You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2013/08/14 15:32:06 UTC
svn commit: r1513875 - in /cxf/trunk:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
systests/ws-secu...
Author: coheigea
Date: Wed Aug 14 13:32:06 2013
New Revision: 1513875
URL: http://svn.apache.org/r1513875
Log:
[CXF-5200] - Support newer signature algorithms in WS-SecurityPolicy (such as RSA-SHA256)
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Wed Aug 14 13:32:06 2013
@@ -304,6 +304,14 @@ public final class SecurityConstants {
*/
public static final String SUBJECT_ROLE_CLASSIFIER_TYPE = "ws-security.role.classifier.type";
+ /**
+ * This configuration tag allows the user to override the default Asymmetric Signature
+ * algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification
+ * does not allow the use of other algorithms at present.
+ */
+ public static final String ASYMMETRIC_SIGNATURE_ALGORITHM =
+ "ws-security.asymmetric.signature.algorithm";
+
//
// Validator implementations for validating received security tokens
//
@@ -486,7 +494,8 @@ public final class SecurityConstants {
STS_TOKEN_DO_CANCEL, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, STS_TOKEN_CRYPTO,
STS_TOKEN_PROPERTIES, STS_TOKEN_USERNAME, STS_TOKEN_ACT_AS, STS_TOKEN_ON_BEHALF_OF,
- TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND
+ TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
+ ASYMMETRIC_SIGNATURE_ALGORITHM
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Aug 14 13:32:06 2013
@@ -43,7 +43,6 @@ import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
@@ -94,6 +93,7 @@ import org.apache.wss4j.policy.SP11Const
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SP13Constants;
import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.RequiredElements;
import org.apache.wss4j.policy.model.RequiredParts;
@@ -541,6 +541,14 @@ public class PolicyBasedWSS4JInIntercept
protected void setAlgorithmSuites(SoapMessage message, RequestData data) throws WSSecurityException {
AlgorithmSuiteTranslater translater = new AlgorithmSuiteTranslater();
translater.translateAlgorithmSuites(message.get(AssertionInfoMap.class), data);
+
+ // Allow for setting non-standard asymmetric signature algorithms
+ String asymSignatureAlgorithm =
+ (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null && data.getAlgorithmSuite() != null) {
+ data.getAlgorithmSuite().getSignatureMethods().clear();
+ data.getAlgorithmSuite().getSignatureMethods().add(asymSignatureAlgorithm);
+ }
}
protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException {
@@ -558,6 +566,21 @@ public class PolicyBasedWSS4JInIntercept
if ("".equals(action) || (ais != null && !ais.isEmpty())) {
action = checkDefaultBinding(aim, action, message);
}
+
+ // Allow for setting non-standard asymmetric signature algorithms
+ String asymSignatureAlgorithm =
+ (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null) {
+ Collection<AssertionInfo> algorithmSuites =
+ aim.get(SP12Constants.ALGORITHM_SUITE);
+ if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
+ for (AssertionInfo algorithmSuite : algorithmSuites) {
+ AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
+ algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+ }
+ }
+
checkUsernameToken(aim, message);
// stuff we can default to asserted and un-assert if a condition isn't met
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Wed Aug 14 13:32:06 2013
@@ -167,6 +167,12 @@ public class PolicyBasedWSS4JOutIntercep
config = WSSConfig.getNewInstance();
}
translateProperties(message);
+
+ String asymSignatureAlgorithm =
+ (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null && transport.getAlgorithmSuite() != null) {
+ transport.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ }
if (transport instanceof TransportBinding) {
new TransportBindingHandler(config, (TransportBinding)transport, saaj,
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java Wed Aug 14 13:32:06 2013
@@ -62,6 +62,7 @@ import org.apache.wss4j.policy.SP11Const
import org.apache.wss4j.policy.SP12Constants;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.WSSPolicyException;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.stax.OperationPolicy;
import org.apache.wss4j.policy.stax.PolicyEnforcer;
import org.apache.wss4j.policy.stax.PolicyInputProcessor;
@@ -384,6 +385,20 @@ public class PolicyBasedWSS4JStaxInInter
checkSymmetricBinding(aim, msg);
checkTransportBinding(aim, msg);
+ // Allow for setting non-standard asymmetric signature algorithms
+ String asymSignatureAlgorithm =
+ (String)msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null) {
+ Collection<AssertionInfo> algorithmSuites =
+ aim.get(SP12Constants.ALGORITHM_SUITE);
+ if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
+ for (AssertionInfo algorithmSuite : algorithmSuites) {
+ AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
+ algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+ }
+ }
+
super.configureProperties(msg);
}
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Wed Aug 14 13:32:06 2013
@@ -73,6 +73,12 @@ public class StaxAsymmetricBindingHandle
configureTimestamp(aim);
abinding = (AsymmetricBinding)getBinding(aim);
+ String asymSignatureAlgorithm =
+ (String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) {
+ abinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+
if (abinding.getProtectionOrder()
== AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
doEncryptBeforeSign();
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Wed Aug 14 13:32:06 2013
@@ -114,6 +114,12 @@ public class StaxSymmetricBindingHandler
configureTimestamp(aim);
sbinding = (SymmetricBinding)getBinding(aim);
+ String asymSignatureAlgorithm =
+ (String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) {
+ sbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+
// Set up CallbackHandler which wraps the configured Handler
Map<String, Object> config = getProperties();
TokenStoreCallbackHandler callbackHandler =
Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Wed Aug 14 13:32:06 2013
@@ -31,6 +31,7 @@ import org.apache.cxf.common.logging.Log
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.policy.SPConstants;
@@ -76,6 +77,12 @@ public class StaxTransportBindingHandler
if (this.isRequestor()) {
tbinding = (TransportBinding)getBinding(aim);
if (tbinding != null) {
+ String asymSignatureAlgorithm =
+ (String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) {
+ tbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+
TransportToken token = tbinding.getTransportToken();
if (token.getToken() instanceof IssuedToken) {
SecurityToken secToken = getSecurityToken();
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java Wed Aug 14 13:32:06 2013
@@ -301,6 +301,34 @@ public class StaxX509TokenTest extends A
}
@org.junit.Test
+ public void testAsymmetricSHA256() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSHA256Port");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, PORT);
+
+ // DOM
+ x509Port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
+
+ ((java.io.Closeable)x509Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testAsymmetricThumbprint() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Wed Aug 14 13:32:06 2013
@@ -356,6 +356,34 @@ public class X509TokenTest extends Abstr
}
@org.junit.Test
+ public void testAsymmetricSHA256() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSHA256Port");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, PORT);
+
+ // DOM
+ x509Port.doubleIt(25);
+
+ // Streaming
+ SecurityTestUtil.enableStreaming(x509Port);
+ x509Port.doubleIt(25);
+
+ ((java.io.Closeable)x509Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testAsymmetricThumbprint() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Wed Aug 14 13:32:06 2013
@@ -182,6 +182,25 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItAsymmetricSHA256Binding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItAsymmetricSHA256Policy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItAsymmetricThumbprintBinding" type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItAsymmetricThumbprintPolicy" />
<soap:binding style="document"
@@ -491,6 +510,10 @@
binding="tns:DoubleItAsymmetricIssuerSerialBinding">
<soap:address location="http://localhost:9001/DoubleItX509Asymmetric" />
</wsdl:port>
+ <wsdl:port name="DoubleItAsymmetricSHA256Port"
+ binding="tns:DoubleItAsymmetricSHA256Binding">
+ <soap:address location="http://localhost:9001/DoubleItX509AsymmetricSHA256" />
+ </wsdl:port>
<wsdl:port name="DoubleItAsymmetricThumbprintPort"
binding="tns:DoubleItAsymmetricThumbprintBinding">
<soap:address location="http://localhost:9001/DoubleItX509AsymmetricThumbprint" />
@@ -828,6 +851,50 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItAsymmetricSHA256Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Sha256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
<wsp:Policy wsu:Id="DoubleItAsymmetricThumbprintPolicy">
<wsp:ExactlyOne>
<wsp:All>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml Wed Aug 14 13:32:06 2013
@@ -115,6 +115,20 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSHA256Port"
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties" value="alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.asymmetric.signature.algorithm"
+ value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ </jaxws:properties>
+ </jaxws:client>
+
<jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricThumbprintPort"
createdFromAPI="true">
<jaxws:properties>
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml Wed Aug 14 13:32:06 2013
@@ -232,6 +232,27 @@
</jaxws:endpoint>
<jaxws:endpoint
+ id="AsymmetricSHA256"
+ address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricSHA256"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItAsymmetricSHA256Port"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.properties" value="alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.asymmetric.signature.algorithm"
+ value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
id="AsymmetricThumbprint"
address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricThumbprint"
serviceName="s:DoubleItService"
Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml Wed Aug 14 13:32:06 2013
@@ -241,6 +241,27 @@
</jaxws:endpoint>
<jaxws:endpoint
+ id="AsymmetricSHA256"
+ address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricSHA256"
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItAsymmetricSHA256Port"
+ xmlns:s="http://www.example.org/contract/DoubleIt"
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
+ value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.encryption.properties" value="alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ <entry key="ws-security.asymmetric.signature.algorithm"
+ value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
+ <jaxws:endpoint
id="AsymmetricThumbprint"
address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricThumbprint"
serviceName="s:DoubleItService"