Author: coheigea
Date: Tue Jun 5 11:20:46 2012
New Revision: 1346345
URL: http://svn.apache.org/viewvc?rev=1346345&view=rev
Log:
Merged revisions 1346342 via git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1346342 | coheigea | 2012-06-05 12:10:58 +0100 (Tue, 05 Jun 2012) | 3 lines
[CXF-4357][CXF-4358] - Support KeyValueTokens via the Transport binding
- Also fixed "NullPointerException in the TransportBindingHandler".
........
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Tue Jun 5 11:20:46 2012
@@ -62,6 +62,7 @@ import org.apache.ws.security.WSConstant
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.message.WSSecDKSign;
@@ -280,7 +281,6 @@ public class TransportBindingHandler ext
if (token instanceof IssuedToken
|| token instanceof SecureConversationToken
|| token instanceof SecurityContextToken
- || token instanceof KeyValueToken
|| token instanceof KerberosToken) {
addSig(
signatureValues,
@@ -386,6 +386,10 @@ public class TransportBindingHandler ext
boolean tokenIncluded = false;
// Get the issued token
SecurityToken secTok = getSecurityToken();
+ if (secTok == null) {
+ LOG.fine("The retrieved SecurityToken was null");
+ throw new WSSecurityException("The retrieved SecurityToken was
null");
+ }
if (includeToken(token.getInclusion())) {
//Add the token
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -19,6 +19,7 @@
package org.apache.cxf.ws.security.wss4j.policyvalidators;
+import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
@@ -300,6 +301,40 @@ public abstract class AbstractSupporting
}
/**
+ * Process KeyValue Tokens.
+ */
+ protected boolean processKeyValueTokens() {
+ List<WSSecurityEngineResult> tokenResults = new
ArrayList<WSSecurityEngineResult>();
+ for (WSSecurityEngineResult wser : signedResults) {
+ PublicKey publicKey =
+ (PublicKey)wser.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
+ if (publicKey != null) {
+ tokenResults.add(wser);
+ }
+ }
+
+ if (tokenResults.isEmpty()) {
+ return false;
+ }
+
+ if (signed && !areTokensSigned(tokenResults)) {
+ return false;
+ }
+ if (encrypted && !areTokensEncrypted(tokenResults)) {
+ return false;
+ }
+ if (endorsed && !checkEndorsed(tokenResults)) {
+ return false;
+ }
+
+ if (!validateSignedEncryptedPolicies(tokenResults)) {
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
* Validate (SignedParts|SignedElements|EncryptedParts|EncryptedElements)
policies of this
* SupportingToken.
*/
@@ -447,7 +482,7 @@ public abstract class AbstractSupporting
if (!isTLSInUse()) {
for (WSSecurityEngineResult wser : tokens) {
Element tokenElement =
(Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
- if (!isTokenSigned(tokenElement)) {
+ if (tokenElement == null || !isTokenSigned(tokenElement)) {
return false;
}
}
@@ -462,7 +497,7 @@ public abstract class AbstractSupporting
if (!isTLSInUse()) {
for (WSSecurityEngineResult wser : tokens) {
Element tokenElement =
(Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
- if (!isTokenEncrypted(tokenElement)) {
+ if (tokenElement == null || !isTokenEncrypted(tokenElement)) {
return false;
}
}
@@ -538,6 +573,8 @@ public abstract class AbstractSupporting
Integer actInt =
(Integer)token.get(WSSecurityEngineResult.TAG_ACTION);
BinarySecurity binarySecurity =
(BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
+ PublicKey publicKey =
+ (PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
if (binarySecurity instanceof X509Security
|| binarySecurity instanceof PKIPathSecurity) {
X509Certificate foundCert =
@@ -560,14 +597,18 @@ public abstract class AbstractSupporting
return true;
}
}
- } else {
- byte[] foundSecret =
(byte[])token.get(WSSecurityEngineResult.TAG_SECRET);
- if (foundSecret != null && Arrays.equals(foundSecret, secret))
{
+ } else if (publicKey != null) {
+ PublicKey foundPublicKey =
+
(PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
+ if (publicKey.equals(foundPublicKey)) {
return true;
}
+ } else {
+ byte[] foundSecret =
(byte[])token.get(WSSecurityEngineResult.TAG_SECRET);
byte[] derivedKey =
(byte[])token.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY);
- if (derivedKey != null && Arrays.equals(derivedKey, secret)) {
+ if ((foundSecret != null && Arrays.equals(foundSecret, secret))
+ || (derivedKey != null && Arrays.equals(derivedKey,
secret))) {
return true;
}
}
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -98,6 +99,10 @@ public class ConcreteSupportingTokenPoli
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof SecurityContextToken) {
if (!processSCTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -94,6 +95,10 @@ public class EncryptedTokenPolicyValidat
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof SecurityContextToken) {
if (!processSCTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -94,6 +95,10 @@ public class EndorsingEncryptedTokenPoli
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof UsernameToken) {
if (!processUsernameTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -93,6 +94,10 @@ public class EndorsingTokenPolicyValidat
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof UsernameToken) {
if (!processUsernameTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -95,6 +96,10 @@ public class SignedEncryptedTokenPolicyV
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof SecurityContextToken) {
if (!processSCTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -99,6 +100,10 @@ public class SignedEndorsingEncryptedTok
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof UsernameToken) {
if (!processUsernameTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -97,6 +98,10 @@ public class SignedEndorsingTokenPolicyV
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof UsernameToken) {
if (!processUsernameTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
(original)
+++
cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
Tue Jun 5 11:20:46 2012
@@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KerberosToken;
+import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SamlToken;
import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -98,6 +99,10 @@ public class SignedTokenPolicyValidator
if (!processX509Tokens()) {
processingFailed = true;
}
+ } else if (token instanceof KeyValueToken) {
+ if (!processKeyValueTokens()) {
+ processingFailed = true;
+ }
} else if (token instanceof SecurityContextToken) {
if (!processSCTokens()) {
processingFailed = true;
Modified:
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
(original)
+++
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Tue Jun 5 11:20:46 2012
@@ -488,6 +488,30 @@ public class X509TokenTest extends Abstr
x509Port.doubleIt(25);
}
+ @org.junit.Test
+ public void testTransportKVT() throws Exception {
+ if (!unrestrictedPoliciesInstalled) {
+ return;
+ }
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client/client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItTransportKVTPort");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, PORT2);
+ x509Port.doubleIt(25);
+
+ bus.shutdown(true);
+ }
+
private boolean checkUnrestrictedPoliciesInstalled() {
try {
byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
Modified:
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
(original)
+++
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
Tue Jun 5 11:20:46 2012
@@ -275,6 +275,23 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItTransportKVTBinding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItTransportKVTPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault" />
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItKeyIdentifierPort"
binding="tns:DoubleItKeyIdentifierBinding">
@@ -326,6 +343,10 @@
binding="tns:DoubleItTransportSupportingSignedBinding">
<soap:address
location="https://localhost:9002/DoubleItX509TransportSupportingSigned"; />
</wsdl:port>
+ <wsdl:port name="DoubleItTransportKVTPort"
+ binding="tns:DoubleItTransportKVTBinding">
+ <soap:address
location="https://localhost:9002/DoubleItX509TransportKVT"; />
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItKeyIdentifierPolicy">
@@ -846,6 +867,45 @@
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItTransportKVTPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:KeyValueToken
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:RsaKeyValue />
+ </wsp:Policy>
+ </sp:KeyValueToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
Modified:
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
(original)
+++
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
Tue Jun 5 11:20:46 2012
@@ -222,6 +222,17 @@
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItTransportKVTPort";
+ createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.signature.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.callback-handler"
+
value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+ </jaxws:properties>
+ </jaxws:client>
+
<http:conduit name="https://localhost:.*";>
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
Modified:
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
URL:
http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1346345&r1=1346344&r2=1346345&view=diff
==============================================================================
---
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
(original)
+++
cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
Tue Jun 5 11:20:46 2012
@@ -365,4 +365,22 @@
</jaxws:endpoint>
+ <jaxws:endpoint
+ id="TransportKVT"
+
address="https://localhost:${testutil.ports.Server.2}/DoubleItX509TransportKVT";
+ serviceName="s:DoubleItService"
+ endpointName="s:DoubleItTransportKVTPort"
+ xmlns:s="http://www.example.org/contract/DoubleIt";
+ implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+ wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"
+ depends-on="tls-settings">
+
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties"
+
value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+ <entry key="ws-security.is-bsp-compliant" value="false"/>
+ </jaxws:properties>
+
+ </jaxws:endpoint>
+
</beans>
