You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/03/07 11:51:17 UTC
svn commit: r1297925 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/
systests/ws-security/src/test/java/org/apach...
Author: coheigea
Date: Wed Mar 7 10:51:16 2012
New Revision: 1297925
URL: http://svn.apache.org/viewvc?rev=1297925&view=rev
Log:
[CXF-4166] - CXF does not always respect SecurityPolicy TokenInclusion for the AsymmetricBinding
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Wed Mar 7 10:51:16 2012
@@ -123,7 +123,9 @@ import org.apache.ws.security.message.WS
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.BinarySecurity;
+import org.apache.ws.security.message.token.PKIPathSecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.SAMLParms;
import org.apache.ws.security.util.WSSecurityUtil;
@@ -164,6 +166,7 @@ public abstract class AbstractBindingBui
Element lastDerivedKeyElement;
Element bottomUpElement;
Element topDownElement;
+ Element bstElement;
public AbstractBindingBuilder(
WSSConfig config,
@@ -1372,13 +1375,35 @@ public abstract class AbstractBindingBui
Crypto crypto = getEncryptionCrypto(wrapper);
message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
setKeyIdentifierType(encrKey, wrapper, token);
- setEncryptionUser(encrKey, wrapper, false, crypto);
+ boolean alsoIncludeToken = false;
+ // Find out do we also need to include the token as per the Inclusion requirement
+ if (token instanceof X509Token
+ && token.getInclusion() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER
+ && encrKey.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE) {
+ alsoIncludeToken = true;
+ }
+
+ String encrUser = setEncryptionUser(encrKey, wrapper, false, crypto);
encrKey.setSymmetricEncAlgorithm(binding.getAlgorithmSuite().getEncryption());
encrKey.setKeyEncAlgo(binding.getAlgorithmSuite().getAsymmetricKeyWrap());
encrKey.prepare(saaj.getSOAPPart(), crypto);
+ if (alsoIncludeToken) {
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(encrUser);
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ BinarySecurity bstToken = new X509Security(saaj.getSOAPPart());
+ ((X509Security) bstToken).setX509Certificate(certs[0]);
+ bstToken.addWSUNamespace();
+ bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", certs[0]));
+ WSSecurityUtil.prependChildElement(
+ secHeader.getSecurityHeader(), bstToken.getElement()
+ );
+ bstElement = bstToken.getElement();
+ }
+
return encrKey;
}
@@ -1483,31 +1508,30 @@ public abstract class AbstractBindingBui
}
public void setKeyIdentifierType(WSSecBase secBase, TokenWrapper wrapper, Token token) {
+ boolean tokenTypeSet = false;
- if (token.getInclusion() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
- boolean tokenTypeSet = false;
-
- if (token instanceof X509Token) {
- X509Token x509Token = (X509Token)token;
- if (x509Token.isRequireIssuerSerialReference()) {
- secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
- tokenTypeSet = true;
- } else if (x509Token.isRequireKeyIdentifierReference()) {
- secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
- tokenTypeSet = true;
- } else if (x509Token.isRequireThumbprintReference()) {
- secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
- tokenTypeSet = true;
- }
- } else if (token instanceof KeyValueToken) {
- secBase.setKeyIdentifierType(WSConstants.KEY_VALUE);
+ if (token instanceof X509Token) {
+ X509Token x509Token = (X509Token)token;
+ if (x509Token.isRequireIssuerSerialReference()) {
+ secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ tokenTypeSet = true;
+ } else if (x509Token.isRequireKeyIdentifierReference()) {
+ secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ tokenTypeSet = true;
+ } else if (x509Token.isRequireThumbprintReference()) {
+ secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
tokenTypeSet = true;
}
-
- if (!tokenTypeSet) {
- policyAsserted(token);
- policyAsserted(wrapper);
-
+ } else if (token instanceof KeyValueToken) {
+ secBase.setKeyIdentifierType(WSConstants.KEY_VALUE);
+ tokenTypeSet = true;
+ }
+
+ policyAsserted(token);
+ policyAsserted(wrapper);
+
+ if (!tokenTypeSet) {
+ if (token.getInclusion() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
Wss10 wss = getWss10();
policyAsserted(wss);
if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
@@ -1518,15 +1542,13 @@ public abstract class AbstractBindingBui
&& ((Wss11) wss).isMustSupportRefThumbprint()) {
secBase.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
}
+ } else {
+ secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
- } else {
- policyAsserted(token);
- policyAsserted(wrapper);
- secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
}
}
- public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
+ public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
boolean sign, Crypto crypto) {
String encrUser = (String)message.getContextualProperty(sign
? SecurityConstants.SIGNATURE_USERNAME
@@ -1560,6 +1582,8 @@ public abstract class AbstractBindingBui
} else {
encrKeyBuilder.setUserInfo(encrUser);
}
+
+ return encrUser;
}
private static X509Certificate getReqSigCert(List<WSHandlerResult> results) {
@@ -1652,6 +1676,7 @@ public abstract class AbstractBindingBui
) throws WSSecurityException {
WSSecSignature sig = new WSSecSignature(wssConfig);
checkForX509PkiPath(sig, token);
+ boolean alsoIncludeToken = false;
if (token instanceof IssuedToken || token instanceof SamlToken) {
policyAsserted(token);
policyAsserted(wrapper);
@@ -1703,6 +1728,13 @@ public abstract class AbstractBindingBui
sig.setCustomTokenId(sigTokId);
} else {
setKeyIdentifierType(sig, wrapper, token);
+ // Find out do we also need to include the token as per the Inclusion requirement
+ if (token instanceof X509Token
+ && token.getInclusion() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER
+ && (sig.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE
+ && sig.getKeyIdentifierType() != WSConstants.KEY_VALUE)) {
+ alsoIncludeToken = true;
+ }
}
boolean encryptCrypto = false;
@@ -1749,6 +1781,25 @@ public abstract class AbstractBindingBui
policyNotAsserted(token, e);
}
+ if (alsoIncludeToken) {
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias(user);
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ BinarySecurity bstToken = null;
+ if (!sig.isUseSingleCertificate()) {
+ bstToken = new PKIPathSecurity(saaj.getSOAPPart());
+ ((PKIPathSecurity) bstToken).setX509Certificates(certs, crypto);
+ } else {
+ bstToken = new X509Security(saaj.getSOAPPart());
+ ((X509Security) bstToken).setX509Certificate(certs[0]);
+ }
+ bstToken.setID(wssConfig.getIdAllocator().createSecureId("X509-", certs[0]));
+ WSSecurityUtil.prependChildElement(
+ secHeader.getSecurityHeader(), bstToken.getElement()
+ );
+ bstElement = bstToken.getElement();
+ }
+
return sig;
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Wed Mar 7 10:51:16 2012
@@ -502,10 +502,17 @@ public class AsymmetricBindingHandler ex
dkSign.prepare(saaj.getSOAPPart(), secHeader);
if (abinding.isTokenProtection()) {
- WSEncryptionPart ekPart =
- new WSEncryptionPart(encrKey.getId());
- ekPart.setElement(encrKey.getEncryptedKeyElement());
- sigParts.add(ekPart);
+ if (bstElement != null) {
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(bstElement.getAttributeNS(WSConstants.WSU_NS, "Id"));
+ bstPart.setElement(bstElement);
+ sigParts.add(bstPart);
+ } else {
+ WSEncryptionPart ekPart =
+ new WSEncryptionPart(encrKey.getId());
+ ekPart.setElement(encrKey.getEncryptedKeyElement());
+ sigParts.add(ekPart);
+ }
}
dkSign.setParts(sigParts);
@@ -532,12 +539,18 @@ public class AsymmetricBindingHandler ex
WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, attached, false);
// This action must occur before sig.prependBSTElementToHeader
- if (abinding.isTokenProtection()
- && sig.getBSTTokenId() != null) {
- WSEncryptionPart bstPart =
- new WSEncryptionPart(sig.getBSTTokenId());
- bstPart.setElement(sig.getBinarySecurityTokenElement());
- sigParts.add(bstPart);
+ if (abinding.isTokenProtection()) {
+ if (sig.getBSTTokenId() != null) {
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(sig.getBSTTokenId());
+ bstPart.setElement(sig.getBinarySecurityTokenElement());
+ sigParts.add(bstPart);
+ } else if (bstElement != null) {
+ WSEncryptionPart bstPart =
+ new WSEncryptionPart(bstElement.getAttributeNS(WSConstants.WSU_NS, "Id"));
+ bstPart.setElement(bstElement);
+ sigParts.add(bstPart);
+ }
}
sig.prependBSTElementToHeader(secHeader);
Modified: cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl (original)
+++ cxf/trunk/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service.wsdl Wed Mar 7 10:51:16 2012
@@ -224,7 +224,7 @@
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
- <sp:RequireThumbprintReference />
+ <!--<sp:RequireThumbprintReference />-->
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Wed Mar 7 10:51:16 2012
@@ -147,6 +147,28 @@ public class X509TokenTest extends Abstr
}
@org.junit.Test
+ public void testAsymmetricThumbprint() throws Exception {
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricThumbprintPort");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, PORT);
+ x509Port.doubleIt(25);
+ }
+
+ @org.junit.Test
public void testAsymmetricProtectTokens() throws Exception {
if (!unrestrictedPoliciesInstalled) {
return;
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Wed Mar 7 10:51:16 2012
@@ -106,6 +106,25 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItAsymmetricThumbprintBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItAsymmetricThumbprintPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItAsymmetricProtectTokensBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItAsymmetricProtectTokensPolicy" />
<soap:binding style="document"
@@ -235,6 +254,10 @@
binding="tns:DoubleItAsymmetricIssuerSerialBinding">
<soap:address location="http://localhost:9001/DoubleItX509Asymmetric" />
</wsdl:port>
+ <wsdl:port name="DoubleItAsymmetricThumbprintPort"
+ binding="tns:DoubleItAsymmetricThumbprintBinding">
+ <soap:address location="http://localhost:9001/DoubleItX509AsymmetricThumbprint" />
+ </wsdl:port>
<wsdl:port name="DoubleItAsymmetricProtectTokensPort"
binding="tns:DoubleItAsymmetricProtectTokensBinding">
<soap:address location="http://localhost:9001/DoubleItX509AsymmetricProtect" />
@@ -409,6 +432,51 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItAsymmetricThumbprintPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireThumbprintReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireThumbprintReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItAsymmetricProtectTokensPolicy">
<wsp:ExactlyOne>
<wsp:All>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml Wed Mar 7 10:51:16 2012
@@ -80,6 +80,20 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricThumbprintPort"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ </jaxws:properties>
+ </jaxws:client>
+
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSignaturePort"
createdFromAPI="true">
<jaxws:properties>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1297925&r1=1297924&r2=1297925&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml Wed Mar 7 10:51:16 2012
@@ -142,6 +142,27 @@
</jaxws:endpoint>
<jaxws:endpoint
+ id="AsymmetricThumbprint"
+ address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricThumbprint"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItAsymmetricThumbprintPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
id="AsymmetricSignature"
address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricSignature"
serviceName="s:DoubleItService"