Repository: cxf Updated Branches: refs/heads/master 829feade0 -> ff8260927
Support setting MGF-SHA algorithms in custom AlgorithmSuites Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ff826092 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ff826092 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ff826092 Branch: refs/heads/master Commit: ff8260927ee55a38a477b4206ec41c16bdb8015d Parents: e8cfc24 Author: Colm O hEigeartaigh <[email protected]> Authored: Wed Aug 5 12:20:52 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Wed Aug 5 12:21:44 2015 +0100 ---------------------------------------------------------------------- parent/pom.xml | 2 +- .../policyhandlers/AbstractBindingBuilder.java | 1 + .../AsymmetricBindingHandler.java | 1 + .../policyhandlers/SymmetricBindingHandler.java | 1 + .../org/apache/cxf/systest/ws/gcm/GCMTest.java | 60 ++++++++++ .../ws/gcm/MGF256AlgorithmSuiteLoader.java | 117 +++++++++++++++++++ .../apache/cxf/systest/ws/gcm/MGFServer.java | 47 ++++++++ .../cxf/systest/ws/gcm/MGFStaxServer.java | 47 ++++++++ .../apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl | 61 ++++++++++ .../apache/cxf/systest/ws/gcm/mgf-client.xml | 41 +++++++ .../apache/cxf/systest/ws/gcm/mgf-server.xml | 41 +++++++ .../cxf/systest/ws/gcm/mgf-stax-server.xml | 43 +++++++ 12 files changed, 461 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/parent/pom.xml ---------------------------------------------------------------------- diff --git a/parent/pom.xml b/parent/pom.xml index e98e95f..4145315 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -147,7 +147,7 @@ <cxf.woodstox.core.version>4.4.1</cxf.woodstox.core.version> <cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version> <cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version> - <cxf.wss4j.version>2.1.2</cxf.wss4j.version> + <cxf.wss4j.version>2.1.3-SNAPSHOT</cxf.wss4j.version> <cxf.xerces.version>2.11.0</cxf.xerces.version> <cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version> <cxf.xmlschema.version>2.2.1</cxf.xmlschema.version> http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index 3d910b1..87fc263 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -1414,6 +1414,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType(); encrKey.setSymmetricEncAlgorithm(algType.getEncryption()); encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap()); + encrKey.setMGFAlgorithm(algType.getMGFAlgo()); encrKey.prepare(saaj.getSOAPPart(), crypto); http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index dba4cff..54eb0f7 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -504,6 +504,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType(); encr.setSymmetricEncAlgorithm(algType.getEncryption()); encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap()); + encr.setMGFAlgorithm(algType.getMGFAlgo()); encr.prepare(saaj.getSOAPPart(), crypto); Element encryptedKeyElement = encr.getEncryptedKeyElement(); http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index 5eb83fe..dcd494e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -553,6 +553,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { encr.setDocument(saaj.getSOAPPart()); encr.setEncryptSymmKey(false); encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption()); + encr.setMGFAlgorithm(algorithmSuite.getAlgorithmSuiteType().getMGFAlgo()); if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken || encrToken instanceof SecureConversationToken) { http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java index 776c0ce..70672a8 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java @@ -43,6 +43,8 @@ import org.junit.runners.Parameterized.Parameters; public class GCMTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(Server.class); static final String STAX_PORT = allocatePort(StaxServer.class); + static final String MGF_PORT = allocatePort(MGFServer.class); + static final String MGF_STAX_PORT = allocatePort(MGFStaxServer.class); private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";; private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService"); @@ -70,6 +72,18 @@ public class GCMTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(StaxServer.class, true) ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(MGFServer.class, true) + ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(MGFStaxServer.class, true) + ); } @Parameters(name = "{0}") @@ -211,5 +225,51 @@ public class GCMTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + @org.junit.Test + public void testAESGCM256MGFSHA256() throws Exception { + if (!unrestrictedPoliciesInstalled) { + return; + } + + // + // This test fails with the IBM JDK 7 + // IBM JDK 7 appears to require a GCMParameter class to be used, which + // only exists in JDK 7. The Sun JDK appears to be more lenient and + // allows us to use the existing IVParameterSpec class. + // + if ("IBM Corporation".equals(System.getProperty("java.vendor")) + && System.getProperty("java.version") != null + && System.getProperty("java.version").startsWith("1.7")) { + return; + } + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = GCMTest.class.getResource("mgf-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = GCMTest.class.getResource("DoubleItGCM.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItGCM256MGFSHA256Port"); + DoubleItPortType gcmPort = + service.getPort(portQName, DoubleItPortType.class); + + String port = MGF_PORT; + if (STAX_PORT.equals(test.getPort())) { + port = MGF_STAX_PORT; + } + updateAddressPort(gcmPort, port); + + if (test.isStreaming()) { + SecurityTestUtil.enableStreaming(gcmPort); + } + + gcmPort.doubleIt(25); + + ((java.io.Closeable)gcmPort).close(); + bus.shutdown(true); + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java new file mode 100644 index 0000000..a9af663 --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java @@ -0,0 +1,117 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.gcm; + +import java.util.HashMap; +import java.util.Map; + +import javax.xml.namespace.QName; + +import org.w3c.dom.Element; +import org.apache.cxf.Bus; +import org.apache.cxf.ws.policy.AssertionBuilderRegistry; +import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; +import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertionBuilder; +import org.apache.cxf.ws.security.policy.custom.AlgorithmSuiteLoader; +import org.apache.neethi.Assertion; +import org.apache.neethi.AssertionBuilderFactory; +import org.apache.neethi.Policy; +import org.apache.neethi.builders.xml.XMLPrimitiveAssertionBuilder; +import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.policy.SPConstants; +import org.apache.wss4j.policy.model.AbstractSecurityAssertion; +import org.apache.wss4j.policy.model.AlgorithmSuite; + +/** + * This class retrieves the default AlgorithmSuites plus a custom GCM AlgorithmSuite with + * MGF SHA-1 256 specified. + */ +public class MGF256AlgorithmSuiteLoader implements AlgorithmSuiteLoader { + + public MGF256AlgorithmSuiteLoader(Bus bus) { + bus.setExtension(this, AlgorithmSuiteLoader.class); + } + + public AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, Policy nestedPolicy) { + AssertionBuilderRegistry reg = bus.getExtension(AssertionBuilderRegistry.class); + if (reg != null) { + String ns = "http://cxf.apache.org/custom/security-policy";; + final Map<QName, Assertion> assertions = new HashMap<QName, Assertion>(); + QName qName = new QName(ns, "Basic256GCMMGFSHA256"); + assertions.put(qName, new PrimitiveAssertion(qName)); + + reg.registerBuilder(new PrimitiveAssertionBuilder(assertions.keySet()) { + public Assertion build(Element element, AssertionBuilderFactory fact) { + if (XMLPrimitiveAssertionBuilder.isOptional(element) + || XMLPrimitiveAssertionBuilder.isIgnorable(element)) { + return super.build(element, fact); + } + QName q = new QName(element.getNamespaceURI(), element.getLocalName()); + return assertions.get(q); + } + }); + } + return new GCMAlgorithmSuite(version, nestedPolicy); + } + + public static class GCMAlgorithmSuite extends AlgorithmSuite { + + static { + algorithmSuiteTypes.put( + "Basic256GCMMGFSHA256", + new AlgorithmSuiteType( + "Basic256GCMMGFSHA256", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes256-gcm";, + SPConstants.KW_AES256, + SPConstants.KW_RSA_OAEP, + SPConstants.P_SHA1_L256, + SPConstants.P_SHA1_L192, + 256, 192, 256, 256, 1024, 4096 + ) + ); + algorithmSuiteTypes.get("Basic256GCMMGFSHA256").setMGFAlgo(WSConstants.MGF_SHA256); + } + + GCMAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) { + super(version, nestedPolicy); + } + + @Override + protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) { + return new GCMAlgorithmSuite(getVersion(), nestedPolicy); + } + + @Override + protected void parseCustomAssertion(Assertion assertion) { + String assertionName = assertion.getName().getLocalPart(); + String assertionNamespace = assertion.getName().getNamespaceURI(); + if (!"http://cxf.apache.org/custom/security-policy".equals(assertionNamespace)) { + return; + } + + if ("Basic256GCMMGFSHA256".equals(assertionName)) { + setAlgorithmSuiteType(algorithmSuiteTypes.get("Basic256GCMMGFSHA256")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } + } + } + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java new file mode 100644 index 0000000..9cb7c7d --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.gcm; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class MGFServer extends AbstractBusTestServerBase { + + public MGFServer() { + + } + + protected void run() { + URL busFile = MGFServer.class.getResource("mgf-server.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new MGFServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java new file mode 100644 index 0000000..6c32798 --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java @@ -0,0 +1,47 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.ws.gcm; + +import java.net.URL; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class MGFStaxServer extends AbstractBusTestServerBase { + + public MGFStaxServer() { + + } + + protected void run() { + URL busFile = MGFStaxServer.class.getResource("mgf-stax-server.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new MGFStaxServer(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl index 28c6ee3..9250521 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl @@ -73,6 +73,24 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItGCM256MGFSHA256Binding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItGCM256MGFSHA256Policy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:service name="DoubleItService"> <wsdl:port name="DoubleItGCM128Port" binding="tns:DoubleItGCM128Binding"> <soap:address location="http://localhost:9001/DoubleItGCM128"/> @@ -83,6 +101,9 @@ <wsdl:port name="DoubleItGCM256Port" binding="tns:DoubleItGCM256Binding"> <soap:address location="http://localhost:9001/DoubleItGCM256"/> </wsdl:port> + <wsdl:port name="DoubleItGCM256MGFSHA256Port" binding="tns:DoubleItGCM256MGFSHA256Binding"> + <soap:address location="http://localhost:9001/DoubleItGCM256MGFSHA256"/> + </wsdl:port> </wsdl:service> <wsp:Policy wsu:Id="DoubleItGCM128Policy"> <wsp:ExactlyOne> @@ -204,6 +225,46 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItGCM256MGFSHA256Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp-cxf:Basic256GCMMGFSHA256 xmlns:sp-cxf="http://cxf.apache.org/custom/security-policy"/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:AsymmetricBinding> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-client.xml new file mode 100644 index 0000000..e1cad12 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-client.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <bean id="mgfPolicyLoader" class="org.apache.cxf.systest.ws.gcm.MGF256AlgorithmSuiteLoader" > + <constructor-arg ref="cxf"/> + </bean> + + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItGCM256MGFSHA256Port"; createdFromAPI="true"> + <jaxws:properties> + <entry key="security.encryption.properties" value="bob.properties"/> + <entry key="security.encryption.username" value="bob"/> + <entry key="security.signature.properties" value="alice.properties"/> + <entry key="security.signature.username" value="alice"/> + <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + </jaxws:properties> + </jaxws:client> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server.xml new file mode 100644 index 0000000..bf4ed38 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa che.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <bean id="mgfPolicyLoader" class="org.apache.cxf.systest.ws.gcm.MGF256AlgorithmSuiteLoader" > + <constructor-arg ref="cxf"/> + </bean> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="GCM256MGFSHA256" address="http://localhost:${testutil.ports.gcm.MGFServer}/DoubleItGCM256MGFSHA256"; serviceName="s:DoubleItService" endpointName="s:DoubleItGCM256MGFSHA256Port" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="security.signature.properties" value="bob.properties"/> + <entry key="security.encryption.username" value="useReqSigCert"/> + <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/> + </jaxws:properties> + </jaxws:endpoint> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/ff826092/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server.xml new file mode 100644 index 0000000..1685754 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa che.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <bean id="mgfPolicyLoader" class="org.apache.cxf.systest.ws.gcm.MGF256AlgorithmSuiteLoader" > + <constructor-arg ref="cxf"/> + </bean> + + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="GCM256MGFSHA256" address="http://localhost:${testutil.ports.gcm.MGFStaxServer}/DoubleItGCM256MGFSHA256"; serviceName="s:DoubleItService" endpointName="s:DoubleItGCM256MGFSHA256Port" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/gcm/DoubleItGCM.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="security.signature.properties" value="bob.properties"/> + <entry key="security.encryption.username" value="useReqSigCert"/> + <entry key="security.subject.cert.constraints" value=".*O=apache.org.*"/> + <entry key="ws-security.enable.streaming" value="true"/> + </jaxws:properties> + </jaxws:endpoint> + +</beans>
