cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r763672 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/src/test/java/org/apache/cxf/systest/ws/security/ systests/src/test/resources/wsdl_systest/
Date Thu, 09 Apr 2009 14:53:04 GMT
Author: dkulp
Date: Thu Apr  9 14:53:04 2009
New Revision: 763672

URL: http://svn.apache.org/viewvc?rev=763672&view=rev
Log:
[CXF-2165] Fix problems validating messages that are only signed

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=763672&r1=763671&r2=763672&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Thu Apr  9 14:53:04 2009
@@ -473,13 +473,14 @@
             ai.setAsserted(true);
             if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
                 if (abinding.isSignatureProtection()) {
-                    if (prots != Protections.ENCRYPT_SIGN_PROTECT) {
+                    if (prots == Protections.ENCRYPT_SIGN
+                        || prots == Protections.SIGN_ENCRYPT) {
                         ai.setNotAsserted("Not encrypted before signed and then protected");
                     }
-                } else if (prots != Protections.ENCRYPT_SIGN) {
+                } else if (prots != Protections.SIGN_ENCRYPT) {
                     ai.setNotAsserted("Not encrypted before signed");                   

                 }
-            } else if (prots != Protections.SIGN_ENCRYPT && prots != Protections.SIGN)
{
+            } else if (prots == Protections.ENCRYPT_SIGN) {
                 ai.setNotAsserted("Not signed before encrypted");                       
            
             }
             
@@ -512,13 +513,14 @@
             ai.setAsserted(true);
             if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
                 if (abinding.isSignatureProtection()) {
-                    if (prots != Protections.ENCRYPT_SIGN_PROTECT) {
+                    if (prots == Protections.ENCRYPT_SIGN
+                        || prots == Protections.SIGN_ENCRYPT) {
                         ai.setNotAsserted("Not encrypted before signed and then protected");
                     }
-                } else if (prots != Protections.ENCRYPT_SIGN) {
+                } else if (prots == Protections.SIGN_ENCRYPT) {
                     ai.setNotAsserted("Not encrypted before signed");                   

                 }
-            } else if (prots != Protections.SIGN_ENCRYPT) {
+            } else if (prots == Protections.ENCRYPT_SIGN) {
                 ai.setNotAsserted("Not signed before encrypted");                       
            
             }
             assertPolicy(aim, abinding.getInitiatorToken());

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=763672&r1=763671&r2=763672&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Thu Apr  9 14:53:04 2009
@@ -47,6 +47,7 @@
     public static final String POLICY_HTTPS_ADDRESS = "https://localhost:9009/SecPolTest";
     public static final String POLICY_ENCSIGN_ADDRESS = "http://localhost:9010/SecPolTestEncryptThenSign";
     public static final String POLICY_SIGNENC_ADDRESS = "http://localhost:9010/SecPolTestSignThenEncrypt";
+    public static final String POLICY_SIGN_ADDRESS = "http://localhost:9010/SecPolTestSign";
 
     
     public static class ServerPasswordCallback implements CallbackHandler {
@@ -81,7 +82,6 @@
                                             new DoubleItImplEncryptThenSign());
         
         EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo(); 
-        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("bob.properties").toString());
@@ -92,7 +92,15 @@
                                             new DoubleItImplSignThenEncrypt());
         
         ei = ep.getServer().getEndpoint().getEndpointInfo(); 
-        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new ServerPasswordCallback());
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
+        ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("bob.properties").toString());
+        ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("alice.properties").toString());
+
+        ep = (EndpointImpl)Endpoint.publish(POLICY_SIGN_ADDRESS,
+                                            new DoubleItImplSign());
+        ei = ep.getServer().getEndpoint().getEndpointInfo(); 
         ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
         ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("bob.properties").toString());
@@ -114,6 +122,15 @@
                                                       getClass().getResource("bob.properties"));
         pt.doubleIt(BigInteger.valueOf(5));
         
+        pt = service.getDoubleItPortSign();
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

+                                                      new KeystorePasswordCallback());
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+                                                      getClass().getResource("alice.properties"));
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,

+                                                      getClass().getResource("bob.properties"));
+        pt.doubleIt(BigInteger.valueOf(5));
+
         
         pt = service.getDoubleItPortSignThenEncrypt();
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,

@@ -148,6 +165,7 @@
                 throw ex;
             }
         }
+
         
     }
     
@@ -198,4 +216,15 @@
             return numberToDouble.multiply(new BigInteger("2"));
         }
     }
+    @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt", 
+                portName = "DoubleItPortSign",
+                serviceName = "DoubleItService", 
+                endpointInterface = "org.apache.cxf.policytest.doubleit.DoubleItPortType",
+                wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+    public static class DoubleItImplSign implements DoubleItPortType {
+        /** {@inheritDoc}*/
+        public BigInteger doubleIt(BigInteger numberToDouble) {
+            return numberToDouble.multiply(new BigInteger("2"));
+        }
+    }
 }

Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=763672&r1=763671&r2=763672&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Thu Apr  9 14:53:04 2009
@@ -88,6 +88,16 @@
          <wsdl:output><soap:body use="literal"/></wsdl:output>
       </wsdl:operation>
    </wsdl:binding>
+   <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
+      <wsp:PolicyReference URI="#DoubleItSignPolicy"/>
+      <soap:binding style="document"
+         transport="http://schemas.xmlsoap.org/soap/http" />
+      <wsdl:operation name="DoubleIt">
+         <soap:operation soapAction=""/>
+         <wsdl:input><soap:body use="literal"/></wsdl:input>
+         <wsdl:output><soap:body use="literal"/></wsdl:output>
+      </wsdl:operation>
+   </wsdl:binding>
    <wsdl:service name="DoubleItService">
       <wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
          <soap:address 
@@ -105,6 +115,10 @@
          <soap:address 
             location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
       </wsdl:port>
+      <wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
+         <soap:address 
+            location="http://localhost:9010/SecPolTestSign"/>
+      </wsdl:port>
    </wsdl:service>
    
    <wsp:Policy wsu:Id="DoubleItBindingPolicy">
@@ -259,4 +273,55 @@
       </wsp:All>
     </wsp:ExactlyOne>
   </wsp:Policy>
+  
+  
+  <wsp:Policy wsu:Id="DoubleItSignPolicy"
+    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+    <wsp:ExactlyOne>
+        <wsp:All>
+            <sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+                <wsp:Policy>
+                    <sp:InitiatorToken>
+                        <wsp:Policy>
+                            <sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
+                                <wsp:Policy>
+                                    <sp:WssX509V3Token10 />
+                                </wsp:Policy>
+                            </sp:X509Token>
+                        </wsp:Policy>
+                    </sp:InitiatorToken>
+                    <sp:RecipientToken>
+                        <wsp:Policy>
+                            <sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
+                                <wsp:Policy>
+                                    <sp:WssX509V3Token10 />
+                                </wsp:Policy>
+                            </sp:X509Token>
+                        </wsp:Policy>
+                    </sp:RecipientToken>
+                    <sp:AlgorithmSuite>
+                        <wsp:Policy>
+                            <sp:Basic256 />
+                        </wsp:Policy>
+                    </sp:AlgorithmSuite>
+                    <sp:Layout>
+                        <wsp:Policy>
+                            <sp:Strict />
+                        </wsp:Policy>
+                    </sp:Layout>
+                    <sp:OnlySignEntireHeadersAndBody />
+                </wsp:Policy>
+            </sp:AsymmetricBinding>
+            <sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+                <wsp:Policy>
+                    <sp:MustSupportRefEmbeddedToken />
+                </wsp:Policy>
+            </sp:Wss10>
+            <sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+                <sp:Body />
+            </sp:SignedParts>
+        </wsp:All>
+    </wsp:ExactlyOne>
+</wsp:Policy>
+  
 </wsdl:definitions>



Mime
View raw message