Author: coheigea Date: Fri Aug 3 15:30:06 2012 New Revision: 1369036 URL: http://svn.apache.org/viewvc?rev=1369036&view=rev Log: Merged revisions 1369002 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes
........ r1369002 | coheigea | 2012-08-03 15:55:20 +0100 (Fri, 03 Aug 2012) | 18 lines Merged revisions 1368994 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.6.x-fixes ........ r1368994 | coheigea | 2012-08-03 15:47:32 +0100 (Fri, 03 Aug 2012) | 10 lines Merged revisions 1368978 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1368978 | coheigea | 2012-08-03 15:23:18 +0100 (Fri, 03 Aug 2012) | 2 lines [CXF-4453] - Added SOAP Body decryption checking support + some reshuffling following feedback from Glen ........ ........ ........ Added: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java - copied, changed from r1368888, cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java - copied, changed from r1368888, cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java Removed: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SignatureCoverageChecker.java cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=1369036&r1=1369035&r2=1369036&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java Fri Aug 3 15:30:06 2012 @@ -346,5 +346,48 @@ public class CryptoCoverageChecker exten public CoverageScope getScope() { return this.scope; } + + @Override + public boolean equals(Object xpathObject) { + if (!(xpathObject instanceof XPathExpression)) { + return false; + } + + if (xpathObject == this) { + return true; + } + + XPathExpression xpath = (XPathExpression)xpathObject; + if (xpath.getScope() != getScope()) { + return false; + } + + if (xpath.getType() != getType()) { + return false; + } + + if (getXPath() == null && xpath.getXPath() != null) { + return false; + } else if (getXPath() != null && !getXPath().equals(xpath.getXPath())) { + return false; + } + + return true; + } + + @Override + public int hashCode() { + int result = 17; + if (getXPath() != null) { + result = 31 * result + getXPath().hashCode(); + } + if (getType() != null) { + result = 31 * result + getType().hashCode(); + } + if (getScope() != null) { + result = 31 * result + getScope().hashCode(); + } + return result; + } } } Added: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java?rev=1369036&view=auto ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java (added) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java Fri Aug 3 15:30:06 2012 @@ -0,0 +1,156 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + + +import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope; +import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType; +import org.apache.ws.security.WSConstants; + +/** + * This utility extends the CryptoCoverageChecker to provide an easy way to check to see + * if the SOAP (1.1 + 1.2) Body was signed and/or encrypted, and if the Timestamp was signed. + * The default configuration is that the SOAP Body and Timestamp must be signed. + */ +public class DefaultCryptoCoverageChecker extends CryptoCoverageChecker { + + public static final String SOAP_NS = WSConstants.URI_SOAP11_ENV; + public static final String SOAP12_NS = WSConstants.URI_SOAP12_ENV; + public static final String WSU_NS = WSConstants.WSU_NS; + public static final String WSSE_NS = WSConstants.WSSE_NS; + + private boolean signBody; + private boolean signTimestamp; + private boolean encryptBody; + + /** + * Creates a new instance. Enforces that the SOAP Body and Timestamp must be signed + * (if they exist in the message body). + */ + public DefaultCryptoCoverageChecker() { + super(null, null); + + prefixMap.put("soapenv", SOAP_NS); + prefixMap.put("soapenv12", SOAP12_NS); + prefixMap.put("wsu", WSU_NS); + prefixMap.put("wsse", WSSE_NS); + + // Sign SOAP Body + setSignBody(true); + + // Sign Timestamp + setSignTimestamp(true); + } + + public boolean isSignBody() { + return signBody; + } + + public final void setSignBody(boolean signBody) { + this.signBody = signBody; + + XPathExpression soap11Expression = + new XPathExpression("/soapenv:Envelope/soapenv:Body", CoverageType.SIGNED); + XPathExpression soap12Expression = + new XPathExpression("/soapenv12:Envelope/soapenv12:Body", CoverageType.SIGNED); + + if (signBody) { + if (!xPaths.contains(soap11Expression)) { + xPaths.add(soap11Expression); + } + if (!xPaths.contains(soap12Expression)) { + xPaths.add(soap12Expression); + } + } else { + if (xPaths.contains(soap11Expression)) { + xPaths.remove(soap11Expression); + } + if (xPaths.contains(soap12Expression)) { + xPaths.remove(soap12Expression); + } + } + } + + public boolean isSignTimestamp() { + return signTimestamp; + } + + public final void setSignTimestamp(boolean signTimestamp) { + this.signTimestamp = signTimestamp; + + XPathExpression soap11Expression = + new XPathExpression( + "/soapenv:Envelope/soapenv:Header/wsse:Security/wsu:Timestamp", + CoverageType.SIGNED + ); + XPathExpression soap12Expression = + new XPathExpression( + "/soapenv12:Envelope/soapenv12:Header/wsse:Security/wsu:Timestamp", + CoverageType.SIGNED + ); + + if (signTimestamp) { + if (!xPaths.contains(soap11Expression)) { + xPaths.add(soap11Expression); + } + if (!xPaths.contains(soap12Expression)) { + xPaths.add(soap12Expression); + } + } else { + if (xPaths.contains(soap11Expression)) { + xPaths.remove(soap11Expression); + } + if (xPaths.contains(soap12Expression)) { + xPaths.remove(soap12Expression); + } + } + } + + public boolean isEncryptBody() { + return encryptBody; + } + + public final void setEncryptBody(boolean encryptBody) { + this.encryptBody = encryptBody; + + XPathExpression soap11Expression = + new XPathExpression("/soapenv:Envelope/soapenv:Body", CoverageType.ENCRYPTED, + CoverageScope.CONTENT); + XPathExpression soap12Expression = + new XPathExpression("/soapenv12:Envelope/soapenv12:Body", CoverageType.ENCRYPTED, + CoverageScope.CONTENT); + + if (encryptBody) { + if (!xPaths.contains(soap11Expression)) { + xPaths.add(soap11Expression); + } + if (!xPaths.contains(soap12Expression)) { + xPaths.add(soap12Expression); + } + } else { + if (xPaths.contains(soap11Expression)) { + xPaths.remove(soap11Expression); + } + if (xPaths.contains(soap12Expression)) { + xPaths.remove(soap12Expression); + } + } + } + +} Copied: cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java (from r1368888, cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java) URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java?p2=cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java&p1=cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java&r1=1368888&r2=1369036&rev=1369036&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java (original) +++ cxf/branches/2.4.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java Fri Aug 3 15:30:06 2012 @@ -36,10 +36,11 @@ import org.apache.ws.security.handler.WS import org.junit.Test; /** - * Test the SignatureCoverageChecker, which extends the CryptoCoverageChecker to provide - * an easier way to check to see if the SOAP Body and Timestamp were signed. + * Test the DefaultCryptoCoverageChecker, which extends the CryptoCoverageChecker to provide + * an easier way to check to see if the SOAP (1.1 + 1.2) Body was signed and/or encrypted, and + * if the Timestamp was signed. */ -public class SignatureCheckerTest extends AbstractSecurityTest { +public class DefaultCryptoCoverageCheckerTest extends AbstractSecurityTest { @Test public void testSignedWithIncompleteCoverage() throws Exception { @@ -97,8 +98,7 @@ public class SignatureCheckerTest extend final Document doc = this.readDocument(document); final SoapMessage msg = this.getSoapMessageForDom(doc); - final SignatureCoverageChecker checker = - new SignatureCoverageChecker(true, true); + final CryptoCoverageChecker checker = new DefaultCryptoCoverageChecker(); checker.addPrefixes(prefixes); checker.addXPaths(xpaths); final PhaseInterceptor<SoapMessage> wss4jInInterceptor = this.getWss4jInInterceptor(); Copied: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java (from r1368888, cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java) URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java?p2=cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java&p1=cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java&r1=1368888&r2=1369036&rev=1369036&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java Fri Aug 3 15:30:06 2012 @@ -38,9 +38,9 @@ import org.example.contract.doubleit.Dou import org.junit.BeforeClass; /** - * A set of tests for the SignatureCoverageChecker. + * A set of tests for the DefaultCryptoCoverageChecker. */ -public class SignatureCoverageCheckerTest extends AbstractBusClientServerTestBase { +public class DefaultCryptoCoverageCheckerTest extends AbstractBusClientServerTestBase { public static final String PORT = allocatePort(Server.class); private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";; @@ -70,13 +70,13 @@ public class SignatureCoverageCheckerTes } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml"); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); - URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort"); DoubleItPortType port = @@ -109,13 +109,13 @@ public class SignatureCoverageCheckerTes } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml"); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); - URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort"); DoubleItPortType port = @@ -151,13 +151,13 @@ public class SignatureCoverageCheckerTes } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml"); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); - URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort"); DoubleItPortType port = @@ -194,13 +194,13 @@ public class SignatureCoverageCheckerTes } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml"); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); - URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port"); DoubleItPortType port = @@ -233,13 +233,13 @@ public class SignatureCoverageCheckerTes } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml"); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); - URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port"); DoubleItPortType port = @@ -275,13 +275,13 @@ public class SignatureCoverageCheckerTes } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml"); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); SpringBusFactory.setThreadDefaultBus(bus); - URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port"); DoubleItPortType port = @@ -311,6 +311,96 @@ public class SignatureCoverageCheckerTes bus.shutdown(true); } + @org.junit.Test + public void testSignedEncryptedBody() throws Exception { + if (!unrestrictedPoliciesInstalled) { + return; + } + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedBodyPort"); + DoubleItPortType port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(port, PORT); + + Map<String, Object> outProps = new HashMap<String, Object>(); + outProps.put("action", "Timestamp Signature Encrypt"); + outProps.put("signaturePropFile", + "org/apache/cxf/systest/ws/wssec10/client/alice.properties"); + outProps.put("encryptionPropFile", + "org/apache/cxf/systest/ws/wssec10/client/bob.properties"); + outProps.put("user", "alice"); + outProps.put("encryptionUser", "bob"); + outProps.put("passwordCallbackClass", + "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"); + outProps.put("signatureParts", + "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;";); + outProps.put("encryptionParts", + "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;";); + + bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); + + port.doubleIt(25); + + bus.shutdown(true); + } + + @org.junit.Test + public void testSignedNotEncryptedBody() throws Exception { + if (!unrestrictedPoliciesInstalled) { + return; + } + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedBodyPort"); + DoubleItPortType port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(port, PORT); + + Map<String, Object> outProps = new HashMap<String, Object>(); + outProps.put("action", "Timestamp Signature Encrypt"); + outProps.put("signaturePropFile", + "org/apache/cxf/systest/ws/wssec10/client/alice.properties"); + outProps.put("encryptionPropFile", + "org/apache/cxf/systest/ws/wssec10/client/bob.properties"); + outProps.put("user", "alice"); + outProps.put("encryptionUser", "bob"); + outProps.put("passwordCallbackClass", + "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"); + outProps.put("signatureParts", + "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;";); + outProps.put("encryptionParts", + "{}{http://docs.oasis-open.org/wss/2004/01/oasis-"; + + "200401-wss-wssecurity-utility-1.0.xsd}Timestamp;"); + + bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps)); + + try { + port.doubleIt(25); + fail("Failure expected on not encrypting the SOAP Body"); + } catch (Exception ex) { + // expected + } + + bus.shutdown(true); + } + private boolean checkUnrestrictedPoliciesInstalled() { try { byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl?rev=1369036&r1=1369035&r2=1369036&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl Fri Aug 3 15:30:06 2012 @@ -71,6 +71,9 @@ <wsdl:port name="DoubleItBodyTimestampSoap12Port" binding="tns:DoubleItSoap12Binding"> <soap12:address location="http://localhost:9001/DoubleItBodyTimestampSoap12"; /> </wsdl:port> + <wsdl:port name="DoubleItSignedEncryptedBodyPort" binding="tns:DoubleItSoapBinding"> + <soap:address location="http://localhost:9001/DoubleItSignedEncrypted"; /> + </wsdl:port> </wsdl:service> </wsdl:definitions> Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml?rev=1369036&r1=1369035&r2=1369036&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml Fri Aug 3 15:30:06 2012 @@ -47,4 +47,8 @@ createdFromAPI="true"> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedEncryptedBodyPort"; + createdFromAPI="true"> + </jaxws:client> + </beans> Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml?rev=1369036&r1=1369035&r2=1369036&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml (original) +++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml Fri Aug 3 15:30:06 2012 @@ -63,10 +63,7 @@ </map> </constructor-arg> </bean> - <bean class="org.apache.cxf.ws.security.wss4j.SignatureCoverageChecker"> - <constructor-arg><value>true</value></constructor-arg> - <constructor-arg><value>true</value></constructor-arg> - </bean> + <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"/> </jaxws:inInterceptors> </jaxws:endpoint> @@ -90,12 +87,40 @@ </map> </constructor-arg> </bean> - <bean class="org.apache.cxf.ws.security.wss4j.SignatureCoverageChecker"> - <constructor-arg><value>true</value></constructor-arg> - <constructor-arg><value>true</value></constructor-arg> + <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"> + <property name="signBody" value="true"/> + <property name="signTimestamp" value="true"/> </bean> </jaxws:inInterceptors> </jaxws:endpoint> + <jaxws:endpoint + id="SignedEncryptedBody" + address="http://localhost:${testutil.ports.Server}/DoubleItSignedEncrypted"; + serviceName="s:DoubleItService" + endpointName="s:DoubleItSignedEncryptedBodyPort" + xmlns:s="http://www.example.org/contract/DoubleIt"; + implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" + wsdlLocation="org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl"> + + <jaxws:inInterceptors> + <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> + <constructor-arg> + <map> + <entry key="action" value="Encrypt Signature Timestamp"/> + <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> + <entry key="decryptionPropFile" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> + <entry key="passwordCallbackClass" + value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/> + </map> + </constructor-arg> + </bean> + <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"> + <property name="signBody" value="true"/> + <property name="signTimestamp" value="false"/> + <property name="encryptBody" value="true"/> + </bean> + </jaxws:inInterceptors> + </jaxws:endpoint> </beans>
