Author: dkulp
Date: Tue Sep 23 10:29:10 2008
New Revision: 698251
URL: http://svn.apache.org/viewvc?rev=698251&view=rev
Log:
Get Encrypt+Sign+SignatureProtection working
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Tue Sep 23 10:29:10 2008
@@ -213,6 +213,16 @@
return properties;
}
+ String addToAction(String action, String val, boolean pre) {
+ if (action.contains(val)) {
+ return action;
+ }
+ if (pre) {
+ return val + " " + action;
+ }
+ return action + " " + val;
+ }
+
protected void checkPolicies(SoapMessage message, RequestData data) {
AssertionInfoMap aim = message.get(AssertionInfoMap.class);
// extract Assertion information
@@ -225,7 +235,7 @@
if (ais != null) {
for (AssertionInfo ai : ais) {
if (!action.contains(WSHandlerConstants.TIMESTAMP)) {
- action = WSHandlerConstants.TIMESTAMP + " " + action;
+ action = addToAction(action,
WSHandlerConstants.TIMESTAMP, true);
}
ai.setAsserted(true);
}
@@ -251,9 +261,11 @@
for (AssertionInfo ai : ais) {
AsymmetricBinding abinding =
(AsymmetricBinding)ai.getAssertion();
if (abinding.getProtectionOrder() ==
SPConstants.ProtectionOrder.EncryptBeforeSigning) {
- action = "Encrypt Signature " + action;
+ action = addToAction(action, "Signature", true);
+ action = addToAction(action, "Encrypt", true);
} else {
- action = "Signature Encrypt " + action;
+ action = addToAction(action, "Encrypt", true);
+ action = addToAction(action, "Signature", true);
}
Object s =
message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
Object e =
message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Tue Sep 23 10:29:10 2008
@@ -24,6 +24,7 @@
import java.util.Map;
import java.util.Vector;
+import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Element;
@@ -68,13 +69,10 @@
private String encryptedKeyId;
private byte[] encryptedKeyValue;
- private Map<Token, WSSecBase> sigSuppTokMap;
- private Map<Token, WSSecBase> sgndEndSuppTokMap;
- private Map<Token, WSSecBase> sgndEncSuppTokMap;
- private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
- private Map<Token, WSSecBase> endSuppTokMap;
private Map<Token, WSSecBase> endEncSuppTokMap;
-
+ private Map<Token, WSSecBase> endSuppTokMap;
+ private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
+ private Map<Token, WSSecBase> sgndEndSuppTokMap;
public AsymmetricBindingHandler(AsymmetricBinding binding,
SOAPMessage saaj,
@@ -101,67 +99,88 @@
}
+ private void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
+
+ SupportingToken sgndSuppTokens =
+
(SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+
+ Map<Token, WSSecBase> sigSuppTokMap =
this.handleSupportingTokens(sgndSuppTokens);
+
+ SupportingToken endSuppTokens =
+
(SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+
+ endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens
+ =
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+ sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
+
+ SupportingToken sgndEncryptedSuppTokens
+ =
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+ Map<Token, WSSecBase> sgndEncSuppTokMap
+ = this.handleSupportingTokens(sgndEncryptedSuppTokens);
+
+ SupportingToken endorsingEncryptedSuppTokens
+ =
(SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+ endEncSuppTokMap
+ = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
+
+ SupportingToken sgndEndEncSuppTokens
+ =
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+ sgndEndEncSuppTokMap
+ = this.handleSupportingTokens(sgndEndEncSuppTokens);
+
+ SupportingToken supportingToks
+ = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
+ this.handleSupportingTokens(supportingToks);
+
+ SupportingToken encryptedSupportingToks
+ =
(SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+ this.handleSupportingTokens(encryptedSupportingToks);
+
+ //Setup signature parts
+ addSignatureParts(sigSuppTokMap, sigs);
+ addSignatureParts(sgndEncSuppTokMap, sigs);
+ addSignatureParts(sgndEndSuppTokMap, sigs);
+ addSignatureParts(sgndEndEncSuppTokMap, sigs);
+
+ //Add timestamp
+ if (timestampEl != null) {
+ Element el = timestampEl.getElement();
+ sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+ }
+ }
private void doSignBeforeEncrypt() {
try {
Vector<WSEncryptionPart> sigs = getSignedParts();
if (isRequestor()) {
- SupportingToken sgndSuppTokens =
-
(SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-
- sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);
-
- SupportingToken endSuppTokens =
-
(SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-
- endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
-
- SupportingToken sgndEndSuppTokens
- =
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
- sgndEndSuppTokMap =
this.handleSupportingTokens(sgndEndSuppTokens);
-
- SupportingToken sgndEncryptedSuppTokens
- =
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
- sgndEncSuppTokMap =
this.handleSupportingTokens(sgndEncryptedSuppTokens);
-
- SupportingToken endorsingEncryptedSuppTokens
- =
(SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
- endEncSuppTokMap =
this.handleSupportingTokens(endorsingEncryptedSuppTokens);
-
- SupportingToken sgndEndEncSuppTokens
- =
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
- sgndEndEncSuppTokMap =
this.handleSupportingTokens(sgndEndEncSuppTokens);
-
- SupportingToken supportingToks
- =
(SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
- this.handleSupportingTokens(supportingToks);
-
- SupportingToken encryptedSupportingToks
- =
(SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
- this.handleSupportingTokens(encryptedSupportingToks);
-
- //Setup signature parts
- addSignatureParts(sigSuppTokMap, sigs);
- addSignatureParts(sgndEncSuppTokMap, sigs);
- addSignatureParts(sgndEndSuppTokMap, sigs);
- addSignatureParts(sgndEndEncSuppTokMap, sigs);
-
-
- //Add timestamp
- if (timestampEl != null) {
- Element el = timestampEl.getElement();
- sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
- }
- doSignature(sigs);
+ addSupportingTokens(sigs);
+ doSignature(sigs, null);
doEndorse();
-
} else {
//confirm sig
addSignatureConfirmation(sigs);
- doSignature(sigs);
+ doSignature(sigs, null);
}
Vector<WSEncryptionPart> enc = getEncryptedParts();
- doEncyption(enc);
+
+ //Check for signature protection
+ if (abinding.isSignatureProtection() && mainSigId != null) {
+ enc.add(new WSEncryptionPart(mainSigId, "Element"));
+ }
+
+ if (isRequestor()) {
+ for (String id : encryptedTokensIdList) {
+ enc.add(new WSEncryptionPart(id, "Element"));
+ }
+ }
+
+ //Do encryption
+ RecipientToken recToken = abinding.getRecipientToken();
+
+
+ doEncryption(recToken, enc, false);
} catch (Exception e) {
e.printStackTrace();
//REVISIT!!
@@ -169,10 +188,143 @@
}
private void doEncryptBeforeSign() {
- // REVISIT
+ TokenWrapper wrapper;
+ Token encryptionToken = null;
+ if (isRequestor()) {
+ wrapper = abinding.getRecipientToken();
+ } else {
+ wrapper = abinding.getInitiatorToken();
+ }
+ encryptionToken = wrapper.getToken();
+ Vector<WSEncryptionPart> encrParts = null;
+ Vector<WSEncryptionPart> sigParts = null;
+ try {
+ encrParts = getEncryptedParts();
+ //Signed parts are determined before encryption because encrypted
signed headers
+ //will not be included otherwise
+ sigParts = getSignedParts();
+ } catch (SOAPException e1) {
+ //REVISIT - exception
+ e1.printStackTrace();
+ }
+
+ if (encryptionToken == null && encrParts.size() > 0) {
+ //REVISIT - no token to encrypt with
+ }
+
+
+ if (encryptionToken != null && encrParts.size() > 0) {
+ WSSecBase encrBase = doEncryption(wrapper, encrParts, true);
+ handleEncryptedSignedHeaders(encrParts, sigParts);
+
+
+ if (timestampEl != null) {
+ sigParts.add(new
WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+ }
+
+ if (isRequestor()) {
+ addSupportingTokens(sigParts);
+ } else {
+ addSignatureConfirmation(sigParts);
+ }
+
+ if ((sigParts.size() > 0
+ && isRequestor()
+ && abinding.getInitiatorToken() != null)
+ || (!isRequestor() && abinding.getRecipientToken() != null)) {
+ try {
+ Element appendEl = null;
+ if (encryptionToken.isDerivedKeys()) {
+ appendEl = ((WSSecDKEncrypt)encrBase).getdktElement();
+ } else {
+ appendEl =
((WSSecEncrypt)encrBase).getEncryptedKeyElement();
+ }
+ doSignature(sigParts, appendEl);
+ } catch (WSSecurityException e) {
+ //REVISIT - exception
+ e.printStackTrace();
+ }
+ }
+
+ if (isRequestor()) {
+ doEndorse();
+ }
+
+ // Check for signature protection
+ if (abinding.isSignatureProtection() && mainSigId != null) {
+ Vector<WSEncryptionPart> secondEncrParts = new
Vector<WSEncryptionPart>();
+
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(mainSigId,
"Element"));
+
+ if (isRequestor()) {
+ for (String id : encryptedTokensIdList) {
+ secondEncrParts.add(new WSEncryptionPart(id,
"Element"));
+ }
+ }
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+ Element secondRefList
+ =
((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+
((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+
+ } catch (WSSecurityException e) {
+ //REVISIT - exception
+ e.printStackTrace();
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ Element secondRefList
+ =
((WSSecEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+ insertAfter(secondRefList,
secHeader.getSecurityHeader(),
+
((WSSecEncrypt)encrBase).getEncryptedKeyElement());
+
+ } catch (WSSecurityException e) {
+ //REVISIT - exception
+ e.printStackTrace();
+ }
+ }
+ }
+ }
}
+ public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart>
encryptedParts,
+ Vector<WSEncryptionPart>
signedParts) {
+
+ for (WSEncryptionPart signedPart : signedParts) {
+ if (signedPart.getNamespace() == null || signedPart.getName() ==
null) {
+ continue;
+ }
+
+ for (WSEncryptionPart encryptedPart : encryptedParts) {
+ if (encryptedPart.getNamespace() == null
+ || encryptedPart.getName() == null) {
+ continue;
+ }
+
+ if (signedPart.getName().equals(encryptedPart.getName())
+ &&
signedPart.getNamespace().equals(encryptedPart.getNamespace())) {
+
+ String encDataID = encryptedPart.getEncId();
+ Element encDataElem = WSSecurityUtil
+
.findElementById(saaj.getSOAPPart().getDocumentElement(),
+ encDataID, null);
+
+ if (encDataElem != null) {
+ Element encHeader =
(Element)encDataElem.getParentNode();
+ String encHeaderId =
encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
+
+ signedParts.remove(signedPart);
+ WSEncryptionPart encHeaderToSign = new
WSEncryptionPart(encHeaderId);
+ signedParts.add(encHeaderToSign);
+ }
+ }
+ }
+ }
+ }
protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts)
{
Wss10 wss10 = getWss10();
@@ -225,7 +377,6 @@
}
}
-
private void doEndorse() {
// Adding the endorsing encrypted supporting tokens to endorsing
supporting tokens
endSuppTokMap.putAll(endEncSuppTokMap);
@@ -238,25 +389,14 @@
doEndorsedSignatures(sgndEndSuppTokMap, abinding.isTokenProtection());
}
- private void doEncyption(Vector<WSEncryptionPart> encrParts) {
- //Check for signature protection
- if (abinding.isSignatureProtection() && mainSigId != null) {
- encrParts.add(new WSEncryptionPart(mainSigId, "Element"));
- }
-
- if (isRequestor()) {
- for (String id : encryptedTokensIdList) {
- encrParts.add(new WSEncryptionPart(id, "Element"));
- }
- }
-
+ private WSSecBase doEncryption(TokenWrapper recToken,
+ Vector<WSEncryptionPart> encrParts,
+ boolean externalRef) {
//Do encryption
- RecipientToken recToken = abinding.getRecipientToken();
- if (recToken != null && recToken.getRecipientToken() != null &&
encrParts.size() > 0) {
- Token encrToken = recToken.getRecipientToken();
+ if (recToken != null && recToken.getToken() != null &&
encrParts.size() > 0) {
+ Token encrToken = recToken.getToken();
policyAsserted(recToken);
policyAsserted(encrToken);
- Element refList = null;
AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
if (encrToken.isDerivedKeys()) {
try {
@@ -267,6 +407,7 @@
}
dkEncr.setExternalKey(this.encryptedKeyValue,
this.encryptedKeyId);
+ dkEncr.setParts(encrParts);
dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 +
"#"
+ WSConstants.ENC_KEY_VALUE_TYPE);
dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
@@ -274,8 +415,9 @@
dkEncr.prepare(saaj.getSOAPPart());
dkEncr.prependDKElementToHeader(secHeader);
- refList = dkEncr.encryptForExternalRef(null, encrParts);
-
+ Element refList = dkEncr.encryptForExternalRef(null,
encrParts);
+ dkEncr.addExternalRefElement(refList, secHeader);
+ return dkEncr;
} catch (Exception e) {
policyNotAsserted(recToken, e);
}
@@ -301,18 +443,23 @@
Element encryptedKeyElement =
encr.getEncryptedKeyElement();
//Encrypt, get hold of the ref list and add it
- refList = encr.encryptForInternalRef(null, encrParts);
-
- //Add internal refs
- encryptedKeyElement.appendChild(refList);
+ if (externalRef) {
+ Element refList = encr.encryptForExternalRef(null,
encrParts);
+ secHeader.getSecurityHeader().appendChild(refList);
+ } else {
+ Element refList = encr.encryptForInternalRef(null,
encrParts);
+ // Add internal refs
+ encryptedKeyElement.appendChild(refList);
+ }
encr.prependToHeader(secHeader);
-
+ return encr;
} catch (WSSecurityException e) {
policyNotAsserted(recToken, e.getMessage());
}
}
}
+ return null;
}
private void assertUnusedTokens(TokenWrapper wrapper) {
@@ -329,7 +476,8 @@
}
}
}
- private void doSignature(Vector<WSEncryptionPart> sigParts) throws
WSSecurityException {
+ private void doSignature(Vector<WSEncryptionPart> sigParts,
+ Element appendAfter) throws WSSecurityException {
Token sigToken = null;
TokenWrapper wrapper = null;
if (isRequestor()) {
@@ -390,7 +538,13 @@
sig.addReferencesToSign(sigParts, secHeader);
sig.computeSignature();
- sig.prependToHeader(secHeader);
+ if (appendAfter != null) {
+ insertAfter(sig.getSignatureElement(),
+ secHeader.getSecurityHeader(),
+ appendAfter);
+ } else {
+ sig.prependToHeader(secHeader);
+ }
mainSigId = addWsuIdToElement(sig.getSignatureElement());
}
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
Tue Sep 23 10:29:10 2008
@@ -171,6 +171,14 @@
return ais.iterator().next().getAssertion();
}
return null;
+ }
+
+ protected void insertAfter(Element child, Element parent, Element sib) {
+ if (sib.getNextSibling() == null) {
+ parent.appendChild(child);
+ } else {
+ parent.insertBefore(child, sib.getNextSibling());
+ }
}
protected WSSecTimestamp createTimestamp() {
Modified:
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
---
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Tue Sep 23 10:29:10 2008
@@ -45,7 +45,8 @@
public class SecurityPolicyTest extends AbstractBusClientServerTestBase {
public static final String POLICY_ADDRESS =
"http://localhost:9010/SecPolTest";
public static final String POLICY_HTTPS_ADDRESS =
"https://localhost:9009/SecPolTest";
- public static final String POLICY_ENC_ADDRESS =
"http://localhost:9010/SecPolTestEncrypt";
+ public static final String POLICY_ENCSIGN_ADDRESS =
"http://localhost:9010/SecPolTestEncryptThenSign";
+ public static final String POLICY_SIGNENC_ADDRESS =
"http://localhost:9010/SecPolTestSignThenEncrypt";
public static class ServerPasswordCallback implements CallbackHandler {
@@ -76,12 +77,24 @@
Endpoint.publish(POLICY_ADDRESS,
new DoubleItImpl());
- ep = (EndpointImpl)Endpoint.publish(POLICY_ENC_ADDRESS,
- new DoubleItImplEncrypt());
+ ep = (EndpointImpl)Endpoint.publish(POLICY_ENCSIGN_ADDRESS,
+ new DoubleItImplEncryptThenSign());
EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo();
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
ServerPasswordCallback());
+ ei.setProperty(SecurityConstants.USERNAME, "alice");
+ ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
KeystorePasswordCallback());
+ ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
+
SecurityPolicyTest.class.getResource("alice.properties").toString());
+ ei.setProperty(SecurityConstants.ENCRYPT_USERNAME, "bob");
+ ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
+
SecurityPolicyTest.class.getResource("bob.properties").toString());
+
+ ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_ADDRESS,
+ new DoubleItImplSignThenEncrypt());
+ ei = ep.getServer().getEndpoint().getEndpointInfo();
+ ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
ServerPasswordCallback());
ei.setProperty(SecurityConstants.USERNAME, "alice");
ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
KeystorePasswordCallback());
ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
@@ -96,7 +109,19 @@
DoubleItService service = new DoubleItService();
DoubleItPortType pt;
- pt = service.getDoubleItPortEncrypt();
+ pt = service.getDoubleItPortEncryptThenSign();
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME,
"alice");
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
+ new
KeystorePasswordCallback());
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+
getClass().getResource("alice.properties"));
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"Bob");
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
+
getClass().getResource("bob.properties"));
+ pt.doubleIt(BigInteger.valueOf(5));
+
+
+ pt = service.getDoubleItPortSignThenEncrypt();
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME,
"alice");
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new
KeystorePasswordCallback());
@@ -159,11 +184,22 @@
}
}
@WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt",
- portName = "DoubleItPortEncrypt",
+ portName = "DoubleItPortEncryptThenSign",
+ serviceName = "DoubleItService",
+ endpointInterface =
"org.apache.cxf.policytest.doubleit.DoubleItPortType",
+ wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+ public static class DoubleItImplEncryptThenSign implements
DoubleItPortType {
+ /** [EMAIL PROTECTED]/
+ public BigInteger doubleIt(BigInteger numberToDouble) {
+ return numberToDouble.multiply(new BigInteger("2"));
+ }
+ }
+ @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt",
+ portName = "DoubleItPortSignThenEncrypt",
serviceName = "DoubleItService",
endpointInterface =
"org.apache.cxf.policytest.doubleit.DoubleItPortType",
wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
- public static class DoubleItImplEncrypt implements DoubleItPortType {
+ public static class DoubleItImplSignThenEncrypt implements
DoubleItPortType {
/** [EMAIL PROTECTED]/
public BigInteger doubleIt(BigInteger numberToDouble) {
return numberToDouble.multiply(new BigInteger("2"));
Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Tue Sep 23
10:29:10 2008
@@ -68,8 +68,18 @@
<wsdl:output><soap:body use="literal"/></wsdl:output>
</wsdl:operation>
</wsdl:binding>
- <wsdl:binding name="DoubleItBindingEncrypt" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItEncryptPolicy"/>
+ <wsdl:binding name="DoubleItBindingEncryptThenSign"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy"/>
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input><soap:body use="literal"/></wsdl:input>
+ <wsdl:output><soap:body use="literal"/></wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingSignThenEncrypt"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy"/>
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http" />
<wsdl:operation name="DoubleIt">
@@ -87,9 +97,13 @@
<soap:address
location="http://localhost:9010/SecPolTest"/>
</wsdl:port>
- <wsdl:port name="DoubleItPortEncrypt"
binding="tns:DoubleItBindingEncrypt">
+ <wsdl:port name="DoubleItPortEncryptThenSign"
binding="tns:DoubleItBindingEncryptThenSign">
<soap:address
- location="http://localhost:9010/SecPolTestEncrypt"/>
+ location="http://localhost:9010/SecPolTestEncryptThenSign"/>
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortSignThenEncrypt"
binding="tns:DoubleItBindingSignThenEncrypt">
+ <soap:address
+ location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
</wsdl:port>
</wsdl:service>
@@ -137,7 +151,61 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
- <wsp:Policy wsu:Id="DoubleItEncryptPolicy">
+ <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V1Token11/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V1Token11/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:EncryptBeforeSigning/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <!-- sp:MustSupportRefKeyIdentifier/-->
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -173,6 +241,7 @@
<sp:IncludeTimestamp/>
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
+ <sp:SignBeforeEncrypting/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -190,5 +259,4 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
-
</wsdl:definitions>