Adding some modified request testing for WS-Security
Conflicts:
systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d90bfa10
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d90bfa10
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d90bfa10
Branch: refs/heads/2.7.x-fixes
Commit: d90bfa10439b0dc3333439816dd1dda417672bd3
Parents: 6a79c36
Author: Colm O hEigeartaigh <[email protected]>
Authored: Fri Jan 23 16:34:53 2015 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Fri Jan 23 16:48:12 2015 +0000
----------------------------------------------------------------------
.../ws/common/KeystorePasswordCallback.java | 73 ++++
.../fault/AbstractModifyRequestInterceptor.java | 102 ++++++
.../systest/ws/fault/ModifiedRequestServer.java | 47 +++
.../systest/ws/fault/ModifiedRequestTest.java | 335 +++++++++++++++++++
.../cxf/systest/ws/fault/DoubleItFault.wsdl | 69 ++++
.../cxf/systest/ws/fault/client-untrusted.xml | 37 ++
.../org/apache/cxf/systest/ws/fault/client.xml | 51 +++
.../cxf/systest/ws/fault/modified-server.xml | 38 +++
8 files changed, 752 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
new file mode 100644
index 0000000..511155a
--- /dev/null
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.common;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+/**
+ * A CallbackHandler implementation for keystores.
+ */
+public class KeystorePasswordCallback implements CallbackHandler {
+
+ private Map<String, String> passwords =
+ new HashMap<String, String>();
+
+ public KeystorePasswordCallback() {
+ passwords.put("Alice", "abcd!1234");
+ passwords.put("alice", "password");
+ passwords.put("Bob", "abcd!1234");
+ passwords.put("bob", "password");
+ passwords.put("abcd", "dcba");
+ passwords.put("6e0e88f36ebb8744d470f62f604d03ea4ebe5094", "password");
+ passwords.put("wss40rev", "security");
+ passwords.put("morpit", "password");
+ }
+
+ /**
+ * It attempts to get the password from the private
+ * alias/passwords map.
+ */
+ public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+ if (pc.getUsage() ==
WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
+ pc.setPassword("this-is-a-secret");
+ } else {
+ String pass = passwords.get(pc.getIdentifier());
+ if (pass != null) {
+ pc.setPassword(pass);
+ return;
+ } else {
+ pc.setPassword("password");
+ }
+ }
+ }
+ }
+
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
new file mode 100644
index 0000000..53432e9
--- /dev/null
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.fault;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.soap.SOAPMessage;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.saaj.SAAJUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
+import org.apache.wss4j.dom.WSConstants;
+
+public abstract class AbstractModifyRequestInterceptor implements
PhaseInterceptor<SoapMessage> {
+
+ private static final QName SEC_HEADER =
+ new QName(WSConstants.WSSE_NS, WSConstants.WSSE_LN,
WSConstants.WSSE_PREFIX);
+ private Set<String> afterInterceptors = new HashSet<String>();
+
+ public AbstractModifyRequestInterceptor() {
+ getAfter().add(PolicyBasedWSS4JOutInterceptor.class.getName());
+ }
+
+ public void handleMessage(SoapMessage mc) throws Fault {
+ SOAPMessage saaj = mc.getContent(SOAPMessage.class);
+ try {
+ Iterator<?> secHeadersIterator =
+ SAAJUtils.getHeader(saaj).getChildElements(SEC_HEADER);
+ if (secHeadersIterator.hasNext()) {
+ SOAPHeaderElement securityHeader =
+ (SOAPHeaderElement)secHeadersIterator.next();
+ modifySecurityHeader(securityHeader);
+ }
+
+ modifySOAPBody(SAAJUtils.getBody(saaj));
+ } catch (SOAPException ex) {
+ throw new Fault(ex);
+ }
+ }
+
+ public abstract void modifySecurityHeader(Element securityHeader);
+
+ public abstract void modifySOAPBody(Element soapBody);
+
+ public void clear() {
+ }
+
+ public void handleFault(SoapMessage arg0) {
+ // Complete
+ }
+
+ public Collection<PhaseInterceptor<? extends Message>>
getAdditionalInterceptors() {
+ return null;
+ }
+
+ public Set<String> getAfter() {
+ return afterInterceptors;
+ }
+
+ public Set<String> getBefore() {
+ return Collections.emptySet();
+ }
+
+ public String getId() {
+ return AbstractModifyRequestInterceptor.class.getName();
+ }
+
+ public String getPhase() {
+ return Phase.PRE_PROTOCOL_ENDING;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
new file mode 100644
index 0000000..ab2009b
--- /dev/null
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.fault;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class ModifiedRequestServer extends AbstractBusTestServerBase {
+
+ public ModifiedRequestServer() {
+
+ }
+
+ protected void run() {
+ URL busFile =
ModifiedRequestServer.class.getResource("modified-server.xml");
+ Bus busLocal = new SpringBusFactory().createBus(busFile);
+ BusFactory.setDefaultBus(busLocal);
+ setBus(busLocal);
+
+ try {
+ new ModifiedRequestServer();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
new file mode 100644
index 0000000..9523c47
--- /dev/null
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
@@ -0,0 +1,335 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.fault;
+
+import java.net.URL;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Iterator;
+
+import javax.xml.datatype.Duration;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPFault;
+import javax.xml.ws.Service;
+import javax.xml.ws.soap.SOAPFaultException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
+import org.example.contract.doubleit.DoubleItFault;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * Some tests for modified requests
+ */
+public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(ModifiedRequestServer.class);
+
+ private static final String NAMESPACE =
"http://www.example.org/contract/DoubleIt";;
+ private static final QName SERVICE_QNAME = new QName(NAMESPACE,
"DoubleItService");
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(ModifiedRequestServer.class, true)
+ );
+ }
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testModifiedSignedTimestamp() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ Client cxfClient = ClientProxy.getClient(port);
+ ModifiedTimestampInterceptor modifyInterceptor =
+ new ModifiedTimestampInterceptor();
+ cxfClient.getOutInterceptors().add(modifyInterceptor);
+
+ makeInvocation(port);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testModifiedSignature() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ Client cxfClient = ClientProxy.getClient(port);
+ ModifiedSignatureInterceptor modifyInterceptor =
+ new ModifiedSignatureInterceptor();
+ cxfClient.getOutInterceptors().add(modifyInterceptor);
+
+ makeInvocation(port);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testUntrustedSignature() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile =
ModifiedRequestTest.class.getResource("client-untrusted.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ makeInvocation(port);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testModifiedEncryptedKey() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ Client cxfClient = ClientProxy.getClient(port);
+ ModifiedEncryptedKeyInterceptor modifyInterceptor =
+ new ModifiedEncryptedKeyInterceptor();
+ cxfClient.getOutInterceptors().add(modifyInterceptor);
+
+ makeInvocation(port);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testModifiedEncryptedSOAPBody() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+ DoubleItPortType port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(port, PORT);
+
+ Client cxfClient = ClientProxy.getClient(port);
+ ModifiedEncryptedSOAPBody modifyInterceptor =
+ new ModifiedEncryptedSOAPBody();
+ cxfClient.getOutInterceptors().add(modifyInterceptor);
+
+ makeInvocation(port);
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ private void makeInvocation(DoubleItPortType port) throws DoubleItFault {
+ try {
+ port.doubleIt(25);
+ fail("Expected failure on a modified request");
+ } catch (SOAPFaultException ex) {
+ SOAPFault fault = ex.getFault();
+ assertEquals("soap:Sender", fault.getFaultCode());
+ assertEquals("The signature or decryption was invalid",
fault.getFaultString());
+ Iterator<?> subcodeIterator = fault.getFaultSubcodes();
+ assertTrue(subcodeIterator.hasNext());
+ Object subcode = subcodeIterator.next();
+ assertEquals(WSSecurityException.FAILED_CHECK, subcode);
+ assertFalse(subcodeIterator.hasNext());
+ }
+ }
+
+ private static class ModifiedTimestampInterceptor extends
AbstractModifyRequestInterceptor {
+
+ @Override
+ public void modifySecurityHeader(Element securityHeader) {
+ if (securityHeader != null) {
+ // Find the Timestamp + change it.
+
+ Element timestampElement =
+ WSSecurityUtil.findElement(securityHeader, "Timestamp",
WSConstants.WSU_NS);
+ Element createdValue =
+ WSSecurityUtil.findElement(timestampElement, "Created",
WSConstants.WSU_NS);
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ XMLGregorianCalendar createdCalendar =
+
WSSConfig.datatypeFactory.newXMLGregorianCalendar(createdValue.getTextContent());
+ // Add 5 seconds
+ Duration duration =
WSSConfig.datatypeFactory.newDuration(5000L);
+ createdCalendar.add(duration);
+ Date createdDate =
createdCalendar.toGregorianCalendar().getTime();
+ createdValue.setTextContent(zulu.format(createdDate));
+ }
+ }
+
+ public void modifySOAPBody(Element soapBody) {
+ //
+ }
+ }
+
+ private static class ModifiedSignatureInterceptor extends
AbstractModifyRequestInterceptor {
+
+ @Override
+ public void modifySecurityHeader(Element securityHeader) {
+ if (securityHeader != null) {
+ Element signatureElement =
+ WSSecurityUtil.findElement(securityHeader, "Signature",
WSConstants.SIG_NS);
+
+ Node firstChild = signatureElement.getFirstChild();
+ while (!(firstChild instanceof Element) && firstChild != null)
{
+ firstChild = signatureElement.getNextSibling();
+ }
+ ((Element)firstChild).setAttributeNS(null, "Id", "xyz");
+ }
+ }
+
+ public void modifySOAPBody(Element soapBody) {
+ //
+ }
+ }
+
+ private static class ModifiedEncryptedKeyInterceptor extends
AbstractModifyRequestInterceptor {
+
+ @Override
+ public void modifySecurityHeader(Element securityHeader) {
+ if (securityHeader != null) {
+ Element encryptedKey =
+ WSSecurityUtil.findElement(securityHeader, "EncryptedKey",
WSConstants.ENC_NS);
+ Element cipherValue =
+ WSSecurityUtil.findElement(encryptedKey, "CipherValue",
WSConstants.ENC_NS);
+ String cipherText = cipherValue.getTextContent();
+
+ StringBuilder stringBuilder = new StringBuilder(cipherText);
+ int index = stringBuilder.length() / 2;
+ char ch = stringBuilder.charAt(index);
+ if (ch != 'A') {
+ ch = 'A';
+ } else {
+ ch = 'B';
+ }
+ stringBuilder.setCharAt(index, ch);
+ cipherValue.setTextContent(stringBuilder.toString());
+ }
+ }
+
+ public void modifySOAPBody(Element soapBody) {
+ //
+ }
+
+ }
+
+ private static class ModifiedEncryptedSOAPBody extends
AbstractModifyRequestInterceptor {
+
+ @Override
+ public void modifySecurityHeader(Element securityHeader) {
+ //
+ }
+
+ public void modifySOAPBody(Element soapBody) {
+ if (soapBody != null) {
+ Element cipherValue =
+ WSSecurityUtil.findElement(soapBody, "CipherValue",
WSConstants.ENC_NS);
+ String cipherText = cipherValue.getTextContent();
+
+ StringBuilder stringBuilder = new StringBuilder(cipherText);
+ int index = stringBuilder.length() / 2;
+ char ch = stringBuilder.charAt(index);
+ if (ch != 'A') {
+ ch = 'A';
+ } else {
+ ch = 'B';
+ }
+ stringBuilder.setCharAt(index, ch);
+ cipherValue.setTextContent(stringBuilder.toString());
+ }
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
index 0608d14..7d3ef5d 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
@@ -92,7 +92,28 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+<<<<<<< HEAD
+=======
+ <wsdl:binding name="DoubleItAsymmetricBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItAsymmetricPolicy"/>
+ <soap12:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap12:operation soapAction="" style="document"/>
+ <wsdl:input>
+ <soap12:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap12:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap12:fault use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
+>>>>>>> c748748... Adding some modified request testing for WS-Security
<wsdl:service name="DoubleItService">
<wsdl:port name="DoubleItSoap11Port"
binding="tns:DoubleItSoap11Binding">
<soap:address location="http://localhost:9009/DoubleItSoap11"; />
@@ -103,6 +124,9 @@
<wsdl:port name="DoubleItSoap12DispatchPort"
binding="tns:DoubleItSoap12DispatchBinding">
<soap12:address
location="http://localhost:9009/DoubleItSoap12Dispatch"; />
</wsdl:port>
+ <wsdl:port name="DoubleItAsymmetricPort"
binding="tns:DoubleItAsymmetricBinding">
+ <soap12:address
location="http://localhost:9009/DoubleItAsymmetric"/>
+ </wsdl:port>
</wsdl:service>
<wsp:Policy wsu:Id="DoubleItPlaintextPolicy">
@@ -148,7 +172,52 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+<<<<<<< HEAD
+=======
+ <wsp:Policy wsu:Id="DoubleItAsymmetricPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireIssuerSerialReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireIssuerSerialReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+>>>>>>> c748748... Adding some modified request testing for WS-Security
<wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
<wsp:ExactlyOne>
<wsp:All>
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
new file mode 100644
index 0000000..9ed4ae4
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy";
xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties"
value="bob-enc.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="morpit.properties"/>
+ <entry key="ws-security.signature.username" value="morpit"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </jaxws:properties>
+ </jaxws:client>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
new file mode 100644
index 0000000..8011c39
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy";
xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli
cy.xsd">
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSoap11Port";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSoap12Port";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.encryption.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ </jaxws:properties>
+ </jaxws:client>
+
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="ws-security.encryption.properties"
value="bob-enc.properties"/>
+ <entry key="ws-security.encryption.username" value="bob"/>
+ <entry key="ws-security.signature.properties"
value="alice-enc.properties"/>
+ <entry key="ws-security.signature.username" value="alice"/>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ </jaxws:properties>
+ </jaxws:client>
+</beans>
http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
new file mode 100644
index 0000000..84390e7
--- /dev/null
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy";
xsi:schemaLocation=" http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core
http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy
http://cxf.apache.org/schemas/policy.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa
che.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd ">
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+ <cxf:bus>
+ <cxf:features>
+ <p:policies/>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Asymmetric"
address="http://localhost:${testutil.ports.ModifiedRequestServer}/DoubleItAsymmetric";
serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl">
+ <jaxws:properties>
+ <entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="ws-security.signature.properties"
value="bob.properties"/>
+ <entry key="ws-security.encryption.properties"
value="alice.properties"/>
+ <entry key="ws-security.encryption.username" value="alice"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
+
+</beans>
