cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r792264 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandler...
Date Wed, 08 Jul 2009 19:02:20 GMT
Author: dkulp
Date: Wed Jul  8 19:02:19 2009
New Revision: 792264

URL: http://svn.apache.org/viewvc?rev=792264&view=rev
Log:
[CXF-2333] Add support for the encrypted/signed stuff based on xpaths

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Wed Jul  8 19:02:19 2009
@@ -50,6 +50,9 @@
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);            
         ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
         ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
+        ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_ELEMENTS);
+        ASSERTION_TYPES.add(SP12Constants.SIGNED_ELEMENTS);
+        ASSERTION_TYPES.add(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
         ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSupportingTokens());
         ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSignedSupportingTokens());
         ASSERTION_TYPES.add(SP12Constants.INSTANCE.getEndorsingSupportingTokens());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Jul  8 19:02:19 2009
@@ -34,8 +34,12 @@
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 import javax.xml.stream.XMLStreamException;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
 
 import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -43,6 +47,7 @@
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
@@ -53,7 +58,9 @@
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
@@ -279,10 +286,73 @@
         return action;
     }
     
-    
+    private void assertXPathTokens(AssertionInfoMap aim, 
+                                   QName name, 
+                                   Collection<WSDataRef> refs,
+                                   SoapMessage msg,
+                                   SOAPMessage doc,
+                                   String type,
+                                   boolean content) throws SOAPException {
+        Collection<AssertionInfo> ais = aim.get(name);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+                Map<String, String> namespaces = null;
+                List<String> xpaths = null;
+                if (content) {
+                    ContentEncryptedElements p = (ContentEncryptedElements)ai.getAssertion();
+                    namespaces = p.getDeclaredNamespaces();
+                    xpaths = p.getXPathExpressions();
+                } else {
+                    SignedEncryptedElements p = (SignedEncryptedElements)ai.getAssertion();
+                    namespaces = p.getDeclaredNamespaces();
+                    xpaths = p.getXPathExpressions();
+                }
+                if (xpaths != null) {
+                    XPathFactory factory = XPathFactory.newInstance();
+                    for (String expression : xpaths) {
+                        XPath xpath = factory.newXPath();
+                        if (namespaces != null) {
+                            xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+                        }
+                        try {
+                            NodeList list = (NodeList)xpath.evaluate(expression, 
+                                                                     doc.getSOAPPart().getEnvelope(),
+                                                                     XPathConstants.NODESET);
+                            boolean found = list.getLength() == 0;
+                            for (int x = 0; x < list.getLength(); x++) {
+                                Element el = (Element)list.item(x);
+                                for (WSDataRef r : refs) {
+                                    if (r.getProtectedElement() == el
+                                        && r.isContent() == content) {
+                                        found = true;
+                                    }
+                                }
+                            }
+                            if (!found) {
+                                ai.setNotAsserted("No " + type 
+                                                  + " element found matching XPath " + expression);
+                            }
+                        } catch (Exception ex) {
+                            //REVISIT
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    private boolean contains(Collection<WSDataRef> refs, QName qn) {
+        for (WSDataRef r : refs) {
+            if (r.getName().equals(qn)) {
+                return true;
+            }
+        }
+        return false;
+    }
     private void assertTokens(AssertionInfoMap aim, 
                               QName name, 
-                              Collection<QName> signed,
+                              Collection<WSDataRef> signed,
                               SoapMessage msg,
                               SOAPMessage doc,
                               String type) throws SOAPException {
@@ -291,12 +361,12 @@
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
                 SignedEncryptedParts p = (SignedEncryptedParts)ai.getAssertion();
-                if (p.isBody() && !signed.contains(msg.getVersion().getBody())) {
+                if (p.isBody() && !contains(signed, msg.getVersion().getBody())) {
                     ai.setNotAsserted(msg.getVersion().getBody() + " not " + type);
                     return;
                 }
                 for (Header h : p.getHeaders()) {
-                    if (!signed.contains(h.getQName())) {
+                    if (!contains(signed, h.getQName())) {
                         boolean found = false;
                         Element nd = DOMUtils.getFirstElement(doc.getSOAPHeader());
                         while (nd != null && !found) {
@@ -389,8 +459,8 @@
     protected void doResults(SoapMessage msg, String actor, 
                              SOAPMessage doc, Vector results) throws SOAPException, XMLStreamException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
-        Collection<QName> signed = new HashSet<QName>();
-        Collection<QName> encrypted = new HashSet<QName>();
+        Collection<WSDataRef> signed = new HashSet<WSDataRef>();
+        Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
         boolean hasDerivedKeys = false;
         boolean hasEndorsement = false;
         Protections prots = Protections.NONE;
@@ -411,7 +481,7 @@
                         break;
                     }
                     for (WSDataRef r : sl) {
-                        signed.add(r.getName());
+                        signed.add(r);
                     }
                     prots = addSign(prots);
                 }
@@ -421,7 +491,7 @@
                                                        .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
                 if (el != null) {
                     for (WSDataRef r : el) {
-                        encrypted.add(r.getName());
+                        encrypted.add(r);
                     }
                     prots = addEncrypt(prots);
                 }
@@ -444,8 +514,12 @@
             }                        
         }
         assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc, "signed");
-        assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, signed, msg, doc, "encrypted");
-        
+        assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc, "encrypted");
+        assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg, doc, "signed", false);
+        assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, msg, doc, "encrypted", false);
+        assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, msg,
+                          doc, "encrypted", true);
+
         assertAsymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
         assertSymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
         assertTransportBinding(aim);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Wed Jul  8 19:02:19 2009
@@ -78,6 +78,7 @@
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
 import org.apache.cxf.ws.security.policy.model.KeyValueToken;
@@ -679,7 +680,8 @@
         
         SignedEncryptedParts parts = null;
         SignedEncryptedElements elements = null;
-        
+        ContentEncryptedElements celements = null;
+
         Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.ENCRYPTED_PARTS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
@@ -694,6 +696,13 @@
                 ai.setAsserted(true);
             }            
         }
+        ais = aim.getAssertionInfo(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                celements = (ContentEncryptedElements)ai.getAssertion();
+                ai.setAsserted(true);
+            }            
+        }
         
         List<WSEncryptionPart> signedParts = new ArrayList<WSEncryptionPart>();
         if (parts != null) {
@@ -711,7 +720,9 @@
                                    isBody,
                                    signedParts,
                                    elements == null ? null : elements.getXPathExpressions(),
-                                   elements == null ? null : elements.getDeclaredNamespaces());
+                                   elements == null ? null : elements.getDeclaredNamespaces(),
+                                   celements == null ? null : celements.getXPathExpressions(),
+                                   celements == null ? null : celements.getDeclaredNamespaces());
     }    
     
     public Vector<WSEncryptionPart> getSignedParts() 
@@ -753,13 +764,16 @@
                                    isSignBody,
                                    signedParts,
                                    elements == null ? null : elements.getXPathExpressions(),
-                                   elements == null ? null : elements.getDeclaredNamespaces());
+                                   elements == null ? null : elements.getDeclaredNamespaces(),
+                                   null, null);
     }
     public Vector<WSEncryptionPart> getPartsAndElements(boolean sign, 
                                                     boolean includeBody,
                                                     List<WSEncryptionPart> parts,
                                                     List<String> xpaths, 
-                                                    Map<String, String> namespaces) 
+                                                    Map<String, String> namespaces,
+                                                    List<String> contentXpaths,
+                                                    Map<String, String> cnamespaces) 
         throws SOAPException {
         
         Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
@@ -838,16 +852,19 @@
                     for (int x = 0; x < list.getLength(); x++) {
                         Element el = (Element)list.item(x);
                         if (sign) {
-                            result.add(new WSEncryptionPart(el.getLocalName(),
+                            WSEncryptionPart part = new WSEncryptionPart(el.getLocalName(),
                                                             el.getNamespaceURI(), 
                                                             "Content",
-                                                            WSConstants.PART_TYPE_ELEMENT));
+                                                            WSConstants.PART_TYPE_ELEMENT);
+                            part.setXpath(expression);
+                            result.add(part);
                         } else {
                             WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
                                                                                   el.getNamespaceURI(),
                                                                                   "Element",
                                                                                   WSConstants
                                                                                       .PART_TYPE_ELEMENT);
+                            encryptedElem.setXpath(expression);
                             String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
                             
                             if (!StringUtils.isEmpty(wsuId)) {
@@ -861,6 +878,36 @@
                 }
             }
         }
+        if (contentXpaths != null && !contentXpaths.isEmpty()) {
+            XPathFactory factory = XPathFactory.newInstance();
+            for (String expression : contentXpaths) {
+                XPath xpath = factory.newXPath();
+                if (cnamespaces != null) {
+                    xpath.setNamespaceContext(new MapNamespaceContext(cnamespaces));
+                }
+                try {
+                    NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
+                                                   XPathConstants.NODESET);
+                    for (int x = 0; x < list.getLength(); x++) {
+                        Element el = (Element)list.item(x);
+                        WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
+                                                                              el.getNamespaceURI(),
+                                                                              "Content",
+                                                                              WSConstants
+                                                                                  .PART_TYPE_ELEMENT);
+                        encryptedElem.setXpath(expression);
+                        String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
+                        
+                        if (!StringUtils.isEmpty(wsuId)) {
+                            encryptedElem.setEncId(wsuId);
+                        }
+                        result.add(encryptedElem);
+                    }
+                } catch (XPathExpressionException e) {
+                    //REVISIT!!!!
+                }
+            }
+        }
         return result;
     }
     
@@ -1535,9 +1582,11 @@
                         Element encHeader = (Element)encDataElem.getParentNode();
                         String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
                         
-                        signedParts.remove(signedPart);
-                        WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
-                        signedParts.add(encHeaderToSign);
+                        if (!StringUtils.isEmpty(encHeaderId)) {
+                            signedParts.remove(signedPart);
+                            WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
+                            signedParts.add(encHeaderToSign);
+                        }
                     }
                 }
             }

Modified: cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Wed Jul  8 19:02:19 2009
@@ -67,6 +67,7 @@
     public static final String POLICY_SIGNENC_PROVIDER_ADDRESS 
         = "http://localhost:9010/SecPolTestSignThenEncryptProvider";
     public static final String POLICY_SIGN_ADDRESS = "http://localhost:9010/SecPolTestSign";
+    public static final String POLICY_XPATH_ADDRESS = "http://localhost:9010/SecPolTestXPath";
 
     
     public static class ServerPasswordCallback implements CallbackHandler {
@@ -125,7 +126,15 @@
                        SecurityPolicyTest.class.getResource("bob.properties").toString());
         ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("alice.properties").toString());
-        
+
+        ep = (EndpointImpl)Endpoint.publish(POLICY_XPATH_ADDRESS,
+                                            new DoubleItImplXPath());
+        ei = ep.getServer().getEndpoint().getEndpointInfo(); 
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
+        ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("alice.properties").toString());
+        ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("bob.properties").toString());
         
         ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_PROVIDER_ADDRESS,
                                             new DoubleItProvider());
@@ -136,7 +145,6 @@
                        SecurityPolicyTest.class.getResource("bob.properties").toString());
         ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("alice.properties").toString());
-
     }
     
     @Test
@@ -144,6 +152,16 @@
         DoubleItService service = new DoubleItService();
         DoubleItPortType pt;
 
+        pt = service.getDoubleItPortXPath();
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, 
+                                                      new KeystorePasswordCallback());
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+                                                      getClass().getResource("alice.properties"));
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, 
+                                                      getClass().getResource("bob.properties"));
+        assertEquals(BigInteger.valueOf(10), pt.doubleIt(BigInteger.valueOf(5)));
+        
+        
         pt = service.getDoubleItPortEncryptThenSign();
         ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, 
                                                       new KeystorePasswordCallback());
@@ -294,7 +312,17 @@
             return numberToDouble.multiply(new BigInteger("2"));
         }
     }
-    
+    @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt", 
+                portName = "DoubleItPortXPath",
+                serviceName = "DoubleItService", 
+                endpointInterface = "org.apache.cxf.policytest.doubleit.DoubleItPortType",
+                wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+    public static class DoubleItImplXPath implements DoubleItPortType {
+        /** {@inheritDoc}*/
+        public BigInteger doubleIt(BigInteger numberToDouble) {
+            return numberToDouble.multiply(new BigInteger("2"));
+        }
+    }
     @WebServiceProvider(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt", 
                         portName = "DoubleItPortSignThenEncrypt",
                         serviceName = "DoubleItService", 

Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Wed Jul  8 19:02:19 2009
@@ -1,327 +1,399 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- 
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- -->
-<wsdl:definitions name="DoubleIt" 
-   xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
-   xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
-   xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
-   xmlns:tns="http://cxf.apache.org/policytest/DoubleIt"
-   targetNamespace="http://cxf.apache.org/policytest/DoubleIt"
-   xmlns:wsp="http://www.w3.org/ns/ws-policy" 
-   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
-   xmlns:wsaws="http://www.w3.org/2005/08/addressing" 
-   xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" 
-   xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
-   <wsdl:types>
-      <xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt">
-         <xsd:element name="DoubleIt">
-            <xsd:complexType>
-               <xsd:sequence>
-                  <xsd:element name="numberToDouble" type="xsd:integer"/>
-               </xsd:sequence>
-            </xsd:complexType>
-         </xsd:element>
-         <xsd:element name="DoubleItResponse">
-            <xsd:complexType>
-               <xsd:sequence>
-                  <xsd:element name="doubledNumber" type="xsd:integer" />
-               </xsd:sequence>
-            </xsd:complexType>
-         </xsd:element>
-      </xsd:schema>
-   </wsdl:types>
-   <wsdl:message name="DoubleItRequest">
-      <wsdl:part element="tns:DoubleIt" name="parameters" />
-   </wsdl:message>
-   <wsdl:message name="DoubleItResponse">
-      <wsdl:part element="tns:DoubleItResponse" name="parameters" />
-   </wsdl:message>
-   <wsdl:portType name="DoubleItPortType">
-      <wsdl:operation name="DoubleIt">
-         <wsdl:input message="tns:DoubleItRequest" />
-         <wsdl:output message="tns:DoubleItResponse" />
-      </wsdl:operation>
-   </wsdl:portType>
-   <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
-      <wsp:PolicyReference URI="#DoubleItBindingPolicy"/>
-      <soap:binding style="document"
-         transport="http://schemas.xmlsoap.org/soap/http" />
-      <wsdl:operation name="DoubleIt">
-         <soap:operation soapAction=""/>
-         <wsdl:input><soap:body use="literal"/></wsdl:input>
-         <wsdl:output><soap:body use="literal"/></wsdl:output>
-      </wsdl:operation>
-   </wsdl:binding>
-   <wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
-      <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy"/>
-      <soap:binding style="document"
-         transport="http://schemas.xmlsoap.org/soap/http" />
-      <wsdl:operation name="DoubleIt">
-         <soap:operation soapAction=""/>
-         <wsdl:input><soap:body use="literal"/></wsdl:input>
-         <wsdl:output><soap:body use="literal"/></wsdl:output>
-      </wsdl:operation>
-   </wsdl:binding>
-   <wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
-      <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy"/>
-      <soap:binding style="document"
-         transport="http://schemas.xmlsoap.org/soap/http" />
-      <wsdl:operation name="DoubleIt">
-         <soap:operation soapAction=""/>
-         <wsdl:input><soap:body use="literal"/></wsdl:input>
-         <wsdl:output><soap:body use="literal"/></wsdl:output>
-      </wsdl:operation>
-   </wsdl:binding>
-   <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
-      <wsp:PolicyReference URI="#DoubleItSignPolicy"/>
-      <soap:binding style="document"
-         transport="http://schemas.xmlsoap.org/soap/http" />
-      <wsdl:operation name="DoubleIt">
-         <soap:operation soapAction=""/>
-         <wsdl:input><soap:body use="literal"/></wsdl:input>
-         <wsdl:output><soap:body use="literal"/></wsdl:output>
-      </wsdl:operation>
-   </wsdl:binding>
-   <wsdl:service name="DoubleItService">
-      <wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
-         <soap:address 
-            location="https://localhost:9009/SecPolTest"/>
-      </wsdl:port>
-      <wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
-         <soap:address 
-            location="http://localhost:9010/SecPolTest"/>
-      </wsdl:port>
-      <wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
-         <soap:address 
-            location="http://localhost:9010/SecPolTestEncryptThenSign"/>
-      </wsdl:port>
-      <wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
-         <soap:address 
-            location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
-      </wsdl:port>
-      <wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
-         <soap:address 
-            location="http://localhost:9010/SecPolTestSign"/>
-      </wsdl:port>
-   </wsdl:service>
-   
-   <wsp:Policy wsu:Id="DoubleItBindingPolicy">
-      <wsp:ExactlyOne>
-         <wsp:All>
-            <foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy"/>
-         </wsp:All>
-         <wsp:All>
-            <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
-            <sp:TransportBinding>
-               <wsp:Policy>
-                  <sp:TransportToken>
-                     <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false"/>
-                     </wsp:Policy>
-                  </sp:TransportToken>
-                  <sp:Layout>
-                     <wsp:Policy>
-                        <sp:Lax/>
-                     </wsp:Policy>
-                  </sp:Layout>
-                  <sp:IncludeTimestamp/>
-                  <sp:AlgorithmSuite>
-                     <wsp:Policy>
-                        <sp:Basic128/>
-                     </wsp:Policy>
-                  </sp:AlgorithmSuite>
-               </wsp:Policy>
-            </sp:TransportBinding>
-            <sp:Wss10>
-               <wsp:Policy>
-                  <sp:MustSupportRefKeyIdentifier/>
-               </wsp:Policy>
-            </sp:Wss10>
-            <sp:SignedSupportingTokens>
-               <wsp:Policy>
-                  <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-                     <wsp:Policy>
-                        <sp:WssUsernameToken10/>
-                     </wsp:Policy>
-                  </sp:UsernameToken>
-               </wsp:Policy>
-            </sp:SignedSupportingTokens>
-         </wsp:All>
-      </wsp:ExactlyOne>
-   </wsp:Policy>
-  <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
-    <wsp:ExactlyOne>
-      <wsp:All>
-        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <wsp:Policy>
-            <sp:InitiatorToken>
-              <wsp:Policy>
-                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-                  <wsp:Policy>
-                    <sp:WssX509V1Token11/>
-                  </wsp:Policy>
-                  </sp:X509Token>
-              </wsp:Policy>
-            </sp:InitiatorToken>
-            <sp:RecipientToken>
-              <wsp:Policy>
-                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
-                  <wsp:Policy>
-                    <sp:WssX509V1Token11/>
-                  </wsp:Policy>
-                </sp:X509Token>
-              </wsp:Policy>
-            </sp:RecipientToken>
-            <sp:AlgorithmSuite>
-              <wsp:Policy>
-                <sp:TripleDesRsa15/>
-              </wsp:Policy>
-            </sp:AlgorithmSuite>
-            <sp:Layout>
-              <wsp:Policy>
-                <sp:Lax/>
-              </wsp:Policy>
-            </sp:Layout>
-            <sp:IncludeTimestamp/>
-            <sp:EncryptSignature/>
-            <sp:OnlySignEntireHeadersAndBody/>
-            <sp:EncryptBeforeSigning/>
-          </wsp:Policy>
-        </sp:AsymmetricBinding>
-        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <sp:Body/>
-        </sp:SignedParts>
-        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <sp:Body/>
-        </sp:EncryptedParts>
-        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <wsp:Policy>
-            <!-- sp:MustSupportRefKeyIdentifier/-->
-            <sp:MustSupportRefIssuerSerial/>
-          </wsp:Policy>
-        </sp:Wss10>
-      </wsp:All>
-    </wsp:ExactlyOne>
-  </wsp:Policy>
-  <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
-    <wsp:ExactlyOne>
-      <wsp:All>
-        <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <wsp:Policy>
-            <sp:InitiatorToken>
-              <wsp:Policy>
-                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-                  <wsp:Policy>
-                    <sp:WssX509V1Token11/>
-                  </wsp:Policy>
-                  </sp:X509Token>
-              </wsp:Policy>
-            </sp:InitiatorToken>
-            <sp:RecipientToken>
-              <wsp:Policy>
-                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
-                  <wsp:Policy>
-                    <sp:WssX509V1Token11/>
-                  </wsp:Policy>
-                </sp:X509Token>
-              </wsp:Policy>
-            </sp:RecipientToken>
-            <sp:AlgorithmSuite>
-              <wsp:Policy>
-                <sp:TripleDesRsa15/>
-              </wsp:Policy>
-            </sp:AlgorithmSuite>
-            <sp:Layout>
-              <wsp:Policy>
-                <sp:Lax/>
-              </wsp:Policy>
-            </sp:Layout>
-            <sp:IncludeTimestamp/>
-            <sp:EncryptSignature/>
-            <sp:OnlySignEntireHeadersAndBody/>
-            <sp:SignBeforeEncrypting/>
-          </wsp:Policy>
-        </sp:AsymmetricBinding>
-        <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <sp:Body/>
-        </sp:SignedParts>
-        <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <sp:Body/>
-        </sp:EncryptedParts>
-        <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-          <wsp:Policy>
-            <!-- sp:MustSupportRefKeyIdentifier/-->
-            <sp:MustSupportRefIssuerSerial/>
-          </wsp:Policy>
-        </sp:Wss10>
-      </wsp:All>
-    </wsp:ExactlyOne>
-  </wsp:Policy>
-  
-  
-  <wsp:Policy wsu:Id="DoubleItSignPolicy"
-    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-    <wsp:ExactlyOne>
-        <wsp:All>
-            <sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
-                <wsp:Policy>
-                    <sp:InitiatorToken>
-                        <wsp:Policy>
-                            <sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
-                                <wsp:Policy>
-                                    <sp:WssX509V3Token10 />
-                                </wsp:Policy>
-                            </sp:X509Token>
-                        </wsp:Policy>
-                    </sp:InitiatorToken>
-                    <sp:RecipientToken>
-                        <wsp:Policy>
-                            <sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
-                                <wsp:Policy>
-                                    <sp:WssX509V3Token10 />
-                                </wsp:Policy>
-                            </sp:X509Token>
-                        </wsp:Policy>
-                    </sp:RecipientToken>
-                    <sp:AlgorithmSuite>
-                        <wsp:Policy>
-                            <sp:Basic256 />
-                        </wsp:Policy>
-                    </sp:AlgorithmSuite>
-                    <sp:Layout>
-                        <wsp:Policy>
-                            <sp:Strict />
-                        </wsp:Policy>
-                    </sp:Layout>
-                    <sp:OnlySignEntireHeadersAndBody />
-                </wsp:Policy>
-            </sp:AsymmetricBinding>
-            <sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
-                <wsp:Policy>
-                    <sp:MustSupportRefEmbeddedToken />
-                </wsp:Policy>
-            </sp:Wss10>
-            <sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
-                <sp:Body />
-            </sp:SignedParts>
-        </wsp:All>
-    </wsp:ExactlyOne>
-</wsp:Policy>
-  
+	<!--
+		* Licensed to the Apache Software Foundation (ASF) under one * or more
+		contributor license agreements. See the NOTICE file * distributed with
+		this work for additional information * regarding copyright ownership.
+		The ASF licenses this file * to you under the Apache License, Version
+		2.0 (the * "License"); you may not use this file except in compliance
+		* with the License. You may obtain a copy of the License at * *
+		http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by
+		applicable law or agreed to in writing, * software distributed under
+		the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES
+		OR CONDITIONS OF ANY * KIND, either express or implied. See the
+		License for the * specific language governing permissions and
+		limitations * under the License.
+	-->
+<wsdl:definitions name="DoubleIt"
+	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://cxf.apache.org/policytest/DoubleIt"
+	targetNamespace="http://cxf.apache.org/policytest/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
+	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+	xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+	xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
+	<wsdl:types>
+		<xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt">
+			<xsd:element name="DoubleIt">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="numberToDouble" type="xsd:integer" />
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+			<xsd:element name="DoubleItResponse">
+				<xsd:complexType>
+					<xsd:sequence>
+						<xsd:element name="doubledNumber" type="xsd:integer" />
+					</xsd:sequence>
+				</xsd:complexType>
+			</xsd:element>
+		</xsd:schema>
+	</wsdl:types>
+	<wsdl:message name="DoubleItRequest">
+		<wsdl:part element="tns:DoubleIt" name="parameters" />
+	</wsdl:message>
+	<wsdl:message name="DoubleItResponse">
+		<wsdl:part element="tns:DoubleItResponse" name="parameters" />
+	</wsdl:message>
+	<wsdl:portType name="DoubleItPortType">
+		<wsdl:operation name="DoubleIt">
+			<wsdl:input message="tns:DoubleItRequest" />
+			<wsdl:output message="tns:DoubleItResponse" />
+		</wsdl:operation>
+	</wsdl:portType>
+	<wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
+		<wsp:PolicyReference URI="#DoubleItBindingPolicy" />
+		<soap:binding style="document"
+			transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="DoubleIt">
+			<soap:operation soapAction="" />
+			<wsdl:input>
+				<soap:body use="literal" />
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal" />
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+	<wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
+		<wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy" />
+		<soap:binding style="document"
+			transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="DoubleIt">
+			<soap:operation soapAction="" />
+			<wsdl:input>
+				<soap:body use="literal" />
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal" />
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+	<wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
+		<wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy" />
+		<soap:binding style="document"
+			transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="DoubleIt">
+			<soap:operation soapAction="" />
+			<wsdl:input>
+				<soap:body use="literal" />
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal" />
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+	<wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
+		<wsp:PolicyReference URI="#DoubleItSignPolicy" />
+		<soap:binding style="document"
+			transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="DoubleIt">
+			<soap:operation soapAction="" />
+			<wsdl:input>
+				<soap:body use="literal" />
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal" />
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+	<wsdl:binding name="DoubleItBindingXPath" type="tns:DoubleItPortType">
+		<wsp:PolicyReference URI="#DoubleItEncryptXPathPolicy" />
+		<soap:binding style="document"
+			transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="DoubleIt">
+			<soap:operation soapAction="" />
+			<wsdl:input>
+				<soap:body use="literal" />
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body use="literal" />
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+	<wsdl:service name="DoubleItService">
+		<wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
+			<soap:address location="https://localhost:9009/SecPolTest" />
+		</wsdl:port>
+		<wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
+			<soap:address location="http://localhost:9010/SecPolTest" />
+		</wsdl:port>
+		<wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
+			<soap:address location="http://localhost:9010/SecPolTestEncryptThenSign" />
+		</wsdl:port>
+		<wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
+			<soap:address location="http://localhost:9010/SecPolTestSignThenEncrypt" />
+		</wsdl:port>
+		<wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
+			<soap:address location="http://localhost:9010/SecPolTestSign" />
+		</wsdl:port>
+		<wsdl:port name="DoubleItPortXPath" binding="tns:DoubleItBindingXPath">
+			<soap:address location="http://localhost:9010/SecPolTestXPath" />
+		</wsdl:port>
+	</wsdl:service>
+
+	<wsp:Policy wsu:Id="DoubleItBindingPolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy" />
+			</wsp:All>
+			<wsp:All>
+				<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
+				<sp:TransportBinding>
+					<wsp:Policy>
+						<sp:TransportToken>
+							<wsp:Policy>
+								<sp:HttpsToken RequireClientCertificate="false" />
+							</wsp:Policy>
+						</sp:TransportToken>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:Basic128 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+					</wsp:Policy>
+				</sp:TransportBinding>
+				<sp:Wss10>
+					<wsp:Policy>
+						<sp:MustSupportRefKeyIdentifier />
+					</wsp:Policy>
+				</sp:Wss10>
+				<sp:SignedSupportingTokens>
+					<wsp:Policy>
+						<sp:UsernameToken
+							sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+							<wsp:Policy>
+								<sp:WssUsernameToken10 />
+							</wsp:Policy>
+						</sp:UsernameToken>
+					</wsp:Policy>
+				</sp:SignedSupportingTokens>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+	<wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:AsymmetricBinding
+					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<wsp:Policy>
+						<sp:InitiatorToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:WssX509V1Token11 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:InitiatorToken>
+						<sp:RecipientToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+									<wsp:Policy>
+										<sp:WssX509V1Token11 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:RecipientToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:TripleDesRsa15 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+						<sp:EncryptSignature />
+						<sp:OnlySignEntireHeadersAndBody />
+						<sp:EncryptBeforeSigning />
+					</wsp:Policy>
+				</sp:AsymmetricBinding>
+				<sp:SignedParts
+					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<sp:Body />
+				</sp:SignedParts>
+				<sp:EncryptedParts
+					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<sp:Body />
+				</sp:EncryptedParts>
+				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<wsp:Policy>
+						<!-- sp:MustSupportRefKeyIdentifier/-->
+						<sp:MustSupportRefIssuerSerial />
+					</wsp:Policy>
+				</sp:Wss10>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+	<wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:AsymmetricBinding
+					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<wsp:Policy>
+						<sp:InitiatorToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:WssX509V1Token11 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:InitiatorToken>
+						<sp:RecipientToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+									<wsp:Policy>
+										<sp:WssX509V1Token11 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:RecipientToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:TripleDesRsa15 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+						<sp:EncryptSignature />
+						<sp:OnlySignEntireHeadersAndBody />
+						<sp:SignBeforeEncrypting />
+					</wsp:Policy>
+				</sp:AsymmetricBinding>
+				<sp:SignedParts
+					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<sp:Body />
+				</sp:SignedParts>
+				<sp:EncryptedParts
+					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<sp:Body />
+				</sp:EncryptedParts>
+				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+					<wsp:Policy>
+						<!-- sp:MustSupportRefKeyIdentifier/-->
+						<sp:MustSupportRefIssuerSerial />
+					</wsp:Policy>
+				</sp:Wss10>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+
+
+	<wsp:Policy wsu:Id="DoubleItSignPolicy"
+		xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:AsymmetricBinding
+					xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+					<wsp:Policy>
+						<sp:InitiatorToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
+									<wsp:Policy>
+										<sp:WssX509V3Token10 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:InitiatorToken>
+						<sp:RecipientToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
+									<wsp:Policy>
+										<sp:WssX509V3Token10 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:RecipientToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:Basic256 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Strict />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:OnlySignEntireHeadersAndBody />
+					</wsp:Policy>
+				</sp:AsymmetricBinding>
+				<sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+					<wsp:Policy>
+						<sp:MustSupportRefEmbeddedToken />
+					</wsp:Policy>
+				</sp:Wss10>
+				<sp:SignedParts
+					xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+					<sp:Body />
+				</sp:SignedParts>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+	<wsp:Policy wsu:Id="DoubleItEncryptXPathPolicy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<sp:SymmetricBinding
+					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+					<wsp:Policy>
+						<sp:ProtectionToken>
+							<wsp:Policy>
+								<sp:X509Token
+									sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+									<wsp:Policy>
+										<sp:WssX509V1Token11 />
+									</wsp:Policy>
+								</sp:X509Token>
+							</wsp:Policy>
+						</sp:ProtectionToken>
+						<sp:AlgorithmSuite>
+							<wsp:Policy>
+								<sp:TripleDesRsa15 />
+							</wsp:Policy>
+						</sp:AlgorithmSuite>
+						<sp:Layout>
+							<wsp:Policy>
+								<sp:Lax />
+							</wsp:Policy>
+						</sp:Layout>
+						<sp:IncludeTimestamp />
+						<sp:OnlySignEntireHeadersAndBody />
+					</wsp:Policy>
+				</sp:SymmetricBinding>
+				<sp:EncryptedElements
+					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+					<sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
+				</sp:EncryptedElements>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+
 </wsdl:definitions>



Mime
View raw message