You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Vinay Penmatsa (Created) (JIRA)" <ji...@apache.org> on 2011/12/10 04:00:40 UTC
[jira] [Created] (CXF-3970) Patch: InitiatorEncryptionToken,
RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
-----------------------------------------------------------------------------------------------------------
Key: CXF-3970
URL: https://issues.apache.org/jira/browse/CXF-3970
Project: CXF
Issue Type: Improvement
Components: WS-* Components
Affects Versions: 2.4.4
Environment: CXF supported environments
Reporter: Vinay Penmatsa
Fix For: 2.4.5, 2.5.1
This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
InitiatorSignatureToken is already supported in patch CXF-3960.
The following is an example that uses all four assertions
{code:xml}
<wsp:Policy
wsu:Id="UsernameToken"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorSignatureToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorSignatureToken>
<sp:InitiatorEncryptionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorEncryptionToken>
<sp:RecipientSignatureToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientSignatureToken>
<sp:RecipientEncryptionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientEncryptionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp1:SignedParts
xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
</sp1:SignedParts>
<sp1:EncryptedParts
xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<sp:Body />
</sp1:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CXF-3970) Patch: InitiatorEncryptionToken,
RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
Posted by "Colm O hEigeartaigh (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh reassigned CXF-3970:
----------------------------------------
Assignee: Colm O hEigeartaigh
> Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
> -----------------------------------------------------------------------------------------------------------
>
> Key: CXF-3970
> URL: https://issues.apache.org/jira/browse/CXF-3970
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.4.4
> Environment: CXF supported environments
> Reporter: Vinay Penmatsa
> Assignee: Colm O hEigeartaigh
> Labels: patch, security
> Fix For: 2.4.5, 2.5.1
>
> Attachments: DoubleItX509Signature.wsdl, patch.txt
>
>
> This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
> InitiatorSignatureToken is already supported in patch CXF-3960.
> The following is an example that uses all four assertions
> {code:xml}
> <wsp:Policy
> wsu:Id="UsernameToken"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding>
> <wsp:Policy>
> <sp:InitiatorSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorSignatureToken>
> <sp:InitiatorEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorEncryptionToken>
> <sp:RecipientSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientSignatureToken>
> <sp:RecipientEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientEncryptionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp1:SignedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:SignedParts>
> <sp1:EncryptedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CXF-3970) Patch: InitiatorEncryptionToken,
RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
Posted by "Colm O hEigeartaigh (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved CXF-3970.
--------------------------------------
Resolution: Fixed
> Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
> -----------------------------------------------------------------------------------------------------------
>
> Key: CXF-3970
> URL: https://issues.apache.org/jira/browse/CXF-3970
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.4.4
> Environment: CXF supported environments
> Reporter: Vinay Penmatsa
> Assignee: Colm O hEigeartaigh
> Labels: patch, security
> Fix For: 2.4.5, 2.5.1
>
> Attachments: DoubleItX509Signature.wsdl, patch.txt
>
>
> This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
> InitiatorSignatureToken is already supported in patch CXF-3960.
> The following is an example that uses all four assertions
> {code:xml}
> <wsp:Policy
> wsu:Id="UsernameToken"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding>
> <wsp:Policy>
> <sp:InitiatorSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorSignatureToken>
> <sp:InitiatorEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorEncryptionToken>
> <sp:RecipientSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientSignatureToken>
> <sp:RecipientEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientEncryptionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp1:SignedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:SignedParts>
> <sp1:EncryptedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-3970) Patch: InitiatorEncryptionToken,
RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
Posted by "Vinay Penmatsa (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinay Penmatsa updated CXF-3970:
--------------------------------
Attachment: DoubleItX509Signature.wsdl
Test wsdl modified to include the new assertions for X509TokenTest
> Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
> -----------------------------------------------------------------------------------------------------------
>
> Key: CXF-3970
> URL: https://issues.apache.org/jira/browse/CXF-3970
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.4.4
> Environment: CXF supported environments
> Reporter: Vinay Penmatsa
> Labels: patch, security
> Fix For: 2.4.5, 2.5.1
>
> Attachments: DoubleItX509Signature.wsdl, patch.txt
>
>
> This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
> InitiatorSignatureToken is already supported in patch CXF-3960.
> The following is an example that uses all four assertions
> {code:xml}
> <wsp:Policy
> wsu:Id="UsernameToken"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding>
> <wsp:Policy>
> <sp:InitiatorSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorSignatureToken>
> <sp:InitiatorEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorEncryptionToken>
> <sp:RecipientSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientSignatureToken>
> <sp:RecipientEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientEncryptionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp1:SignedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:SignedParts>
> <sp1:EncryptedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CXF-3970) Patch: InitiatorEncryptionToken,
RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
Posted by "Vinay Penmatsa (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CXF-3970?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Vinay Penmatsa updated CXF-3970:
--------------------------------
Attachment: patch.txt
> Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
> -----------------------------------------------------------------------------------------------------------
>
> Key: CXF-3970
> URL: https://issues.apache.org/jira/browse/CXF-3970
> Project: CXF
> Issue Type: Improvement
> Components: WS-* Components
> Affects Versions: 2.4.4
> Environment: CXF supported environments
> Reporter: Vinay Penmatsa
> Labels: patch, security
> Fix For: 2.4.5, 2.5.1
>
> Attachments: patch.txt
>
>
> This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
> InitiatorSignatureToken is already supported in patch CXF-3960.
> The following is an example that uses all four assertions
> {code:xml}
> <wsp:Policy
> wsu:Id="UsernameToken"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:AsymmetricBinding>
> <wsp:Policy>
> <sp:InitiatorSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorSignatureToken>
> <sp:InitiatorEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorEncryptionToken>
> <sp:RecipientSignatureToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientSignatureToken>
> <sp:RecipientEncryptionToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
> <wsp:Policy>
> <sp:RequireThumbprintReference />
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientEncryptionToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:TripleDesRsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax />
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp />
> <sp:OnlySignEntireHeadersAndBody />
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <sp1:SignedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:SignedParts>
> <sp1:EncryptedParts
> xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
> <sp:Body />
> </sp1:EncryptedParts>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira