Author: dkulp
Date: Tue Sep 23 10:29:10 2008
New Revision: 698251

URL: http://svn.apache.org/viewvc?rev=698251&view=rev
Log:
Get Encrypt+Sign+SignatureProtection working

Modified:
    
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
    
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl

Modified: 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
 (original)
+++ 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
 Tue Sep 23 10:29:10 2008
@@ -213,6 +213,16 @@
         return properties;
     }
     
+    String addToAction(String action, String val, boolean pre) {
+        if (action.contains(val)) {
+            return action;
+        }
+        if (pre) {
+            return val + " " + action; 
+        } 
+        return action + " " + val;
+    }
+    
     protected void checkPolicies(SoapMessage message, RequestData data) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
@@ -225,7 +235,7 @@
             if (ais != null) {
                 for (AssertionInfo ai : ais) {
                     if (!action.contains(WSHandlerConstants.TIMESTAMP)) {
-                        action = WSHandlerConstants.TIMESTAMP + " " + action;
+                        action = addToAction(action, 
WSHandlerConstants.TIMESTAMP, true);
                     }
                     ai.setAsserted(true);
                 }                    
@@ -251,9 +261,11 @@
                 for (AssertionInfo ai : ais) {
                     AsymmetricBinding abinding = 
(AsymmetricBinding)ai.getAssertion();
                     if (abinding.getProtectionOrder() == 
SPConstants.ProtectionOrder.EncryptBeforeSigning) {
-                        action = "Encrypt Signature " + action;
+                        action = addToAction(action, "Signature", true);
+                        action = addToAction(action, "Encrypt", true);
                     } else {
-                        action = "Signature Encrypt " + action;                
      
+                        action = addToAction(action, "Encrypt", true);
+                        action = addToAction(action, "Signature", true);
                     }
                     Object s = 
message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
                     Object e = 
message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);

Modified: 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
 (original)
+++ 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
 Tue Sep 23 10:29:10 2008
@@ -24,6 +24,7 @@
 import java.util.Map;
 import java.util.Vector;
 
+import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Element;
@@ -68,13 +69,10 @@
     private String encryptedKeyId;
     private byte[] encryptedKeyValue;
     
-    private Map<Token, WSSecBase> sigSuppTokMap;
-    private Map<Token, WSSecBase> sgndEndSuppTokMap;
-    private Map<Token, WSSecBase> sgndEncSuppTokMap;
-    private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
-    private Map<Token, WSSecBase> endSuppTokMap;
     private Map<Token, WSSecBase> endEncSuppTokMap;
-
+    private Map<Token, WSSecBase> endSuppTokMap;
+    private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
+    private Map<Token, WSSecBase> sgndEndSuppTokMap;
     
     public AsymmetricBindingHandler(AsymmetricBinding binding,
                                     SOAPMessage saaj,
@@ -101,67 +99,88 @@
     }
 
 
+    private void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
+        
+        SupportingToken sgndSuppTokens = 
+            
(SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+        
+        Map<Token, WSSecBase> sigSuppTokMap = 
this.handleSupportingTokens(sgndSuppTokens);           
+        
+        SupportingToken endSuppTokens = 
+            
(SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+        
+        endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
+        
+        SupportingToken sgndEndSuppTokens 
+            = 
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
+        
+        SupportingToken sgndEncryptedSuppTokens 
+            = 
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        Map<Token, WSSecBase> sgndEncSuppTokMap 
+            = this.handleSupportingTokens(sgndEncryptedSuppTokens);
+        
+        SupportingToken endorsingEncryptedSuppTokens 
+            = 
(SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        endEncSuppTokMap 
+            = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
+        
+        SupportingToken sgndEndEncSuppTokens 
+            = 
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        sgndEndEncSuppTokMap 
+            = this.handleSupportingTokens(sgndEndEncSuppTokens);
+        
+        SupportingToken supportingToks 
+            = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
+        this.handleSupportingTokens(supportingToks);
+        
+        SupportingToken encryptedSupportingToks 
+            = 
(SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+        this.handleSupportingTokens(encryptedSupportingToks);
+    
+        //Setup signature parts
+        addSignatureParts(sigSuppTokMap, sigs);
+        addSignatureParts(sgndEncSuppTokMap, sigs);
+        addSignatureParts(sgndEndSuppTokMap, sigs);
+        addSignatureParts(sgndEndEncSuppTokMap, sigs);
+
+        //Add timestamp
+        if (timestampEl != null) {
+            Element el = timestampEl.getElement();
+            sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+        }
+    }
     private void doSignBeforeEncrypt() {
         try {
             Vector<WSEncryptionPart> sigs = getSignedParts();
             if (isRequestor()) {
-                SupportingToken sgndSuppTokens = 
-                    
(SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-                
-                sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);   
        
-                
-                SupportingToken endSuppTokens = 
-                    
(SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-                
-                endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
-                
-                SupportingToken sgndEndSuppTokens 
-                    = 
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-                sgndEndSuppTokMap = 
this.handleSupportingTokens(sgndEndSuppTokens);
-                
-                SupportingToken sgndEncryptedSuppTokens 
-                    = 
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-                sgndEncSuppTokMap = 
this.handleSupportingTokens(sgndEncryptedSuppTokens);
-                
-                SupportingToken endorsingEncryptedSuppTokens 
-                    = 
(SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-                endEncSuppTokMap = 
this.handleSupportingTokens(endorsingEncryptedSuppTokens);
-                
-                SupportingToken sgndEndEncSuppTokens 
-                    = 
(SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-                sgndEndEncSuppTokMap = 
this.handleSupportingTokens(sgndEndEncSuppTokens);
-                
-                SupportingToken supportingToks 
-                    = 
(SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
-                this.handleSupportingTokens(supportingToks);
-                
-                SupportingToken encryptedSupportingToks 
-                    = 
(SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
-                this.handleSupportingTokens(encryptedSupportingToks);
-            
-                //Setup signature parts
-                addSignatureParts(sigSuppTokMap, sigs);
-                addSignatureParts(sgndEncSuppTokMap, sigs);
-                addSignatureParts(sgndEndSuppTokMap, sigs);
-                addSignatureParts(sgndEndEncSuppTokMap, sigs);
-
-                
-                //Add timestamp
-                if (timestampEl != null) {
-                    Element el = timestampEl.getElement();
-                    sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
-                }
-                doSignature(sigs);
+                addSupportingTokens(sigs);
+                doSignature(sigs, null);
                 doEndorse();
-                
             } else {
                 //confirm sig
                 addSignatureConfirmation(sigs);
-                doSignature(sigs);
+                doSignature(sigs, null);
             }
 
             Vector<WSEncryptionPart> enc = getEncryptedParts();
-            doEncyption(enc);
+            
+            //Check for signature protection
+            if (abinding.isSignatureProtection() && mainSigId != null) {
+                enc.add(new WSEncryptionPart(mainSigId, "Element"));
+            }
+            
+            if (isRequestor()) {
+                for (String id : encryptedTokensIdList) {
+                    enc.add(new WSEncryptionPart(id, "Element"));
+                }
+            }
+
+            //Do encryption
+            RecipientToken recToken = abinding.getRecipientToken();
+
+            
+            doEncryption(recToken, enc, false);
         } catch (Exception e) {
             e.printStackTrace();
             //REVISIT!!
@@ -169,10 +188,143 @@
     }
 
     private void doEncryptBeforeSign() {
-        // REVISIT 
+        TokenWrapper wrapper;
+        Token encryptionToken = null;
+        if (isRequestor()) {
+            wrapper = abinding.getRecipientToken();
+        } else {
+            wrapper = abinding.getInitiatorToken();
+        }
+        encryptionToken = wrapper.getToken();
+        Vector<WSEncryptionPart> encrParts = null;
+        Vector<WSEncryptionPart> sigParts = null;
+        try {
+            encrParts = getEncryptedParts();
+            //Signed parts are determined before encryption because encrypted 
signed  headers
+            //will not be included otherwise
+            sigParts = getSignedParts();
+        } catch (SOAPException e1) {
+            //REVISIT - exception
+            e1.printStackTrace();
+        }
+        
         
+        if (encryptionToken == null && encrParts.size() > 0) {
+            //REVISIT - no token to encrypt with  
+        }
+        
+        
+        if (encryptionToken != null && encrParts.size() > 0) {
+            WSSecBase encrBase = doEncryption(wrapper, encrParts, true);
+            handleEncryptedSignedHeaders(encrParts, sigParts);
+            
+            
+            if (timestampEl != null) {
+                sigParts.add(new 
WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+            }
+            
+            if (isRequestor()) {
+                addSupportingTokens(sigParts);
+            } else {
+                addSignatureConfirmation(sigParts);
+            }
+            
+            if ((sigParts.size() > 0 
+                    && isRequestor()
+                    && abinding.getInitiatorToken() != null) 
+                || (!isRequestor() && abinding.getRecipientToken() != null)) {
+                try {
+                    Element appendEl = null;
+                    if (encryptionToken.isDerivedKeys()) {
+                        appendEl = ((WSSecDKEncrypt)encrBase).getdktElement();
+                    } else {
+                        appendEl = 
((WSSecEncrypt)encrBase).getEncryptedKeyElement();
+                    }
+                    doSignature(sigParts, appendEl);
+                } catch (WSSecurityException e) {
+                    //REVISIT - exception
+                    e.printStackTrace();
+                }
+            }
+
+            if (isRequestor()) {
+                doEndorse();
+            }
+            
+            // Check for signature protection
+            if (abinding.isSignatureProtection() && mainSigId != null) {
+                Vector<WSEncryptionPart> secondEncrParts = new 
Vector<WSEncryptionPart>();
+
+                // Now encrypt the signature using the above token
+                secondEncrParts.add(new WSEncryptionPart(mainSigId, 
"Element"));
+                
+                if (isRequestor()) {
+                    for (String id : encryptedTokensIdList) {
+                        secondEncrParts.add(new WSEncryptionPart(id, 
"Element"));
+                    }
+                }
+
+                if (encryptionToken.isDerivedKeys()) {
+                    try {
+                        Element secondRefList 
+                            = 
((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+                        
((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+
+                    } catch (WSSecurityException e) {
+                        //REVISIT - exception
+                        e.printStackTrace();
+                    }
+                } else {
+                    try {
+                        // Encrypt, get hold of the ref list and add it
+                        Element secondRefList 
+                            = 
((WSSecEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+                        insertAfter(secondRefList, 
secHeader.getSecurityHeader(), 
+                                    
((WSSecEncrypt)encrBase).getEncryptedKeyElement());
+                        
+                    } catch (WSSecurityException e) {
+                        //REVISIT - exception
+                        e.printStackTrace();
+                    }
+                }
+            }
+        }
     }
     
+    public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> 
encryptedParts, 
+                                              Vector<WSEncryptionPart> 
signedParts) {
+        
+        for (WSEncryptionPart signedPart : signedParts) {
+            if (signedPart.getNamespace() == null || signedPart.getName() == 
null) {
+                continue;
+            }
+             
+            for (WSEncryptionPart encryptedPart : encryptedParts) {
+                if (encryptedPart.getNamespace() == null 
+                    || encryptedPart.getName() == null) {
+                    continue;
+                }
+                
+                if (signedPart.getName().equals(encryptedPart.getName()) 
+                    && 
signedPart.getNamespace().equals(encryptedPart.getNamespace())) {
+                    
+                    String encDataID =  encryptedPart.getEncId();              
      
+                    Element encDataElem = WSSecurityUtil
+                        
.findElementById(saaj.getSOAPPart().getDocumentElement(),
+                                         encDataID, null);
+                    
+                    if (encDataElem != null) {
+                        Element encHeader = 
(Element)encDataElem.getParentNode();
+                        String encHeaderId = 
encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
+                        
+                        signedParts.remove(signedPart);
+                        WSEncryptionPart encHeaderToSign = new 
WSEncryptionPart(encHeaderId);
+                        signedParts.add(encHeaderToSign);
+                    }
+                }
+            }
+        }
+    }
     
     protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts) 
{
         Wss10 wss10 = getWss10();
@@ -225,7 +377,6 @@
         }
     }
 
-    
     private void doEndorse() {
         // Adding the endorsing encrypted supporting tokens to endorsing 
supporting tokens
         endSuppTokMap.putAll(endEncSuppTokMap);
@@ -238,25 +389,14 @@
         doEndorsedSignatures(sgndEndSuppTokMap, abinding.isTokenProtection());
     }    
     
-    private void doEncyption(Vector<WSEncryptionPart> encrParts) {
-        //Check for signature protection
-        if (abinding.isSignatureProtection() && mainSigId != null) {
-            encrParts.add(new WSEncryptionPart(mainSigId, "Element"));
-        }
-        
-        if (isRequestor()) {
-            for (String id : encryptedTokensIdList) {
-                encrParts.add(new WSEncryptionPart(id, "Element"));
-            }
-        }
-
+    private WSSecBase doEncryption(TokenWrapper recToken,
+                                    Vector<WSEncryptionPart> encrParts,
+                                    boolean externalRef) {
         //Do encryption
-        RecipientToken recToken = abinding.getRecipientToken();
-        if (recToken != null && recToken.getRecipientToken() != null && 
encrParts.size() > 0) {
-            Token encrToken = recToken.getRecipientToken();
+        if (recToken != null && recToken.getToken() != null && 
encrParts.size() > 0) {
+            Token encrToken = recToken.getToken();
             policyAsserted(recToken);
             policyAsserted(encrToken);
-            Element refList = null;
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             if (encrToken.isDerivedKeys()) {
                 try {
@@ -267,6 +407,7 @@
                     }
                     
                     dkEncr.setExternalKey(this.encryptedKeyValue, 
this.encryptedKeyId);
+                    dkEncr.setParts(encrParts);
                     dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + 
"#"
                             + WSConstants.ENC_KEY_VALUE_TYPE);
                     
dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
@@ -274,8 +415,9 @@
                     dkEncr.prepare(saaj.getSOAPPart());
                     
                     dkEncr.prependDKElementToHeader(secHeader);
-                    refList = dkEncr.encryptForExternalRef(null, encrParts);
-                    
+                    Element refList = dkEncr.encryptForExternalRef(null, 
encrParts);
+                    dkEncr.addExternalRefElement(refList, secHeader);
+                    return dkEncr;
                 } catch (Exception e) {
                     policyNotAsserted(recToken, e);
                 }
@@ -301,18 +443,23 @@
                     Element encryptedKeyElement = 
encr.getEncryptedKeyElement();
                                        
                     //Encrypt, get hold of the ref list and add it
-                    refList = encr.encryptForInternalRef(null, encrParts);
-                    
-                    //Add internal refs
-                    encryptedKeyElement.appendChild(refList);
+                    if (externalRef) {
+                        Element refList = encr.encryptForExternalRef(null, 
encrParts);
+                        secHeader.getSecurityHeader().appendChild(refList);
+                    } else {
+                        Element refList = encr.encryptForInternalRef(null, 
encrParts);
                     
+                        // Add internal refs
+                        encryptedKeyElement.appendChild(refList);
+                    }
                     encr.prependToHeader(secHeader);
-
+                    return encr;
                 } catch (WSSecurityException e) {
                     policyNotAsserted(recToken, e.getMessage());
                 }    
             }
         }
+        return null;
     }    
     
     private void assertUnusedTokens(TokenWrapper wrapper) {
@@ -329,7 +476,8 @@
             }
         }
     }
-    private void doSignature(Vector<WSEncryptionPart> sigParts) throws 
WSSecurityException {
+    private void doSignature(Vector<WSEncryptionPart> sigParts,
+                             Element appendAfter) throws WSSecurityException {
         Token sigToken = null;
         TokenWrapper wrapper = null;
         if (isRequestor()) {
@@ -390,7 +538,13 @@
             sig.addReferencesToSign(sigParts, secHeader);
             sig.computeSignature();
 
-            sig.prependToHeader(secHeader);
+            if (appendAfter != null) {
+                insertAfter(sig.getSignatureElement(),
+                            secHeader.getSecurityHeader(),
+                            appendAfter);
+            } else {
+                sig.prependToHeader(secHeader);
+            }
 
             mainSigId = addWsuIdToElement(sig.getSignatureElement());
         }

Modified: 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
 (original)
+++ 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
 Tue Sep 23 10:29:10 2008
@@ -171,6 +171,14 @@
             return ais.iterator().next().getAssertion();
         }
         return null;
+    } 
+    
+    protected void insertAfter(Element child, Element parent, Element sib) {
+        if (sib.getNextSibling() == null) {
+            parent.appendChild(child);
+        } else {
+            parent.insertBefore(child, sib.getNextSibling());
+        }
     }
         
     protected WSSecTimestamp createTimestamp() {

Modified: 
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- 
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
 (original)
+++ 
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
 Tue Sep 23 10:29:10 2008
@@ -45,7 +45,8 @@
 public class SecurityPolicyTest extends AbstractBusClientServerTestBase  {
     public static final String POLICY_ADDRESS = 
"http://localhost:9010/SecPolTest";;
     public static final String POLICY_HTTPS_ADDRESS = 
"https://localhost:9009/SecPolTest";;
-    public static final String POLICY_ENC_ADDRESS = 
"http://localhost:9010/SecPolTestEncrypt";;
+    public static final String POLICY_ENCSIGN_ADDRESS = 
"http://localhost:9010/SecPolTestEncryptThenSign";;
+    public static final String POLICY_SIGNENC_ADDRESS = 
"http://localhost:9010/SecPolTestSignThenEncrypt";;
 
     
     public static class ServerPasswordCallback implements CallbackHandler {
@@ -76,12 +77,24 @@
         Endpoint.publish(POLICY_ADDRESS,
                          new DoubleItImpl());
         
-        ep = (EndpointImpl)Endpoint.publish(POLICY_ENC_ADDRESS,
-                                            new DoubleItImplEncrypt());
+        ep = (EndpointImpl)Endpoint.publish(POLICY_ENCSIGN_ADDRESS,
+                                            new DoubleItImplEncryptThenSign());
         
         EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo(); 
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new 
ServerPasswordCallback());
+        ei.setProperty(SecurityConstants.USERNAME, "alice");
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new 
KeystorePasswordCallback());
+        ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
+                       
SecurityPolicyTest.class.getResource("alice.properties").toString());
+        ei.setProperty(SecurityConstants.ENCRYPT_USERNAME, "bob");
+        ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
+                       
SecurityPolicyTest.class.getResource("bob.properties").toString());
+
+        ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_ADDRESS,
+                                            new DoubleItImplSignThenEncrypt());
         
+        ei = ep.getServer().getEndpoint().getEndpointInfo(); 
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new 
ServerPasswordCallback());
         ei.setProperty(SecurityConstants.USERNAME, "alice");
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new 
KeystorePasswordCallback());
         ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
@@ -96,7 +109,19 @@
         DoubleItService service = new DoubleItService();
         DoubleItPortType pt;
 
-        pt = service.getDoubleItPortEncrypt();
+        pt = service.getDoubleItPortEncryptThenSign();
+        
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, 
"alice");
+        
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
 
+                                                      new 
KeystorePasswordCallback());
+        
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+                                                      
getClass().getResource("alice.properties"));
+        
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
 "Bob");
+        
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
 
+                                                      
getClass().getResource("bob.properties"));
+        pt.doubleIt(BigInteger.valueOf(5));
+        
+        
+        pt = service.getDoubleItPortSignThenEncrypt();
         
((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, 
"alice");
         
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
 
                                                       new 
KeystorePasswordCallback());
@@ -159,11 +184,22 @@
         }
     }
     @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt";, 
-                portName = "DoubleItPortEncrypt",
+                portName = "DoubleItPortEncryptThenSign",
+                serviceName = "DoubleItService", 
+                endpointInterface = 
"org.apache.cxf.policytest.doubleit.DoubleItPortType",
+                wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+    public static class DoubleItImplEncryptThenSign implements 
DoubleItPortType {
+        /** [EMAIL PROTECTED]/
+        public BigInteger doubleIt(BigInteger numberToDouble) {
+            return numberToDouble.multiply(new BigInteger("2"));
+        }
+    }
+    @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt";, 
+                portName = "DoubleItPortSignThenEncrypt",
                 serviceName = "DoubleItService", 
                 endpointInterface = 
"org.apache.cxf.policytest.doubleit.DoubleItPortType",
                 wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
-    public static class DoubleItImplEncrypt implements DoubleItPortType {
+    public static class DoubleItImplSignThenEncrypt implements 
DoubleItPortType {
         /** [EMAIL PROTECTED]/
         public BigInteger doubleIt(BigInteger numberToDouble) {
             return numberToDouble.multiply(new BigInteger("2"));

Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: 
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Tue Sep 23 
10:29:10 2008
@@ -68,8 +68,18 @@
          <wsdl:output><soap:body use="literal"/></wsdl:output>
       </wsdl:operation>
    </wsdl:binding>
-   <wsdl:binding name="DoubleItBindingEncrypt" type="tns:DoubleItPortType">
-      <wsp:PolicyReference URI="#DoubleItEncryptPolicy"/>
+   <wsdl:binding name="DoubleItBindingEncryptThenSign" 
type="tns:DoubleItPortType">
+      <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy"/>
+      <soap:binding style="document"
+         transport="http://schemas.xmlsoap.org/soap/http"; />
+      <wsdl:operation name="DoubleIt">
+         <soap:operation soapAction=""/>
+         <wsdl:input><soap:body use="literal"/></wsdl:input>
+         <wsdl:output><soap:body use="literal"/></wsdl:output>
+      </wsdl:operation>
+   </wsdl:binding>
+   <wsdl:binding name="DoubleItBindingSignThenEncrypt" 
type="tns:DoubleItPortType">
+      <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy"/>
       <soap:binding style="document"
          transport="http://schemas.xmlsoap.org/soap/http"; />
       <wsdl:operation name="DoubleIt">
@@ -87,9 +97,13 @@
          <soap:address 
             location="http://localhost:9010/SecPolTest"/>
       </wsdl:port>
-      <wsdl:port name="DoubleItPortEncrypt" 
binding="tns:DoubleItBindingEncrypt">
+      <wsdl:port name="DoubleItPortEncryptThenSign" 
binding="tns:DoubleItBindingEncryptThenSign">
          <soap:address 
-            location="http://localhost:9010/SecPolTestEncrypt"/>
+            location="http://localhost:9010/SecPolTestEncryptThenSign"/>
+      </wsdl:port>
+      <wsdl:port name="DoubleItPortSignThenEncrypt" 
binding="tns:DoubleItBindingSignThenEncrypt">
+         <soap:address 
+            location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
       </wsdl:port>
    </wsdl:service>
    
@@ -137,7 +151,61 @@
          </wsp:All>
       </wsp:ExactlyOne>
    </wsp:Policy>
-  <wsp:Policy wsu:Id="DoubleItEncryptPolicy">
+  <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+    <wsp:ExactlyOne>
+      <wsp:All>
+        <sp:AsymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+          <wsp:Policy>
+            <sp:InitiatorToken>
+              <wsp:Policy>
+                <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+                  <wsp:Policy>
+                    <sp:WssX509V1Token11/>
+                  </wsp:Policy>
+                  </sp:X509Token>
+              </wsp:Policy>
+            </sp:InitiatorToken>
+            <sp:RecipientToken>
+              <wsp:Policy>
+                <sp:X509Token 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+                  <wsp:Policy>
+                    <sp:WssX509V1Token11/>
+                  </wsp:Policy>
+                </sp:X509Token>
+              </wsp:Policy>
+            </sp:RecipientToken>
+            <sp:AlgorithmSuite>
+              <wsp:Policy>
+                <sp:TripleDesRsa15/>
+              </wsp:Policy>
+            </sp:AlgorithmSuite>
+            <sp:Layout>
+              <wsp:Policy>
+                <sp:Lax/>
+              </wsp:Policy>
+            </sp:Layout>
+            <sp:IncludeTimestamp/>
+            <sp:EncryptSignature/>
+            <sp:OnlySignEntireHeadersAndBody/>
+            <sp:EncryptBeforeSigning/>
+          </wsp:Policy>
+        </sp:AsymmetricBinding>
+        <sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+          <sp:Body/>
+        </sp:SignedParts>
+        <sp:EncryptedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+          <sp:Body/>
+        </sp:EncryptedParts>
+        <sp:Wss10 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+          <wsp:Policy>
+            <!-- sp:MustSupportRefKeyIdentifier/-->
+            <sp:MustSupportRefIssuerSerial/>
+          </wsp:Policy>
+        </sp:Wss10>
+      </wsp:All>
+    </wsp:ExactlyOne>
+  </wsp:Policy>
+  <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
     <wsp:ExactlyOne>
       <wsp:All>
         <sp:AsymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
@@ -173,6 +241,7 @@
             <sp:IncludeTimestamp/>
             <sp:EncryptSignature/>
             <sp:OnlySignEntireHeadersAndBody/>
+            <sp:SignBeforeEncrypting/>
           </wsp:Policy>
         </sp:AsymmetricBinding>
         <sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
@@ -190,5 +259,4 @@
       </wsp:All>
     </wsp:ExactlyOne>
   </wsp:Policy>
-
 </wsdl:definitions>


Reply via email to