Author: coheigea Date: Tue Jun 5 11:33:30 2012 New Revision: 1346353 URL: http://svn.apache.org/viewvc?rev=1346353&view=rev Log: Merged revisions 1346345 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes
........ r1346345 | coheigea | 2012-06-05 12:20:46 +0100 (Tue, 05 Jun 2012) | 11 lines Merged revisions 1346342 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1346342 | coheigea | 2012-06-05 12:10:58 +0100 (Tue, 05 Jun 2012) | 3 lines [CXF-4357][CXF-4358] - Support KeyValueTokens via the Transport binding - Also fixed "NullPointerException in the TransportBindingHandler". ........ ........ Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Jun 5 11:33:30 2012 @@ -62,6 +62,7 @@ import org.apache.ws.security.WSConstant import org.apache.ws.security.WSEncryptionPart; import org.apache.ws.security.WSPasswordCallback; import org.apache.ws.security.WSSConfig; +import org.apache.ws.security.WSSecurityException; import org.apache.ws.security.components.crypto.Crypto; import org.apache.ws.security.conversation.ConversationConstants; import org.apache.ws.security.message.WSSecDKSign; @@ -280,7 +281,6 @@ public class TransportBindingHandler ext if (token instanceof IssuedToken || token instanceof SecureConversationToken || token instanceof SecurityContextToken - || token instanceof KeyValueToken || token instanceof KerberosToken) { addSig( signatureValues, @@ -386,6 +386,10 @@ public class TransportBindingHandler ext boolean tokenIncluded = false; // Get the issued token SecurityToken secTok = getSecurityToken(); + if (secTok == null) { + LOG.fine("The retrieved SecurityToken was null"); + throw new WSSecurityException("The retrieved SecurityToken was null"); + } if (includeToken(token.getInclusion())) { //Add the token Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -19,6 +19,7 @@ package org.apache.cxf.ws.security.wss4j.policyvalidators; +import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; @@ -300,6 +301,40 @@ public abstract class AbstractSupporting } /** + * Process KeyValue Tokens. + */ + protected boolean processKeyValueTokens() { + List<WSSecurityEngineResult> tokenResults = new ArrayList<WSSecurityEngineResult>(); + for (WSSecurityEngineResult wser : signedResults) { + PublicKey publicKey = + (PublicKey)wser.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); + if (publicKey != null) { + tokenResults.add(wser); + } + } + + if (tokenResults.isEmpty()) { + return false; + } + + if (signed && !areTokensSigned(tokenResults)) { + return false; + } + if (encrypted && !areTokensEncrypted(tokenResults)) { + return false; + } + if (endorsed && !checkEndorsed(tokenResults)) { + return false; + } + + if (!validateSignedEncryptedPolicies(tokenResults)) { + return false; + } + + return true; + } + + /** * Validate (SignedParts|SignedElements|EncryptedParts|EncryptedElements) policies of this * SupportingToken. */ @@ -447,7 +482,7 @@ public abstract class AbstractSupporting if (!isTLSInUse()) { for (WSSecurityEngineResult wser : tokens) { Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); - if (!isTokenSigned(tokenElement)) { + if (tokenElement == null || !isTokenSigned(tokenElement)) { return false; } } @@ -462,7 +497,7 @@ public abstract class AbstractSupporting if (!isTLSInUse()) { for (WSSecurityEngineResult wser : tokens) { Element tokenElement = (Element)wser.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); - if (!isTokenEncrypted(tokenElement)) { + if (tokenElement == null || !isTokenEncrypted(tokenElement)) { return false; } } @@ -538,6 +573,8 @@ public abstract class AbstractSupporting Integer actInt = (Integer)token.get(WSSecurityEngineResult.TAG_ACTION); BinarySecurity binarySecurity = (BinarySecurity)token.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN); + PublicKey publicKey = + (PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); if (binarySecurity instanceof X509Security || binarySecurity instanceof PKIPathSecurity) { X509Certificate foundCert = @@ -560,14 +597,18 @@ public abstract class AbstractSupporting return true; } } - } else { - byte[] foundSecret = (byte[])token.get(WSSecurityEngineResult.TAG_SECRET); - if (foundSecret != null && Arrays.equals(foundSecret, secret)) { + } else if (publicKey != null) { + PublicKey foundPublicKey = + (PublicKey)token.get(WSSecurityEngineResult.TAG_PUBLIC_KEY); + if (publicKey.equals(foundPublicKey)) { return true; } + } else { + byte[] foundSecret = (byte[])token.get(WSSecurityEngineResult.TAG_SECRET); byte[] derivedKey = (byte[])token.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY); - if (derivedKey != null && Arrays.equals(derivedKey, secret)) { + if ((foundSecret != null && Arrays.equals(foundSecret, secret)) + || (derivedKey != null && Arrays.equals(derivedKey, secret))) { return true; } } Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -98,6 +99,10 @@ public class ConcreteSupportingTokenPoli if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof SecurityContextToken) { if (!processSCTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -94,6 +95,10 @@ public class EncryptedTokenPolicyValidat if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof SecurityContextToken) { if (!processSCTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -94,6 +95,10 @@ public class EndorsingEncryptedTokenPoli if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof UsernameToken) { if (!processUsernameTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -93,6 +94,10 @@ public class EndorsingTokenPolicyValidat if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof UsernameToken) { if (!processUsernameTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -95,6 +96,10 @@ public class SignedEncryptedTokenPolicyV if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof SecurityContextToken) { if (!processSCTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -99,6 +100,10 @@ public class SignedEndorsingEncryptedTok if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof UsernameToken) { if (!processUsernameTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -97,6 +98,10 @@ public class SignedEndorsingTokenPolicyV if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof UsernameToken) { if (!processUsernameTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java Tue Jun 5 11:33:30 2012 @@ -29,6 +29,7 @@ import org.apache.cxf.ws.security.policy import org.apache.cxf.ws.security.policy.SPConstants; import org.apache.cxf.ws.security.policy.model.IssuedToken; import org.apache.cxf.ws.security.policy.model.KerberosToken; +import org.apache.cxf.ws.security.policy.model.KeyValueToken; import org.apache.cxf.ws.security.policy.model.SamlToken; import org.apache.cxf.ws.security.policy.model.SecurityContextToken; import org.apache.cxf.ws.security.policy.model.SupportingToken; @@ -98,6 +99,10 @@ public class SignedTokenPolicyValidator if (!processX509Tokens()) { processingFailed = true; } + } else if (token instanceof KeyValueToken) { + if (!processKeyValueTokens()) { + processingFailed = true; + } } else if (token instanceof SecurityContextToken) { if (!processSCTokens()) { processingFailed = true; Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Tue Jun 5 11:33:30 2012 @@ -453,6 +453,30 @@ public class X509TokenTest extends Abstr x509Port.doubleIt(25); } + @org.junit.Test + public void testTransportKVT() throws Exception { + if (!unrestrictedPoliciesInstalled) { + return; + } + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = X509TokenTest.class.getResource("client/client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItTransportKVTPort"); + DoubleItPortType x509Port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(x509Port, PORT2); + x509Port.doubleIt(25); + + bus.shutdown(true); + } + private boolean checkUnrestrictedPoliciesInstalled() { try { byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl Tue Jun 5 11:33:30 2012 @@ -275,6 +275,23 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItTransportKVTBinding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItTransportKVTPolicy" /> + <soap:binding style="document" + transport="http://schemas.xmlsoap.org/soap/http"; /> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction="" /> + <wsdl:input> + <soap:body use="literal" /> + </wsdl:input> + <wsdl:output> + <soap:body use="literal" /> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault" /> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItKeyIdentifierPort" binding="tns:DoubleItKeyIdentifierBinding"> @@ -326,6 +343,10 @@ binding="tns:DoubleItTransportSupportingSignedBinding"> <soap:address location="https://localhost:9002/DoubleItX509TransportSupportingSigned"; /> </wsdl:port> + <wsdl:port name="DoubleItTransportKVTPort" + binding="tns:DoubleItTransportKVTBinding"> + <soap:address location="https://localhost:9002/DoubleItX509TransportKVT"; /> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItKeyIdentifierPolicy"> @@ -846,6 +867,45 @@ </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItTransportKVTPolicy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken> + <wsp:Policy/> + </sp:HttpsToken> + </wsp:Policy> + </sp:TransportToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax /> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp /> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128 /> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:TransportBinding> + <sp:EndorsingSupportingTokens> + <wsp:Policy> + <sp:KeyValueToken + sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:RsaKeyValue /> + </wsp:Policy> + </sp:KeyValueToken> + </wsp:Policy> + </sp:EndorsingSupportingTokens> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml Tue Jun 5 11:33:30 2012 @@ -222,6 +222,17 @@ </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItTransportKVTPort"; + createdFromAPI="true"> + <jaxws:properties> + <entry key="ws-security.signature.properties" + value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> + <entry key="ws-security.signature.username" value="alice"/> + <entry key="ws-security.callback-handler" + value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/> + </jaxws:properties> + </jaxws:client> + <http:conduit name="https://localhost:.*";> <http:tlsClientParameters disableCNCheck="true"> <sec:trustManagers> Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1346353&r1=1346352&r2=1346353&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml Tue Jun 5 11:33:30 2012 @@ -365,4 +365,22 @@ </jaxws:endpoint> + <jaxws:endpoint + id="TransportKVT" + address="https://localhost:${testutil.ports.Server.2}/DoubleItX509TransportKVT"; + serviceName="s:DoubleItService" + endpointName="s:DoubleItTransportKVTPort" + xmlns:s="http://www.example.org/contract/DoubleIt"; + implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" + wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl" + depends-on="tls-settings"> + + <jaxws:properties> + <entry key="ws-security.encryption.properties" + value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> + <entry key="ws-security.is-bsp-compliant" value="false"/> + </jaxws:properties> + + </jaxws:endpoint> + </beans>
