[CXF-6582] - Support newer symmetric signature algorithms with WS-SecurityPolicy
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5fbe7b49 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5fbe7b49 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5fbe7b49 Branch: refs/heads/master Commit: 5fbe7b49b88deff15f755c15f5a4c421943acc4f Parents: d86fd8e Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Sep 7 15:02:20 2015 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Sep 7 15:02:20 2015 +0100 ---------------------------------------------------------------------- .../cxf/ws/security/SecurityConstants.java | 11 ++++- .../wss4j/PolicyBasedWSS4JInInterceptor.java | 24 +++++++-- .../wss4j/PolicyBasedWSS4JOutInterceptor.java | 6 +++ .../PolicyBasedWSS4JStaxInInterceptor.java | 13 +++-- .../StaxAsymmetricBindingHandler.java | 5 ++ .../StaxSymmetricBindingHandler.java | 5 ++ .../StaxTransportBindingHandler.java | 5 ++ .../cxf/systest/ws/x509/X509TokenTest.java | 25 ++++++++++ .../cxf/systest/ws/x509/DoubleItX509.wsdl | 52 ++++++++++++++++++++ .../org/apache/cxf/systest/ws/x509/client.xml | 7 +++ .../org/apache/cxf/systest/ws/x509/server.xml | 7 +++ .../apache/cxf/systest/ws/x509/stax-server.xml | 8 +++ 12 files changed, 161 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java index 7d6fcdb..c88a4ec 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java @@ -239,6 +239,14 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security */ public static final String ASYMMETRIC_SIGNATURE_ALGORITHM = "ws-security.asymmetric.signature.algorithm"; + + /** + * This configuration tag allows the user to override the default Symmetric Signature + * algorithm (HMAC-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification + * does not allow the use of other algorithms at present. + */ + public static final String SYMMETRIC_SIGNATURE_ALGORITHM = + "ws-security.symmetric.signature.algorithm"; /** * This holds a reference to a PasswordEncryptor instance, which is used to encrypt or @@ -381,7 +389,8 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY, RETURN_SECURITY_ERROR, CACHE_IDENTIFIER, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, KERBEROS_REQUEST_CREDENTIAL_DELEGATION, - POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM + POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, + SYMMETRIC_SIGNATURE_ALGORITHM })); for (String commonProperty : COMMON_PROPERTIES) { s.add(commonProperty); http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java index 96b58b3..9d2f27b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java @@ -361,12 +361,23 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { AlgorithmSuiteTranslater translater = new AlgorithmSuiteTranslater(); translater.translateAlgorithmSuites(message.get(AssertionInfoMap.class), data); - // Allow for setting non-standard asymmetric signature algorithms + // Allow for setting non-standard signature algorithms + boolean asymmAlgSet = false; String asymSignatureAlgorithm = (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM); if (asymSignatureAlgorithm != null && data.getAlgorithmSuite() != null) { data.getAlgorithmSuite().getSignatureMethods().clear(); data.getAlgorithmSuite().getSignatureMethods().add(asymSignatureAlgorithm); + asymmAlgSet = true; + } + + String symSignatureAlgorithm = + (String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (symSignatureAlgorithm != null && data.getAlgorithmSuite() != null) { + if (!asymmAlgSet) { + data.getAlgorithmSuite().getSignatureMethods().clear(); + } + data.getAlgorithmSuite().getSignatureMethods().add(symSignatureAlgorithm); } } @@ -389,13 +400,20 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor { // Allow for setting non-standard asymmetric signature algorithms String asymSignatureAlgorithm = (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM); - if (asymSignatureAlgorithm != null) { + String symSignatureAlgorithm = + (String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) { Collection<AssertionInfo> algorithmSuites = aim.get(SP12Constants.ALGORITHM_SUITE); if (algorithmSuites != null && !algorithmSuites.isEmpty()) { for (AssertionInfo algorithmSuite : algorithmSuites) { AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion(); - algSuite.setAsymmetricSignature(asymSignatureAlgorithm); + if (asymSignatureAlgorithm != null) { + algSuite.setAsymmetricSignature(asymSignatureAlgorithm); + } + if (symSignatureAlgorithm != null) { + algSuite.setSymmetricSignature(symSignatureAlgorithm); + } } } } http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java index d406ae8..42e9ab4 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java @@ -172,6 +172,12 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa if (asymSignatureAlgorithm != null && binding.getAlgorithmSuite() != null) { binding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm); } + + String symSignatureAlgorithm = + (String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (symSignatureAlgorithm != null && binding.getAlgorithmSuite() != null) { + binding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm); + } try { if (binding instanceof TransportBinding) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java index 7d5efa2..698f548 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java @@ -257,16 +257,23 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor { checkSymmetricBinding(aim, msg, securityProperties); checkTransportBinding(aim, msg, securityProperties); - // Allow for setting non-standard asymmetric signature algorithms + // Allow for setting non-standard signature algorithms String asymSignatureAlgorithm = (String)msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM); - if (asymSignatureAlgorithm != null) { + String symSignatureAlgorithm = + (String)msg.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) { Collection<AssertionInfo> algorithmSuites = aim.get(SP12Constants.ALGORITHM_SUITE); if (algorithmSuites != null && !algorithmSuites.isEmpty()) { for (AssertionInfo algorithmSuite : algorithmSuites) { AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion(); - algSuite.setAsymmetricSignature(asymSignatureAlgorithm); + if (asymSignatureAlgorithm != null) { + algSuite.setAsymmetricSignature(asymSignatureAlgorithm); + } + if (symSignatureAlgorithm != null) { + algSuite.setSymmetricSignature(symSignatureAlgorithm); + } } } } http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java index ab4537e..771c5e2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java @@ -90,6 +90,11 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler { if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) { abinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm); } + String symSignatureAlgorithm = + (String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (symSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null) { + abinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm); + } if (abinding.getProtectionOrder() == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java index 118be9b..32a038b 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java @@ -113,6 +113,11 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler { if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) { sbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm); } + String symSignatureAlgorithm = + (String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (symSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null) { + sbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm); + } // Set up CallbackHandler which wraps the configured Handler WSSSecurityProperties properties = getProperties(); http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java index 9c35d2c..4f6ba2d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java @@ -95,6 +95,11 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler { if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) { tbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm); } + String symSignatureAlgorithm = + (String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM); + if (symSignatureAlgorithm != null && tbinding.getAlgorithmSuite() != null) { + tbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm); + } TransportToken token = tbinding.getTransportToken(); if (token.getToken() instanceof IssuedToken) { http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java index 808ef07..4fb6422 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java @@ -442,6 +442,31 @@ public class X509TokenTest extends AbstractBusClientServerTestBase { } @org.junit.Test + public void testSymmetric256() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = X509TokenTest.class.getResource("client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + Service service = Service.create(wsdl, SERVICE_QNAME); + QName portQName = new QName(NAMESPACE, "DoubleItSymmetric256Port"); + DoubleItPortType x509Port = + service.getPort(portQName, DoubleItPortType.class); + updateAddressPort(x509Port, test.getPort()); + + if (!test.isStreaming()) { + x509Port.doubleIt(25); + } + + ((java.io.Closeable)x509Port).close(); + bus.shutdown(true); + } + + @org.junit.Test public void testAsymmetricIssuerSerial() throws Exception { SpringBusFactory bf = new SpringBusFactory(); http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl index 172b1bd..dcf01b2 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl @@ -199,6 +199,24 @@ </wsdl:fault> </wsdl:operation> </wsdl:binding> + <wsdl:binding name="DoubleItSymmetric256Binding" type="tns:DoubleItPortType"> + <wsp:PolicyReference URI="#DoubleItSymmetric256Policy"/> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <wsdl:operation name="DoubleIt"> + <soap:operation soapAction=""/> + <wsdl:input> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/> + </wsdl:input> + <wsdl:output> + <soap:body use="literal"/> + <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/> + </wsdl:output> + <wsdl:fault name="DoubleItFault"> + <soap:body use="literal" name="DoubleItFault"/> + </wsdl:fault> + </wsdl:operation> + </wsdl:binding> <wsdl:binding name="DoubleItAsymmetricIssuerSerialBinding" type="tns:DoubleItPortType"> <wsp:PolicyReference URI="#DoubleItAsymmetricIssuerSerialPolicy"/> <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> @@ -638,6 +656,9 @@ <wsdl:port name="DoubleItContentEncryptedElementsPort" binding="tns:DoubleItContentEncryptedElementsBinding"> <soap:address location="http://localhost:9001/DoubleItX509ContentEncryptedElements"/> </wsdl:port> + <wsdl:port name="DoubleItSymmetric256Port" binding="tns:DoubleItSymmetric256Binding"> + <soap:address location="http://localhost:9001/DoubleItX509Symmetric256"/> + </wsdl:port> <wsdl:port name="DoubleItAsymmetricIssuerSerialPort" binding="tns:DoubleItAsymmetricIssuerSerialBinding"> <soap:address location="http://localhost:9001/DoubleItX509Asymmetric"/> </wsdl:port> @@ -1015,6 +1036,37 @@ </wsp:All> </wsp:ExactlyOne> </wsp:Policy> + <wsp:Policy wsu:Id="DoubleItSymmetric256Policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:ProtectionToken> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128Sha256/> + </wsp:Policy> + </sp:AlgorithmSuite> + </wsp:Policy> + </sp:SymmetricBinding> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> <wsp:Policy wsu:Id="DoubleItAsymmetricIssuerSerialPolicy"> <wsp:ExactlyOne> <wsp:All> http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml index ab037e4..c3e58f8 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml @@ -96,6 +96,13 @@ <entry key="security.encryption.username" value="bob"/> </jaxws:properties> </jaxws:client> + <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric256Port"; createdFromAPI="true"> + <jaxws:properties> + <entry key="security.encryption.properties" value="bob.properties"/> + <entry key="security.encryption.username" value="bob"/> + <entry key="ws-security.symmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> + </jaxws:properties> + </jaxws:client> <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricIssuerSerialPort"; createdFromAPI="true"> <jaxws:properties> <entry key="security.encryption.properties" value="bob.properties"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml index 57bb8f0..fa2796b 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml @@ -111,6 +111,13 @@ <entry key="security.signature.properties" value="bob.properties"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="Symmetric256" address="http://localhost:${testutil.ports.x509.Server}/DoubleItX509Symmetric256"; serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric256Port" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="security.signature.properties" value="bob.properties"/> + <entry key="ws-security.symmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> + </jaxws:properties> + </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="Asymmetric" address="http://localhost:${testutil.ports.x509.Server}/DoubleItX509Asymmetric"; serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricIssuerSerialPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml index 94a886d..6c770d9 100644 --- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml @@ -122,6 +122,14 @@ <entry key="ws-security.enable.streaming" value="true"/> </jaxws:properties> </jaxws:endpoint> + <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="Symmetric256" address="http://localhost:${testutil.ports.x509.StaxServer}/DoubleItX509Symmetric256"; serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric256Port" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"> + <jaxws:properties> + <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/> + <entry key="security.signature.properties" value="bob.properties"/> + <entry key="ws-security.enable.streaming" value="true"/> + <entry key="ws-security.symmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/> + </jaxws:properties> + </jaxws:endpoint> <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt"; id="Asymmetric" address="http://localhost:${testutil.ports.x509.StaxServer}/DoubleItX509Asymmetric"; serviceName="s:DoubleItService" endpointName="s:DoubleItAsymmetricIssuerSerialPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl" wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl"> <jaxws:properties> <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
