Search in sources :

Example 16 with KeystorePasswordCallback

use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.

the class SecurityPolicyTest method testCXF4122.

@Test
public void testCXF4122() throws Exception {
    Bus epBus = BusFactory.newInstance().createBus();
    BusFactory.setDefaultBus(epBus);
    URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl");
    EndpointImpl ep = (EndpointImpl) Endpoint.create(new DoubleItImpl());
    ep.setEndpointName(new QName("http://www.example.org/contract/DoubleIt", "DoubleItPortCXF4122"));
    ep.setWsdlLocation(wsdl.getPath());
    ep.setAddress(POLICY_CXF4122_ADDRESS);
    ep.publish();
    EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo();
    setCryptoProperties(ei, "bob.properties", "revocation.properties");
    ei.setProperty(SecurityConstants.ENABLE_REVOCATION, Boolean.TRUE);
    SpringBusFactory bf = new SpringBusFactory();
    Bus bus = bf.createBus();
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    Service service = Service.create(wsdl, SERVICE_QNAME);
    QName portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
    DoubleItPortType pt = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(pt, PORT);
    ((BindingProvider) pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
    ((BindingProvider) pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, "revocation.properties");
    ((BindingProvider) pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "bob.properties");
    // DOM
    try {
        pt.doubleIt(5);
        fail("should fail on server side when do signature validation due the revoked certificates");
    } catch (Exception ex) {
    // expected
    }
    // TODO See WSS-464
    /*
        SecurityTestUtil.enableStreaming(pt);
        try {
            pt.doubleIt(5);
            fail("should fail on server side when do signature validation due the revoked certificates");
        } catch (Exception ex) {
            String errorMessage = ex.getMessage();
            // Different errors using different JDKs...
            System.out.println("ERR1: " + errorMessage);
        }
        */
    ((java.io.Closeable) pt).close();
    ep.stop();
    epBus.shutdown(true);
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) QName(javax.xml.namespace.QName) EndpointImpl(org.apache.cxf.jaxws.EndpointImpl) Service(javax.xml.ws.Service) URL(java.net.URL) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SOAPFaultException(javax.xml.ws.soap.SOAPFaultException) EndpointInfo(org.apache.cxf.service.model.EndpointInfo) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) DoubleItImpl(org.apache.cxf.systest.ws.common.DoubleItImpl) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) KeystorePasswordCallback(org.apache.cxf.systest.ws.common.KeystorePasswordCallback) Test(org.junit.Test)

Example 17 with KeystorePasswordCallback

use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.

the class SecurityPolicyTest method testSignedOnlyWithUnsignedMessage.

@Test
public void testSignedOnlyWithUnsignedMessage() throws Exception {
    // CXF-2244
    SpringBusFactory bf = new SpringBusFactory();
    Bus bus = bf.createBus();
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);
    URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl");
    Service service = Service.create(wsdl, SERVICE_QNAME);
    DoubleItPortType pt;
    QName portQName = new QName(NAMESPACE, "DoubleItPortSignedOnly");
    pt = service.getPort(portQName, DoubleItPortType.class);
    updateAddressPort(pt, PORT);
    ((BindingProvider) pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
    ((BindingProvider) pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, "alice.properties");
    ((BindingProvider) pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "bob.properties");
    // This should work as it should be properly signed.
    // DOM
    assertEquals(10, pt.doubleIt(5));
    // Streaming
    SecurityTestUtil.enableStreaming(pt);
    assertEquals(10, pt.doubleIt(5));
    ((java.io.Closeable) pt).close();
    // Try sending a message with the "TimestampOnly" policy into affect to the
    // service running the "signed only" policy.  This SHOULD fail as the
    // body is then not signed.
    portQName = new QName(NAMESPACE, "DoubleItPortTimestampOnly");
    pt = service.getPort(portQName, DoubleItPortType.class);
    ((BindingProvider) pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, POLICY_SIGNONLY_ADDRESS);
    // DOM
    try {
        pt.doubleIt(5);
        fail("should have had a security/policy exception as the body wasn't signed");
    } catch (Exception ex) {
        assertTrue(ex.getMessage().contains("policy alternatives"));
    }
    // Streaming
    try {
        SecurityTestUtil.enableStreaming(pt);
        pt.doubleIt(5);
        fail("should have had a security/policy exception as the body wasn't signed");
    } catch (Exception ex) {
    // expected
    }
    ((java.io.Closeable) pt).close();
    bus.shutdown(true);
}
Also used : Bus(org.apache.cxf.Bus) SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory) QName(javax.xml.namespace.QName) Service(javax.xml.ws.Service) DoubleItPortType(org.example.contract.doubleit.DoubleItPortType) URL(java.net.URL) KeystorePasswordCallback(org.apache.cxf.systest.ws.common.KeystorePasswordCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) SOAPFaultException(javax.xml.ws.soap.SOAPFaultException) Test(org.junit.Test)

Example 18 with KeystorePasswordCallback

use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.

the class SecurityPolicyTest method setCryptoProperties.

private static void setCryptoProperties(EndpointInfo ei, String sigProps, String encProps) {
    ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
    ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, sigProps);
    ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, encProps);
}
Also used : KeystorePasswordCallback(org.apache.cxf.systest.ws.common.KeystorePasswordCallback)

Example 19 with KeystorePasswordCallback

use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.

the class Server method doPublish.

private void doPublish(String url, Object obj) {
    Endpoint ep = Endpoint.create(obj);
    ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER + ".sct", new KeystorePasswordCallback());
    ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "bob.properties");
    if (url.contains("X10_I")) {
        ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "bob.properties");
        ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "alice.properties");
    } else if (url.contains("MutualCert")) {
        ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "bob.properties");
        ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "alice.properties");
        ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
    } else if (url.contains("UserNameOverTransport")) {
        ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER + ".sct", new UTPasswordCallback());
    }
    ep.publish(url);
}
Also used : Endpoint(javax.xml.ws.Endpoint) UTPasswordCallback(org.apache.cxf.systest.ws.common.UTPasswordCallback) KeystorePasswordCallback(org.apache.cxf.systest.ws.common.KeystorePasswordCallback)

Aggregations

KeystorePasswordCallback (org.apache.cxf.systest.ws.common.KeystorePasswordCallback)19 URL (java.net.URL)14 QName (javax.xml.namespace.QName)14 Service (javax.xml.ws.Service)14 Bus (org.apache.cxf.Bus)14 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)14 DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)9 Test (org.junit.Test)9 HashMap (java.util.HashMap)5 SOAPFaultException (javax.xml.ws.soap.SOAPFaultException)5 Client (org.apache.cxf.endpoint.Client)5 IOException (java.io.IOException)4 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)4 Endpoint (javax.xml.ws.Endpoint)4 WSS4JOutInterceptor (org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor)4 StringReader (java.io.StringReader)3 StreamSource (javax.xml.transform.stream.StreamSource)3 Document (org.w3c.dom.Document)3 DispatchImpl (org.apache.cxf.jaxws.DispatchImpl)2 UTPasswordCallback (org.apache.cxf.systest.ws.common.UTPasswordCallback)2