolicyBasedResultsValidator.java RampartMessageData.java

[thilinamb]

Author: thilinamb
Date: Fri Feb 25 14:35:45 2011
New Revision: 1074538

URL: http://svn.apache.org/viewvc?rev=1074538&view=rev
Log:
Adding alias of the certificate used for the signature[in asymmetric binding 
scenarios] as a msg.ctx property. This also a fix for RAMPART-201

Modified:

axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java

axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java

Modified: 
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java?rev=1074538&r1=1074537&r2=1074538&view=diff
==
--- 
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 (original)
+++ 
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
 Fri Feb 25 14:35:45 2011
@@ -729,11 +729,13 @@ public class PolicyBasedResultsValidator
 }
 
 // If certificates have been found, the certificates must be 
compared
-// to ensure againgst phony DNs (compare encoded form including 
signature)
+// to ensure against phony DNs (compare encoded form including 
signature)
 if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
 if (doDebug) {
 log.debug("Direct trust for certificate with " + 
subjectString);
 }
+// Set the alias of the cert used for the msg. sig. as a msg. 
cxt. property
+
rmd.getMsgContext().setProperty(RampartMessageData.SIGNATURE_CERT_ALIAS, alias);
 return true;
 }
 } else {

Modified: 
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java?rev=1074538&r1=1074537&r2=1074538&view=diff
==
--- 
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 (original)
+++ 
axis/axis2/java/rampart/branches/1_6/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
 Fri Feb 25 14:35:45 2011
@@ -19,22 +19,19 @@ package org.apache.rampart;
 import org.apache.axiom.om.OMElement;
 import org.apache.axiom.soap.SOAPEnvelope;
 import org.apache.axis2.AxisFault;
-import org.apache.axis2.util.PolicyUtil;
-import org.apache.axis2.engine.AxisConfiguration;
 import org.apache.axis2.context.MessageContext;
 import org.apache.axis2.context.OperationContext;
 import org.apache.axis2.description.AxisService;
 import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.util.PolicyUtil;
 import org.apache.axis2.wsdl.WSDLConstants;
-import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
-import org.apache.neethi.PolicyEngine;
 import org.apache.neethi.PolicyComponent;
+import org.apache.neethi.PolicyEngine;
 import org.apache.rahas.RahasConstants;
 import org.apache.rahas.SimpleTokenStore;
 import org.apache.rahas.TokenStorage;
-import org.apache.rahas.TrustException;
-import org.apache.rahas.TrustUtil;
 import org.apache.rampart.handler.WSSHandlerConstants;
 import org.apache.rampart.policy.RampartPolicyBuilder;
 import org.apache.rampart.policy.RampartPolicyData;
@@ -59,7 +56,9 @@ import org.apache.ws.security.util.WSSec
 import org.opensaml.SAMLAssertion;
 import org.w3c.dom.Document;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Vector;
 
 public class RampartMessageData {
 
@@ -88,7 +87,12 @@ public class RampartMessageData {
  * Key to hold username which was used to authenticate
  */
 public final static String USERNAME = "username";
-
+
+/**
+ *
+ */
+public final static String SIGNATURE_CERT_ALIAS = "signatureCertAlias";
+
 /**
  * Key to hold the WS-Trust version
  */