cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r698251 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/src/test/java/org/apache/cxf/systest/ws/security/ systests/src/te...
Date Tue, 23 Sep 2008 17:29:10 GMT
Author: dkulp
Date: Tue Sep 23 10:29:10 2008
New Revision: 698251

URL: http://svn.apache.org/viewvc?rev=698251&view=rev
Log:
Get Encrypt+Sign+SignatureProtection working

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
Tue Sep 23 10:29:10 2008
@@ -213,6 +213,16 @@
         return properties;
     }
     
+    String addToAction(String action, String val, boolean pre) {
+        if (action.contains(val)) {
+            return action;
+        }
+        if (pre) {
+            return val + " " + action; 
+        } 
+        return action + " " + val;
+    }
+    
     protected void checkPolicies(SoapMessage message, RequestData data) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
@@ -225,7 +235,7 @@
             if (ais != null) {
                 for (AssertionInfo ai : ais) {
                     if (!action.contains(WSHandlerConstants.TIMESTAMP)) {
-                        action = WSHandlerConstants.TIMESTAMP + " " + action;
+                        action = addToAction(action, WSHandlerConstants.TIMESTAMP, true);
                     }
                     ai.setAsserted(true);
                 }                    
@@ -251,9 +261,11 @@
                 for (AssertionInfo ai : ais) {
                     AsymmetricBinding abinding = (AsymmetricBinding)ai.getAssertion();
                     if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
-                        action = "Encrypt Signature " + action;
+                        action = addToAction(action, "Signature", true);
+                        action = addToAction(action, "Encrypt", true);
                     } else {
-                        action = "Signature Encrypt " + action;                      
+                        action = addToAction(action, "Encrypt", true);
+                        action = addToAction(action, "Signature", true);
                     }
                     Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
                     Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Tue Sep 23 10:29:10 2008
@@ -24,6 +24,7 @@
 import java.util.Map;
 import java.util.Vector;
 
+import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Element;
@@ -68,13 +69,10 @@
     private String encryptedKeyId;
     private byte[] encryptedKeyValue;
     
-    private Map<Token, WSSecBase> sigSuppTokMap;
-    private Map<Token, WSSecBase> sgndEndSuppTokMap;
-    private Map<Token, WSSecBase> sgndEncSuppTokMap;
-    private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
-    private Map<Token, WSSecBase> endSuppTokMap;
     private Map<Token, WSSecBase> endEncSuppTokMap;
-
+    private Map<Token, WSSecBase> endSuppTokMap;
+    private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
+    private Map<Token, WSSecBase> sgndEndSuppTokMap;
     
     public AsymmetricBindingHandler(AsymmetricBinding binding,
                                     SOAPMessage saaj,
@@ -101,67 +99,88 @@
     }
 
 
+    private void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
+        
+        SupportingToken sgndSuppTokens = 
+            (SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+        
+        Map<Token, WSSecBase> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);
          
+        
+        SupportingToken endSuppTokens = 
+            (SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+        
+        endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
+        
+        SupportingToken sgndEndSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
+        
+        SupportingToken sgndEncryptedSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        Map<Token, WSSecBase> sgndEncSuppTokMap 
+            = this.handleSupportingTokens(sgndEncryptedSuppTokens);
+        
+        SupportingToken endorsingEncryptedSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        endEncSuppTokMap 
+            = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
+        
+        SupportingToken sgndEndEncSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        sgndEndEncSuppTokMap 
+            = this.handleSupportingTokens(sgndEndEncSuppTokens);
+        
+        SupportingToken supportingToks 
+            = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
+        this.handleSupportingTokens(supportingToks);
+        
+        SupportingToken encryptedSupportingToks 
+            = (SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+        this.handleSupportingTokens(encryptedSupportingToks);
+    
+        //Setup signature parts
+        addSignatureParts(sigSuppTokMap, sigs);
+        addSignatureParts(sgndEncSuppTokMap, sigs);
+        addSignatureParts(sgndEndSuppTokMap, sigs);
+        addSignatureParts(sgndEndEncSuppTokMap, sigs);
+
+        //Add timestamp
+        if (timestampEl != null) {
+            Element el = timestampEl.getElement();
+            sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+        }
+    }
     private void doSignBeforeEncrypt() {
         try {
             Vector<WSEncryptionPart> sigs = getSignedParts();
             if (isRequestor()) {
-                SupportingToken sgndSuppTokens = 
-                    (SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-                
-                sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);           
-                
-                SupportingToken endSuppTokens = 
-                    (SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-                
-                endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
-                
-                SupportingToken sgndEndSuppTokens 
-                    = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-                sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
-                
-                SupportingToken sgndEncryptedSuppTokens 
-                    = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-                sgndEncSuppTokMap = this.handleSupportingTokens(sgndEncryptedSuppTokens);
-                
-                SupportingToken endorsingEncryptedSuppTokens 
-                    = (SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-                endEncSuppTokMap = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
-                
-                SupportingToken sgndEndEncSuppTokens 
-                    = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-                sgndEndEncSuppTokMap = this.handleSupportingTokens(sgndEndEncSuppTokens);
-                
-                SupportingToken supportingToks 
-                    = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
-                this.handleSupportingTokens(supportingToks);
-                
-                SupportingToken encryptedSupportingToks 
-                    = (SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
-                this.handleSupportingTokens(encryptedSupportingToks);
-            
-                //Setup signature parts
-                addSignatureParts(sigSuppTokMap, sigs);
-                addSignatureParts(sgndEncSuppTokMap, sigs);
-                addSignatureParts(sgndEndSuppTokMap, sigs);
-                addSignatureParts(sgndEndEncSuppTokMap, sigs);
-
-                
-                //Add timestamp
-                if (timestampEl != null) {
-                    Element el = timestampEl.getElement();
-                    sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
-                }
-                doSignature(sigs);
+                addSupportingTokens(sigs);
+                doSignature(sigs, null);
                 doEndorse();
-                
             } else {
                 //confirm sig
                 addSignatureConfirmation(sigs);
-                doSignature(sigs);
+                doSignature(sigs, null);
             }
 
             Vector<WSEncryptionPart> enc = getEncryptedParts();
-            doEncyption(enc);
+            
+            //Check for signature protection
+            if (abinding.isSignatureProtection() && mainSigId != null) {
+                enc.add(new WSEncryptionPart(mainSigId, "Element"));
+            }
+            
+            if (isRequestor()) {
+                for (String id : encryptedTokensIdList) {
+                    enc.add(new WSEncryptionPart(id, "Element"));
+                }
+            }
+
+            //Do encryption
+            RecipientToken recToken = abinding.getRecipientToken();
+
+            
+            doEncryption(recToken, enc, false);
         } catch (Exception e) {
             e.printStackTrace();
             //REVISIT!!
@@ -169,10 +188,143 @@
     }
 
     private void doEncryptBeforeSign() {
-        // REVISIT 
+        TokenWrapper wrapper;
+        Token encryptionToken = null;
+        if (isRequestor()) {
+            wrapper = abinding.getRecipientToken();
+        } else {
+            wrapper = abinding.getInitiatorToken();
+        }
+        encryptionToken = wrapper.getToken();
+        Vector<WSEncryptionPart> encrParts = null;
+        Vector<WSEncryptionPart> sigParts = null;
+        try {
+            encrParts = getEncryptedParts();
+            //Signed parts are determined before encryption because encrypted signed  headers
+            //will not be included otherwise
+            sigParts = getSignedParts();
+        } catch (SOAPException e1) {
+            //REVISIT - exception
+            e1.printStackTrace();
+        }
+        
         
+        if (encryptionToken == null && encrParts.size() > 0) {
+            //REVISIT - no token to encrypt with  
+        }
+        
+        
+        if (encryptionToken != null && encrParts.size() > 0) {
+            WSSecBase encrBase = doEncryption(wrapper, encrParts, true);
+            handleEncryptedSignedHeaders(encrParts, sigParts);
+            
+            
+            if (timestampEl != null) {
+                sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
+            }
+            
+            if (isRequestor()) {
+                addSupportingTokens(sigParts);
+            } else {
+                addSignatureConfirmation(sigParts);
+            }
+            
+            if ((sigParts.size() > 0 
+                    && isRequestor()
+                    && abinding.getInitiatorToken() != null) 
+                || (!isRequestor() && abinding.getRecipientToken() != null)) {
+                try {
+                    Element appendEl = null;
+                    if (encryptionToken.isDerivedKeys()) {
+                        appendEl = ((WSSecDKEncrypt)encrBase).getdktElement();
+                    } else {
+                        appendEl = ((WSSecEncrypt)encrBase).getEncryptedKeyElement();
+                    }
+                    doSignature(sigParts, appendEl);
+                } catch (WSSecurityException e) {
+                    //REVISIT - exception
+                    e.printStackTrace();
+                }
+            }
+
+            if (isRequestor()) {
+                doEndorse();
+            }
+            
+            // Check for signature protection
+            if (abinding.isSignatureProtection() && mainSigId != null) {
+                Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
+
+                // Now encrypt the signature using the above token
+                secondEncrParts.add(new WSEncryptionPart(mainSigId, "Element"));
+                
+                if (isRequestor()) {
+                    for (String id : encryptedTokensIdList) {
+                        secondEncrParts.add(new WSEncryptionPart(id, "Element"));
+                    }
+                }
+
+                if (encryptionToken.isDerivedKeys()) {
+                    try {
+                        Element secondRefList 
+                            = ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+                        ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+
+                    } catch (WSSecurityException e) {
+                        //REVISIT - exception
+                        e.printStackTrace();
+                    }
+                } else {
+                    try {
+                        // Encrypt, get hold of the ref list and add it
+                        Element secondRefList 
+                            = ((WSSecEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+                        insertAfter(secondRefList, secHeader.getSecurityHeader(), 
+                                    ((WSSecEncrypt)encrBase).getEncryptedKeyElement());
+                        
+                    } catch (WSSecurityException e) {
+                        //REVISIT - exception
+                        e.printStackTrace();
+                    }
+                }
+            }
+        }
     }
     
+    public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> encryptedParts,

+                                              Vector<WSEncryptionPart> signedParts)
{
+        
+        for (WSEncryptionPart signedPart : signedParts) {
+            if (signedPart.getNamespace() == null || signedPart.getName() == null) {
+                continue;
+            }
+             
+            for (WSEncryptionPart encryptedPart : encryptedParts) {
+                if (encryptedPart.getNamespace() == null 
+                    || encryptedPart.getName() == null) {
+                    continue;
+                }
+                
+                if (signedPart.getName().equals(encryptedPart.getName()) 
+                    && signedPart.getNamespace().equals(encryptedPart.getNamespace()))
{
+                    
+                    String encDataID =  encryptedPart.getEncId();                    
+                    Element encDataElem = WSSecurityUtil
+                        .findElementById(saaj.getSOAPPart().getDocumentElement(),
+                                         encDataID, null);
+                    
+                    if (encDataElem != null) {
+                        Element encHeader = (Element)encDataElem.getParentNode();
+                        String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS,
"Id");
+                        
+                        signedParts.remove(signedPart);
+                        WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
+                        signedParts.add(encHeaderToSign);
+                    }
+                }
+            }
+        }
+    }
     
     protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts) {
         Wss10 wss10 = getWss10();
@@ -225,7 +377,6 @@
         }
     }
 
-    
     private void doEndorse() {
         // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
         endSuppTokMap.putAll(endEncSuppTokMap);
@@ -238,25 +389,14 @@
         doEndorsedSignatures(sgndEndSuppTokMap, abinding.isTokenProtection());
     }    
     
-    private void doEncyption(Vector<WSEncryptionPart> encrParts) {
-        //Check for signature protection
-        if (abinding.isSignatureProtection() && mainSigId != null) {
-            encrParts.add(new WSEncryptionPart(mainSigId, "Element"));
-        }
-        
-        if (isRequestor()) {
-            for (String id : encryptedTokensIdList) {
-                encrParts.add(new WSEncryptionPart(id, "Element"));
-            }
-        }
-
+    private WSSecBase doEncryption(TokenWrapper recToken,
+                                    Vector<WSEncryptionPart> encrParts,
+                                    boolean externalRef) {
         //Do encryption
-        RecipientToken recToken = abinding.getRecipientToken();
-        if (recToken != null && recToken.getRecipientToken() != null && encrParts.size()
> 0) {
-            Token encrToken = recToken.getRecipientToken();
+        if (recToken != null && recToken.getToken() != null && encrParts.size()
> 0) {
+            Token encrToken = recToken.getToken();
             policyAsserted(recToken);
             policyAsserted(encrToken);
-            Element refList = null;
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             if (encrToken.isDerivedKeys()) {
                 try {
@@ -267,6 +407,7 @@
                     }
                     
                     dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+                    dkEncr.setParts(encrParts);
                     dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
                             + WSConstants.ENC_KEY_VALUE_TYPE);
                     dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
@@ -274,8 +415,9 @@
                     dkEncr.prepare(saaj.getSOAPPart());
                     
                     dkEncr.prependDKElementToHeader(secHeader);
-                    refList = dkEncr.encryptForExternalRef(null, encrParts);
-                    
+                    Element refList = dkEncr.encryptForExternalRef(null, encrParts);
+                    dkEncr.addExternalRefElement(refList, secHeader);
+                    return dkEncr;
                 } catch (Exception e) {
                     policyNotAsserted(recToken, e);
                 }
@@ -301,18 +443,23 @@
                     Element encryptedKeyElement = encr.getEncryptedKeyElement();
                                        
                     //Encrypt, get hold of the ref list and add it
-                    refList = encr.encryptForInternalRef(null, encrParts);
-                    
-                    //Add internal refs
-                    encryptedKeyElement.appendChild(refList);
+                    if (externalRef) {
+                        Element refList = encr.encryptForExternalRef(null, encrParts);
+                        secHeader.getSecurityHeader().appendChild(refList);
+                    } else {
+                        Element refList = encr.encryptForInternalRef(null, encrParts);
                     
+                        // Add internal refs
+                        encryptedKeyElement.appendChild(refList);
+                    }
                     encr.prependToHeader(secHeader);
-
+                    return encr;
                 } catch (WSSecurityException e) {
                     policyNotAsserted(recToken, e.getMessage());
                 }    
             }
         }
+        return null;
     }    
     
     private void assertUnusedTokens(TokenWrapper wrapper) {
@@ -329,7 +476,8 @@
             }
         }
     }
-    private void doSignature(Vector<WSEncryptionPart> sigParts) throws WSSecurityException
{
+    private void doSignature(Vector<WSEncryptionPart> sigParts,
+                             Element appendAfter) throws WSSecurityException {
         Token sigToken = null;
         TokenWrapper wrapper = null;
         if (isRequestor()) {
@@ -390,7 +538,13 @@
             sig.addReferencesToSign(sigParts, secHeader);
             sig.computeSignature();
 
-            sig.prependToHeader(secHeader);
+            if (appendAfter != null) {
+                insertAfter(sig.getSignatureElement(),
+                            secHeader.getSecurityHeader(),
+                            appendAfter);
+            } else {
+                sig.prependToHeader(secHeader);
+            }
 
             mainSigId = addWsuIdToElement(sig.getSignatureElement());
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
Tue Sep 23 10:29:10 2008
@@ -171,6 +171,14 @@
             return ais.iterator().next().getAssertion();
         }
         return null;
+    } 
+    
+    protected void insertAfter(Element child, Element parent, Element sib) {
+        if (sib.getNextSibling() == null) {
+            parent.appendChild(child);
+        } else {
+            parent.insertBefore(child, sib.getNextSibling());
+        }
     }
         
     protected WSSecTimestamp createTimestamp() {

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Tue Sep 23 10:29:10 2008
@@ -45,7 +45,8 @@
 public class SecurityPolicyTest extends AbstractBusClientServerTestBase  {
     public static final String POLICY_ADDRESS = "http://localhost:9010/SecPolTest";
     public static final String POLICY_HTTPS_ADDRESS = "https://localhost:9009/SecPolTest";
-    public static final String POLICY_ENC_ADDRESS = "http://localhost:9010/SecPolTestEncrypt";
+    public static final String POLICY_ENCSIGN_ADDRESS = "http://localhost:9010/SecPolTestEncryptThenSign";
+    public static final String POLICY_SIGNENC_ADDRESS = "http://localhost:9010/SecPolTestSignThenEncrypt";
 
     
     public static class ServerPasswordCallback implements CallbackHandler {
@@ -76,12 +77,24 @@
         Endpoint.publish(POLICY_ADDRESS,
                          new DoubleItImpl());
         
-        ep = (EndpointImpl)Endpoint.publish(POLICY_ENC_ADDRESS,
-                                            new DoubleItImplEncrypt());
+        ep = (EndpointImpl)Endpoint.publish(POLICY_ENCSIGN_ADDRESS,
+                                            new DoubleItImplEncryptThenSign());
         
         EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo(); 
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
+        ei.setProperty(SecurityConstants.USERNAME, "alice");
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
+        ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("alice.properties").toString());
+        ei.setProperty(SecurityConstants.ENCRYPT_USERNAME, "bob");
+        ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("bob.properties").toString());
+
+        ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_ADDRESS,
+                                            new DoubleItImplSignThenEncrypt());
         
+        ei = ep.getServer().getEndpoint().getEndpointInfo(); 
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
         ei.setProperty(SecurityConstants.USERNAME, "alice");
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
@@ -96,7 +109,19 @@
         DoubleItService service = new DoubleItService();
         DoubleItPortType pt;
 
-        pt = service.getDoubleItPortEncrypt();
+        pt = service.getDoubleItPortEncryptThenSign();
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "alice");
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

+                                                      new KeystorePasswordCallback());
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+                                                      getClass().getResource("alice.properties"));
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_USERNAME,
"Bob");
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

+                                                      getClass().getResource("bob.properties"));
+        pt.doubleIt(BigInteger.valueOf(5));
+        
+        
+        pt = service.getDoubleItPortSignThenEncrypt();
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.USERNAME, "alice");
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

                                                       new KeystorePasswordCallback());
@@ -159,11 +184,22 @@
         }
     }
     @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt", 
-                portName = "DoubleItPortEncrypt",
+                portName = "DoubleItPortEncryptThenSign",
+                serviceName = "DoubleItService", 
+                endpointInterface = "org.apache.cxf.policytest.doubleit.DoubleItPortType",
+                wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+    public static class DoubleItImplEncryptThenSign implements DoubleItPortType {
+        /** {@inheritDoc}*/
+        public BigInteger doubleIt(BigInteger numberToDouble) {
+            return numberToDouble.multiply(new BigInteger("2"));
+        }
+    }
+    @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt", 
+                portName = "DoubleItPortSignThenEncrypt",
                 serviceName = "DoubleItService", 
                 endpointInterface = "org.apache.cxf.policytest.doubleit.DoubleItPortType",
                 wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
-    public static class DoubleItImplEncrypt implements DoubleItPortType {
+    public static class DoubleItImplSignThenEncrypt implements DoubleItPortType {
         /** {@inheritDoc}*/
         public BigInteger doubleIt(BigInteger numberToDouble) {
             return numberToDouble.multiply(new BigInteger("2"));

Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=698251&r1=698250&r2=698251&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Tue Sep 23 10:29:10 2008
@@ -68,8 +68,18 @@
          <wsdl:output><soap:body use="literal"/></wsdl:output>
       </wsdl:operation>
    </wsdl:binding>
-   <wsdl:binding name="DoubleItBindingEncrypt" type="tns:DoubleItPortType">
-      <wsp:PolicyReference URI="#DoubleItEncryptPolicy"/>
+   <wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
+      <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy"/>
+      <soap:binding style="document"
+         transport="http://schemas.xmlsoap.org/soap/http" />
+      <wsdl:operation name="DoubleIt">
+         <soap:operation soapAction=""/>
+         <wsdl:input><soap:body use="literal"/></wsdl:input>
+         <wsdl:output><soap:body use="literal"/></wsdl:output>
+      </wsdl:operation>
+   </wsdl:binding>
+   <wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
+      <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy"/>
       <soap:binding style="document"
          transport="http://schemas.xmlsoap.org/soap/http" />
       <wsdl:operation name="DoubleIt">
@@ -87,9 +97,13 @@
          <soap:address 
             location="http://localhost:9010/SecPolTest"/>
       </wsdl:port>
-      <wsdl:port name="DoubleItPortEncrypt" binding="tns:DoubleItBindingEncrypt">
+      <wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
          <soap:address 
-            location="http://localhost:9010/SecPolTestEncrypt"/>
+            location="http://localhost:9010/SecPolTestEncryptThenSign"/>
+      </wsdl:port>
+      <wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
+         <soap:address 
+            location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
       </wsdl:port>
    </wsdl:service>
    
@@ -137,7 +151,61 @@
          </wsp:All>
       </wsp:ExactlyOne>
    </wsp:Policy>
-  <wsp:Policy wsu:Id="DoubleItEncryptPolicy">
+  <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+    <wsp:ExactlyOne>
+      <wsp:All>
+        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+          <wsp:Policy>
+            <sp:InitiatorToken>
+              <wsp:Policy>
+                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                  <wsp:Policy>
+                    <sp:WssX509V1Token11/>
+                  </wsp:Policy>
+                  </sp:X509Token>
+              </wsp:Policy>
+            </sp:InitiatorToken>
+            <sp:RecipientToken>
+              <wsp:Policy>
+                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+                  <wsp:Policy>
+                    <sp:WssX509V1Token11/>
+                  </wsp:Policy>
+                </sp:X509Token>
+              </wsp:Policy>
+            </sp:RecipientToken>
+            <sp:AlgorithmSuite>
+              <wsp:Policy>
+                <sp:TripleDesRsa15/>
+              </wsp:Policy>
+            </sp:AlgorithmSuite>
+            <sp:Layout>
+              <wsp:Policy>
+                <sp:Lax/>
+              </wsp:Policy>
+            </sp:Layout>
+            <sp:IncludeTimestamp/>
+            <sp:EncryptSignature/>
+            <sp:OnlySignEntireHeadersAndBody/>
+            <sp:EncryptBeforeSigning/>
+          </wsp:Policy>
+        </sp:AsymmetricBinding>
+        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+          <sp:Body/>
+        </sp:SignedParts>
+        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+          <sp:Body/>
+        </sp:EncryptedParts>
+        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+          <wsp:Policy>
+            <!-- sp:MustSupportRefKeyIdentifier/-->
+            <sp:MustSupportRefIssuerSerial/>
+          </wsp:Policy>
+        </sp:Wss10>
+      </wsp:All>
+    </wsp:ExactlyOne>
+  </wsp:Policy>
+  <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
     <wsp:ExactlyOne>
       <wsp:All>
         <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -173,6 +241,7 @@
             <sp:IncludeTimestamp/>
             <sp:EncryptSignature/>
             <sp:OnlySignEntireHeadersAndBody/>
+            <sp:SignBeforeEncrypting/>
           </wsp:Policy>
         </sp:AsymmetricBinding>
         <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -190,5 +259,4 @@
       </wsp:All>
     </wsp:ExactlyOne>
   </wsp:Policy>
-
 </wsdl:definitions>



Mime
View raw message