use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.
the class SecurityPolicyTest method testCXF4122.
@Test
public void testCXF4122() throws Exception {
Bus epBus = BusFactory.newInstance().createBus();
BusFactory.setDefaultBus(epBus);
URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl");
EndpointImpl ep = (EndpointImpl) Endpoint.create(new DoubleItImpl());
ep.setEndpointName(new QName("http://www.example.org/contract/DoubleIt", "DoubleItPortCXF4122"));
ep.setWsdlLocation(wsdl.getPath());
ep.setAddress(POLICY_CXF4122_ADDRESS);
ep.publish();
EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo();
setCryptoProperties(ei, "bob.properties", "revocation.properties");
ei.setProperty(SecurityConstants.ENABLE_REVOCATION, Boolean.TRUE);
SpringBusFactory bf = new SpringBusFactory();
Bus bus = bf.createBus();
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
DoubleItPortType pt = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(pt, PORT);
((BindingProvider) pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
((BindingProvider) pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, "revocation.properties");
((BindingProvider) pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "bob.properties");
// DOM
try {
pt.doubleIt(5);
fail("should fail on server side when do signature validation due the revoked certificates");
} catch (Exception ex) {
// expected
}
// TODO See WSS-464
/*
SecurityTestUtil.enableStreaming(pt);
try {
pt.doubleIt(5);
fail("should fail on server side when do signature validation due the revoked certificates");
} catch (Exception ex) {
String errorMessage = ex.getMessage();
// Different errors using different JDKs...
System.out.println("ERR1: " + errorMessage);
}
*/
((java.io.Closeable) pt).close();
ep.stop();
epBus.shutdown(true);
bus.shutdown(true);
}
use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.
the class SecurityPolicyTest method testSignedOnlyWithUnsignedMessage.
@Test
public void testSignedOnlyWithUnsignedMessage() throws Exception {
// CXF-2244
SpringBusFactory bf = new SpringBusFactory();
Bus bus = bf.createBus();
BusFactory.setDefaultBus(bus);
BusFactory.setThreadDefaultBus(bus);
URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
DoubleItPortType pt;
QName portQName = new QName(NAMESPACE, "DoubleItPortSignedOnly");
pt = service.getPort(portQName, DoubleItPortType.class);
updateAddressPort(pt, PORT);
((BindingProvider) pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
((BindingProvider) pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES, "alice.properties");
((BindingProvider) pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, "bob.properties");
// This should work as it should be properly signed.
// DOM
assertEquals(10, pt.doubleIt(5));
// Streaming
SecurityTestUtil.enableStreaming(pt);
assertEquals(10, pt.doubleIt(5));
((java.io.Closeable) pt).close();
// Try sending a message with the "TimestampOnly" policy into affect to the
// service running the "signed only" policy. This SHOULD fail as the
// body is then not signed.
portQName = new QName(NAMESPACE, "DoubleItPortTimestampOnly");
pt = service.getPort(portQName, DoubleItPortType.class);
((BindingProvider) pt).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, POLICY_SIGNONLY_ADDRESS);
// DOM
try {
pt.doubleIt(5);
fail("should have had a security/policy exception as the body wasn't signed");
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("policy alternatives"));
}
// Streaming
try {
SecurityTestUtil.enableStreaming(pt);
pt.doubleIt(5);
fail("should have had a security/policy exception as the body wasn't signed");
} catch (Exception ex) {
// expected
}
((java.io.Closeable) pt).close();
bus.shutdown(true);
}
use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.
the class SecurityPolicyTest method setCryptoProperties.
private static void setCryptoProperties(EndpointInfo ei, String sigProps, String encProps) {
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, sigProps);
ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, encProps);
}
use of org.apache.cxf.systest.ws.common.KeystorePasswordCallback in project cxf by apache.
the class Server method doPublish.
private void doPublish(String url, Object obj) {
Endpoint ep = Endpoint.create(obj);
ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER + ".sct", new KeystorePasswordCallback());
ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "bob.properties");
if (url.contains("X10_I")) {
ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "bob.properties");
ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "alice.properties");
} else if (url.contains("MutualCert")) {
ep.getProperties().put(SecurityConstants.ENCRYPT_PROPERTIES + ".sct", "bob.properties");
ep.getProperties().put(SecurityConstants.SIGNATURE_PROPERTIES + ".sct", "alice.properties");
ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
} else if (url.contains("UserNameOverTransport")) {
ep.getProperties().put(SecurityConstants.CALLBACK_HANDLER + ".sct", new UTPasswordCallback());
}
ep.publish(url);
}
Aggregations