You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/15 15:08:38 UTC
cxf git commit: Enabling MTOM security tests
Repository: cxf
Updated Branches:
refs/heads/master 003fb1e7d -> 7dbce543a
Enabling MTOM security tests
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7dbce543
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7dbce543
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7dbce543
Branch: refs/heads/master
Commit: 7dbce543a96c6ec1c6f02ab0530146c3507fa205
Parents: 003fb1e
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 15 15:08:27 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 15 15:08:27 2017 +0000
----------------------------------------------------------------------
.../wss4j/AttachmentCallbackHandler.java | 19 +++
.../wss4j/PolicyBasedWSS4JOutInterceptor.java | 12 --
.../ws/security/wss4j/WSS4JOutInterceptor.java | 15 +--
.../policyhandlers/AbstractBindingBuilder.java | 115 ++++++++++++-------
.../AsymmetricBindingHandler.java | 6 +
.../policyhandlers/SymmetricBindingHandler.java | 8 ++
.../policyhandlers/TransportBindingHandler.java | 15 +++
.../cxf/systest/ws/mtom/MTOMSecurityTest.java | 4 -
8 files changed, 127 insertions(+), 67 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
index 705e366..959f119 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
@@ -34,6 +34,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.cxf.attachment.AttachmentDataSource;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.message.Attachment;
+import org.apache.wss4j.common.ext.AttachmentRemovalCallback;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.AttachmentResultCallback;
@@ -88,6 +89,24 @@ public class AttachmentCallbackHandler implements CallbackHandler {
}
attachments.add(securedAttachment);
+ } else if (callback instanceof AttachmentRemovalCallback) {
+ AttachmentRemovalCallback attachmentRemovalCallback = (AttachmentRemovalCallback) callback;
+ String attachmentId = attachmentRemovalCallback.getAttachmentId();
+ if (attachmentId != null) {
+ final Collection<org.apache.cxf.message.Attachment> attachments = soapMessage.getAttachments();
+ // Calling LazyAttachmentCollection.size() here to force it to load the attachments
+ if (attachments != null && attachments.size() > 0) {
+ for (Iterator<org.apache.cxf.message.Attachment> iterator = attachments.iterator();
+ iterator.hasNext();) {
+ org.apache.cxf.message.Attachment attachment = iterator.next();
+
+ if (attachmentId.equals(attachment.getId())) {
+ iterator.remove();
+ break;
+ }
+ }
+ }
+ }
} else {
throw new UnsupportedCallbackException(callback, "Unsupported callback");
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index ea11515..7aa2feb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -28,7 +28,6 @@ import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Element;
-import org.apache.cxf.attachment.AttachmentUtil;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
@@ -128,12 +127,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
);
String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
- if (AttachmentUtil.isMtomEnabled(message) && hasAttachments(message)) {
- LOG.warning("MTOM is enabled with WS-Security. Please note that if an attachment is "
- + "referenced in the SOAP Body, only the reference will be signed and not the "
- + "SOAP Body!");
- }
-
// extract Assertion information
AbstractBinding binding = PolicyUtils.getSecurityBinding(aim);
@@ -203,11 +196,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
}
- private boolean hasAttachments(SoapMessage mc) {
- final Collection<org.apache.cxf.message.Attachment> attachments = mc.getAttachments();
- return attachments != null && !attachments.isEmpty();
- }
-
public Set<String> getAfter() {
return Collections.emptySet();
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index 43fd622..c092906 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -194,10 +194,12 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
reqData.setMsgContext(mc);
reqData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));
- if (AttachmentUtil.isMtomEnabled(mc) && hasAttachments(mc)) {
- LOG.warning("MTOM is enabled with WS-Security. Please note that if an attachment is "
- + "referenced in the SOAP Body, only the reference will be signed and not the "
- + "SOAP Body!");
+ // Enable XOP Include unless the user has explicitly configured it
+ if (getString(WSHandlerConstants.EXPAND_XOP_INCLUDE, mc) == null) {
+ reqData.setExpandXopInclude(AttachmentUtil.isMtomEnabled(mc));
+ }
+ if (getString(WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, mc) == null) {
+ reqData.setStoreBytesInAttachment(AttachmentUtil.isMtomEnabled(mc));
}
/*
@@ -291,11 +293,6 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
//nothing
}
- private boolean hasAttachments(SoapMessage mc) {
- final Collection<org.apache.cxf.message.Attachment> attachments = mc.getAttachments();
- return attachments != null && !attachments.isEmpty();
- }
-
private void configureActions(SoapMessage mc, boolean doDebug,
SoapVersion version, WSSConfig config) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index d515f8b..e7b7a66 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -100,6 +100,7 @@ import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.callback.CallbackLookup;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -178,6 +179,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
protected final CallbackLookup callbackLookup;
protected boolean storeBytesInAttachment;
+ protected WSDocInfo wsDocInfo;
+ private boolean expandXopInclude;
private Element lastSupportingTokenElement;
private Element lastDerivedKeyElement;
@@ -205,17 +208,21 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
MessageUtils.getContextualBoolean(
message, SecurityConstants.STORE_BYTES_IN_ATTACHMENT, true
);
- if (storeBytes && AttachmentUtil.isMtomEnabled(message)) {
+ boolean mtomEnabled = AttachmentUtil.isMtomEnabled(message);
+ if (storeBytes && mtomEnabled) {
storeBytesInAttachment = true;
if (binding instanceof AbstractSymmetricAsymmetricBinding
&& (ProtectionOrder.EncryptBeforeSigning
== ((AbstractSymmetricAsymmetricBinding)binding).getProtectionOrder()
|| ((AbstractSymmetricAsymmetricBinding)binding).isProtectTokens())) {
LOG.fine("Disabling SecurityConstants.STORE_BYTES_IN_ATTACHMENT due to "
- + "EncryptBeforeSigning or ProtectTokens policy.");
+ + "EncryptBeforeSigning or ProtectTokens policy.");
storeBytesInAttachment = false;
}
}
+ expandXopInclude = mtomEnabled;
+
+ wsDocInfo = new WSDocInfo(secHeader.getSecurityHeaderElement().getOwnerDocument());
Element soapBody = SAAJUtils.getBody(saaj);
if (soapBody != null) {
@@ -485,46 +492,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
getSignedParts(suppTokens))
);
} else {
- WSSecSignature sig = new WSSecSignature(secHeader);
- sig.setIdAllocator(wssConfig.getIdAllocator());
- sig.setCallbackLookup(callbackLookup);
- sig.setX509Certificate(secToken.getX509Certificate());
- sig.setCustomTokenId(id);
- sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
- String tokenType = secToken.getTokenType();
- if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
- || WSConstants.SAML_NS.equals(tokenType)) {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
- } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
- || WSConstants.SAML2_NS.equals(tokenType)) {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
- } else if (tokenType != null) {
- sig.setCustomTokenValueType(tokenType);
- } else {
- sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
- }
- sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
- sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
-
- Crypto crypto = secToken.getCrypto();
- String uname = null;
- try {
- uname = crypto.getX509Identifier(secToken.getX509Certificate());
- } catch (WSSecurityException e1) {
- LOG.log(Level.FINE, e1.getMessage(), e1);
- throw new Fault(e1);
- }
-
- String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
- sig.setUserInfo(uname, password);
- try {
- sig.prepare(secToken.getCrypto());
- } catch (WSSecurityException e) {
- LOG.log(Level.FINE, e.getMessage(), e);
- throw new Fault(e);
- }
-
- ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens)));
+ ret.add(signSupportingToken(secToken, id, token, suppTokens));
}
} else if (token instanceof X509Token) {
@@ -575,6 +543,56 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
return ret;
}
+
+ private SupportingToken signSupportingToken(SecurityToken secToken, String id,
+ AbstractToken token, SupportingTokens suppTokens)
+ throws SOAPException {
+ WSSecSignature sig = new WSSecSignature(secHeader);
+ sig.setIdAllocator(wssConfig.getIdAllocator());
+ sig.setCallbackLookup(callbackLookup);
+ sig.setX509Certificate(secToken.getX509Certificate());
+ sig.setCustomTokenId(id);
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+ sig.setWsDocInfo(wsDocInfo);
+ sig.setExpandXopInclude(isExpandXopInclude());
+ sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ sig.setStoreBytesInAttachment(storeBytesInAttachment);
+
+ String tokenType = secToken.getTokenType();
+ if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML_NS.equals(tokenType)) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+ || WSConstants.SAML2_NS.equals(tokenType)) {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+ } else if (tokenType != null) {
+ sig.setCustomTokenValueType(tokenType);
+ } else {
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ }
+ sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+ Crypto crypto = secToken.getCrypto();
+ String uname = null;
+ try {
+ uname = crypto.getX509Identifier(secToken.getX509Certificate());
+ } catch (WSSecurityException e1) {
+ LOG.log(Level.FINE, e1.getMessage(), e1);
+ throw new Fault(e1);
+ }
+
+ String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
+ sig.setUserInfo(uname, password);
+ try {
+ sig.prepare(secToken.getCrypto());
+ } catch (WSSecurityException e) {
+ LOG.log(Level.FINE, e.getMessage(), e);
+ throw new Fault(e);
+ }
+
+ return new SupportingToken(token, sig, getSignedParts(suppTokens));
+ }
protected void handleUsernameTokenSupportingToken(
UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken> ret
@@ -1725,6 +1743,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
sig.setStoreBytesInAttachment(storeBytesInAttachment);
+ sig.setExpandXopInclude(isExpandXopInclude());
+ sig.setWsDocInfo(wsDocInfo);
+
checkForX509PkiPath(sig, token);
if (token instanceof IssuedToken || token instanceof SamlToken) {
assertToken(token);
@@ -1947,6 +1968,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
+ dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkSign.setExpandXopInclude(isExpandXopInclude());
//Check whether it is security policy 1.2 and use the secure conversation accordingly
if (policyToken.getVersion() == SPConstants.SPVersion.SP11) {
@@ -2032,6 +2055,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
+ sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ sig.setStoreBytesInAttachment(storeBytesInAttachment);
+ sig.setExpandXopInclude(isExpandXopInclude());
+ sig.setWsDocInfo(wsDocInfo);
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
@@ -2307,4 +2334,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
signatures.add(Arrays.hashCode(val));
}
}
+
+ public boolean isExpandXopInclude() {
+ return expandXopInclude;
+ }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 3ae627a..ae4447e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -452,6 +452,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encr.setStoreBytesInAttachment(storeBytesInAttachment);
+ encr.setExpandXopInclude(isExpandXopInclude());
+ encr.setWsDocInfo(wsDocInfo);
Crypto crypto = getEncryptionCrypto();
@@ -559,6 +561,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkEncr.setCallbackLookup(callbackLookup);
dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkEncr.setExpandXopInclude(isExpandXopInclude());
+ dkEncr.setWsDocInfo(wsDocInfo);
if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -643,6 +647,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setCallbackLookup(callbackLookup);
dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkSign.setExpandXopInclude(isExpandXopInclude());
+ dkSign.setWsDocInfo(wsDocInfo);
if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index aa66be3..9c6dca2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -408,6 +408,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
dkEncr.setCallbackLookup(callbackLookup);
dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkEncr.setExpandXopInclude(isExpandXopInclude());
+ dkEncr.setWsDocInfo(wsDocInfo);
if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -525,6 +527,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
encr.setCallbackLookup(callbackLookup);
encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
encr.setStoreBytesInAttachment(storeBytesInAttachment);
+ encr.setExpandXopInclude(isExpandXopInclude());
+ encr.setWsDocInfo(wsDocInfo);
String encrTokId = encrTok.getId();
if (attached) {
encrTokId = encrTok.getWsuId();
@@ -647,6 +651,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
dkSign.setCallbackLookup(callbackLookup);
dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkSign.setExpandXopInclude(isExpandXopInclude());
+ dkSign.setWsDocInfo(wsDocInfo);
if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
}
@@ -787,6 +793,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
sig.setCallbackLookup(callbackLookup);
sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
sig.setStoreBytesInAttachment(storeBytesInAttachment);
+ sig.setExpandXopInclude(isExpandXopInclude());
+ sig.setWsDocInfo(wsDocInfo);
// If a EncryptedKeyToken is used, set the correct value type to
// be used in the wsse:Reference in ds:KeyInfo
int type = included ? WSConstants.CUSTOM_SYMM_SIGNING
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 9b86d33..dea5d91 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -37,6 +37,7 @@ import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.bsp.BSPEnforcer;
@@ -366,6 +367,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+ dkSig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ dkSig.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkSig.setExpandXopInclude(isExpandXopInclude());
+ dkSig.setWsDocInfo(wsDocInfo);
+
AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
@@ -451,6 +457,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
WSSecDKSign dkSign = new WSSecDKSign(secHeader);
dkSign.setIdAllocator(wssConfig.getIdAllocator());
dkSign.setCallbackLookup(callbackLookup);
+ dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+ dkSign.setExpandXopInclude(isExpandXopInclude());
+ dkSign.setWsDocInfo(wsDocInfo);
+
AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
//Setting the AttachedReference or the UnattachedReference according to the flag
@@ -501,6 +512,10 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
WSSecSignature sig = new WSSecSignature(secHeader);
sig.setIdAllocator(wssConfig.getIdAllocator());
sig.setCallbackLookup(callbackLookup);
+ sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+ sig.setStoreBytesInAttachment(storeBytesInAttachment);
+ sig.setExpandXopInclude(isExpandXopInclude());
+ sig.setWsDocInfo(wsDocInfo);
//Setting the AttachedReference or the UnattachedReference according to the flag
Element ref;
http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
index 6b92d07..455985e 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
@@ -91,7 +91,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
// Sign an attachment without inlining
@org.junit.Test
- @org.junit.Ignore
public void testSignedMTOMAction() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -194,7 +193,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
// The difference between this test + the testAsymmetricBytesInAttachment test above is that
// the SOAP Body already contains BASE-64 encoded content.
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricBinaryBytesInAttachment() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -221,7 +219,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
- @org.junit.Ignore
public void testAsymmetricBinaryEncryptBeforeSigningBytesInAttachment() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
@@ -248,7 +245,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
}
@org.junit.Test
- @org.junit.Ignore
public void testSymmetricBinaryBytesInAttachment() throws Exception {
SpringBusFactory bf = new SpringBusFactory();