You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/07 12:05:48 UTC
[2/3] cxf git commit: [CXF-6333] - Support Inclusive C14N via
security policy
[CXF-6333] - Support Inclusive C14N via security policy
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7738d59a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7738d59a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7738d59a
Branch: refs/heads/3.0.x-fixes
Commit: 7738d59aff4841dcfd09d51010633610fdec39cc
Parents: 55600a7
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 7 10:08:59 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 7 10:15:09 2015 +0100
----------------------------------------------------------------------
.../security/policy/WSSecurityPolicyLoader.java | 3 +
.../wss4j/AlgorithmSuiteTranslater.java | 1 +
.../policyhandlers/AbstractBindingBuilder.java | 3 +-
.../AbstractStaxBindingHandler.java | 2 +
.../AsymmetricBindingHandler.java | 4 +-
.../StaxTransportBindingHandler.java | 6 ++
.../policyhandlers/SymmetricBindingHandler.java | 2 +
.../AlgorithmSuitePolicyValidator.java | 9 +++
.../systest/ws/algsuite/AlgorithmSuiteTest.java | 52 +++++++++++++++
.../systest/ws/algsuite/DoubleItAlgSuite.wsdl | 6 ++
.../apache/cxf/systest/ws/algsuite/client.xml | 67 ++++++++++++++++++++
.../apache/cxf/systest/ws/algsuite/server.xml | 65 +++++++++++++++++++
.../cxf/systest/ws/algsuite/stax-server.xml | 67 ++++++++++++++++++++
13 files changed, 284 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
index 4d67ee4..8b05935 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
@@ -265,6 +265,9 @@ public final class WSSecurityPolicyLoader implements PolicyInterceptorProviderLo
SP13Constants.SCOPE_POLICY_15,
SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE,
+ // AlgorithmSuite misc
+ new QName(SP11Constants.SP_NS, SPConstants.INCLUSIVE_C14N),
+ new QName(SP12Constants.SP_NS, SPConstants.INCLUSIVE_C14N),
});
final Map<QName, Assertion> assertions = new HashMap<QName, Assertion>();
for (QName q : others) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
index aef7915..372dd89 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
@@ -136,6 +136,7 @@ public final class AlgorithmSuiteTranslater {
algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
algorithmSuite.addTransformAlgorithm(SPConstants.STRT10);
+ algorithmSuite.addTransformAlgorithm(WSConstants.C14N_EXCL_OMIT_COMMENTS);
algorithmSuite.addTransformAlgorithm(WSConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE);
algorithmSuite.addTransformAlgorithm(WSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS);
algorithmSuite.addTransformAlgorithm(WSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS);
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index bb8f9bf..fec27e8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1923,6 +1923,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
//Set the algo info
dkSign.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
if (tok.getSHA1() != null) {
@@ -2010,8 +2011,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
sig.prepare(doc, getSignatureCrypto(null), secHeader);
sig.setParts(sigParts);
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 5f80221..05c4c97 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -545,6 +545,8 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
properties.setSignatureAlgorithm(
binding.getAlgorithmSuite().getAsymmetricSignature());
}
+ properties.setSignatureCanonicalizationAlgorithm(
+ binding.getAlgorithmSuite().getC14n().getValue());
String sigUser = (String)message.getContextualProperty(userNameKey);
if (sigUser == null) {
sigUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 8329647..9acaee6 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -622,8 +622,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
// Set the algo info
- dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite()
- .getSymmetricSignature());
+ dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setSigCanonicalization(abinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = abinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index f932698..46fa53e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -326,6 +326,8 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
properties.setIncludeSignatureToken(true);
properties.setSignatureAlgorithm(
tbinding.getAlgorithmSuite().getSymmetricSignature());
+ properties.setSignatureCanonicalizationAlgorithm(
+ tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
} else if (token instanceof X509Token || token instanceof KeyValueToken) {
@@ -337,6 +339,8 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
WSSSecurityProperties properties = getProperties();
properties.setSignatureAlgorithm(
tbinding.getAlgorithmSuite().getAsymmetricSignature());
+ properties.setSignatureCanonicalizationAlgorithm(
+ tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
} else if (token instanceof UsernameToken) {
@@ -351,6 +355,8 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
properties.setSignatureAlgorithm(
tbinding.getAlgorithmSuite().getSymmetricSignature());
+ properties.setSignatureCanonicalizationAlgorithm(
+ tbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = tbinding.getAlgorithmSuite().getAlgorithmSuiteType();
properties.setSignatureDigestAlgorithm(algType.getDigest());
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index ff072c0..a46fb30 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -674,6 +674,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
//Set the algo info
dkSign.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
if (tok.getSHA1() != null) {
@@ -830,6 +831,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sig.setCustomTokenId(sigTokId);
sig.setSecretKey(tok.getSecret());
sig.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
+ sig.setSigCanonicalization(sbinding.getAlgorithmSuite().getC14n().getValue());
Crypto crypto = null;
if (sbinding.getProtectionToken() != null) {
crypto = getEncryptionCrypto(sbinding.getProtectionToken());
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
index 533489d..7bdeb0f 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
@@ -34,7 +34,11 @@ import org.w3c.dom.Element;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.ws.policy.AssertionInfo;
+<<<<<<< HEAD
import org.apache.cxf.ws.policy.AssertionInfoMap;
+=======
+import org.apache.cxf.ws.security.policy.PolicyUtils;
+>>>>>>> dbc4a26... [CXF-6333] - Support Inclusive C14N via security policy
import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDataRef;
@@ -85,6 +89,10 @@ public class AlgorithmSuitePolicyValidator extends AbstractTokenPolicyValidator
algSuiteAi.setAsserted(true);
}
}
+
+ PolicyUtils.assertPolicy(parameters.getAssertionInfoMap(),
+ new QName(algorithmSuite.getName().getNamespaceURI(),
+ algorithmSuite.getC14n().name()));
} else if (!valid && ai.isAsserted()) {
ai.setNotAsserted("Error in validating AlgorithmSuite policy");
}
@@ -173,6 +181,7 @@ public class AlgorithmSuitePolicyValidator extends AbstractTokenPolicyValidator
}
for (String transformAlgorithm : transformAlgorithms) {
if (!(algorithmPolicy.getC14n().getValue().equals(transformAlgorithm)
+ || WSConstants.C14N_EXCL_OMIT_COMMENTS.equals(transformAlgorithm)
|| STRTransform.TRANSFORM_URI.equals(transformAlgorithm)
|| WSConstants.SWA_ATTACHMENT_CONTENT_SIG_TRANS.equals(transformAlgorithm)
|| WSConstants.SWA_ATTACHMENT_COMPLETE_SIG_TRANS.equals(transformAlgorithm))) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
index 2796af4..1580c22 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
@@ -258,4 +258,56 @@ public class AlgorithmSuiteTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testInclusiveC14NPolicy() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = AlgorithmSuiteTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = AlgorithmSuiteTest.class.getResource("DoubleItAlgSuite.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetric128InclusivePort");
+
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should succeed as the client + server policies match
+ // DOM
+ port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+
+ portQName = new QName(NAMESPACE, "DoubleItSymmetric128InclusivePort2");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses Exclusive C14N for the signature c14n method
+ // + the server uses Inclusive C14n
+ try {
+ // DOM
+ port.doubleIt(25);
+ fail("Failure expected on Exclusive C14n");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ try {
+ // Streaming
+ SecurityTestUtil.enableStreaming(port);
+ port.doubleIt(25);
+ fail("Failure expected on Exclusive C14n");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ bus.shutdown(true);
+ }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl
index 297586b..b5f3bee 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl
@@ -44,6 +44,12 @@
<wsdl:port name="DoubleItSymmetric128Port3" binding="tns:DoubleItInlinePolicyBinding">
<soap:address location="http://localhost:9010/DoubleItSymmetric128no3"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSymmetric128InclusivePort" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSymmetric128Inclusive"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItSymmetric128InclusivePort2" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSymmetric128Inclusive2"/>
+ </wsdl:port>
<wsdl:port name="DoubleItSymmetricCombinedPort" binding="tns:DoubleItInlinePolicyBinding">
<soap:address location="http://localhost:9010/DoubleItSymmetricCombined"/>
</wsdl:port>
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client.xml
index 02960d2..a5f4036 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client.xml
@@ -63,6 +63,34 @@
</p:policies>
</jaxws:features>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric128InclusivePort" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#DoubleItSymmetric128InclusivePolicy"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric128InclusivePort2" createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.encryption.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#DoubleItSymmetric128Policy"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetricCombinedPort" createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.username" value="Alice"/>
@@ -269,4 +297,43 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="DoubleItSymmetric128InclusivePolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ <sp:InclusiveC14N/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server.xml
index 064eed0..a8f7e27 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server.xml
@@ -61,6 +61,32 @@
</p:policies>
</jaxws:features>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric128InclusiveEndpoint" address="http://localhost:${testutil.ports.Server}/DoubleItSymmetric128Inclusive" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128InclusivePort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#DoubleItSymmetric128InclusivePolicy"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric128InclusiveEndpoint2" address="http://localhost:${testutil.ports.Server}/DoubleItSymmetric128Inclusive2" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128InclusivePort2" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#DoubleItSymmetric128InclusivePolicy"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SymmetricEndpointCombined" address="http://localhost:${testutil.ports.Server}/DoubleItSymmetricCombined" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetricCombinedPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
@@ -184,6 +210,45 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="DoubleItSymmetric128InclusivePolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ <sp:InclusiveC14N/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="Combined">
<wsp:ExactlyOne>
<wsp:All>
http://git-wip-us.apache.org/repos/asf/cxf/blob/7738d59a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server.xml
index 1536714..271d1fc 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server.xml
@@ -64,6 +64,34 @@
</p:policies>
</jaxws:features>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric128InclusiveEndpoint" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128Inclusive" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128InclusivePort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#DoubleItSymmetric128InclusivePolicy"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric128InclusiveEndpoint2" address="http://localhost:${testutil.ports.StaxServer}/DoubleItSymmetric128Inclusive2" serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128InclusivePort2" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.UTPasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#DoubleItSymmetric128InclusivePolicy"/>
+ </p:policies>
+ </jaxws:features>
+ </jaxws:endpoint>
<wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="DoubleItSymmetric128Policy">
<wsp:ExactlyOne>
<wsp:All>
@@ -102,4 +130,43 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" wsu:Id="DoubleItSymmetric128InclusivePolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ <sp:InclusiveC14N/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
</beans>