[CXF-6582] - Support newer symmetric signature algorithms with WS-SecurityPolicy
Conflicts:
rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1f34111b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1f34111b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1f34111b
Branch: refs/heads/3.0.x-fixes
Commit: 1f34111b911c24c9e69450f75e223a1d77969ba5
Parents: edb79aa
Author: Colm O hEigeartaigh <[email protected]>
Authored: Mon Sep 7 15:02:20 2015 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Mon Sep 7 15:51:15 2015 +0100
----------------------------------------------------------------------
.../cxf/ws/security/SecurityConstants.java | 15 ++++++
.../wss4j/PolicyBasedWSS4JInInterceptor.java | 24 +++++++--
.../wss4j/PolicyBasedWSS4JOutInterceptor.java | 8 +++
.../PolicyBasedWSS4JStaxInInterceptor.java | 13 +++--
.../StaxAsymmetricBindingHandler.java | 5 ++
.../StaxSymmetricBindingHandler.java | 5 ++
.../StaxTransportBindingHandler.java | 5 ++
.../cxf/systest/ws/x509/X509TokenTest.java | 25 ++++++++++
.../cxf/systest/ws/x509/DoubleItX509.wsdl | 52 ++++++++++++++++++++
.../org/apache/cxf/systest/ws/x509/client.xml | 7 +++
.../org/apache/cxf/systest/ws/x509/server.xml | 7 +++
.../apache/cxf/systest/ws/x509/stax-server.xml | 8 +++
12 files changed, 168 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 46f047e..ae8b26b 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -382,6 +382,14 @@ public final class SecurityConstants {
*/
public static final String ASYMMETRIC_SIGNATURE_ALGORITHM =
"ws-security.asymmetric.signature.algorithm";
+
+ /**
+ * This configuration tag allows the user to override the default
Symmetric Signature
+ * algorithm (HMAC-SHA1) for use in WS-SecurityPolicy, as the
WS-SecurityPolicy specification
+ * does not allow the use of other algorithms at present.
+ */
+ public static final String SYMMETRIC_SIGNATURE_ALGORITHM =
+ "ws-security.symmetric.signature.algorithm";
/**
* This holds a reference to a PasswordEncryptor instance, which is used
to encrypt or
@@ -663,11 +671,18 @@ public final class SecurityConstants {
TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER,
SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
ASYMMETRIC_SIGNATURE_ALGORITHM, PASSWORD_ENCRYPTOR_INSTANCE,
ENABLE_SAML_ONE_TIME_USE_CACHE,
SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY,
RETURN_SECURITY_ERROR,
+<<<<<<< HEAD
CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION,
KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
STS_TOKEN_IMMINENT_EXPIRY_VALUE,
KERBEROS_REQUEST_CREDENTIAL_DELEGATION,
ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
AUDIENCE_RESTRICTION_VALIDATION, STORE_BYTES_IN_ATTACHMENT,
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
+=======
+ CACHE_IDENTIFIER, DELEGATED_CREDENTIAL,
KERBEROS_USE_CREDENTIAL_DELEGATION,
+ KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM,
KERBEROS_REQUEST_CREDENTIAL_DELEGATION,
+ POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT,
USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM,
+ SYMMETRIC_SIGNATURE_ALGORITHM
+>>>>>>> 5fbe7b4... [CXF-6582] - Support newer symmetric signature algorithms
with WS-SecurityPolicy
}));
ALL_PROPERTIES = Collections.unmodifiableSet(s);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 2dd4880..4f9cedd 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -615,12 +615,23 @@ public class PolicyBasedWSS4JInInterceptor extends
WSS4JInInterceptor {
AlgorithmSuiteTranslater translater = new AlgorithmSuiteTranslater();
translater.translateAlgorithmSuites(message.get(AssertionInfoMap.class), data);
- // Allow for setting non-standard asymmetric signature algorithms
+ // Allow for setting non-standard signature algorithms
+ boolean asymmAlgSet = false;
String asymSignatureAlgorithm =
(String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
if (asymSignatureAlgorithm != null && data.getAlgorithmSuite() !=
null) {
data.getAlgorithmSuite().getSignatureMethods().clear();
data.getAlgorithmSuite().getSignatureMethods().add(asymSignatureAlgorithm);
+ asymmAlgSet = true;
+ }
+
+ String symSignatureAlgorithm =
+
(String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (symSignatureAlgorithm != null && data.getAlgorithmSuite() != null)
{
+ if (!asymmAlgSet) {
+ data.getAlgorithmSuite().getSignatureMethods().clear();
+ }
+
data.getAlgorithmSuite().getSignatureMethods().add(symSignatureAlgorithm);
}
}
@@ -643,13 +654,20 @@ public class PolicyBasedWSS4JInInterceptor extends
WSS4JInInterceptor {
// Allow for setting non-standard asymmetric signature algorithms
String asymSignatureAlgorithm =
(String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
- if (asymSignatureAlgorithm != null) {
+ String symSignatureAlgorithm =
+
(String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null || symSignatureAlgorithm !=
null) {
Collection<AssertionInfo> algorithmSuites =
aim.get(SP12Constants.ALGORITHM_SUITE);
if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
for (AssertionInfo algorithmSuite : algorithmSuites) {
AlgorithmSuite algSuite =
(AlgorithmSuite)algorithmSuite.getAssertion();
-
algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ if (asymSignatureAlgorithm != null) {
+
algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+ if (symSignatureAlgorithm != null) {
+
algSuite.setSymmetricSignature(symSignatureAlgorithm);
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index 0dbb313..a603c4e 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -168,6 +168,7 @@ public class PolicyBasedWSS4JOutInterceptor extends
AbstractPhaseInterceptor<Soa
policy);
}
+<<<<<<< HEAD
if (transport != null) {
WSSecHeader secHeader = new WSSecHeader(actor,
mustUnderstand);
Element el = null;
@@ -197,6 +198,13 @@ public class PolicyBasedWSS4JOutInterceptor extends
AbstractPhaseInterceptor<Soa
if (asymSignatureAlgorithm != null &&
transport.getAlgorithmSuite() != null) {
transport.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
}
+=======
+ String symSignatureAlgorithm =
+
(String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (symSignatureAlgorithm != null &&
binding.getAlgorithmSuite() != null) {
+
binding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ }
+>>>>>>> 5fbe7b4... [CXF-6582] - Support newer symmetric signature algorithms
with WS-SecurityPolicy
if (transport instanceof TransportBinding) {
new TransportBindingHandler(config,
(TransportBinding)transport, saaj,
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 284fe79..1d00486 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -255,16 +255,23 @@ public class PolicyBasedWSS4JStaxInInterceptor extends
WSS4JStaxInInterceptor {
checkSymmetricBinding(aim, msg, securityProperties);
checkTransportBinding(aim, msg, securityProperties);
- // Allow for setting non-standard asymmetric signature algorithms
+ // Allow for setting non-standard signature algorithms
String asymSignatureAlgorithm =
(String)msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
- if (asymSignatureAlgorithm != null) {
+ String symSignatureAlgorithm =
+
(String)msg.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
Collection<AssertionInfo> algorithmSuites =
aim.get(SP12Constants.ALGORITHM_SUITE);
if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
for (AssertionInfo algorithmSuite : algorithmSuites) {
AlgorithmSuite algSuite =
(AlgorithmSuite)algorithmSuite.getAssertion();
- algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ if (asymSignatureAlgorithm != null) {
+
algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+ }
+ if (symSignatureAlgorithm != null) {
+ algSuite.setSymmetricSignature(symSignatureAlgorithm);
+ }
}
}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index 843ffd2..10278d1 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -88,6 +88,11 @@ public class StaxAsymmetricBindingHandler extends
AbstractStaxBindingHandler {
if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() !=
null) {
abinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
}
+ String symSignatureAlgorithm =
+
(String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (symSignatureAlgorithm != null && abinding.getAlgorithmSuite() !=
null) {
+
abinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ }
if (abinding.getProtectionOrder()
==
AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index d5a3084..c6171e0 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -112,6 +112,11 @@ public class StaxSymmetricBindingHandler extends
AbstractStaxBindingHandler {
if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() !=
null) {
sbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
}
+ String symSignatureAlgorithm =
+
(String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (symSignatureAlgorithm != null && sbinding.getAlgorithmSuite() !=
null) {
+
sbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ }
// Set up CallbackHandler which wraps the configured Handler
WSSSecurityProperties properties = getProperties();
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index decb8c3..d24c85d 100644
---
a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -94,6 +94,11 @@ public class StaxTransportBindingHandler extends
AbstractStaxBindingHandler {
if (asymSignatureAlgorithm != null &&
tbinding.getAlgorithmSuite() != null) {
tbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
}
+ String symSignatureAlgorithm =
+
(String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+ if (symSignatureAlgorithm != null &&
tbinding.getAlgorithmSuite() != null) {
+
tbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+ }
TransportToken token = tbinding.getTransportToken();
if (token.getToken() instanceof IssuedToken) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
index 90dd1a4..17df31d 100644
---
a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
+++
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
@@ -442,6 +442,31 @@ public class X509TokenTest extends
AbstractBusClientServerTestBase {
}
@org.junit.Test
+ public void testSymmetric256() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = X509TokenTest.class.getResource("client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+ Service service = Service.create(wsdl, SERVICE_QNAME);
+ QName portQName = new QName(NAMESPACE, "DoubleItSymmetric256Port");
+ DoubleItPortType x509Port =
+ service.getPort(portQName, DoubleItPortType.class);
+ updateAddressPort(x509Port, test.getPort());
+
+ if (!test.isStreaming()) {
+ x509Port.doubleIt(25);
+ }
+
+ ((java.io.Closeable)x509Port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
public void testAsymmetricIssuerSerial() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
index 64adb76..679c4ce 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
@@ -199,6 +199,24 @@
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
+ <wsdl:binding name="DoubleItSymmetric256Binding"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSymmetric256Policy"/>
+ <soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction=""/>
+ <wsdl:input>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal"/>
+ <wsp:PolicyReference
URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+ </wsdl:output>
+ <wsdl:fault name="DoubleItFault">
+ <soap:body use="literal" name="DoubleItFault"/>
+ </wsdl:fault>
+ </wsdl:operation>
+ </wsdl:binding>
<wsdl:binding name="DoubleItAsymmetricIssuerSerialBinding"
type="tns:DoubleItPortType">
<wsp:PolicyReference URI="#DoubleItAsymmetricIssuerSerialPolicy"/>
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -638,6 +656,9 @@
<wsdl:port name="DoubleItContentEncryptedElementsPort"
binding="tns:DoubleItContentEncryptedElementsBinding">
<soap:address
location="http://localhost:9001/DoubleItX509ContentEncryptedElements"/>
</wsdl:port>
+ <wsdl:port name="DoubleItSymmetric256Port"
binding="tns:DoubleItSymmetric256Binding">
+ <soap:address
location="http://localhost:9001/DoubleItX509Symmetric256"/>
+ </wsdl:port>
<wsdl:port name="DoubleItAsymmetricIssuerSerialPort"
binding="tns:DoubleItAsymmetricIssuerSerialBinding">
<soap:address
location="http://localhost:9001/DoubleItX509Asymmetric"/>
</wsdl:port>
@@ -1012,6 +1033,37 @@
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSymmetric256Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Sha256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
<wsp:Policy wsu:Id="DoubleItAsymmetricIssuerSerialPolicy">
<wsp:ExactlyOne>
<wsp:All>
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
index fccc71c..9977560 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
@@ -96,6 +96,13 @@
<entry key="ws-security.encryption.username" value="bob"/>
</jaxws:properties>
</jaxws:client>
+ <jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric256Port";
createdFromAPI="true">
+ <jaxws:properties>
+ <entry key="security.encryption.properties"
value="bob.properties"/>
+ <entry key="security.encryption.username" value="bob"/>
+ <entry key="ws-security.symmetric.signature.algorithm"
value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+ </jaxws:properties>
+ </jaxws:client>
<jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricIssuerSerialPort";
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.encryption.properties"
value="bob.properties"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
index 0b971b3..5409e8c 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
@@ -111,6 +111,13 @@
<entry key="ws-security.signature.properties"
value="bob.properties"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Symmetric256"
address="http://localhost:${testutil.ports.x509.Server}/DoubleItX509Symmetric256";
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric256Port"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.symmetric.signature.algorithm"
value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Asymmetric"
address="http://localhost:${testutil.ports.x509.Server}/DoubleItX509Asymmetric";
serviceName="s:DoubleItService"
endpointName="s:DoubleItAsymmetricIssuerSerialPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
http://git-wip-us.apache.org/repos/asf/cxf/blob/1f34111b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
----------------------------------------------------------------------
diff --git
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
index 3891fcc..e79df31 100644
---
a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
+++
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
@@ -122,6 +122,14 @@
<entry key="ws-security.enable.streaming" value="true"/>
</jaxws:properties>
</jaxws:endpoint>
+ <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Symmetric256"
address="http://localhost:${testutil.ports.x509.StaxServer}/DoubleItX509Symmetric256";
serviceName="s:DoubleItService" endpointName="s:DoubleItSymmetric256Port"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+ <jaxws:properties>
+ <entry key="security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+ <entry key="security.signature.properties" value="bob.properties"/>
+ <entry key="ws-security.enable.streaming" value="true"/>
+ <entry key="ws-security.symmetric.signature.algorithm"
value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+ </jaxws:properties>
+ </jaxws:endpoint>
<jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt";
id="Asymmetric"
address="http://localhost:${testutil.ports.x509.StaxServer}/DoubleItX509Asymmetric";
serviceName="s:DoubleItService"
endpointName="s:DoubleItAsymmetricIssuerSerialPort"
implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
<jaxws:properties>
<entry key="ws-security.callback-handler"
value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
