You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2010/02/12 20:20:20 UTC
svn commit: r909567 [1/2] - in /cxf/branches/2.2.x-fixes: ./
common/common/src/main/java/org/apache/cxf/helpers/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers...
Author: dkulp
Date: Fri Feb 12 19:20:10 2010
New Revision: 909567
URL: http://svn.apache.org/viewvc?rev=909567&view=rev
Log:
Merged revisions 909486,909506,909557 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r909486 | dkulp | 2010-02-12 11:23:21 -0500 (Fri, 12 Feb 2010) | 2 lines
[CXF-2654] Fix bunch of issues with signed and encrypted elements
Patch from David Valeri applied
........
r909506 | dkulp | 2010-02-12 12:29:34 -0500 (Fri, 12 Feb 2010) | 1 line
Remove @Override that are confusing java5
........
r909557 | dkulp | 2010-02-12 13:57:53 -0500 (Fri, 12 Feb 2010) | 2 lines
Test failed in hudson, I think due to not having the strong encryption
stuff.
........
Added:
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed_missing_signed_header.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed_missing_signed_header.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body_signed.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body_signed.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref_token_prot.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref_token_prot.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted_missing_enc_header.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted_missing_enc_header.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_token_prot.xml
- copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_token_prot.xml
Modified:
cxf/branches/2.2.x-fixes/ (props changed)
cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_missing_signed_body.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_missing_signed_header.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_body.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_namespace_only.xml
cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/wsse-request-clean.xml
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Feb 12 19:20:10 2010
@@ -1 +1 @@
-/cxf/trunk:908451,909102,909396,909411
+/cxf/trunk:908451,909102,909396,909411,909486,909506-909557
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java (original)
+++ cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java Fri Feb 12 19:20:10 2010
@@ -337,6 +337,27 @@
}
return r;
}
+
+ /**
+ * Returns all child elements with specified namespace.
+ *
+ * @param parent the element to search under
+ * @param ns the namespace to find elements in
+ * @return all child elements with specified namespace
+ */
+ public static List<Element> getChildrenWithNamespace(Element parent, String ns) {
+ List<Element> r = new ArrayList<Element>();
+ for (Node n = parent.getFirstChild(); n != null; n = n.getNextSibling()) {
+ if (n instanceof Element) {
+ Element e = (Element)n;
+ String eNs = (e.getNamespaceURI() == null) ? "" : e.getNamespaceURI();
+ if (ns.equals(eNs)) {
+ r.add(e);
+ }
+ }
+ }
+ return r;
+ }
/**
* Get the first child of the specified type.
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Fri Feb 12 19:20:10 2010
@@ -20,9 +20,10 @@
package org.apache.cxf.ws.security.wss4j;
-import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
@@ -36,7 +37,6 @@
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.apache.cxf.helpers.DOMUtils;
@@ -59,6 +59,54 @@
}
/**
+ * Inspects the signed and encrypted content in the message and accurately
+ * resolves encrypted and then signed elements in {@code signedRefs}.
+ * Entries in {@code signedRefs} that correspond to an encrypted element
+ * are resolved to the decrypted element and added to {@code signedRefs}.
+ * The original reference to the encrypted content remains unaltered in the
+ * list to allow for matching against a requirement that xenc:EncryptedData
+ * elements be signed.
+ *
+ * @param signedRefs references to the signed content in the message
+ * @param encryptedRefs refernces to the encrypted content in the message
+ */
+ public static void reconcileEncryptedSignedRefs(final Collection<WSDataRef> signedRefs,
+ final Collection<WSDataRef> encryptedRefs) {
+
+ final List<WSDataRef> encryptedSignedRefs = new LinkedList<WSDataRef>();
+
+ for (WSDataRef encryptedRef : encryptedRefs) {
+ final String encryptedRefId = encryptedRef.getWsuId();
+ final Iterator<WSDataRef> signedRefsIt = signedRefs.iterator();
+ while (signedRefsIt.hasNext()) {
+ final WSDataRef signedRef = signedRefsIt.next();
+
+ if (signedRef.getWsuId().equals(encryptedRefId)
+ || signedRef.getWsuId().equals("#" + encryptedRefId)) {
+
+ final WSDataRef encryptedSignedRef =
+ new WSDataRef(signedRef.getDataref());
+
+ encryptedSignedRef.setContent(false);
+ encryptedSignedRef.setName(encryptedRef.getName());
+ encryptedSignedRef.setProtectedElement(encryptedRef
+ .getProtectedElement());
+ // This value is the ID of the encrypted element, not
+ // the value of the ID in the decrypted content
+ // (WSS4J 1.5.8). Therefore, passing it along does
+ // not provide much value.
+ //encryptedSignedRef.setWsuId(encryptedRef.getWsuId());
+ encryptedSignedRef.setXpath(encryptedRef.getXpath());
+
+ encryptedSignedRefs.add(encryptedSignedRef);
+ }
+ }
+ }
+
+ signedRefs.addAll(encryptedSignedRefs);
+ }
+
+ /**
* Checks that the references provided refer to the
* signed/encrypted SOAP body element.
*
@@ -141,20 +189,7 @@
}
if (name == null) {
- // TODO add to DOMUtils as findChildElementsByNamespace
- final String ns = namespace;
- List<Element> r = new ArrayList<Element>();
- for (Node n = parent.getFirstChild(); n != null; n = n.getNextSibling()) {
- if (n instanceof Element) {
- Element e = (Element)n;
- String eNs = (e.getNamespaceURI() == null) ? "" : e.getNamespaceURI();
- if (ns.equals(eNs)) {
- r.add(e);
- }
- }
- }
-
- elements = r;
+ elements = DOMUtils.getChildrenWithNamespace(parent, namespace);
} else {
elements = DOMUtils.getChildrenWithName(
parent, namespace, name);
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Feb 12 19:20:10 2010
@@ -523,6 +523,9 @@
//anything else to process? Maybe check tokens for BKT requirements?
}
}
+
+ CryptoCoverageUtil.reconcileEncryptedSignedRefs(signed, encrypted);
+
assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc, CoverageType.SIGNED);
assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc, CoverageType.ENCRYPTED);
assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg, doc,
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Feb 12 19:20:10 2010
@@ -29,6 +29,7 @@
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
@@ -634,6 +635,14 @@
return cb[0].getPassword();
}
+ /**
+ * Generates a wsu:Id attribute for the provided {@code Element} and returns the attribute value
+ * or finds and returns the value of the attribute if it already exists.
+ *
+ * @param element the {@code Element} to check/create the attribute on
+ *
+ * @return the generated or discovered wsu:Id attribute value
+ */
public String addWsuIdToElement(Element elem) {
String id;
@@ -710,12 +719,15 @@
for (Header head : parts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(head.getName(),
head.getNamespace(),
- "Content");
+ "Element");
signedParts.add(wep);
}
}
-
+ // REVISIT consider catching exceptions and unassert failed assertions or
+ // to process and assert them one at a time. Additionally, a found list
+ // should be applied to all operations that involve adding anything to
+ // the encrypted vector to prevent duplication / errors in encryption.
return getPartsAndElements(false,
isBody,
signedParts,
@@ -754,12 +766,15 @@
for (Header head : parts.getHeaders()) {
WSEncryptionPart wep = new WSEncryptionPart(head.getName(),
head.getNamespace(),
- "Content");
+ "Element");
signedParts.add(wep);
}
}
-
+ // REVISIT consider catching exceptions and unassert failed assertions or
+ // to process and assert them one at a time. Additionally, a found list
+ // should be applied to all operations that involve adding anything to
+ // the signed vector to prevent duplication in the signature.
return getPartsAndElements(true,
isSignBody,
signedParts,
@@ -767,6 +782,38 @@
elements == null ? null : elements.getDeclaredNamespaces(),
null, null);
}
+
+ /**
+ * Identifies the portions of the message to be signed/encrypted.
+ *
+ * @param sign
+ * whether the matches are to be signed or encrypted
+ * @param includeBody
+ * if the body should be included in the signature/encryption
+ * @param parts
+ * any {@code WSEncryptionPart}s to match for signature or
+ * encryption as specified by WS-SP signed parts or encrypted
+ * parts. Parts without a name match all elements with the
+ * provided namespace.
+ * @param xpaths
+ * any XPath expressions to sign/encrypt matches
+ * @param namespaces
+ * namespace prefix to namespace mappings for XPath expressions
+ * in {@code xpaths}
+ * @param contentXpaths
+ * any XPath expressions to content encrypt
+ * @param cnamespaces
+ * namespace prefix to namespace mappings for XPath expressions
+ * in {@code contentXpaths}
+ * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * processing by WSS4J
+ * @throws SOAPException
+ * if there is an error extracting SOAP content from the SAAJ
+ * model
+ *
+ * @deprecated Use {@link #getSignedParts()} and {@link #getEncryptedParts()}
+ * instead.
+ */
public Vector<WSEncryptionPart> getPartsAndElements(boolean sign,
boolean includeBody,
List<WSEncryptionPart> parts,
@@ -777,68 +824,141 @@
throws SOAPException {
Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+
List<Element> found = new ArrayList<Element>();
- if (includeBody) {
+
+ // Handle sign/enc parts
+ result.addAll(this.getParts(sign, includeBody, parts, found));
+
+
+ // Handle sign/enc elements
+ try {
+ result.addAll(this.getElements("Element", xpaths, namespaces, found));
+ } catch (XPathExpressionException e) {
+ // REVISIT
+ }
+
+ // Handle content encrypted elements
+ try {
+ result.addAll(this.getElements("Content", contentXpaths, cnamespaces, found));
+ } catch (XPathExpressionException e) {
+ // REVISIT
+ }
+
+ return result;
+ }
+
+ /**
+ * Identifies the portions of the message to be signed/encrypted.
+ *
+ * @param sign
+ * whether the matches are to be signed or encrypted
+ * @param includeBody
+ * if the body should be included in the signature/encryption
+ * @param parts
+ * any {@code WSEncryptionPart}s to match for signature or
+ * encryption as specified by WS-SP signed parts or encrypted
+ * parts. Parts without a name match all elements with the
+ * provided namespace.
+ * @param found
+ * a list of elements that have previously been tagged for
+ * signing/encryption. Populated with additional matches found by
+ * this method and used to prevent including the same element
+ * twice under the same operation.
+ * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * processing by WSS4J
+ * @throws SOAPException
+ * if there is an error extracting SOAP content from the SAAJ
+ * model
+ */
+ private Vector<WSEncryptionPart> getParts(boolean sign,
+ boolean includeBody, List<WSEncryptionPart> parts,
+ List<Element> found) throws SOAPException {
+
+ Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+
+
+ if (includeBody && !found.contains(this.saaj.getSOAPBody())) {
+ found.add(saaj.getSOAPBody());
+ final String id = this.addWsuIdToElement(this.saaj.getSOAPBody());
if (sign) {
- result.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody()),
- null, WSConstants.PART_TYPE_BODY));
+ result.add(new WSEncryptionPart(
+ id,
+ "Element",
+ WSConstants.PART_TYPE_BODY));
} else {
- result.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody()),
- "Content", WSConstants.PART_TYPE_BODY));
+ result.add(new WSEncryptionPart(
+ id,
+ "Content",
+ WSConstants.PART_TYPE_BODY));
}
- found.add(saaj.getSOAPBody());
}
- SOAPHeader header = saaj.getSOAPHeader();
+
+ final SOAPHeader header = saaj.getSOAPHeader();
+
+ // Handle sign/enc parts
for (WSEncryptionPart part : parts) {
+ final List<Element> elements;
+
if (StringUtils.isEmpty(part.getName())) {
- //an entire namespace
- Element el = DOMUtils.getFirstElement(header);
- while (el != null) {
- if (part.getNamespace().equals(el.getNamespaceURI())
- && !found.contains(el)) {
- found.add(el);
-
- if (sign) {
- result.add(new WSEncryptionPart(el.getLocalName(),
- part.getNamespace(),
- "Content",
- WSConstants.PART_TYPE_HEADER));
- } else {
- WSEncryptionPart encryptedHeader
- = new WSEncryptionPart(el.getLocalName(),
- part.getNamespace(),
- "Element",
- WSConstants.PART_TYPE_HEADER);
- String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- if (!StringUtils.isEmpty(wsuId)) {
- encryptedHeader.setEncId(wsuId);
- }
- result.add(encryptedHeader);
- }
- }
- }
- el = DOMUtils.getNextElement(el);
+ // An entire namespace
+ elements =
+ DOMUtils.getChildrenWithNamespace(header, part.getNamespace());
} else {
- Element el = DOMUtils.getFirstElement(header);
- while (el != null) {
- if (part.getName().equals(el.getLocalName())
- && part.getNamespace().equals(el.getNamespaceURI())
- && !found.contains(el)) {
- found.add(el);
- part.setType(WSConstants.PART_TYPE_HEADER);
- String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- if (!StringUtils.isEmpty(wsuId)) {
- part.setEncId(wsuId);
- }
-
- result.add(part);
- }
- el = DOMUtils.getNextElement(el);
+ // All elements with a given name and namespace
+ elements =
+ DOMUtils.getChildrenWithName(header, part.getNamespace(), part.getName());
+ }
+
+ for (Element el : elements) {
+ if (!found.contains(el)) {
+ found.add(el);
+ // Generate an ID for the element and use this ID or else
+ // WSS4J will only ever sign/encrypt the first matching
+ // elemenet with the same name and namespace as that in the
+ // WSEncryptionPart
+ final String id = this.addWsuIdToElement(el);
+ result.add(new WSEncryptionPart(
+ id,
+ part.getEncModifier(),
+ WSConstants.PART_TYPE_HEADER));
}
}
}
+
+ return result;
+ }
+
+ /**
+ * Identifies the portions of the message to be signed/encrypted.
+ *
+ * @param encryptionModifier
+ * indicates the scope of the crypto operation over matched
+ * elements. Either "Content" or "Element".
+ * @param xpaths
+ * any XPath expressions to sign/encrypt matches
+ * @param namespaces
+ * namespace prefix to namespace mappings for XPath expressions
+ * in {@code xpaths}
+ * @param found
+ * a list of elements that have previously been tagged for
+ * signing/encryption. Populated with additional matches found by
+ * this method and used to prevent including the same element
+ * twice under the same operation.
+ * @return a configured vector of {@code WSEncryptionPart}s suitable for
+ * processing by WSS4J
+ * @throws XPathExpressionException
+ * if a provided XPath is invalid
+ * @throws SOAPException
+ * if there is an error extracting SOAP content from the SAAJ
+ * model
+ */
+ private Vector<WSEncryptionPart> getElements(String encryptionModifier,
+ List<String> xpaths, Map<String, String> namespaces,
+ List<Element> found) throws XPathExpressionException, SOAPException {
+
+ Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+
if (xpaths != null && !xpaths.isEmpty()) {
XPathFactory factory = XPathFactory.newInstance();
for (String expression : xpaths) {
@@ -846,72 +966,43 @@
if (namespaces != null) {
xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
}
- try {
- NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
- XPathConstants.NODESET);
- for (int x = 0; x < list.getLength(); x++) {
- Element el = (Element)list.item(x);
- if (sign) {
- WSEncryptionPart part = new WSEncryptionPart(el.getLocalName(),
- el.getNamespaceURI(),
- "Content",
- WSConstants.PART_TYPE_ELEMENT);
- part.setXpath(expression);
- result.add(part);
- } else {
- WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
- el.getNamespaceURI(),
- "Element",
- WSConstants
- .PART_TYPE_ELEMENT);
- encryptedElem.setXpath(expression);
- String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- if (!StringUtils.isEmpty(wsuId)) {
- encryptedElem.setEncId(wsuId);
- }
- result.add(encryptedElem);
- }
- }
- } catch (XPathExpressionException e) {
- //REVISIT!!!!
- }
- }
- }
- if (contentXpaths != null && !contentXpaths.isEmpty()) {
- XPathFactory factory = XPathFactory.newInstance();
- for (String expression : contentXpaths) {
- XPath xpath = factory.newXPath();
- if (cnamespaces != null) {
- xpath.setNamespaceContext(new MapNamespaceContext(cnamespaces));
- }
- try {
- NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
- XPathConstants.NODESET);
- for (int x = 0; x < list.getLength(); x++) {
- Element el = (Element)list.item(x);
- WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
- el.getNamespaceURI(),
- "Content",
- WSConstants
- .PART_TYPE_ELEMENT);
- encryptedElem.setXpath(expression);
+
+ NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
+ XPathConstants.NODESET);
+ for (int x = 0; x < list.getLength(); x++) {
+ Element el = (Element)list.item(x);
+
+ if (!found.contains(el)) {
+ // Generate an ID for the element and use this ID or else
+ // WSS4J will only ever sign/encrypt the first matching
+ // element with the same name and namespace as that in the
+ // WSEncryptionPart
+ final String id = this.addWsuIdToElement(el);
+
+
+ WSEncryptionPart part = new WSEncryptionPart(
+ id,
+ encryptionModifier,
+ WSConstants.PART_TYPE_ELEMENT);
+ part.setXpath(expression);
+
+ /**
String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
if (!StringUtils.isEmpty(wsuId)) {
encryptedElem.setEncId(wsuId);
}
- result.add(encryptedElem);
+ **/
+
+ result.add(part);
}
- } catch (XPathExpressionException e) {
- //REVISIT!!!!
}
}
}
+
return result;
}
-
protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper,
Token token) throws WSSecurityException {
WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
@@ -1555,43 +1646,47 @@
}
}
-
+ /**
+ * Processes the parts to be signed and reconfigures those parts that have
+ * already been encrypted.
+ *
+ * @param encryptedParts
+ * the parts that have been encrypted
+ * @param signedParts
+ * the parts that are to be signed
+ *
+ * @throws IllegalArgumentException
+ * if an element in {@code signedParts} contains a {@code
+ * WSEncryptionPart} with a {@code null} {@code id} value
+ */
public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> encryptedParts,
Vector<WSEncryptionPart> signedParts) {
-
- for (WSEncryptionPart signedPart : signedParts) {
- if (signedPart.getNamespace() == null || signedPart.getName() == null) {
- continue;
- }
-
- for (WSEncryptionPart encryptedPart : encryptedParts) {
- if (encryptedPart.getNamespace() == null
- || encryptedPart.getName() == null) {
- continue;
- }
-
- if (signedPart.getName().equals(encryptedPart.getName())
- && signedPart.getNamespace().equals(encryptedPart.getNamespace())) {
-
- String encDataID = encryptedPart.getEncId();
- Element encDataElem = WSSecurityUtil
- .findElementById(saaj.getSOAPPart().getDocumentElement(),
- encDataID, null);
-
- if (encDataElem != null) {
- Element encHeader = (Element)encDataElem.getParentNode();
- String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
-
- if (!StringUtils.isEmpty(encHeaderId)) {
- signedParts.remove(signedPart);
- WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
- signedParts.add(encHeaderToSign);
- }
- }
+
+ final Vector<WSEncryptionPart> signedEncryptedParts = new Vector<WSEncryptionPart>();
+
+ for (WSEncryptionPart encryptedPart : encryptedParts) {
+ final Iterator<WSEncryptionPart> signedPartsIt = signedParts.iterator();
+ while (signedPartsIt.hasNext()) {
+ WSEncryptionPart signedPart = signedPartsIt.next();
+ if (signedPart.getId() == null) {
+ throw new IllegalArgumentException(
+ "WSEncryptionPart must be ID based but no id was found.");
+ } else if (encryptedPart.getEncModifier().equals("Element")
+ && signedPart.getId().equals(encryptedPart.getId())) {
+ // We are to sign something that has already been encrypted.
+ // We need to preserve the original aspects of signedPart but
+ // change the ID to the encrypted ID.
+
+ signedPartsIt.remove();
+ signedEncryptedParts.add(
+ new WSEncryptionPart(
+ encryptedPart.getEncId(),
+ encryptedPart.getEncModifier(),
+ encryptedPart.getType()));
}
}
}
+
+ signedParts.addAll(signedEncryptedParts);
}
-
-
}
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Fri Feb 12 19:20:10 2010
@@ -20,11 +20,16 @@
package org.apache.cxf.ws.security.wss4j;
-import java.security.cert.X509Certificate;
+import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
+import java.util.Vector;
+import java.util.concurrent.Executor;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.SOAPException;
@@ -33,282 +38,662 @@
import javax.xml.transform.dom.DOMSource;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
+import org.apache.cxf.binding.Binding;
import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.feature.AbstractFeature;
+import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.model.BindingInfo;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.MessageObserver;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal;
import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.util.WSSecurityUtil;
import org.junit.Test;
public class PolicyBasedWss4JInOutTest extends AbstractSecurityTest {
private PolicyBuilder policyBuilder;
-
- protected Bus createBus() throws BusException {
- Bus b = super.createBus();
- this.policyBuilder =
- b.getExtension(PolicyBuilder.class);
- return b;
+
+ public static boolean checkUnrestrictedPoliciesInstalled() {
+ try {
+ byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+ SecretKey key192 = new SecretKeySpec(
+ new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+ "AES");
+ Cipher c = Cipher.getInstance("AES");
+ c.init(Cipher.ENCRYPT_MODE, key192);
+ c.doFinal(data);
+ return true;
+ } catch (Exception e) {
+ //ignore
+ }
+ return false;
}
+
@Test
+ @org.junit.Ignore("missing file")
public void testSignedElementsPolicyWithIncompleteCoverage() throws Exception {
- this.runAndValidatePolicyNotAsserted(
- "signed_missing_signed_header.xml",
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_header.xml",
"signed_elements_policy.xml",
+ null,
SP12Constants.SIGNED_ELEMENTS,
CoverageType.SIGNED);
}
@Test
public void testSignedElementsPolicyWithCompleteCoverage() throws Exception {
- this.runAndValidatePolicyAsserted(
- "signed.xml",
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
"signed_elements_policy.xml",
SP12Constants.SIGNED_ELEMENTS,
+ null,
CoverageType.SIGNED);
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "signed_elements_policy.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.SIGNED_ELEMENTS),
+ null,
+ Arrays.asList(CoverageType.SIGNED));
}
@Test
+ @org.junit.Ignore("missing file")
public void testSignedPartsPolicyWithIncompleteCoverage() throws Exception {
- this.runAndValidatePolicyNotAsserted(
- "signed_missing_signed_body.xml",
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_body.xml",
"signed_parts_policy_body.xml",
+ null,
SP12Constants.SIGNED_PARTS,
CoverageType.SIGNED);
- this.runAndValidatePolicyNotAsserted(
- "signed_missing_signed_header.xml",
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_header.xml",
"signed_parts_policy_header_namespace_only.xml",
+ null,
SP12Constants.SIGNED_PARTS,
CoverageType.SIGNED);
- this.runAndValidatePolicyNotAsserted(
- "signed_missing_signed_header.xml",
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial_missing_signed_header.xml",
"signed_parts_policy_header.xml",
+ null,
SP12Constants.SIGNED_PARTS,
CoverageType.SIGNED);
}
@Test
public void testSignedPartsPolicyWithCompleteCoverage() throws Exception {
- this.runAndValidatePolicyAsserted(
- "signed.xml",
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
"signed_parts_policy_body.xml",
SP12Constants.SIGNED_PARTS,
+ null,
CoverageType.SIGNED);
- this.runAndValidatePolicyAsserted(
- "signed.xml",
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "signed_parts_policy_body.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.SIGNED));
+
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
"signed_parts_policy_header_namespace_only.xml",
SP12Constants.SIGNED_PARTS,
+ null,
CoverageType.SIGNED);
- this.runAndValidatePolicyAsserted(
- "signed.xml",
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "signed_parts_policy_header_namespace_only.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.SIGNED));
+
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
"signed_parts_policy_header.xml",
SP12Constants.SIGNED_PARTS,
+ null,
CoverageType.SIGNED);
- this.runAndValidatePolicyAsserted(
- "signed.xml",
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "signed_parts_policy_header.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.SIGNED));
+
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial.xml",
"signed_parts_policy_header_and_body.xml",
SP12Constants.SIGNED_PARTS,
+ null,
CoverageType.SIGNED);
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "signed_parts_policy_header_and_body.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.SIGNED));
}
@Test
public void testEncryptedElementsPolicyWithIncompleteCoverage() throws Exception {
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_missing_enc_header.xml",
"encrypted_elements_policy.xml",
+ null,
SP12Constants.ENCRYPTED_ELEMENTS,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_elements_policy2.xml",
+ null,
SP12Constants.ENCRYPTED_ELEMENTS,
CoverageType.ENCRYPTED);
}
@Test
public void testEncryptedElementsPolicyWithCompleteCoverage() throws Exception {
- this.runAndValidatePolicyAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_elements_policy.xml",
SP12Constants.ENCRYPTED_ELEMENTS,
+ null,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyAsserted(
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_elements_policy.xml",
+ null,
+ null,
+ Arrays.asList(new QName[] {SP12Constants.ENCRYPTED_ELEMENTS}),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
+
+ this.runInInterceptorAndValidate(
"encrypted_body_element.xml",
"encrypted_elements_policy2.xml",
SP12Constants.ENCRYPTED_ELEMENTS,
+ null,
CoverageType.ENCRYPTED);
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_elements_policy2.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
}
@Test
public void testContentEncryptedElementsPolicyWithIncompleteCoverage() throws Exception {
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_body_element.xml",
"content_encrypted_elements_policy.xml",
+ null,
SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
CoverageType.ENCRYPTED);
}
@Test
public void testContentEncryptedElementsPolicyWithCompleteCoverage() throws Exception {
- this.runAndValidatePolicyAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"content_encrypted_elements_policy.xml",
SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
+ null,
CoverageType.ENCRYPTED);
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "content_encrypted_elements_policy.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
}
@Test
public void testEncryptedPartsPolicyWithIncompleteCoverage() throws Exception {
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_missing_enc_body.xml",
"encrypted_parts_policy_body.xml",
+ null,
SP12Constants.ENCRYPTED_PARTS,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_body_element.xml",
"encrypted_parts_policy_body.xml",
+ null,
SP12Constants.ENCRYPTED_PARTS,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_missing_enc_header.xml",
"encrypted_parts_policy_header_namespace_only.xml",
+ null,
SP12Constants.ENCRYPTED_PARTS,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyNotAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_missing_enc_header.xml",
"encrypted_parts_policy_header.xml",
+ null,
SP12Constants.ENCRYPTED_PARTS,
CoverageType.ENCRYPTED);
}
@Test
public void testEncryptedPartsPolicyWithCompleteCoverage() throws Exception {
- this.runAndValidatePolicyAsserted(
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_parts_policy_body.xml",
SP12Constants.ENCRYPTED_PARTS,
+ null,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyAsserted(
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_parts_policy_body.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
+
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_parts_policy_header_namespace_only.xml",
SP12Constants.ENCRYPTED_PARTS,
+ null,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyAsserted(
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_parts_policy_header_namespace_only.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
+
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_parts_policy_header.xml",
SP12Constants.ENCRYPTED_PARTS,
+ null,
CoverageType.ENCRYPTED);
- this.runAndValidatePolicyAsserted(
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_parts_policy_header.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
+
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_parts_policy_header_and_body.xml",
SP12Constants.ENCRYPTED_PARTS,
+ null,
CoverageType.ENCRYPTED);
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_parts_policy_header_and_body.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED));
}
- private void runAndValidatePolicyAsserted(String document,
- String policyDocument, QName assertionType,
+ @Test
+ public void testSignedEncryptedPartsWithIncompleteCoverage() throws Exception {
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial_encrypted_missing_enc_header.xml",
+ "signed_parts_policy_header_and_body_encrypted.xml",
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+ Arrays.asList(CoverageType.ENCRYPTED,
+ CoverageType.SIGNED));
+ }
+
+ @Test
+ public void testSignedEncryptedPartsWithCompleteCoverage() throws Exception {
+ if (!checkUnrestrictedPoliciesInstalled()) {
+ return;
+ }
+ this.runInInterceptorAndValidate(
+ "signed_x509_issuer_serial_encrypted.xml",
+ "signed_parts_policy_header_and_body_encrypted.xml",
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS,
+ SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED,
+ CoverageType.SIGNED));
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "signed_parts_policy_header_and_body_encrypted.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS,
+ SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED,
+ CoverageType.SIGNED));
+ }
+
+ @Test
+ public void testEncryptedSignedPartsWithIncompleteCoverage() throws Exception {
+ this.runInInterceptorAndValidate(
+ "encrypted_body_content_signed_missing_signed_header.xml",
+ "encrypted_parts_policy_header_and_body_signed.xml",
+ null,
+ Arrays.asList(SP12Constants.SIGNED_PARTS),
+ Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED));
+ }
+
+ @Test
+ public void testEncryptedSignedPartsWithCompleteCoverage() throws Exception {
+ this.runInInterceptorAndValidate(
+ "encrypted_body_content_signed.xml",
+ "encrypted_parts_policy_header_and_body_signed.xml",
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS,
+ SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED));
+
+ this.runAndValidate(
+ "wsse-request-clean.xml",
+ "encrypted_parts_policy_header_and_body_signed.xml",
+ null,
+ null,
+ Arrays.asList(SP12Constants.ENCRYPTED_PARTS,
+ SP12Constants.SIGNED_PARTS),
+ null,
+ Arrays.asList(CoverageType.ENCRYPTED,
+ CoverageType.SIGNED));
+ }
+
+ protected Bus createBus() throws BusException {
+ Bus b = super.createBus();
+ this.policyBuilder =
+ b.getExtension(PolicyBuilder.class);
+ return b;
+ }
+
+ private void runAndValidate(String document, String policyDocument,
+ List<QName> assertedOutAssertions, List<QName> notAssertedOutAssertions,
+ List<QName> assertedInAssertions, List<QName> notAssertedInAssertions,
+ List<CoverageType> types) throws Exception {
+
+ final Element policyElement =
+ this.readDocument(policyDocument).getDocumentElement();
+
+ final Policy outPolicy = this.policyBuilder.getPolicy(policyElement);
+ final Policy inPolicy = this.policyBuilder.getPolicy(policyElement);
+
+ final Document originalDoc = this.readDocument(document);
+
+ final Document inDoc = this.runOutInterceptorAndValidate(
+ originalDoc, outPolicy, assertedOutAssertions,
+ notAssertedOutAssertions);
+
+ // Can't use this method if you want output that is not mangled.
+ // Such is the case when you want to capture output to use
+ // as input to another test case.
+ //DOMUtils.writeXml(inDoc, System.out);
+
+ // Use this snippet if you need intermediate output for debugging.
+ /*
+ TransformerFactory tf = TransformerFactory.newInstance();
+ Transformer t = tf.newTransformer();
+ t.setOutputProperty(OutputKeys.INDENT, "no");
+ t.transform(new DOMSource(inDoc), new StreamResult(System.out));
+ */
+
+ this.runInInterceptorAndValidate(inDoc,
+ inPolicy, assertedInAssertions,
+ assertedOutAssertions, types);
+ }
+
+ private void runInInterceptorAndValidate(String document,
+ String policyDocument, QName assertedInAssertion,
+ QName notAssertedInAssertion,
CoverageType type) throws Exception {
- Policy policy = this.policyBuilder.getPolicy(
- this.readDocument(policyDocument).getDocumentElement());
- AssertionInfoMap aim = new AssertionInfoMap(policy);
+ this.runInInterceptorAndValidate(
+ document, policyDocument,
+ assertedInAssertion == null ? null
+ : Arrays.asList(assertedInAssertion),
+ notAssertedInAssertion == null ? null
+ : Arrays.asList(notAssertedInAssertion),
+ Arrays.asList(type));
+ }
+
+ private void runInInterceptorAndValidate(String document,
+ String policyDocument, List<QName> assertedInAssertions,
+ List<QName> notAssertedInAssertions,
+ List<CoverageType> types) throws Exception {
+
+ final Policy policy = this.policyBuilder.getPolicy(
+ this.readDocument(policyDocument).getDocumentElement());
- this.runAndValidateWss(document, aim, type);
+ final Document doc = this.readDocument(document);
- try {
- aim.checkEffectivePolicy(policy);
-
- } catch (PolicyException e) {
- fail(assertionType + " policy erroneously failed.");
- }
+ this.runInInterceptorAndValidate(
+ doc, policy,
+ assertedInAssertions,
+ notAssertedInAssertions,
+ types);
}
- private void runAndValidatePolicyNotAsserted(String document,
- String policyDocument, QName assertionType,
- CoverageType type) throws Exception {
- Policy policy = this.policyBuilder.getPolicy(
- this.readDocument(policyDocument).getDocumentElement());
+ private void runInInterceptorAndValidate(Document document,
+ Policy policy, List<QName> assertedInAssertions,
+ List<QName> notAssertedInAssertions,
+ List<CoverageType> types) throws Exception {
- AssertionInfoMap aim = new AssertionInfoMap(policy);
+ final AssertionInfoMap aim = new AssertionInfoMap(policy);
- this.runAndValidateWss(document, aim, type);
+ this.runInInterceptorAndValidateWss(document, aim, types);
try {
aim.checkEffectivePolicy(policy);
- fail(assertionType + " policy erroneously asserted.");
} catch (PolicyException e) {
- Collection<AssertionInfo> ais = aim.get(assertionType);
- for (AssertionInfo ai : ais) {
- assertFalse(ai.getAssertion().isAsserted(aim));
+ // Expected but not relevant
+ } finally {
+ if (assertedInAssertions != null) {
+ for (QName assertionType : assertedInAssertions) {
+ Collection<AssertionInfo> ais = aim.get(assertionType);
+ assertNotNull(ais);
+ for (AssertionInfo ai : ais) {
+ assertTrue(assertionType + " policy erroneously failed.",
+ ai.getAssertion().isAsserted(aim));
+ }
+ }
+ }
+
+ if (notAssertedInAssertions != null) {
+ for (QName assertionType : notAssertedInAssertions) {
+ Collection<AssertionInfo> ais = aim.get(assertionType);
+ assertNotNull(ais);
+ for (AssertionInfo ai : ais) {
+ assertFalse(assertionType + " policy erroneously asserted.",
+ ai.getAssertion().isAsserted(aim));
+ }
+ }
}
}
}
- private void runAndValidateWss(String document, AssertionInfoMap aim, CoverageType type)
- throws Exception {
- Document doc = readDocument(document);
+ private void runInInterceptorAndValidateWss(Document document, AssertionInfoMap aim,
+ List<CoverageType> types) throws Exception {
PolicyBasedWSS4JInInterceptor inHandler =
- CoverageType.SIGNED.equals(type)
- ? this.getInInterceptorForSignature()
- : this.getInInterceptorForEncryption();
-
- SoapMessage inmsg = this.getSoapMessageForDom(doc, aim);
+ this.getInInterceptor(types);
+
+ SoapMessage inmsg = this.getSoapMessageForDom(document, aim);
inHandler.handleMessage(inmsg);
- if (CoverageType.SIGNED.equals(type)) {
- this.verifyWss4jSigResults(inmsg);
- } else {
- this.verifyWss4jEncResults(inmsg);
+ for (CoverageType type : types) {
+ switch(type) {
+ case SIGNED:
+ this.verifyWss4jSigResults(inmsg);
+ break;
+ case ENCRYPTED:
+ this.verifyWss4jEncResults(inmsg);
+ break;
+ default:
+ fail("Unsupported coverage type.");
+ }
}
}
- private PolicyBasedWSS4JInInterceptor getInInterceptorForSignature() {
- PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
- inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
- inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE,
- "META-INF/cxf/insecurity.properties");
+ private Document runOutInterceptorAndValidate(Document document, Policy policy,
+ List<QName> assertedOutAssertions,
+ List<QName> notAssertedOutAssertions) throws Exception {
- return inHandler;
+ AssertionInfoMap aim = new AssertionInfoMap(policy);
+
+ final SoapMessage msg =
+ this.getOutSoapMessageForDom(document, aim);
+
+ this.getOutInterceptor().handleMessage(msg);
+
+ try {
+ aim.checkEffectivePolicy(policy);
+ } catch (PolicyException e) {
+ // Expected but not relevant
+ } finally {
+ if (assertedOutAssertions != null) {
+ for (QName assertionType : assertedOutAssertions) {
+ Collection<AssertionInfo> ais = aim.get(assertionType);
+ assertNotNull(ais);
+ for (AssertionInfo ai : ais) {
+ assertTrue(assertionType + " policy erroneously failed.",
+ ai.getAssertion().isAsserted(aim));
+ }
+ }
+ }
+
+ if (notAssertedOutAssertions != null) {
+ for (QName assertionType : notAssertedOutAssertions) {
+ Collection<AssertionInfo> ais = aim.get(assertionType);
+ assertNotNull(ais);
+ for (AssertionInfo ai : ais) {
+ assertFalse(assertionType + " policy erroneously asserted.",
+ ai.getAssertion().isAsserted(aim));
+ }
+ }
+ }
+ }
+
+ return msg.getContent(SOAPMessage.class).getSOAPPart();
+ }
+
+ private PolicyBasedWSS4JOutInterceptorInternal getOutInterceptor() {
+ return (new PolicyBasedWSS4JOutInterceptor()).createEndingInterceptor();
}
- private PolicyBasedWSS4JInInterceptor getInInterceptorForEncryption() {
+ private PolicyBasedWSS4JInInterceptor getInInterceptor(List<CoverageType> types) {
PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
- inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
+ String action = "";
+
+ for (CoverageType type : types) {
+ switch(type) {
+ case SIGNED:
+ action += " " + WSHandlerConstants.SIGNATURE;
+ break;
+ case ENCRYPTED:
+ action += " " + WSHandlerConstants.ENCRYPT;
+ break;
+ default:
+ fail("Unsupported coverage type.");
+ }
+ }
+ inHandler.setProperty(WSHandlerConstants.ACTION, action);
+ inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE,
+ "META-INF/cxf/insecurity.properties");
inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
"META-INF/cxf/insecurity.properties");
inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,
- "org.apache.cxf.ws.security.wss4j.TestPwdCallback");
+ TestPwdCallback.class.getName());
return inHandler;
}
+ /**
+ * Gets a SoapMessage, but with the needed SecurityConstants in the context propreties
+ * so that it can be passed to PolicyBasedWSS4JOutInterceptor.
+ *
+ * @see #getSoapMessageForDom(Document, AssertionInfoMap)
+ */
+ private SoapMessage getOutSoapMessageForDom(Document doc, AssertionInfoMap aim)
+ throws SOAPException {
+ SoapMessage msg = this.getSoapMessageForDom(doc, aim);
+ msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "META-INF/cxf/outsecurity.properties");
+ msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "META-INF/cxf/outsecurity.properties");
+ msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName());
+ msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias");
+ msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias");
+
+ msg.getExchange().put(Endpoint.class, new MockEndpoint());
+ msg.getExchange().put(Bus.class, this.bus);
+ msg.put(Message.REQUESTOR_ROLE, true);
+
+ return msg;
+ }
+
private SoapMessage getSoapMessageForDom(Document doc, AssertionInfoMap aim)
throws SOAPException {
SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
@@ -316,23 +701,21 @@
part.setContent(new DOMSource(doc));
saajMsg.saveChanges();
- SoapMessage inmsg = new SoapMessage(new MessageImpl());
+ SoapMessage msg = new SoapMessage(new MessageImpl());
Exchange ex = new ExchangeImpl();
- ex.setInMessage(inmsg);
- inmsg.setContent(SOAPMessage.class, saajMsg);
+ ex.setInMessage(msg);
+ msg.setContent(SOAPMessage.class, saajMsg);
if (aim != null) {
- inmsg.put(AssertionInfoMap.class, aim);
+ msg.put(AssertionInfoMap.class, aim);
}
- return inmsg;
+
+ return msg;
}
private void verifyWss4jSigResults(SoapMessage inmsg) {
WSSecurityEngineResult result =
(WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
assertNotNull(result);
- X509Certificate certificate = (X509Certificate)result
- .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
- assertNotNull(certificate);
}
@SuppressWarnings("unchecked")
@@ -345,12 +728,12 @@
.get(WSHandlerConstants.RECV_RESULTS);
assertNotNull(handlerResults);
assertSame(handlerResults.size(), 1);
- //
- // This should contain exactly 1 protection result
- //
- final List<Object> protectionResults = (List<Object>) handlerResults
- .get(0).getResults();
+
+ Vector<Object> protectionResults = new Vector<Object>();
+ WSSecurityUtil.fetchAllActionResults(handlerResults.get(0).getResults(),
+ WSConstants.ENCR, protectionResults);
assertNotNull(protectionResults);
+
//
// This result should contain a reference to the decrypted element
//
@@ -360,4 +743,55 @@
.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
assertNotNull(protectedElements);
}
+
+ private static final class MockEndpoint extends
+ AbstractAttributedInterceptorProvider implements Endpoint {
+
+ private static final long serialVersionUID = 1L;
+
+ private EndpointInfo epi = new EndpointInfo();
+
+ public MockEndpoint() {
+ epi.setBinding(new BindingInfo(null, null));
+ }
+
+
+ public List<AbstractFeature> getActiveFeatures() {
+ return null;
+ }
+
+ public Binding getBinding() {
+ return null;
+ }
+
+ public EndpointInfo getEndpointInfo() {
+ return this.epi;
+ }
+
+ public Executor getExecutor() {
+ return null;
+ }
+
+ public MessageObserver getInFaultObserver() {
+ return null;
+ }
+
+ public MessageObserver getOutFaultObserver() {
+ return null;
+ }
+
+ public Service getService() {
+ return null;
+ }
+
+ public void setExecutor(Executor executor) {
+ }
+
+ public void setInFaultObserver(MessageObserver observer) {
+ }
+
+ public void setOutFaultObserver(MessageObserver observer) {
+ }
+
+ }
}
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,30 @@
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:ContentEncryptedElements>
<sp:XPath>//soap:Body</sp:XPath>
</sp:ContentEncryptedElements>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,30 @@
xmlns:ser="http://www.sdj.pl">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:EncryptedElements>
<sp:XPath>//ser:Header</sp:XPath>
</sp:EncryptedElements>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,30 @@
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:EncryptedElements>
<sp:XPath>//soap:Body</sp:XPath>
</sp:EncryptedElements>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Header Name="Header" Namespace="http://www.sdj.pl"/>
</sp:EncryptedParts>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Body/>
<sp:Header Name="Header" Namespace="http://www.sdj.pl"/>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:RequireEmbeddedTokenReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Header Namespace="http://www.sdj.pl"/>
</sp:EncryptedParts>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml Fri Feb 12 19:20:10 2010
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soapenv:Envelope xmlns:ser="http://blah" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
- <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature Id="Signature-13" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-<ds:SignedInfo>
-<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-<ds:Reference URI="#id-14">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>wDPX14XCrVsUWZn6j8rs+m7I8O8=</ds:DigestValue>
-</ds:Reference>
-<ds:Reference URI="#id-8">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>TJj4H4XAG1HaH/gPprXOv5zwkXQ=</ds:DigestValue>
-</ds:Reference>
-<ds:Reference URI="#id-15">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>NL4WOzgXO8Lc2aBiWr78AXzK/gM=</ds:DigestValue>
-</ds:Reference>
-</ds:SignedInfo>
-<ds:SignatureValue>
-bAx2CT83LxVKReQzYCEHGxxTo3MZzOHMA6e/CcHOQlfvJXwOWcOe/gzk5APRzOJBC1fKGAH0dAiO
-f70WVCU0wRjcjj3+PHiSRRfgqAGk6M/Txl2uGgoSW5JCGYsgTrSLtE6c/n75XGfQr38yiZwAKT8P
-dFHSXRu3Q9SBx0idbBg=
-</ds:SignatureValue>
-<ds:KeyInfo Id="KeyId-B5419464DCB3C8B05A126477266969520">
-<wsse:SecurityTokenReference wsu:Id="STRId-B5419464DCB3C8B05A126477266969521" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:X509Data>
-<ds:X509IssuerSerial>
-<ds:X509IssuerName>CN=myAlias</ds:X509IssuerName>
-<ds:X509SerialNumber>1181668586</ds:X509SerialNumber>
-</ds:X509IssuerSerial>
-</ds:X509Data></wsse:SecurityTokenReference>
-</ds:KeyInfo>
-</ds:Signature></wsse:Security>
- <Header wsu:Id="id-14" xmlns="http://www.sdj.pl" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">1234</Header>
- <Header wsu:Id="id-8" xmlns="http://www.sdj.pl" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">5678</Header>
- </soapenv:Header>
- <soapenv:Body wsu:Id="id-15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
- <echo xmlns="http://www.sdj.pl">
- <in0>A</in0>
- </echo>
- </soapenv:Body>
-</soapenv:Envelope>
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,40 @@
xmlns:ser="http://www.sdj.pl">
<wsp:ExactlyOne>
<wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireIssuerSerialReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireIssuerSerialReference />
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
<sp:SignedElements>
<sp:XPath>//ser:Header</sp:XPath>
</sp:SignedElements>