Author: dvaleri
Date: Thu Apr  1 14:52:54 2010
New Revision: 929993

URL: http://svn.apache.org/viewvc?rev=929993&view=rev
Log:
[CXF-2639] Expose Cryptographic coverage checking code from 
PolicyBasedWSS4JInInterceptor in a non-WS-Policy based interceptor

Added:
    
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
   (with props)
    
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
   (with props)
Modified:
    
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
    
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java

Added: 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=929993&view=auto
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
 (added)
+++ 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
 Thu Apr  1 14:52:54 2010
@@ -0,0 +1,300 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPMessage;
+
+import org.apache.cxf.binding.soap.SoapFault;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor;
+import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+
+/**
+ * Utility to enable the checking of WS-Security signature/encryption
+ * coverage based on the results of the WSS4J processors.  This interceptor
+ * provides an alternative to using WS-Policy based configuration for crypto
+ * coverage enforcement.
+ * <p/>
+ * Note that the processor must properly address the Security Token
+ * Reference Dereference transform in the case of a signed security token
+ * such as a SAML assertion.  Consequently, a version of WSS4J that properly
+ * addresses this transform must be used with this utility if you wish to 
+ * check coverage over a message part referenced through the Security Token
+ * Reference Dereference transform.
+ * See <a href="https://issues.apache.org/jira/browse/WSS-222";>WSS-222</a>
+ * for more details.
+ */
+public class CryptoCoverageChecker extends AbstractSoapInterceptor {
+    
+    /**
+     * The XPath expressions for locating elements in SOAP messages
+     * that must be covered.  See {...@link #prefixMap}
+     * for namespace prefixes available.
+     */
+    protected List<XPathExpression> xPaths = new ArrayList<XPathExpression>();
+    
+    /**
+     * Mapping of namespace prefixes to namespace URIs.
+     */
+    protected Map<String, String> prefixMap = new HashMap<String, String>();
+    
+    /**
+     * Creates a new instance.  See {...@link #setPrefixes()} and {...@link 
#setXpaths()}
+     * for providing configuration options.
+     */
+    public CryptoCoverageChecker() {
+        this(null, null);
+    }
+    
+    /**
+     * Creates a new instance that checks for signature coverage over matches 
to
+     * the provided XPath expressions making defensive copies of provided 
arguments.
+     * 
+     * @param prefixes
+     *            mapping of namespace prefixes to namespace URIs
+     * @param xPaths
+     *            a list of XPath expressions
+     */
+    public CryptoCoverageChecker(Map<String, String> prefixes, 
List<XPathExpression> xPaths)
+    {
+        super(Phase.PRE_PROTOCOL);
+        this.addAfter(WSS4JInInterceptor.class.getName());
+        this.setPrefixes(prefixes);
+        this.setXPaths(xPaths);
+    }
+
+    /**
+     * Checks that the WSS4J results refer to the required signed/encrypted
+     * elements as defined by the XPath expressions in {...@link #xPaths}.
+     * 
+     * @param message
+     *            the SOAP message containing the signature
+     * 
+     * @throws SoapFault
+     *             if there is an error evaluating an XPath or an element is 
not
+     *             covered by the required cryptographic operation
+     */
+    @Override
+    public void handleMessage(SoapMessage message) throws Fault {
+        final Collection<WSDataRef> signed = new HashSet<WSDataRef>();
+        final Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
+        
+        List<Object> results = CastUtils.cast(
+                (List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
+        
+        for (Object result : results) {
+        
+            final WSHandlerResult wshr = (WSHandlerResult) result;
+            final Vector<Object> wsSecurityEngineSignResults = new 
Vector<Object>();
+            final Vector<Object> wsSecurityEngineEncResults = new 
Vector<Object>();
+            
+            WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
+                    WSConstants.SIGN, wsSecurityEngineSignResults);
+            
+            WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
+                    WSConstants.ENCR, wsSecurityEngineEncResults);
+            
+            for (Object o : wsSecurityEngineSignResults) {
+                WSSecurityEngineResult wser = (WSSecurityEngineResult) o;
+            
+                List<WSDataRef> sl = CastUtils.cast((List<?>) wser
+                        .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+                if (sl != null) {
+                    if (sl.size() == 1
+                        && sl.get(0).getName().equals(new 
QName(WSConstants.SIG_NS, WSConstants.SIG_LN))) {
+                        //endorsing the signature so don't include
+                        break;
+                    }
+                    
+                    for (WSDataRef r : sl) {
+                        signed.add(r);
+                    }
+                }
+            }
+            
+            for (Object o : wsSecurityEngineEncResults) {
+                WSSecurityEngineResult wser = (WSSecurityEngineResult) o;
+            
+                List<WSDataRef> el = CastUtils.cast((List<?>) wser
+                        .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
+
+                if (el != null) {
+                    for (WSDataRef r : el) {
+                        encrypted.add(r);
+                    }
+                }
+            }
+        }
+        
+        for (XPathExpression xPathExpression : this.xPaths) {
+            Collection<WSDataRef> refsToCheck = null;
+            
+            switch (xPathExpression.getType()) {
+            case SIGNED:
+                refsToCheck = signed;
+                break;
+            case ENCRYPTED:
+                refsToCheck = encrypted;
+                break;
+            default:
+                throw new IllegalStateException("Unexpected crypto type: " 
+                        + xPathExpression.getType());
+            }
+                    
+            try {
+                CryptoCoverageUtil.checkCoverage(
+                        message.getContent(SOAPMessage.class),
+                        refsToCheck,
+                        this.prefixMap, 
+                        xPathExpression.getXPath(),
+                        xPathExpression.getType(),
+                        xPathExpression.getScope());
+            } catch (WSSecurityException e) {
+                throw new SoapFault("No " + xPathExpression.getType()
+                        + " element found matching XPath "
+                        + xPathExpression.getXPath(), Fault.FAULT_CODE_CLIENT);
+            }
+        }
+    }
+
+    /**
+     * Sets the XPath expressions to check for, clearing all previously
+     * set expressions.
+     *
+     * @param xPaths the XPath expressions to check for
+     */
+    public final void setXPaths(List<XPathExpression> xPaths) {
+        this.xPaths.clear();
+        if (xPaths != null) {
+            this.xPaths.addAll(xPaths);
+        }
+    }
+
+    /**
+     * Sets the mapping of namespace prefixes to namespace URIs, clearing all 
previously
+     * set mappings.
+     *
+     * @param prefixes the mapping of namespace prefixes to namespace URIs
+     */
+    public final void setPrefixes(Map<String, String> prefixes) {
+        this.prefixMap.clear();
+        if (prefixes != null) {
+            this.prefixMap.putAll(prefixes);
+        }
+    }
+
+    /**
+     * A simple wrapper for an XPath expression and coverage type / scope
+     * indicating how the XPath expression should be enforced as a 
cryptographic
+     * coverage requirement.
+     */
+    public static class XPathExpression {
+        
+        /**
+         * The XPath expression.
+         */
+        private final String xPath;
+        
+        /**
+         * The type of coverage that is being enforced.
+         */
+        private final CoverageType type;
+        
+        /**
+         * The scope of the coverage that is being enforced.
+         */
+        private final CoverageScope scope;
+
+        /**
+         * Create a new expression indicating a cryptographic coverage
+         * requirement. If {...@code type} is {...@link CoverageType#SIGNED}, 
the
+         * {...@code scope} {...@link CoverageScope#CONTENT} does not 
represent a
+         * configuration supported in WS-Security.
+         * 
+         * @param xPath
+         *            the XPath expression
+         * @param type
+         *            the type of coverage that the expression is meant to
+         *            enforce
+         * @param scope
+         *            the scope of coverage that the expression is meant to
+         *            enforce, defaults to {...@link CoverageScope#ELEMENT}
+         * 
+         * @throws NullPointerException
+         *             if {...@code xPath} or {...@code type} is {...@code 
null}
+         */
+        public XPathExpression(String xPath, CoverageType type, CoverageScope 
scope) {
+            if (xPath == null) {
+                throw new NullPointerException("xPath cannot be null.");
+            } else if (type == null) {
+                throw new NullPointerException("type cannot be null.");
+            }
+            
+            this.xPath = xPath;
+            this.type = type;
+            this.scope = scope;
+        }
+
+        /**
+         * Returns the XPath expression.
+         * @return the XPath expression
+         */
+        public String getXPath() {
+            return this.xPath;
+        }
+
+        /**
+         * Returns the coverage type.
+         * @return the coverage type
+         */
+        public CoverageType getType() {
+            return this.type;
+        }
+
+        /**
+         * Returns the coverage scope.
+         * @return the coverage scope
+         */
+        public CoverageScope getScope() {
+            return this.scope;
+        }
+    }
+}

Propchange: 
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java?rev=929993&r1=929992&r2=929993&view=diff
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
 (original)
+++ 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/AbstractSecurityTest.java
 Thu Apr  1 14:52:54 2010
@@ -21,20 +21,30 @@ package org.apache.cxf.ws.security.wss4j
 import java.io.IOException;
 import java.io.InputStream;
 
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.soap.MessageFactory;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Document;
 
 import org.xml.sax.SAXException;
 
 import org.apache.cxf.binding.soap.Soap11;
+import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.test.AbstractCXFTest;
 import org.apache.ws.security.WSConstants;
 
+
 public abstract class AbstractSecurityTest extends AbstractCXFTest {
     public AbstractSecurityTest() {
         super();
@@ -47,16 +57,59 @@ public abstract class AbstractSecurityTe
         addNamespace("wsu", WSConstants.WSU_NS);
     }
 
+    /**
+     * Reads a classpath resource into a Document.
+     * @param name the name of the classpath resource
+     */
     protected Document readDocument(String name) throws SAXException, 
IOException,
         ParserConfigurationException {
         InputStream inStream = getClass().getResourceAsStream(name);
         return DOMUtils.readXml(inStream);
     }
-    
 
+    /**
+     * Reads a classpath resource into a SAAJ structure.
+     * @param name the name of the classpath resource
+     */
     protected SOAPMessage readSAAJDocument(String name) throws SAXException, 
IOException,
         ParserConfigurationException, SOAPException {
         InputStream inStream = getClass().getResourceAsStream(name);
         return MessageFactory.newInstance().createMessage(null, inStream);
     }
+    
+    /**
+     * Creates a {...@link SoapMessage} from the contents of a document.
+     * @param doc the document containing the SOAP content.
+     */
+    protected SoapMessage getSoapMessageForDom(Document doc) throws 
SOAPException {
+        SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
+        SOAPPart part = saajMsg.getSOAPPart();
+        part.setContent(new DOMSource(doc));
+        saajMsg.saveChanges();
+
+        SoapMessage msg = new SoapMessage(new MessageImpl());
+        Exchange ex = new ExchangeImpl();
+        ex.setInMessage(msg);
+        msg.setContent(SOAPMessage.class, saajMsg);
+        return msg;
+    }
+    
+    protected static boolean checkUnrestrictedPoliciesInstalled() {
+        try {
+            byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+            SecretKey key192 = new SecretKeySpec(
+                new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+                            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+                            "AES");
+            Cipher c = Cipher.getInstance("AES");
+            c.init(Cipher.ENCRYPT_MODE, key192);
+            c.doFinal(data);
+            return true;
+        } catch (Exception e) {
+            //ignore
+        }
+        return false;
+    }
 }

Added: 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java?rev=929993&view=auto
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
 (added)
+++ 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
 Thu Apr  1 14:52:54 2010
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.SortedSet;
+import java.util.TreeSet;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor;
+import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.Interceptor;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.phase.PhaseInterceptorChain;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageChecker.XPathExpression;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.junit.Test;
+
+
+
+public class CryptoCoverageCheckerTest extends AbstractSecurityTest {
+    
+    @Test
+    public void testOrder() throws Exception {
+        //make sure the interceptors get ordered correctly
+        SortedSet<Phase> phases = new TreeSet<Phase>();
+        phases.add(new Phase(Phase.PRE_PROTOCOL, 1));
+        
+        List<Interceptor<? extends Message>> lst = 
+            new ArrayList<Interceptor<? extends Message>>();
+        lst.add(new MustUnderstandInterceptor());
+        lst.add(new WSS4JInInterceptor());
+        lst.add(new SAAJInInterceptor());
+        lst.add(new CryptoCoverageChecker());
+        PhaseInterceptorChain chain = new PhaseInterceptorChain(phases);
+        chain.add(lst);
+        String output = chain.toString();
+        assertTrue(output.contains("MustUnderstandInterceptor, 
SAAJInInterceptor, "
+                + "WSS4JInInterceptor, CryptoCoverageChecker"));
+    }
+    
+    @Test
+    public void testSignedWithIncompleteCoverage() throws Exception {
+        this.runInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_header.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//ser:Header", CoverageType.SIGNED, 
CoverageScope.ELEMENT)),
+                false);
+        
+        // This is mostly testing that things work with no prefixes.
+        this.runInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_header.xml",
+                null,
+                Arrays.asList(new XPathExpression(
+                        "//*", CoverageType.SIGNED, CoverageScope.ELEMENT)),
+                false);
+        
+        // This is mostly testing that things work with no expressions.
+        this.runInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_header.xml",
+                null,
+                null,
+                true);
+    }
+    
+    @Test
+    public void testSignedWithCompleteCoverage() throws Exception {
+        this.runInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
+                null,
+                null,
+                true);
+        
+        this.runInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//ser:Header", CoverageType.SIGNED, 
CoverageScope.ELEMENT)),
+                true);
+    }
+    
+    @Test
+    public void testEncryptedWithIncompleteCoverage() throws Exception {
+        this.runInterceptorAndValidate(
+                "encrypted_missing_enc_header.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//ser:Header", CoverageType.ENCRYPTED, 
CoverageScope.ELEMENT)),
+                false);
+        
+        this.runInterceptorAndValidate(
+                "encrypted_body_content.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//soap:Body", CoverageType.ENCRYPTED, 
CoverageScope.ELEMENT)),
+                false);
+        
+        this.runInterceptorAndValidate(
+                "encrypted_body_element.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//soap:Body", CoverageType.ENCRYPTED, 
CoverageScope.CONTENT)),
+                false);
+    }
+    
+    @Test
+    public void testEncryptedWithCompleteCoverage() throws Exception {
+        this.runInterceptorAndValidate(
+                "encrypted_body_content.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//ser:Header", CoverageType.ENCRYPTED, 
CoverageScope.ELEMENT)),
+                true);
+        
+        this.runInterceptorAndValidate(
+                "encrypted_body_element.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//soap:Body", CoverageType.ENCRYPTED, 
CoverageScope.ELEMENT)),
+                true);
+        
+        this.runInterceptorAndValidate(
+                "encrypted_body_content.xml",
+                this.getPrefixes(),
+                Arrays.asList(new XPathExpression(
+                        "//soap:Body", CoverageType.ENCRYPTED, 
CoverageScope.CONTENT)),
+                true);
+    }
+    
+    private Map<String, String> getPrefixes() {
+        final Map<String, String> prefixes = new HashMap<String, String>();
+        prefixes.put("ser", "http://www.sdj.pl";);
+        prefixes.put("soap", "http://schemas.xmlsoap.org/soap/envelope/";);
+        
+        return prefixes;
+    }
+    
+    private void runInterceptorAndValidate(
+            String document,
+            Map<String, String> prefixes, 
+            List<XPathExpression> xpaths,
+            boolean pass) throws Exception {
+        
+        final Document doc = this.readDocument(document);
+        final SoapMessage msg = this.getSoapMessageForDom(doc);
+        final CryptoCoverageChecker checker = new 
CryptoCoverageChecker(prefixes, xpaths);
+        final PhaseInterceptor<SoapMessage> wss4jInInterceptor = 
this.getWss4jInInterceptor();
+        
+        wss4jInInterceptor.handleMessage(msg);
+        
+        try {
+            checker.handleMessage(msg);
+            if (!pass) {
+                fail("Passed interceptor erroneously.");
+            }
+        } catch (Fault e) {
+            if (pass) {
+                fail("Failed interceptor erroneously.");
+            }
+            
+            assertTrue(e.getMessage().contains("element found matching 
XPath"));
+        }
+    }
+    
+    private PhaseInterceptor<SoapMessage> getWss4jInInterceptor() {
+        final WSS4JInInterceptor inHandler = new WSS4JInInterceptor(true);
+        final String action = WSHandlerConstants.SIGNATURE + " " + 
WSHandlerConstants.ENCRYPT;
+        
+        inHandler.setProperty(WSHandlerConstants.ACTION, action);
+        inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
+                "META-INF/cxf/insecurity.properties");
+        inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
+                "META-INF/cxf/insecurity.properties");
+        inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, 
+                TestPwdCallback.class.getName());
+        
+        return inHandler;
+    }
+}

Propchange: 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: 
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=929993&r1=929992&r2=929993&view=diff
==============================================================================
--- 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
 (original)
+++ 
cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
 Thu Apr  1 14:52:54 2010
@@ -16,7 +16,6 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-
 package org.apache.cxf.ws.security.wss4j;
 
 
@@ -27,15 +26,9 @@ import java.util.Map;
 import java.util.Vector;
 import java.util.concurrent.Executor;
 
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
 import javax.xml.namespace.QName;
-import javax.xml.soap.MessageFactory;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
-import javax.xml.soap.SOAPPart;
-import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -46,10 +39,7 @@ import org.apache.cxf.binding.soap.SoapM
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.feature.AbstractFeature;
 import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider;
-import org.apache.cxf.message.Exchange;
-import org.apache.cxf.message.ExchangeImpl;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.model.BindingInfo;
 import org.apache.cxf.service.model.EndpointInfo;
@@ -74,26 +64,7 @@ import org.junit.Test;
 
 public class PolicyBasedWss4JInOutTest extends AbstractSecurityTest {
     private PolicyBuilder policyBuilder;
-       
-    public static boolean checkUnrestrictedPoliciesInstalled() {
-        try {
-            byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
 
-            SecretKey key192 = new SecretKeySpec(
-                new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-                            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
-                            "AES");
-            Cipher c = Cipher.getInstance("AES");
-            c.init(Cipher.ENCRYPT_MODE, key192);
-            c.doFinal(data);
-            return true;
-        } catch (Exception e) {
-            //ignore
-        }
-        return false;
-    }
-    
     @Test
     public void testSignedElementsPolicyWithIncompleteCoverage() throws 
Exception {
         this.runInInterceptorAndValidate(
@@ -828,15 +799,8 @@ public class PolicyBasedWss4JInOutTest e
     
     private SoapMessage getSoapMessageForDom(Document doc, AssertionInfoMap 
aim)
         throws SOAPException {
-        SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
-        SOAPPart part = saajMsg.getSOAPPart();
-        part.setContent(new DOMSource(doc));
-        saajMsg.saveChanges();
-        
-        SoapMessage msg = new SoapMessage(new MessageImpl());
-        Exchange ex = new ExchangeImpl();
-        ex.setInMessage(msg);
-        msg.setContent(SOAPMessage.class, saajMsg);
+        
+        SoapMessage msg = this.getSoapMessageForDom(doc);
         if (aim != null) {
             msg.put(AssertionInfoMap.class, aim);
         }


Reply via email to