You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2012/11/22 15:43:20 UTC
svn commit: r1412563 - in /cxf/branches/2.6.x-fixes: parent/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/
rt/ws/security/src/main/java/org/apache/cxf/ws/s...
Author: coheigea
Date: Thu Nov 22 14:43:17 2012
New Revision: 1412563
URL: http://svn.apache.org/viewvc?rev=1412563&view=rev
Log:
Merged revisions 1412562 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1412562 | coheigea | 2012-11-22 14:39:42 +0000 (Thu, 22 Nov 2012) | 2 lines
[CXF-4646] - Use AlgorithmSuite functionality in WSS4J 1.6.8
........
Added:
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/Server.java
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client/
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client/client.xml
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/
cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/server.xml
Removed:
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
Modified:
cxf/branches/2.6.x-fixes/parent/pom.xml
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
cxf/branches/2.6.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
Modified: cxf/branches/2.6.x-fixes/parent/pom.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/parent/pom.xml?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/parent/pom.xml (original)
+++ cxf/branches/2.6.x-fixes/parent/pom.xml Thu Nov 22 14:43:17 2012
@@ -131,7 +131,7 @@
<cxf.oauth.bundle.version>20100527_1</cxf.oauth.bundle.version>
<cxf.axiom.version>1.2.10</cxf.axiom.version>
<cxf.jettison.version>1.3.2</cxf.jettison.version>
- <cxf.wss4j.version>1.6.7</cxf.wss4j.version>
+ <cxf.wss4j.version>1.6.8-SNAPSHOT</cxf.wss4j.version>
<cxf.joda.time.version>1.6.2</cxf.joda.time.version>
<cxf.joda.time.version2>2.1</cxf.joda.time.version2>
<cxf.opensaml.version>2.5.1</cxf.opensaml.version>
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokens12Builder.java Thu Nov 22 14:43:17 2012
@@ -145,6 +145,7 @@ public class SupportingTokens12Builder i
} else if (primitive instanceof Token) {
supportingToken.addToken((Token) primitive);
+ ((Token)primitive).setSupportingToken(supportingToken);
}
}
}
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java Thu Nov 22 14:43:17 2012
@@ -115,6 +115,7 @@ public class SupportingTokensBuilder imp
} else if (primitive instanceof Token) {
supportingToken.addToken((Token)primitive);
+ ((Token)primitive).setSupportingToken(supportingToken);
}
}
}
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/Token.java Thu Nov 22 14:43:17 2012
@@ -38,6 +38,11 @@ public abstract class Token extends Abst
private boolean explicitDerivedKeys;
private String issuerName;
+
+ /**
+ * A Reference to a parent SupportingToken assertion
+ */
+ private SupportingToken supportingToken;
public Token(SPConstants version) {
super(version);
@@ -103,4 +108,12 @@ public abstract class Token extends Abst
public void setIssuerName(String issuerName) {
this.issuerName = issuerName;
}
+
+ public SupportingToken getSupportingToken() {
+ return supportingToken;
+ }
+
+ public void setSupportingToken(SupportingToken supportingToken) {
+ this.supportingToken = supportingToken;
+ }
}
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Thu Nov 22 14:43:17 2012
@@ -58,12 +58,16 @@ import org.apache.cxf.ws.policy.Assertio
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.RequiredElements;
import org.apache.cxf.ws.security.policy.model.RequiredParts;
+import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
import org.apache.cxf.ws.security.policy.model.Wss11;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
@@ -90,6 +94,7 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.AlgorithmSuite;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.handler.RequestData;
@@ -473,6 +478,103 @@ public class PolicyBasedWSS4JInIntercept
return true;
}
+
+ /**
+ * Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
+ * algorithms that are allowed for encryption, signature, etc.
+ */
+ protected void setAlgorithmSuites(SoapMessage message, RequestData data) throws WSSecurityException {
+ Binding binding = getBinding(message);
+ if (binding != null && binding.getAlgorithmSuite() != null) {
+ // Translate into WSS4J's AlgorithmSuite class
+ AlgorithmSuite algorithmSuite = translateAlgorithmSuite(binding.getAlgorithmSuite());
+ data.setAlgorithmSuite(algorithmSuite);
+ }
+
+ // Now look for an AlgorithmSuite for a SAML Assertion
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ if (aim != null) {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.SAML_TOKEN);
+ if (ais != null && !ais.isEmpty()) {
+ for (AssertionInfo ai : ais) {
+ SamlToken samlToken = (SamlToken)ai.getAssertion();
+ SupportingToken supportingToken = samlToken.getSupportingToken();
+ if (supportingToken != null && supportingToken.getAlgorithmSuite() != null) {
+ AlgorithmSuite algorithmSuite =
+ translateAlgorithmSuite(supportingToken.getAlgorithmSuite());
+ data.setSamlAlgorithmSuite(algorithmSuite);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ /**
+ * Translate a CXF AlgorithmSuite object into WSS4J's AlgorithmSuite object
+ */
+ private AlgorithmSuite translateAlgorithmSuite(
+ org.apache.cxf.ws.security.policy.model.AlgorithmSuite cxfAlgorithmSuite
+ ) {
+ // Translate into WSS4J's AlgorithmSuite class
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite();
+ algorithmSuite.setEncryptionDerivedKeyLength(
+ cxfAlgorithmSuite.getEncryptionDerivedKeyLength());
+ algorithmSuite.setSignatureDerivedKeyLength(
+ cxfAlgorithmSuite.getSignatureDerivedKeyLength());
+ algorithmSuite.setMaximumAsymmetricKeyLength(
+ cxfAlgorithmSuite.getMaximumAsymmetricKeyLength());
+ algorithmSuite.setMinimumAsymmetricKeyLength(
+ cxfAlgorithmSuite.getMinimumAsymmetricKeyLength());
+ algorithmSuite.setMaximumSymmetricKeyLength(
+ cxfAlgorithmSuite.getMaximumSymmetricKeyLength());
+ algorithmSuite.setMinimumSymmetricKeyLength(
+ cxfAlgorithmSuite.getMinimumSymmetricKeyLength());
+
+ algorithmSuite.addEncryptionMethod(cxfAlgorithmSuite.getEncryption());
+ algorithmSuite.addKeyWrapAlgorithm(cxfAlgorithmSuite.getSymmetricKeyWrap());
+ algorithmSuite.addKeyWrapAlgorithm(cxfAlgorithmSuite.getAsymmetricKeyWrap());
+
+ algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getAsymmetricSignature());
+ algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getSymmetricSignature());
+ algorithmSuite.addDigestAlgorithm(cxfAlgorithmSuite.getDigest());
+ algorithmSuite.addC14nAlgorithm(cxfAlgorithmSuite.getInclusiveC14n());
+
+ algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getInclusiveC14n());
+ algorithmSuite.addTransformAlgorithm(SPConstants.STRT10);
+ algorithmSuite.addTransformAlgorithm(WSConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE);
+
+ algorithmSuite.addDerivedKeyAlgorithm(SPConstants.P_SHA1);
+ algorithmSuite.addDerivedKeyAlgorithm(SPConstants.P_SHA1_L128);
+
+ return algorithmSuite;
+ }
+
+ /**
+ * Get the WS-SecurityPolicy Binding that is in operation
+ */
+ private Binding getBinding(SoapMessage message) {
+ AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+ if (aim != null) {
+ Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ AssertionInfo ai = ais.iterator().next();
+ return (Binding)ai.getAssertion();
+ }
+ ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ AssertionInfo ai = ais.iterator().next();
+ return (Binding)ai.getAssertion();
+ }
+ ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+ if (ais != null && !ais.isEmpty()) {
+ AssertionInfo ai = ais.iterator().next();
+ return (Binding)ai.getAssertion();
+ }
+ }
+ return null;
+ }
+
protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException {
String action = getString(WSHandlerConstants.ACTION, message);
if (action == null) {
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Nov 22 14:43:17 2012
@@ -113,10 +113,6 @@ public class WSS4JInInterceptor extends
public static final String SECURITY_PROCESSED = WSS4JInInterceptor.class.getName() + ".DONE";
private static final Logger LOG = LogUtils.getL7dLogger(WSS4JInInterceptor.class);
- private static final Logger TIME_LOG = LogUtils.getL7dLogger(WSS4JInInterceptor.class,
- null,
- WSS4JInInterceptor.class.getName()
- + "-Time");
private boolean ignoreActions;
/**
@@ -221,28 +217,19 @@ public class WSS4JInInterceptor extends
SOAPMessage doc = getSOAPMessage(msg);
boolean doDebug = LOG.isLoggable(Level.FINE);
- boolean doTimeLog = TIME_LOG.isLoggable(Level.FINE);
SoapVersion version = msg.getVersion();
if (doDebug) {
LOG.fine("WSS4JInInterceptor: enter handleMessage()");
}
- long t0 = 0;
- long t1 = 0;
- long t2 = 0;
- long t3 = 0;
-
- if (doTimeLog) {
- t0 = System.currentTimeMillis();
- }
-
/*
* The overall try, just to have a finally at the end to perform some
* housekeeping.
*/
try {
reqData.setMsgContext(msg);
+ setAlgorithmSuites(msg, reqData);
computeAction(msg, reqData);
List<Integer> actions = new ArrayList<Integer>();
String action = getAction(msg, version);
@@ -284,19 +271,12 @@ public class WSS4JInInterceptor extends
|| MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
reqData.setEnableRevocation(enableRevocation);
- if (doTimeLog) {
- t1 = System.currentTimeMillis();
- }
Element elem = WSSecurityUtil.getSecurityHeader(doc.getSOAPPart(), actor);
List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(
elem, reqData
);
- if (doTimeLog) {
- t2 = System.currentTimeMillis();
- }
-
if (wsResult != null && !wsResult.isEmpty()) { // security header found
if (reqData.getWssConfig().isEnableSignatureConfirmation()) {
checkSignatureConfirmation(reqData, wsResult);
@@ -343,14 +323,6 @@ public class WSS4JInInterceptor extends
advanceBody(msg, SAAJUtils.getBody(doc));
SAAJInInterceptor.replaceHeaders(doc, msg);
- if (doTimeLog) {
- t3 = System.currentTimeMillis();
- TIME_LOG.fine("Receive request: total= " + (t3 - t0)
- + " request preparation= " + (t1 - t0)
- + " request processing= " + (t2 - t1)
- + " header, cert verify, timestamp= " + (t3 - t2) + "\n");
- }
-
if (doDebug) {
LOG.fine("WSS4JInInterceptor: exit handleMessage()");
}
@@ -446,6 +418,14 @@ public class WSS4JInInterceptor extends
reqData.setSigCrypto(sigCrypto);
}
}
+
+ /**
+ * Set a WSS4J AlgorithmSuite object on the RequestData context, to restrict the
+ * algorithms that are allowed for encryption, signature, etc.
+ */
+ protected void setAlgorithmSuites(SoapMessage message, RequestData data) throws WSSecurityException {
+ super.decodeAlgorithmSuite(data);
+ }
protected void doResults(
SoapMessage msg,
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Thu Nov 22 14:43:17 2012
@@ -169,12 +169,6 @@ public abstract class AbstractBindingPol
List<WSSecurityEngineResult> signedResults,
Message message
) {
- // Check the AlgorithmSuite
- AlgorithmSuitePolicyValidator algorithmValidator = new AlgorithmSuitePolicyValidator(results);
- if (!algorithmValidator.validatePolicy(ai, binding.getAlgorithmSuite())) {
- return false;
- }
-
// Check the IncludeTimestamp
if (!validateTimestamp(binding.isIncludeTimestamp(), false, results, signedResults, message)) {
String error = "Received Timestamp does not match the requirements";
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java Thu Nov 22 14:43:17 2012
@@ -70,12 +70,6 @@ public class TransportBindingPolicyValid
assertPolicy(aim, binding.getTransportToken());
}
- // Check the AlgorithmSuite
- AlgorithmSuitePolicyValidator algorithmValidator = new AlgorithmSuitePolicyValidator(results);
- if (!algorithmValidator.validatePolicy(ai, binding.getAlgorithmSuite())) {
- return false;
- }
-
// Check the IncludeTimestamp
if (!validateTimestamp(binding.isIncludeTimestamp(), true, results, signedResults, message)) {
String error = "Received Timestamp does not match the requirements";
Modified: cxf/branches/2.6.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=1412563&r1=1412562&r2=1412563&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original)
+++ cxf/branches/2.6.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Thu Nov 22 14:43:17 2012
@@ -199,12 +199,17 @@ public class PolicyBasedWss4JInOutTest e
SP12Constants.ENCRYPTED_ELEMENTS,
null,
CoverageType.ENCRYPTED);
- this.runInInterceptorAndValidate(
+ try {
+ this.runInInterceptorAndValidate(
"encrypted_body_content.xml",
"encrypted_elements_policy3.xml",
Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
- Arrays.asList(SP12Constants.SYMMETRIC_BINDING, SP12Constants.PROTECTION_TOKEN),
+ null,
Arrays.asList(CoverageType.ENCRYPTED));
+ fail("Failure expected on an algorithm mismatch");
+ } catch (org.apache.cxf.binding.soap.SoapFault fault) {
+ // expected
+ }
this.runAndValidate(
"wsse-request-clean.xml",
Added: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java?rev=1412563&view=auto
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java (added)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java Thu Nov 22 14:43:17 2012
@@ -0,0 +1,201 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.algsuite;
+
+import java.net.URL;
+
+import javax.xml.namespace.QName;
+import javax.xml.ws.Service;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.systest.ws.algsuite.server.Server;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+
+import org.example.contract.doubleit.DoubleItPortType;
+
+import org.junit.BeforeClass;
+
+/**
+ * This is a test for AlgorithmSuites. Essentially it checks that a service endpoint will
+ * reject a client request that uses a different AlgorithmSuite.
+ */
+public class AlgorithmSuiteTest extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(Server.class);
+
+ private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(Server.class, true)
+ );
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testSecurityPolicy() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = AlgorithmSuiteTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = AlgorithmSuiteTest.class.getResource("DoubleItAlgSuite.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should succeed as the client + server policies match
+ port.doubleIt(25);
+
+ portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port2");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on Rsa15 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ // This should fail as the client uses Basic256 + the server uses Basic128
+ if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ portQName = new QName(NAMESPACE, "DoubleItSymmetric128Port3");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses Basic128Rsa15 + the server uses Basic128
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on Basic256 AlgorithmSuite");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testManualConfigurationEncryption() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = AlgorithmSuiteTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = AlgorithmSuiteTest.class.getResource("DoubleItAlgSuite.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItEncryptionOAEPPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should succeed as the client + server settings match
+ port.doubleIt(25);
+
+ portQName = new QName(NAMESPACE, "DoubleItEncryptionOAEPPort2");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses RSA 1.5 + the server uses RSA OAEP
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on Rsa15");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ // This should fail as the client uses AES-256 and the server uses AES-128
+ if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ portQName = new QName(NAMESPACE, "DoubleItEncryptionOAEPPort3");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses AES-256 and the server uses AES-128
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on AES-256");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testManualConfigurationSignature() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = AlgorithmSuiteTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = AlgorithmSuiteTest.class.getResource("DoubleItAlgSuite.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignaturePort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should succeed as the client + server settings match
+ port.doubleIt(25);
+
+ // This should fail as the client uses uses RSA-SHA256 + the server uses RSA-SHA1
+ if (SecurityTestUtil.checkUnrestrictedPoliciesInstalled()) {
+ portQName = new QName(NAMESPACE, "DoubleItSignaturePort2");
+ port = service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ // This should fail as the client uses uses RSA-SHA256 + the server uses RSA-SHA1
+ try {
+ port.doubleIt(25);
+ fail("Failure expected on SHA-256");
+ } catch (Exception ex) {
+ // expected
+ }
+ }
+
+ bus.shutdown(true);
+ }
+
+}
\ No newline at end of file
Added: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/Server.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/Server.java?rev=1412563&view=auto
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/Server.java (added)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/server/Server.java Thu Nov 22 14:43:17 2012
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.algsuite.server;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class Server extends AbstractBusTestServerBase {
+
+ public Server() {
+
+ }
+
+ protected void run() {
+ URL busFile = Server.class.getResource("server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new Server();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
Added: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl?rev=1412563&view=auto
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl (added)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl Thu Nov 22 14:43:17 2012
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<wsdl:definitions name="DoubleIt"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://www.example.org/contract/DoubleIt"
+ targetNamespace="http://www.example.org/contract/DoubleIt"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802">
+
+ <wsdl:import location="src/test/resources/DoubleItLogical.wsdl"
+ namespace="http://www.example.org/contract/DoubleIt"/>
+
+ <wsdl:binding name="DoubleItInlinePolicyBinding" type="tns:DoubleItPortType">
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:service name="DoubleItService">
+ <wsdl:port name="DoubleItSymmetric128Port" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSymmetric128" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItSymmetric128Port2" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSymmetric128no2" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItSymmetric128Port3" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSymmetric128no3" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItEncryptionOAEPPort" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItEncryptionOAEP" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItEncryptionOAEPPort2" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItEncryptionOAEPno2" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItEncryptionOAEPPort3" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItEncryptionOAEPno3" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItSignaturePort" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSignature" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItSignaturePort2" binding="tns:DoubleItInlinePolicyBinding">
+ <soap:address location="http://localhost:9010/DoubleItSignatureno2" />
+ </wsdl:port>
+ </wsdl:service>
+
+</wsdl:definitions>
Added: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client/client.xml?rev=1412563&view=auto
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client/client.xml (added)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client/client.xml Thu Nov 22 14:43:17 2012
@@ -0,0 +1,339 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://www.w3.org/ns/ws-policy http://www.w3.org/2007/02/ws-policy.xsd"
+>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric128Port"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice" />
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.encryption.username" value="bob" />
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric128Port2"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice" />
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.encryption.username" value="bob" />
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128RsaPolicy" />
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric128Port3"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.username" value="Alice" />
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.encryption.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.encryption.username" value="bob" />
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric256Policy" />
+ </p:policies>
+ </jaxws:features>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptionOAEPPort"
+ createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt"/>
+ <entry key="user" value="Alice" />
+ <entry key="encryptionUser" value="bob" />
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="encryptionPropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="encryptionKeyTransportAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptionOAEPPort2"
+ createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt"/>
+ <entry key="user" value="Alice" />
+ <entry key="encryptionUser" value="bob" />
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="encryptionPropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="encryptionKeyTransportAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptionOAEPPort3"
+ createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt"/>
+ <entry key="user" value="Alice" />
+ <entry key="encryptionUser" value="bob" />
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="encryptionPropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="encryptionKeyTransportAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ <entry key="encryptionSymAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItSignaturePort"
+ createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="user" value="alice" />
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="signaturePropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+ <entry key="signatureAlgorithm"
+ value="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ </jaxws:client>
+
+ <jaxws:client
+ name="{http://www.example.org/contract/DoubleIt}DoubleItSignaturePort2"
+ createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="user" value="alice" />
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="signaturePropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+ <entry key="signatureAlgorithm"
+ value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ </jaxws:client>
+
+ <wsp:Policy wsu:Id="DoubleItSymmetric128Policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireKeyIdentifierReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="DoubleItSymmetric128RsaPolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireKeyIdentifierReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policy wsu:Id="DoubleItSymmetric256Policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireKeyIdentifierReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</beans>
Added: cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/server.xml?rev=1412563&view=auto
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/server.xml (added)
+++ cxf/branches/2.6.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server/server.xml Thu Nov 22 14:43:17 2012
@@ -0,0 +1,291 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:cxf="http://cxf.apache.org/core"
+ xmlns:p="http://cxf.apache.org/policy"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
+ http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+ http://www.w3.org/ns/ws-policy http://www.w3.org/2007/02/ws-policy.xsd
+ ">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:endpoint id="Symmetric128Endpoint"
+ address="http://localhost:${testutil.ports.Server}/DoubleItSymmetric128"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="Symmetric128Endpoint2"
+ address="http://localhost:${testutil.ports.Server}/DoubleItSymmetric128no2"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port2"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="Symmetric128Endpoint3"
+ address="http://localhost:${testutil.ports.Server}/DoubleItSymmetric128no3"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric128Port3"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+ <entry key="ws-security.signature.properties"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+ </jaxws:properties>
+ <jaxws:features>
+ <p:policies>
+ <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ URI="#DoubleItSymmetric128Policy" />
+ </p:policies>
+ </jaxws:features>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="EncryptionOAEPEndpoint"
+ address="http://localhost:${testutil.ports.Server}/DoubleItEncryptionOAEP"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptionOAEPPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt"/>
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="decryptionPropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="encryptionKeyTransportAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ <entry key="encryptionSymAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="EncryptionOAEPEndpoint2"
+ address="http://localhost:${testutil.ports.Server}/DoubleItEncryptionOAEP2"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptionOAEPPort2"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt"/>
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="decryptionPropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="encryptionKeyTransportAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ <entry key="encryptionSymAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="EncryptionOAEPEndpoint3"
+ address="http://localhost:${testutil.ports.Server}/DoubleItEncryptionOAEPno3"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptionOAEPPort3"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Encrypt"/>
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="decryptionPropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+ <entry key="encryptionKeyTransportAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ <entry key="encryptionSymAlgorithm"
+ value="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="SignatureEndpoint"
+ address="http://localhost:${testutil.ports.Server}/DoubleItSignature"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSignaturePort"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="signaturePropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+ <entry key="signatureAlgorithm"
+ value="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint id="SignatureEndpoint2"
+ address="http://localhost:${testutil.ports.Server}/DoubleItSignatureno2"
+ serviceName="s:DoubleItService" endpointName="s:DoubleItSignaturePort2"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/algsuite/DoubleItAlgSuite.wsdl">
+
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="passwordCallbackClass"
+ value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback"/>
+ <entry key="signaturePropFile"
+ value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+ <entry key="signatureAlgorithm"
+ value="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+
+ </jaxws:endpoint>
+
+ <wsp:Policy wsu:Id="DoubleItSymmetric128Policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ <sp:RequireKeyIdentifierReference />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</beans>