You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/08/03 16:55:20 UTC
svn commit: r1369002 - in /cxf/branches/2.5.x-fixes:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_che...
Author: coheigea
Date: Fri Aug 3 14:55:20 2012
New Revision: 1369002
URL: http://svn.apache.org/viewvc?rev=1369002&view=rev
Log:
Merged revisions 1368994 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes
........
r1368994 | coheigea | 2012-08-03 15:47:32 +0100 (Fri, 03 Aug 2012) | 10 lines
Merged revisions 1368978 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1368978 | coheigea | 2012-08-03 15:23:18 +0100 (Fri, 03 Aug 2012) | 2 lines
[CXF-4453] - Added SOAP Body decryption checking support + some reshuffling following feedback from Glen
........
........
Added:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
- copied, changed from r1368880, cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
- copied, changed from r1368880, cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java
Removed:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SignatureCoverageChecker.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=1369002&r1=1369001&r2=1369002&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java Fri Aug 3 14:55:20 2012
@@ -346,5 +346,48 @@ public class CryptoCoverageChecker exten
public CoverageScope getScope() {
return this.scope;
}
+
+ @Override
+ public boolean equals(Object xpathObject) {
+ if (!(xpathObject instanceof XPathExpression)) {
+ return false;
+ }
+
+ if (xpathObject == this) {
+ return true;
+ }
+
+ XPathExpression xpath = (XPathExpression)xpathObject;
+ if (xpath.getScope() != getScope()) {
+ return false;
+ }
+
+ if (xpath.getType() != getType()) {
+ return false;
+ }
+
+ if (getXPath() == null && xpath.getXPath() != null) {
+ return false;
+ } else if (getXPath() != null && !getXPath().equals(xpath.getXPath())) {
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public int hashCode() {
+ int result = 17;
+ if (getXPath() != null) {
+ result = 31 * result + getXPath().hashCode();
+ }
+ if (getType() != null) {
+ result = 31 * result + getType().hashCode();
+ }
+ if (getScope() != null) {
+ result = 31 * result + getScope().hashCode();
+ }
+ return result;
+ }
}
}
Added: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java?rev=1369002&view=auto
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java (added)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java Fri Aug 3 14:55:20 2012
@@ -0,0 +1,156 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.ws.security.WSConstants;
+
+/**
+ * This utility extends the CryptoCoverageChecker to provide an easy way to check to see
+ * if the SOAP (1.1 + 1.2) Body was signed and/or encrypted, and if the Timestamp was signed.
+ * The default configuration is that the SOAP Body and Timestamp must be signed.
+ */
+public class DefaultCryptoCoverageChecker extends CryptoCoverageChecker {
+
+ public static final String SOAP_NS = WSConstants.URI_SOAP11_ENV;
+ public static final String SOAP12_NS = WSConstants.URI_SOAP12_ENV;
+ public static final String WSU_NS = WSConstants.WSU_NS;
+ public static final String WSSE_NS = WSConstants.WSSE_NS;
+
+ private boolean signBody;
+ private boolean signTimestamp;
+ private boolean encryptBody;
+
+ /**
+ * Creates a new instance. Enforces that the SOAP Body and Timestamp must be signed
+ * (if they exist in the message body).
+ */
+ public DefaultCryptoCoverageChecker() {
+ super(null, null);
+
+ prefixMap.put("soapenv", SOAP_NS);
+ prefixMap.put("soapenv12", SOAP12_NS);
+ prefixMap.put("wsu", WSU_NS);
+ prefixMap.put("wsse", WSSE_NS);
+
+ // Sign SOAP Body
+ setSignBody(true);
+
+ // Sign Timestamp
+ setSignTimestamp(true);
+ }
+
+ public boolean isSignBody() {
+ return signBody;
+ }
+
+ public final void setSignBody(boolean signBody) {
+ this.signBody = signBody;
+
+ XPathExpression soap11Expression =
+ new XPathExpression("/soapenv:Envelope/soapenv:Body", CoverageType.SIGNED);
+ XPathExpression soap12Expression =
+ new XPathExpression("/soapenv12:Envelope/soapenv12:Body", CoverageType.SIGNED);
+
+ if (signBody) {
+ if (!xPaths.contains(soap11Expression)) {
+ xPaths.add(soap11Expression);
+ }
+ if (!xPaths.contains(soap12Expression)) {
+ xPaths.add(soap12Expression);
+ }
+ } else {
+ if (xPaths.contains(soap11Expression)) {
+ xPaths.remove(soap11Expression);
+ }
+ if (xPaths.contains(soap12Expression)) {
+ xPaths.remove(soap12Expression);
+ }
+ }
+ }
+
+ public boolean isSignTimestamp() {
+ return signTimestamp;
+ }
+
+ public final void setSignTimestamp(boolean signTimestamp) {
+ this.signTimestamp = signTimestamp;
+
+ XPathExpression soap11Expression =
+ new XPathExpression(
+ "/soapenv:Envelope/soapenv:Header/wsse:Security/wsu:Timestamp",
+ CoverageType.SIGNED
+ );
+ XPathExpression soap12Expression =
+ new XPathExpression(
+ "/soapenv12:Envelope/soapenv12:Header/wsse:Security/wsu:Timestamp",
+ CoverageType.SIGNED
+ );
+
+ if (signTimestamp) {
+ if (!xPaths.contains(soap11Expression)) {
+ xPaths.add(soap11Expression);
+ }
+ if (!xPaths.contains(soap12Expression)) {
+ xPaths.add(soap12Expression);
+ }
+ } else {
+ if (xPaths.contains(soap11Expression)) {
+ xPaths.remove(soap11Expression);
+ }
+ if (xPaths.contains(soap12Expression)) {
+ xPaths.remove(soap12Expression);
+ }
+ }
+ }
+
+ public boolean isEncryptBody() {
+ return encryptBody;
+ }
+
+ public final void setEncryptBody(boolean encryptBody) {
+ this.encryptBody = encryptBody;
+
+ XPathExpression soap11Expression =
+ new XPathExpression("/soapenv:Envelope/soapenv:Body", CoverageType.ENCRYPTED,
+ CoverageScope.CONTENT);
+ XPathExpression soap12Expression =
+ new XPathExpression("/soapenv12:Envelope/soapenv12:Body", CoverageType.ENCRYPTED,
+ CoverageScope.CONTENT);
+
+ if (encryptBody) {
+ if (!xPaths.contains(soap11Expression)) {
+ xPaths.add(soap11Expression);
+ }
+ if (!xPaths.contains(soap12Expression)) {
+ xPaths.add(soap12Expression);
+ }
+ } else {
+ if (xPaths.contains(soap11Expression)) {
+ xPaths.remove(soap11Expression);
+ }
+ if (xPaths.contains(soap12Expression)) {
+ xPaths.remove(soap12Expression);
+ }
+ }
+ }
+
+}
Copied: cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java (from r1368880, cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java?p2=cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java&p1=cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java&r1=1368880&r2=1369002&rev=1369002&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java Fri Aug 3 14:55:20 2012
@@ -36,10 +36,11 @@ import org.apache.ws.security.handler.WS
import org.junit.Test;
/**
- * Test the SignatureCoverageChecker, which extends the CryptoCoverageChecker to provide
- * an easier way to check to see if the SOAP Body and Timestamp were signed.
+ * Test the DefaultCryptoCoverageChecker, which extends the CryptoCoverageChecker to provide
+ * an easier way to check to see if the SOAP (1.1 + 1.2) Body was signed and/or encrypted, and
+ * if the Timestamp was signed.
*/
-public class SignatureCheckerTest extends AbstractSecurityTest {
+public class DefaultCryptoCoverageCheckerTest extends AbstractSecurityTest {
@Test
public void testSignedWithIncompleteCoverage() throws Exception {
@@ -97,8 +98,7 @@ public class SignatureCheckerTest extend
final Document doc = this.readDocument(document);
final SoapMessage msg = this.getSoapMessageForDom(doc);
- final SignatureCoverageChecker checker =
- new SignatureCoverageChecker(true, true);
+ final CryptoCoverageChecker checker = new DefaultCryptoCoverageChecker();
checker.addPrefixes(prefixes);
checker.addXPaths(xpaths);
final PhaseInterceptor<SoapMessage> wss4jInInterceptor = this.getWss4jInInterceptor();
Copied: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java (from r1368880, cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java?p2=cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java&p1=cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java&r1=1368880&r2=1369002&rev=1369002&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java (original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java Fri Aug 3 14:55:20 2012
@@ -39,9 +39,9 @@ import org.example.contract.doubleit.Dou
import org.junit.BeforeClass;
/**
- * A set of tests for the SignatureCoverageChecker.
+ * A set of tests for the DefaultCryptoCoverageChecker.
*/
-public class SignatureCoverageCheckerTest extends AbstractBusClientServerTestBase {
+public class DefaultCryptoCoverageCheckerTest extends AbstractBusClientServerTestBase {
public static final String PORT = allocatePort(Server.class);
private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
@@ -72,13 +72,13 @@ public class SignatureCoverageCheckerTes
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort");
DoubleItPortType port =
@@ -111,13 +111,13 @@ public class SignatureCoverageCheckerTes
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort");
DoubleItPortType port =
@@ -153,13 +153,13 @@ public class SignatureCoverageCheckerTes
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort");
DoubleItPortType port =
@@ -196,13 +196,13 @@ public class SignatureCoverageCheckerTes
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port");
DoubleItPortType port =
@@ -235,13 +235,13 @@ public class SignatureCoverageCheckerTes
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port");
DoubleItPortType port =
@@ -277,13 +277,13 @@ public class SignatureCoverageCheckerTes
}
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
- URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
Service service = Service.create(wsdl, SERVICE_QNAME);
QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port");
DoubleItPortType port =
@@ -313,6 +313,96 @@ public class SignatureCoverageCheckerTes
bus.shutdown(true);
}
+ @org.junit.Test
+ public void testSignedEncryptedBody() throws Exception {
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedBodyPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ Map<String, Object> outProps = new HashMap<String, Object>();
+ outProps.put("action", "Timestamp Signature Encrypt");
+ outProps.put("signaturePropFile",
+ "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
+ outProps.put("encryptionPropFile",
+ "org/apache/cxf/systest/ws/wssec10/client/bob.properties");
+ outProps.put("user", "alice");
+ outProps.put("encryptionUser", "bob");
+ outProps.put("passwordCallbackClass",
+ "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+ outProps.put("signatureParts",
+ "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+ outProps.put("encryptionParts",
+ "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+
+ bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
+
+ port.doubleIt(25);
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSignedNotEncryptedBody() throws Exception {
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedBodyPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ Map<String, Object> outProps = new HashMap<String, Object>();
+ outProps.put("action", "Timestamp Signature Encrypt");
+ outProps.put("signaturePropFile",
+ "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
+ outProps.put("encryptionPropFile",
+ "org/apache/cxf/systest/ws/wssec10/client/bob.properties");
+ outProps.put("user", "alice");
+ outProps.put("encryptionUser", "bob");
+ outProps.put("passwordCallbackClass",
+ "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+ outProps.put("signatureParts",
+ "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+ outProps.put("encryptionParts",
+ "{}{http://docs.oasis-open.org/wss/2004/01/oasis-"
+ + "200401-wss-wssecurity-utility-1.0.xsd}Timestamp;");
+
+ bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
+
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on not encrypting the SOAP Body");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ bus.shutdown(true);
+ }
+
private boolean checkUnrestrictedPoliciesInstalled() {
try {
byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl?rev=1369002&r1=1369001&r2=1369002&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl (original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl Fri Aug 3 14:55:20 2012
@@ -71,6 +71,9 @@
<wsdl:port name="DoubleItBodyTimestampSoap12Port" binding="tns:DoubleItSoap12Binding">
<soap12:address location="http://localhost:9001/DoubleItBodyTimestampSoap12" />
</wsdl:port>
+ <wsdl:port name="DoubleItSignedEncryptedBodyPort" binding="tns:DoubleItSoapBinding">
+ <soap:address location="http://localhost:9001/DoubleItSignedEncrypted" />
+ </wsdl:port>
</wsdl:service>
</wsdl:definitions>
Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml?rev=1369002&r1=1369001&r2=1369002&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml (original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml Fri Aug 3 14:55:20 2012
@@ -47,4 +47,8 @@
createdFromAPI="true">
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedEncryptedBodyPort"
+ createdFromAPI="true">
+ </jaxws:client>
+
</beans>
Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml?rev=1369002&r1=1369001&r2=1369002&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml (original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml Fri Aug 3 14:55:20 2012
@@ -63,10 +63,7 @@
</map>
</constructor-arg>
</bean>
- <bean class="org.apache.cxf.ws.security.wss4j.SignatureCoverageChecker">
- <constructor-arg><value>true</value></constructor-arg>
- <constructor-arg><value>true</value></constructor-arg>
- </bean>
+ <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"/>
</jaxws:inInterceptors>
</jaxws:endpoint>
@@ -90,12 +87,40 @@
</map>
</constructor-arg>
</bean>
- <bean class="org.apache.cxf.ws.security.wss4j.SignatureCoverageChecker">
- <constructor-arg><value>true</value></constructor-arg>
- <constructor-arg><value>true</value></constructor-arg>
+ <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker">
+ <property name="signBody" value="true"/>
+ <property name="signTimestamp" value="true"/>
</bean>
</jaxws:inInterceptors>
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="SignedEncryptedBody"
+ address="http://localhost:${testutil.ports.Server}/DoubleItSignedEncrypted"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItSignedEncryptedBodyPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl">
+
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt Signature Timestamp"/>
+ <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="decryptionPropFile" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker">
+ <property name="signBody" value="true"/>
+ <property name="signTimestamp" value="false"/>
+ <property name="encryptBody" value="true"/>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:endpoint>
</beans>