You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/03/28 14:38:13 UTC
[1/6] cxf git commit: Removing unused file
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes 3d4462f94 -> 381c4b6b4
Removing unused file
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/657541ea
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/657541ea
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/657541ea
Branch: refs/heads/3.0.x-fixes
Commit: 657541eaed35b7e5ebf69354cc1463eaf4440b5f
Parents: 3d4462f
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 11:55:24 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 14:35:03 2017 +0100
----------------------------------------------------------------------
systests/ws-security/src/test/resources/kerberos.jaas | 8 --------
1 file changed, 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/657541ea/systests/ws-security/src/test/resources/kerberos.jaas
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/kerberos.jaas b/systests/ws-security/src/test/resources/kerberos.jaas
deleted file mode 100644
index b773cf6..0000000
--- a/systests/ws-security/src/test/resources/kerberos.jaas
+++ /dev/null
@@ -1,8 +0,0 @@
-
-alice {
- com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true keyTab="/etc/alice.keytab" principal="alice";
-};
-
-bob {
- com.sun.security.auth.module.Krb5LoginModule required refreshKrb5Config=true useKeyTab=true storeKey=true keyTab="/etc/bob.keytab" principal="bob/service.ws.apache.org";
-};
[3/6] cxf git commit: Adding some negative tests for trust
verification for rs-security
Posted by co...@apache.org.
Adding some negative tests for trust verification for rs-security
# Conflicts:
# rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7cee545a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7cee545a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7cee545a
Branch: refs/heads/3.0.x-fixes
Commit: 7cee545a760b2f0468a791db2c8c07ae9e75b86d
Parents: 8b13c36
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 13:04:16 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 14:35:26 2017 +0100
----------------------------------------------------------------------
.../security/xml/AbstractXmlSecInHandler.java | 6 +-
.../rs/security/xml/XmlSecInInterceptor.java | 6 +-
.../security/saml/KeystorePasswordCallback.java | 4 +
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 90 ++++++++++++++++++++
.../systest/jaxrs/security/bethal.properties | 24 ++++++
.../systest/jaxrs/security/morpit.properties | 21 +++++
.../jaxrs/security/morpittrust.properties | 23 +++++
.../cxf/systest/jaxrs/security/xml/server.xml | 32 +++++++
.../systest/jaxrs/security/xml/stax-server.xml | 34 +++++++-
9 files changed, 235 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
index 035e54b..84c8150 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlSecInHandler.java
@@ -80,7 +80,11 @@ public abstract class AbstractXmlSecInHandler {
}
protected void throwFault(String error, Exception ex) {
- LOG.warning(error);
+ StringBuilder log = new StringBuilder(error);
+ if (ex != null) {
+ log = log.append(" - ").append(ex.getMessage());
+ }
+ LOG.warning(log.toString());
Response response = JAXRSUtils.toResponseBuilder(400).entity(error).build();
throw ExceptionUtils.toBadRequestException(null, response);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
index 07bc910..44da705 100644
--- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
+++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecInInterceptor.java
@@ -308,8 +308,8 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> imple
try {
new TrustValidator().validateTrust(sigCrypto, cert, publicKey, subjectDNPatterns);
} catch (WSSecurityException e) {
- throw new XMLSecurityException("empty", new Object[] {"Error during Signature Trust "
- + "validation: " + e.getMessage()});
+ String error = "Signature validation failed";
+ throw new XMLSecurityException("empty", new Object[] {error});
}
if (persistSignature) {
@@ -400,7 +400,7 @@ public class XmlSecInInterceptor extends AbstractPhaseInterceptor<Message> imple
}
}
-
+
/**
* This interceptor handles parsing the StaX results (events) + checks to see whether the
* required (if any) Actions (signature or encryption) were fulfilled.
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/KeystorePasswordCallback.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/KeystorePasswordCallback.java
index 3103aad..099bc4e 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/KeystorePasswordCallback.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/saml/KeystorePasswordCallback.java
@@ -46,6 +46,10 @@ public class KeystorePasswordCallback implements CallbackHandler {
pc.setPassword("password");
} else if ("bob".equals(pc.getIdentifier())) {
pc.setPassword("password");
+ } else if ("morpit".equals(pc.getIdentifier())) {
+ pc.setPassword("password");
+ } else if ("bethal".equals(pc.getIdentifier())) {
+ pc.setPassword("password");
} else {
pc.setPassword("abcd!1234");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 02b743d..f4218ec 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -276,6 +276,96 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
}
@Test
+ public void testSignatureNegativeServer() throws Exception {
+ String address = "https://localhost:" + test.port + "/xmlsignegativeserver/bookstore/books";
+
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("security.callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put("security.signature.username", "bethal");
+ properties.put("security.signature.properties",
+ "org/apache/cxf/systest/jaxrs/security/bethal.properties");
+ bean.setProperties(properties);
+ if (test.streaming) {
+ XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+ sigOutInterceptor.setSignRequest(true);
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+ sigInInterceptor.setRequireSignature(true);
+ bean.getInInterceptors().add(sigInInterceptor);
+ } else {
+ XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
+ bean.getInInterceptors().add(sigInInterceptor);
+ }
+
+ WebClient wc = bean.createWebClient();
+ WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+ try {
+ wc.post(new Book("CXF", 126L), Book.class);
+ fail("Failure expected on signature trust failure");
+ } catch (WebApplicationException ex) {
+ assertTrue(ex.getMessage().contains("400 Bad Request"));
+ }
+ }
+
+ @Test
+ public void testSignatureNegativeClient() throws Exception {
+ String address = "https://localhost:" + test.port + "/xmlsignegativeclient/bookstore/books";
+
+ JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
+ bean.setAddress(address);
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
+ Bus springBus = bf.createBus(busFile.toString());
+ bean.setBus(springBus);
+
+ Map<String, Object> properties = new HashMap<>();
+ properties.put("security.callback-handler",
+ "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
+ properties.put("security.signature.username", "bethal");
+ properties.put("security.signature.properties",
+ "org/apache/cxf/systest/jaxrs/security/bethal.properties");
+ bean.setProperties(properties);
+ if (test.streaming) {
+ XmlSecOutInterceptor sigOutInterceptor = new XmlSecOutInterceptor();
+ sigOutInterceptor.setSignRequest(true);
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
+ sigInInterceptor.setRequireSignature(true);
+ bean.getInInterceptors().add(sigInInterceptor);
+ } else {
+ XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
+ bean.getOutInterceptors().add(sigOutInterceptor);
+
+ XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
+ bean.getInInterceptors().add(sigInInterceptor);
+ }
+
+ WebClient wc = bean.createWebClient();
+ WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
+ try {
+ wc.post(new Book("CXF", 126L), Book.class);
+ fail("Failure expected on signature trust failure");
+ } catch (ProcessingException ex) {
+ assertTrue(ex.getCause() instanceof BadRequestException);
+ }
+ }
+
+ @Test
public void testPostEncryptedBook() throws Exception {
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bethal.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bethal.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bethal.properties
new file mode 100644
index 0000000..7356fc5
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bethal.properties
@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.type=jks
+org.apache.wss4j.crypto.merlin.keystore.password=password
+org.apache.wss4j.crypto.merlin.keystore.alias=bethal
+org.apache.wss4j.crypto.merlin.keystore.file=keys/Bethal.jks
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpit.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpit.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpit.properties
new file mode 100644
index 0000000..7cf81d6
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpit.properties
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.type=jks
+org.apache.wss4j.crypto.merlin.keystore.password=password
+org.apache.wss4j.crypto.merlin.keystore.alias=morpit
+org.apache.wss4j.crypto.merlin.keystore.file=keys/Morpit.jks
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpittrust.properties
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpittrust.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpittrust.properties
new file mode 100644
index 0000000..0056c7d
--- /dev/null
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/morpittrust.properties
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.type=jks
+org.apache.wss4j.crypto.merlin.keystore.password=password
+org.apache.wss4j.crypto.merlin.keystore.alias=morpit
+org.apache.wss4j.crypto.merlin.keystore.file=keys/Morpit.jks
+org.apache.wss4j.crypto.merlin.truststore.password=password
+org.apache.wss4j.crypto.merlin.truststore.file=keys/Truststore.jks
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
index 48ee949..02c4842 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
@@ -96,6 +96,38 @@ under the License.
</jaxrs:properties>
</jaxrs:server>
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsignegativeserver">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpit.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsignegativeclient">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:providers>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:providers>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpittrust.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
<jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec}/xmlsigconstraints">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/7cee545a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
index 0164e2d..120a329 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
@@ -116,7 +116,39 @@ under the License.
</jaxrs:properties>
</jaxrs:server>
- <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints">
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsignegativeserver">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpit.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsignegativeclient">
+ <jaxrs:serviceBeans>
+ <ref bean="serviceBean"/>
+ </jaxrs:serviceBeans>
+ <jaxrs:inInterceptors>
+ <ref bean="xmlSigInHandler"/>
+ </jaxrs:inInterceptors>
+ <jaxrs:outInterceptors>
+ <ref bean="xmlSigOutHandler"/>
+ </jaxrs:outInterceptors>
+ <jaxrs:properties>
+ <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpittrust.properties"/>
+ </jaxrs:properties>
+ </jaxrs:server>
+
+ <jaxrs:server address="https://localhost:${testutil.ports.jaxrs-xmlsec-stax}/xmlsigconstraints">
<jaxrs:serviceBeans>
<ref bean="serviceBean"/>
</jaxrs:serviceBeans>
[4/6] cxf git commit: Fixing tests
Posted by co...@apache.org.
Fixing tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6386e377
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6386e377
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6386e377
Branch: refs/heads/3.0.x-fixes
Commit: 6386e3772dffdf08d72d0eab204ca38001c72387
Parents: 7cee545
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 13:10:51 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 14:35:32 2017 +0100
----------------------------------------------------------------------
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 26 ++++++++------------
1 file changed, 10 insertions(+), 16 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6386e377/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index f4218ec..1cc5ad2 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -244,7 +244,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
if (!useKeyInfo) {
sigInInterceptor.setSignatureVerificationAlias("alice");
}
- bean.getInInterceptors().add(sigInInterceptor);
+ bean.setProvider(sigInInterceptor);
} else {
XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
if (enveloping) {
@@ -260,19 +260,13 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
WebClient wc = bean.createWebClient();
WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
- try {
- Book book;
- if (!fromResponse) {
- book = wc.post(new Book("CXF", 126L), Book.class);
- } else {
- book = wc.post(new Book("CXF", 126L)).readEntity(Book.class);
- }
- assertEquals(126L, book.getId());
- } catch (WebApplicationException ex) {
- fail(ex.getMessage());
- } catch (ProcessingException ex) {
- assertTrue(ex.getCause() instanceof BadRequestException);
+ Book book;
+ if (!fromResponse) {
+ book = wc.post(new Book("CXF", 126L), Book.class);
+ } else {
+ book = wc.post(new Book("CXF", 126L)).readEntity(Book.class);
}
+ assertEquals(126L, book.getId());
}
@Test
@@ -301,7 +295,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
sigInInterceptor.setRequireSignature(true);
- bean.getInInterceptors().add(sigInInterceptor);
+ bean.setProvider(sigInInterceptor);
} else {
XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
bean.getOutInterceptors().add(sigOutInterceptor);
@@ -346,7 +340,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
sigInInterceptor.setRequireSignature(true);
- bean.getInInterceptors().add(sigInInterceptor);
+ bean.setProvider(sigInInterceptor);
} else {
XmlSigOutInterceptor sigOutInterceptor = new XmlSigOutInterceptor();
bean.getOutInterceptors().add(sigOutInterceptor);
@@ -542,7 +536,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
XmlSecInInterceptor encInInterceptor = new XmlSecInInterceptor();
encInInterceptor.setRequireEncryption(true);
- bean.getInInterceptors().add(encInInterceptor);
+ bean.setProvider(encInInterceptor);
} else {
if (sign) {
bean.getOutInterceptors().add(new XmlSigOutInterceptor());
[6/6] cxf git commit: Fixing tests
Posted by co...@apache.org.
Fixing tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/381c4b6b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/381c4b6b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/381c4b6b
Branch: refs/heads/3.0.x-fixes
Commit: 381c4b6b4d26048d0ff0fa3deed7d7f29c965cfc
Parents: 53416a5
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 15:38:06 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 15:38:06 2017 +0100
----------------------------------------------------------------------
.../jaxrs/security/xml/JAXRSXmlSecTest.java | 230 +++++++++----------
.../src/test/resources/keys/Bethal.jks | Bin 0 -> 2202 bytes
.../src/test/resources/keys/Morpit.jks | Bin 0 -> 2221 bytes
.../src/test/resources/keys/Truststore.jks | Bin 0 -> 4447 bytes
.../cxf/systest/jaxrs/security/xml/server.xml | 8 +-
.../systest/jaxrs/security/xml/stax-server.xml | 8 +-
6 files changed, 123 insertions(+), 123 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/381c4b6b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
index 1cc5ad2..747d12f 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java
@@ -55,43 +55,43 @@ import org.junit.runners.Parameterized.Parameters;
public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
public static final String PORT = BookServerXmlSec.PORT;
public static final String STAX_PORT = StaxBookServerXmlSec.PORT;
-
+
final TestParam test;
-
+
public JAXRSXmlSecTest(TestParam type) {
this.test = type;
}
@BeforeClass
public static void startServers() throws Exception {
- assertTrue("server did not launch correctly",
+ assertTrue("server did not launch correctly",
launchServer(BookServerXmlSec.class, true));
- assertTrue("server did not launch correctly",
+ assertTrue("server did not launch correctly",
launchServer(StaxBookServerXmlSec.class, true));
}
-
+
@Parameters(name = "{0}")
public static Collection<TestParam[]> data() {
-
+
return Arrays.asList(new TestParam[][] {{new TestParam(PORT, false)},
{new TestParam(STAX_PORT, false)},
{new TestParam(PORT, true)},
{new TestParam(STAX_PORT, true)},
});
}
-
+
@Test
public void testPostBookWithEnvelopedSigAndProxy() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsig";
doTestSignatureProxy(address, false, null, test.streaming);
}
-
+
@Test
public void testPostBookWithEnvelopedSigAndProxy2() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsig";
doTestSignatureProxy(address, false, "", test.streaming);
}
-
+
@Test
public void testPostBookEnvelopingSigAndProxy() throws Exception {
if (test.streaming || STAX_PORT.equals(test.port)) {
@@ -101,24 +101,24 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
String address = "https://localhost:" + test.port + "/xmlsig";
doTestSignatureProxy(address, true, "file:", test.streaming);
}
-
+
@Test
public void testCertConstraints() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsigconstraints";
-
+
// Successful test with "bob"
Map<String, Object> newProperties = new HashMap<String, Object>();
- newProperties.put("ws-security.callback-handler",
+ newProperties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
newProperties.put("ws-security.signature.username", "bob");
String cryptoUrl = "org/apache/cxf/systest/jaxrs/security/bob.properties";
newProperties.put("ws-security.signature.properties", cryptoUrl);
doTestSignatureProxy(address, false, null, test.streaming, newProperties);
-
+
// Constraint validation fails with "alice"
newProperties.clear();
- newProperties.put("ws-security.callback-handler",
+ newProperties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
newProperties.put("ws-security.signature.username", "alice");
@@ -131,19 +131,19 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
// expected
}
}
-
+
private void doTestSignatureProxy(String address, boolean enveloping,
String cryptoUrlPrefix, boolean streaming) throws Exception {
- doTestSignatureProxy(address, enveloping, cryptoUrlPrefix,
+ doTestSignatureProxy(address, enveloping, cryptoUrlPrefix,
streaming, new HashMap<String, Object>());
}
-
+
private void doTestSignatureProxy(String address, boolean enveloping,
String cryptoUrlPrefix, boolean streaming,
Map<String, Object> properties) throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
-
+
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
@@ -151,10 +151,10 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
Map<String, Object> newProperties = new HashMap<String, Object>(properties);
if (newProperties.isEmpty()) {
- newProperties.put("ws-security.callback-handler",
+ newProperties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
newProperties.put("ws-security.signature.username", "alice");
-
+
String cryptoUrl = "org/apache/cxf/systest/jaxrs/security/alice.properties";
if (cryptoUrlPrefix != null) {
cryptoUrl = cryptoUrlPrefix + this.getClass().getResource("/" + cryptoUrl).toURI().getPath();
@@ -162,7 +162,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
newProperties.put("ws-security.signature.properties", cryptoUrl);
}
bean.setProperties(newProperties);
-
+
if (streaming) {
XmlSecOutInterceptor sigInterceptor = new XmlSecOutInterceptor();
sigInterceptor.setSignRequest(true);
@@ -175,24 +175,24 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
bean.getOutInterceptors().add(sigInterceptor);
}
bean.setServiceClass(BookStore.class);
-
+
BookStore store = bean.create(BookStore.class);
Book book = store.addBook(new Book("CXF", 126L));
assertEquals(126L, book.getId());
}
-
+
@Test
public void testPostBookWithEnvelopedSig() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsig/bookstore/books";
doTestSignature(address, false, false, true, test.streaming);
}
-
+
@Test
public void testPostBookWithEnvelopedSigNoKeyInfo() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsignokeyinfo/bookstore/books";
doTestSignature(address, false, false, false, test.streaming);
}
-
+
@Test
public void testPostBookWithEnvelopingSig() throws Exception {
if (test.streaming || STAX_PORT.equals(test.port)) {
@@ -202,7 +202,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
String address = "https://localhost:" + test.port + "/xmlsig/bookstore/books";
doTestSignature(address, true, false, true, test.streaming);
}
-
+
@Test
public void testPostBookWithEnvelopingSigFromResponse() throws Exception {
if (STAX_PORT.equals(test.port)) {
@@ -212,25 +212,25 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
String address = "https://localhost:" + test.port + "/xmlsig/bookstore/books";
doTestSignature(address, true, true, true, test.streaming);
}
-
- private void doTestSignature(String address,
- boolean enveloping,
+
+ private void doTestSignature(String address,
+ boolean enveloping,
boolean fromResponse,
boolean useKeyInfo,
boolean streaming) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
-
+
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.signature.username", "alice");
- properties.put("ws-security.signature.properties",
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
if (streaming) {
@@ -238,7 +238,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
sigOutInterceptor.setSignRequest(true);
sigOutInterceptor.setKeyInfoMustBeAvailable(useKeyInfo);
bean.getOutInterceptors().add(sigOutInterceptor);
-
+
XmlSecInInterceptor sigInInterceptor = new XmlSecInInterceptor();
sigInInterceptor.setRequireSignature(true);
if (!useKeyInfo) {
@@ -252,12 +252,12 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
}
sigOutInterceptor.setKeyInfoMustBeAvailable(useKeyInfo);
bean.getOutInterceptors().add(sigOutInterceptor);
-
+
XmlSigInInterceptor sigInInterceptor = new XmlSigInInterceptor();
sigInInterceptor.setKeyInfoMustBeAvailable(useKeyInfo);
bean.getInInterceptors().add(sigInInterceptor);
}
-
+
WebClient wc = bean.createWebClient();
WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
Book book;
@@ -268,7 +268,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
}
assertEquals(126L, book.getId());
}
-
+
@Test
public void testSignatureNegativeServer() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsignegativeserver/bookstore/books";
@@ -281,11 +281,11 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
- Map<String, Object> properties = new HashMap<>();
- properties.put("security.callback-handler",
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
- properties.put("security.signature.username", "bethal");
- properties.put("security.signature.properties",
+ properties.put("ws-security.signature.username", "bethal");
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/bethal.properties");
bean.setProperties(properties);
if (test.streaming) {
@@ -326,11 +326,11 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
- Map<String, Object> properties = new HashMap<>();
- properties.put("security.callback-handler",
+ Map<String, Object> properties = new HashMap<String, Object>();
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
- properties.put("security.signature.username", "bethal");
- properties.put("security.signature.properties",
+ properties.put("ws-security.signature.username", "bethal");
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/bethal.properties");
bean.setProperties(properties);
if (test.streaming) {
@@ -363,20 +363,20 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
public void testPostEncryptedBook() throws Exception {
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
doTestPostEncryptedBook(address, false, properties, test.streaming);
}
-
+
@Test
public void testPostEncryptedBookGCM() throws Exception {
//
// This test fails with the IBM JDK 7
// IBM JDK 7 appears to require a GCMParameter class to be used, which
- // only exists in JDK 7. The Sun JDK appears to be more lenient and
+ // only exists in JDK 7. The Sun JDK appears to be more lenient and
// allows us to use the existing IVParameterSpec class.
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))
@@ -384,121 +384,121 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
&& System.getProperty("java.version").startsWith("1.7")) {
return;
}
-
+
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
-
+
EncryptionProperties encryptionProperties = new EncryptionProperties();
String aes128GCM = "http://www.w3.org/2009/xmlenc11#aes128-gcm";
encryptionProperties.setEncryptionSymmetricKeyAlgo(aes128GCM);
encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
-
+
doTestPostEncryptedBook(address, false, properties, encryptionProperties, false, test.streaming);
}
-
+
@Test
public void testPostEncryptedBookSHA256() throws Exception {
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
-
+
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128);
encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
encryptionProperties.setEncryptionDigestAlgo(XMLCipher.SHA256);
-
+
doTestPostEncryptedBook(
address, false, properties, encryptionProperties, false, test.streaming
);
}
-
+
@Test
public void testPostEncryptedBookIssuerSerial() throws Exception {
String address = "https://localhost:" + test.port + "/xmlenc/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
-
+
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128);
encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_ISSUER_SERIAL);
-
+
doTestPostEncryptedBook(
address, false, properties, encryptionProperties, false, test.streaming
);
}
-
+
@Test
public void testPostEncryptedSignedBook() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsec-validate/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
properties.put("ws-security.signature.username", "alice");
- properties.put("ws-security.signature.properties",
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
doTestPostEncryptedBook(address, true, properties, test.streaming);
-
+
}
-
+
@Test
public void testPostEncryptedSignedBookInvalid() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsec-validate/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
properties.put("ws-security.signature.username", "alice");
- properties.put("ws-security.signature.properties",
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
-
+
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(
"http://www.w3.org/2009/xmlenc11#aes128-gcm");
encryptionProperties.setEncryptionKeyIdType(SecurityUtils.X509_CERT);
-
+
try {
doTestPostEncryptedBook(address, true, properties, encryptionProperties, true, test.streaming);
} catch (BadRequestException ex) {
assertEquals(400, ex.getResponse().getStatus());
}
-
+
}
-
+
@Test
public void testPostEncryptedSignedBookUseReqSigCert() throws Exception {
String address = "https://localhost:" + test.port + "/xmlsec-useReqSigCert/bookstore/books";
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
properties.put("ws-security.signature.username", "alice");
- properties.put("ws-security.signature.properties",
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
doTestPostEncryptedBook(address, true, properties, test.streaming);
}
-
+
public void doTestPostEncryptedBook(String address, boolean sign, Map<String, Object> properties,
- boolean streaming)
+ boolean streaming)
throws Exception {
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128);
@@ -507,7 +507,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
address, sign, properties, encryptionProperties, false, test.streaming
);
}
-
+
public void doTestPostEncryptedBook(
String address, boolean sign, Map<String, Object> properties,
EncryptionProperties encryptionProperties,
@@ -516,7 +516,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
) throws Exception {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
-
+
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
@@ -533,7 +533,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
encInterceptor.setSignRequest(true);
}
bean.getOutInterceptors().add(encInterceptor);
-
+
XmlSecInInterceptor encInInterceptor = new XmlSecInInterceptor();
encInInterceptor.setRequireEncryption(true);
bean.setProvider(encInInterceptor);
@@ -546,13 +546,13 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
encInterceptor.setSymmetricEncAlgorithm(encryptionProperties.getEncryptionSymmetricKeyAlgo());
encInterceptor.setDigestAlgorithm(encryptionProperties.getEncryptionDigestAlgo());
bean.getOutInterceptors().add(encInterceptor);
-
+
bean.getInInterceptors().add(new XmlEncInInterceptor());
if (sign) {
bean.getInInterceptors().add(new XmlSigInInterceptor());
}
}
-
+
WebClient wc = bean.createWebClient();
WebClient.getConfig(wc).getHttpConduit().getClient().setReceiveTimeout(10000000L);
try {
@@ -567,10 +567,10 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
} catch (ProcessingException ex) {
assertTrue(ex.getCause() instanceof BadRequestException);
}
-
+
}
-
-
+
+
@Test
public void testPostBookWithNoSig() throws Exception {
if (test.streaming) {
@@ -578,17 +578,17 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
return;
}
String address = "https://localhost:" + test.port + "/xmlsig";
-
+
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
-
+
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
bean.setServiceClass(BookStore.class);
-
+
BookStore store = bean.create(BookStore.class);
try {
store.addBook(new Book("CXF", 126L));
@@ -597,7 +597,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
// expected
}
}
-
+
@Test
public void testEncryptionNoSignature() throws Exception {
if (test.streaming) {
@@ -605,25 +605,25 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
return;
}
String address = "https://localhost:" + test.port + "/xmlsec-validate";
-
+
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
-
+
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
-
+
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
- properties.put("ws-security.signature.properties",
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
-
+
XmlEncOutInterceptor encInterceptor = new XmlEncOutInterceptor();
encInterceptor.setKeyIdentifierType(SecurityUtils.X509_CERT);
encInterceptor.setSymmetricEncAlgorithm(XMLCipher.AES_128);
@@ -632,7 +632,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
bean.getInInterceptors().add(new XmlSigInInterceptor());
bean.setServiceClass(BookStore.class);
-
+
BookStore store = bean.create(BookStore.class);
try {
store.addBook(new Book("CXF", 126L));
@@ -641,7 +641,7 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
// expected
}
}
-
+
@Test
public void testSignatureNoEncryption() throws Exception {
if (test.streaming) {
@@ -649,32 +649,32 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
return;
}
String address = "https://localhost:" + test.port + "/xmlsec-validate";
-
+
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
-
+
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSXmlSecTest.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
-
+
Map<String, Object> properties = new HashMap<String, Object>();
- properties.put("ws-security.callback-handler",
+ properties.put("ws-security.callback-handler",
"org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
properties.put("ws-security.encryption.username", "bob");
- properties.put("ws-security.encryption.properties",
+ properties.put("ws-security.encryption.properties",
"org/apache/cxf/systest/jaxrs/security/bob.properties");
- properties.put("ws-security.signature.properties",
+ properties.put("ws-security.signature.properties",
"org/apache/cxf/systest/jaxrs/security/alice.properties");
bean.setProperties(properties);
-
+
XmlSigOutInterceptor sigInterceptor = new XmlSigOutInterceptor();
bean.getOutInterceptors().add(sigInterceptor);
bean.getInInterceptors().add(new XmlEncInInterceptor());
bean.getInInterceptors().add(new XmlSigInInterceptor());
bean.setServiceClass(BookStore.class);
-
+
BookStore store = bean.create(BookStore.class);
try {
store.addBook(new Book("CXF", 126L));
@@ -683,20 +683,20 @@ public class JAXRSXmlSecTest extends AbstractBusClientServerTestBase {
// expected
}
}
-
+
private static final class TestParam {
final String port;
final boolean streaming;
-
+
public TestParam(String p, boolean b) {
port = p;
streaming = b;
}
-
+
public String toString() {
return port + ":" + (streaming ? "streaming" : "dom");
}
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/381c4b6b/systests/rs-security/src/test/resources/keys/Bethal.jks
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/keys/Bethal.jks b/systests/rs-security/src/test/resources/keys/Bethal.jks
new file mode 100644
index 0000000..8da2ad0
Binary files /dev/null and b/systests/rs-security/src/test/resources/keys/Bethal.jks differ
http://git-wip-us.apache.org/repos/asf/cxf/blob/381c4b6b/systests/rs-security/src/test/resources/keys/Morpit.jks
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/keys/Morpit.jks b/systests/rs-security/src/test/resources/keys/Morpit.jks
new file mode 100644
index 0000000..b179baf
Binary files /dev/null and b/systests/rs-security/src/test/resources/keys/Morpit.jks differ
http://git-wip-us.apache.org/repos/asf/cxf/blob/381c4b6b/systests/rs-security/src/test/resources/keys/Truststore.jks
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/keys/Truststore.jks b/systests/rs-security/src/test/resources/keys/Truststore.jks
new file mode 100644
index 0000000..0abd848
Binary files /dev/null and b/systests/rs-security/src/test/resources/keys/Truststore.jks differ
http://git-wip-us.apache.org/repos/asf/cxf/blob/381c4b6b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
index 02c4842..0a7a60f 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server.xml
@@ -107,8 +107,8 @@ under the License.
<ref bean="xmlSigOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
- <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpit.properties"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpit.properties"/>
</jaxrs:properties>
</jaxrs:server>
@@ -123,8 +123,8 @@ under the License.
<ref bean="xmlSigOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
- <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpittrust.properties"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpittrust.properties"/>
</jaxrs:properties>
</jaxrs:server>
http://git-wip-us.apache.org/repos/asf/cxf/blob/381c4b6b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
index 120a329..b6fc638 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server.xml
@@ -127,8 +127,8 @@ under the License.
<ref bean="xmlSigOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
- <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpit.properties"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpit.properties"/>
</jaxrs:properties>
</jaxrs:server>
@@ -143,8 +143,8 @@ under the License.
<ref bean="xmlSigOutHandler"/>
</jaxrs:outInterceptors>
<jaxrs:properties>
- <entry key="security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
- <entry key="security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpittrust.properties"/>
+ <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="org/apache/cxf/systest/jaxrs/security/morpittrust.properties"/>
</jaxrs:properties>
</jaxrs:server>
[5/6] cxf git commit: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
Recording .gitmergeinfo Changes
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/53416a58
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/53416a58
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/53416a58
Branch: refs/heads/3.0.x-fixes
Commit: 53416a586f1aff111dbdfc361e858b1ec1c28b6b
Parents: 6386e37
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 14:35:32 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 14:35:32 2017 +0100
----------------------------------------------------------------------
.gitmergeinfo | 2 ++
1 file changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/53416a58/.gitmergeinfo
----------------------------------------------------------------------
diff --git a/.gitmergeinfo b/.gitmergeinfo
index 6580322..7d99e41 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -59,6 +59,7 @@ B 0aaa2b5742a53bf31704939e4bc21906100bbc54
B 0ab9416fda31298e485f2a6864c263447e4b32de
B 0ac5dde071c9c2731fca757a2108f5dd698f8af5
B 0afa064ee3b92a6b3e5fd8c5205a287d7884353b
+B 0b094e88f775dc10caea0b85a52dcc21ef45300c
B 0b40c84e1440601a9b8779b93812b1c41cddd138
B 0b7e0e914328aa7a78a2eab00bb1040c703e9b63
B 0b9097fbd1cddbb4a183e9448576bde2a6eb2589
@@ -1899,6 +1900,7 @@ M aca58c80bbe184c1730d21e9752ef7825a006bc0
M ad75192db72294e6d117e020aea890a50c166f79
M aeff8782d28ec57e5aaab9c7b709d89e1d2a7c15
M af2f7d3a52076f60d0f98a2635e2adef256a9efe
+M af69b53d8460c7c80546afb8ae56dd086a807a6f
M af7de1d82d77e3653b72ee83b4aa3f91e1a1d039
M afaf1debd104b7d9850713b866b9f4d58e8dd8d5
M b0035ade0042160b77b4848939f58efe9a77d6c7
[2/6] cxf git commit: Adding signature negative tests for WS-Security,
client + server side
Posted by co...@apache.org.
Adding signature negative tests for WS-Security, client + server side
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8b13c36c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8b13c36c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8b13c36c
Branch: refs/heads/3.0.x-fixes
Commit: 8b13c36c0978164dc24c80cd7c2f046cba2ea4a2
Parents: 657541e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Mar 28 12:18:54 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Mar 28 14:35:05 2017 +0100
----------------------------------------------------------------------
.../cxf/systest/ws/action/ActionTest.java | 112 +++++++++++++++++++
.../ws/common/KeystorePasswordCallback.java | 2 +
.../src/test/resources/bethal.properties | 24 ++++
.../cxf/systest/ws/action/DoubleItAction.wsdl | 12 ++
.../org/apache/cxf/systest/ws/action/client.xml | 104 +++++++++++++++++
.../org/apache/cxf/systest/ws/action/server.xml | 104 +++++++++++++++++
.../src/test/resources/truststore.properties | 23 ++++
7 files changed, 381 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
index 2a67c22..9d86f62 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java
@@ -291,4 +291,116 @@ public class ActionTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)port).close();
bus.shutdown(true);
}
+
+ @org.junit.Test
+ public void testSignatureNegativeClient() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ActionTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ActionTest.class.getResource("DoubleItAction.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignatureNegativeClientPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ try {
+ port.doubleIt(25);
+ fail("Failure expected as the client doesn't trust the cert of the service");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSignatureNegativeClientStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ActionTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ActionTest.class.getResource("DoubleItAction.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignatureNegativeClientPort2");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ try {
+ port.doubleIt(25);
+ fail("Failure expected as the client doesn't trust the cert of the service");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSignatureNegativeServer() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ActionTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ActionTest.class.getResource("DoubleItAction.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignatureNegativeServerPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ try {
+ port.doubleIt(25);
+ fail("Failure expected as the service doesn't trust the client cert");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSignatureNegativeServerStreaming() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ActionTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ActionTest.class.getResource("DoubleItAction.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSignatureNegativeServerPort2");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ try {
+ port.doubleIt(25);
+ fail("Failure expected as the service doesn't trust the client cert");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
index 511155a..e680dce 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
@@ -46,6 +46,8 @@ public class KeystorePasswordCallback implements CallbackHandler {
passwords.put("6e0e88f36ebb8744d470f62f604d03ea4ebe5094", "password");
passwords.put("wss40rev", "security");
passwords.put("morpit", "password");
+ passwords.put("myclientkey", "ckpass");
+ passwords.put("myservicekey", "skpass");
}
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/resources/bethal.properties
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/bethal.properties b/systests/ws-security/src/test/resources/bethal.properties
new file mode 100644
index 0000000..7356fc5
--- /dev/null
+++ b/systests/ws-security/src/test/resources/bethal.properties
@@ -0,0 +1,24 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.type=jks
+org.apache.wss4j.crypto.merlin.keystore.password=password
+org.apache.wss4j.crypto.merlin.keystore.alias=bethal
+org.apache.wss4j.crypto.merlin.keystore.file=keys/Bethal.jks
+
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
index dcb40d4..eca0182 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItAction.wsdl
@@ -66,6 +66,18 @@
<wsdl:port name="DoubleItEncryptionPort" binding="tns:DoubleItNoSecurityBinding">
<soap:address location="http://localhost:9001/DoubleItEncryption"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSignatureNegativeClientPort" binding="tns:DoubleItNoSecurityBinding">
+ <soap:address location="http://localhost:9001/DoubleItSignatureNegativeClient"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItSignatureNegativeClientPort2" binding="tns:DoubleItNoSecurityBinding">
+ <soap:address location="http://localhost:9001/DoubleItSignatureNegativeClient2"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItSignatureNegativeServerPort" binding="tns:DoubleItNoSecurityBinding">
+ <soap:address location="http://localhost:9001/DoubleItSignatureNegativeServer"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItSignatureNegativeServerPort2" binding="tns:DoubleItNoSecurityBinding">
+ <soap:address location="http://localhost:9001/DoubleItSignatureNegativeServer2"/>
+ </wsdl:port>
</wsdl:service>
</wsdl:definitions>
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
index 298048e..0cb52c1 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client.xml
@@ -229,4 +229,108 @@
</jaxws:inInterceptors>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignatureNegativeClientPort" createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="bethal"/>
+ <entry key="signaturePropFile" value="bethal.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="bethal.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:client>
+
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignatureNegativeClientPort2" createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="bethal"/>
+ <entry key="signaturePropFile" value="bethal.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="bethal.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:client>
+
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignatureNegativeServerPort" createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="bethal"/>
+ <entry key="signaturePropFile" value="bethal.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="truststore.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:client>
+
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignatureNegativeServerPort2" createdFromAPI="true">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="bethal"/>
+ <entry key="signaturePropFile" value="bethal.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="truststore.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:client>
+
</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
index 1d45840..cb11d47 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server.xml
@@ -169,4 +169,108 @@
</jaxws:inInterceptors>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignatureNegativeClient" address="http://localhost:${testutil.ports.action.Server}/DoubleItSignatureNegativeClient" serviceName="s:DoubleItService" endpointName="s:DoubleItSignatureNegativeClientPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/action/DoubleItAction.wsdl">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="morpit"/>
+ <entry key="signaturePropFile" value="morpit.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="truststore.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignatureNegativeClient2" address="http://localhost:${testutil.ports.action.Server}/DoubleItSignatureNegativeClient2" serviceName="s:DoubleItService" endpointName="s:DoubleItSignatureNegativeClientPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/action/DoubleItAction.wsdl">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="morpit"/>
+ <entry key="signaturePropFile" value="morpit.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="truststore.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignatureNegativeServer" address="http://localhost:${testutil.ports.action.Server}/DoubleItSignatureNegativeServer" serviceName="s:DoubleItService" endpointName="s:DoubleItSignatureNegativeServerPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/action/DoubleItAction.wsdl">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="morpit"/>
+ <entry key="signaturePropFile" value="morpit.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="morpit.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:endpoint>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="SignatureNegativeServer2" address="http://localhost:${testutil.ports.action.Server}/DoubleItSignatureNegativeServer2" serviceName="s:DoubleItService" endpointName="s:DoubleItSignatureNegativeServerPort2" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/action/DoubleItAction.wsdl">
+ <jaxws:outInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureUser" value="morpit"/>
+ <entry key="signaturePropFile" value="morpit.properties"/>
+ <entry key="signatureKeyIdentifier" value="DirectReference"/>
+ <entry key="passwordCallbackClass" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:outInterceptors>
+ <jaxws:inInterceptors>
+ <bean class="org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor">
+ <constructor-arg>
+ <map>
+ <entry key="action" value="Signature"/>
+ <entry key="signatureVerificationPropFile" value="morpit.properties"/>
+ </map>
+ </constructor-arg>
+ </bean>
+ </jaxws:inInterceptors>
+ </jaxws:endpoint>
+
</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/8b13c36c/systests/ws-security/src/test/resources/truststore.properties
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/truststore.properties b/systests/ws-security/src/test/resources/truststore.properties
new file mode 100644
index 0000000..170389a
--- /dev/null
+++ b/systests/ws-security/src/test/resources/truststore.properties
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin
+org.apache.wss4j.crypto.merlin.keystore.type=jks
+org.apache.wss4j.crypto.merlin.keystore.password=password
+org.apache.wss4j.crypto.merlin.keystore.file=keys/Truststore.jks
+