cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r905712 [1/2] - in /cxf/trunk/rt/ws/security/src: main/java/org/apache/cxf/ws/security/wss4j/ test/java/org/apache/cxf/ws/security/wss4j/
Date Tue, 02 Feb 2010 17:16:41 GMT
Author: dkulp
Date: Tue Feb  2 17:16:20 2010
New Revision: 905712

URL: http://svn.apache.org/viewvc?rev=905712&view=rev
Log:
[CXF-2638] Fix issues with validating XPath related security policies
Patch from David Valeri  applied.

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_missing_signed_body.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_missing_signed_header.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_body.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body.xml   (with props)
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_namespace_only.xml   (with props)
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Tue Feb  2 17:16:20 2010
@@ -0,0 +1,394 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathExpressionException;
+import javax.xml.xpath.XPathFactory;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.helpers.MapNamespaceContext;
+import org.apache.cxf.ws.policy.PolicyConstants;
+import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSecurityException;
+
+
+/**
+ * Utility to enable the checking of WS-Security signature / WS-Security
+ * encryption coverage based on the results of the WSS4J signature/encryption
+ * processor.
+ */
+public final class CryptoCoverageUtil {
+    /**
+     * Hidden in utility class.
+     */
+    private CryptoCoverageUtil() {
+    }
+    
+    /**
+     * Checks that the references provided refer to the
+     * signed/encrypted SOAP body element.
+     * 
+     * @param message
+     *            the soap message containing the signature/encryption and content
+     * @param refs
+     *            the refs to the data extracted from the signature/encryption
+     * @param type
+     *            the type of cryptographic coverage to check for
+     * @param scope
+     *            the scope of the cryptographic coverage to check for, defaults
+     *            to element
+     * 
+     * @throws WSSecurityException
+     *             if there is an error evaluating the coverage or the body is not
+     *             covered by the signture/encryption.
+     */
+    public static void checkBodyCoverage(
+        SOAPMessage message,
+        final Collection<WSDataRef> refs,
+        CoverageType type,
+        CoverageScope scope) throws WSSecurityException {
+        
+        final Element body;
+        
+        try {
+            body = message.getSOAPBody();
+        } catch (SOAPException e1) {
+            // Can't get the SAAJ parts out of the document.
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+        
+        if (!CryptoCoverageUtil.matchElement(refs, type, scope, body)) {
+            throw new WSSecurityException("The " + getCoverageTypeString(type)
+                    + " does not cover the required elements (soap:Body).");
+        }
+    }
+
+    
+    /**
+     * Checks that the references provided refer to the required
+     * signed/encrypted SOAP header element(s) matching the provided name and
+     * namespace.  If {@code name} is null, all headers from {@code namespace}
+     * are inspected for coverage.
+     * 
+     * @param message
+     *            the soap message containing the signature/encryption and content
+     * @param refs
+     *            the refs to the data extracted from the signature/encryption
+     * @param namespaces
+     *            the namespace of the header(s) to check for coverage
+     * @param name
+     *            the local part of the header name to check for coverage, may be null
+     * @param type
+     *            the type of cryptographic coverage to check for
+     * @param scope
+     *            the scope of the cryptographic coverage to check for, defaults
+     *            to element
+     * 
+     * @throws WSSecurityException
+     *             if there is an error evaluating the coverage or a header is not
+     *             covered by the signture/encryption.
+     */
+    public static void checkHeaderCoverage(
+            SOAPMessage message,
+            final Collection<WSDataRef> refs,
+            String namespace,
+            String name,
+            CoverageType type,
+            CoverageScope scope) throws WSSecurityException {
+        
+        final List<Element> elements;
+        final Element parent;
+        
+        try {
+            parent = message.getSOAPHeader();
+        } catch (SOAPException e1) {
+            // Can't get the SAAJ parts out of the document.
+            throw new WSSecurityException(WSSecurityException.FAILURE);
+        }
+        
+        if (name == null) {
+            // TODO add to DOMUtils as findChildElementsByNamespace
+            final String ns = namespace;
+            List<Element> r = new ArrayList<Element>();
+            for (Node n = parent.getFirstChild(); n != null; n = n.getNextSibling()) {
+                if (n instanceof Element) {
+                    Element e = (Element)n;
+                    String eNs = (e.getNamespaceURI() == null) ? "" : e.getNamespaceURI();
+                    if (ns.equals(eNs)) {
+                        r.add(e);
+                    }
+                }
+            }
+            
+            elements = r;
+        } else {
+            elements = DOMUtils.getChildrenWithName(
+                    parent, namespace, name);
+        }
+        
+        for (Element el : elements) {
+            if (!CryptoCoverageUtil.matchElement(refs, type, scope, el)) {
+                throw new WSSecurityException("The " + getCoverageTypeString(type)
+                        + " does not cover the required elements ({"
+                        + namespace + "}" + name + ").");
+            }
+        }          
+    }
+    
+    /**
+     * Checks that the references provided refer to the required
+     * signed/encrypted elements as defined by the XPath expression in {@code
+     * xPath}.
+     * 
+     * @param message
+     *            the soap message containing the signature/encryption and content
+     * @param refs
+     *            the refs to the data extracted from the signature/encryption
+     * @param namespaces
+     *            the prefix to namespace mapping, may be {@code null}
+     * @param xPath
+     *            the XPath expression
+     * @param type
+     *            the type of cryptographic coverage to check for
+     * @param scope
+     *            the scope of the cryptographic coverage to check for, defaults
+     *            to element
+     * 
+     * @throws WSSecurityException
+     *             if there is an error evaluating an XPath or an element is not
+     *             covered by the signture/encryption.
+     */
+    public static void checkCoverage(
+            SOAPMessage message,
+            final Collection<WSDataRef> refs,
+            Map<String, String> namespaces,
+            String xPath,
+            CoverageType type,
+            CoverageScope scope) throws WSSecurityException {
+        
+        CryptoCoverageUtil.checkCoverage(message, refs, namespaces, Arrays
+                .asList(xPath), type, scope);
+    }
+    
+    /**
+     * Checks that the references provided refer to the required
+     * signed/encrypted elements as defined by the XPath expressions in {@code
+     * xPaths}.
+     * 
+     * @param message
+     *            the soap message containing the signature/encryption and content
+     * @param refs
+     *            the refs to the data extracted from the signature/encryption
+     * @param namespaces
+     *            the prefix to namespace mapping, may be {@code null}
+     * @param xPaths
+     *            the collection of XPath expressions
+     * @param type
+     *            the type of cryptographic coverage to check for
+     * @param scope
+     *            the scope of the cryptographic coverage to check for, defaults
+     *            to element
+     * 
+     * @throws WSSecurityException
+     *             if there is an error evaluating an XPath or an element is not
+     *             covered by the signture/encryption.
+     */
+    public static void checkCoverage(
+            SOAPMessage message,
+            final Collection<WSDataRef> refs,
+            Map<String, String> namespaces,
+            Collection<String> xPaths,
+            CoverageType type,
+            CoverageScope scope) throws WSSecurityException {
+        
+        // XPathFactory and XPath are not thread-safe so we must recreate them
+        // each request.
+        final XPathFactory factory = XPathFactory.newInstance();
+        final XPath xpath = factory.newXPath();
+        
+        if (namespaces != null) {
+            xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+        }
+        
+        // For each XPath
+        for (String xpathString : xPaths) {
+            // Get the matching nodes
+            NodeList list;
+            try {
+                list = (NodeList)xpath.evaluate(
+                        xpathString, 
+                        message.getSOAPPart().getEnvelope(),
+                        XPathConstants.NODESET);
+            } catch (XPathExpressionException e) {
+                // The xpath's are not valid in the config.
+                throw new WSSecurityException(WSSecurityException.FAILURE);
+            } catch (SOAPException e) {
+                // Can't get the SAAJ parts out of the document.
+                throw new WSSecurityException(WSSecurityException.FAILURE);
+            }
+            
+            // If we found nodes then we need to do the check.
+            if (list.getLength() != 0) {
+                // For each matching element, check for a ref that
+                // covers it.
+                for (int x = 0; x < list.getLength(); x++) {
+                    
+                    final Element el = (Element)list.item(x);
+                    
+                    boolean instanceMatched = CryptoCoverageUtil.
+                            matchElement(refs, type, scope, el);
+                    
+                    // We looked through all of the refs, but the element was
+                    // not signed.
+                    if (!instanceMatched) {
+                        throw new WSSecurityException("The " + getCoverageTypeString(type)
+                                + " does not cover the required elements ("
+                                + xpathString + ").");
+                    }
+                }
+            }
+        }
+    }
+
+    private static boolean matchElement(Collection<WSDataRef> refs,
+            CoverageType type, CoverageScope scope, Element el) {
+        final boolean content;
+        
+        switch (scope) {
+        case CONTENT:
+            content = true;
+            break;
+        case ELEMENT:
+        default:
+            content = false;
+        }
+        
+        boolean instanceMatched = false;
+        
+        for (WSDataRef r : refs) {
+            
+            // If the element is the same object instance
+            // as that in the ref, we found it and can
+            // stop looking at this element.
+            if (r.getProtectedElement() == el 
+                    && r.isContent() == content) {
+                instanceMatched = true;
+                break;
+            }
+            
+            // Only if checking signature coverage do we attempt to
+            // do matches based on ID and element names and not object
+            // equality.
+            if (!instanceMatched && CoverageType.SIGNED.equals(type)) {
+                // If we get here, we haven't found it yet
+                // so we will look based on the element's
+                // wsu:Id and see if the ref references the
+                // ID specified in the attr.
+                Attr idAttr = el.getAttributeNodeNS(
+                        PolicyConstants.WSU_NAMESPACE_URI,
+                        "Id");
+                
+                // We didn't get it with a qualified name, so
+                // look for the attribute using only the local name.
+                if (idAttr == null) {
+                    idAttr = el.getAttributeNode("Id");
+                }
+                
+                String id = idAttr == null ? null : idAttr.getValue();
+                
+                // If the ref's qualified name equals the name of the
+                // element and the ref has a wsu:Id and it matches the
+                // element's wsu:Id attribute value, we found it.
+                if (r.getName().equals(
+                        new QName(el.getNamespaceURI(), el
+                                .getLocalName()))
+                        && r.getWsuId() != null
+                        && (r.getWsuId().equals(id) || r.getWsuId()
+                                .equals("#" + id))) {
+                    instanceMatched = true;
+                    break;
+                }
+            }
+        }
+        return instanceMatched;
+    }
+    
+    private static String getCoverageTypeString(CoverageType type) {
+        String typeString;
+        
+        switch (type) {
+        case SIGNED:
+            typeString = "signature";
+            break;
+        case ENCRYPTED:
+            typeString = "encryption";
+            break;
+        default:
+            typeString = "crpytography";
+        }
+        return typeString;
+    }
+    
+    /**
+     * Differentiates which type of cryptographic coverage to check for.
+     */
+    public static enum CoverageType {
+        /**
+         * Checks for encryption of the matching elements.
+         */
+        ENCRYPTED,
+        /**
+         * Checks for a signature over the matching elements.
+         */
+        SIGNED
+    }
+    
+    /**
+     * Differentiates which part of an element to check for cryptographic coverage.
+     */
+    public static enum CoverageScope {
+        /**
+         * Checks for encryption of the matching elements.
+         */
+        CONTENT,
+        /**
+         * Checks for a signature over the matching elements.
+         */
+        ELEMENT
+    }
+}
+

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=905712&r1=905711&r2=905712&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Feb  2 17:16:20 2010
@@ -40,8 +40,6 @@
 import javax.xml.xpath.XPathExpressionException;
 import javax.xml.xpath.XPathFactory;
 
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
 import org.apache.cxf.Bus;
@@ -50,14 +48,12 @@
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
-import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyAssertion;
-import org.apache.cxf.ws.policy.PolicyConstants;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
@@ -74,6 +70,8 @@
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.cxf.ws.security.policy.model.X509Token;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -312,15 +310,15 @@
                                    Collection<WSDataRef> refs,
                                    SoapMessage msg,
                                    SOAPMessage doc,
-                                   String type,
-                                   boolean content) throws SOAPException {
+                                   CoverageType type,
+                                   CoverageScope scope) throws SOAPException {
         Collection<AssertionInfo> ais = aim.get(name);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
                 Map<String, String> namespaces = null;
                 List<String> xpaths = null;
-                if (content) {
+                if (CoverageScope.CONTENT.equals(scope)) {
                     ContentEncryptedElements p = (ContentEncryptedElements)ai.getAssertion();
                     namespaces = p.getDeclaredNamespaces();
                     xpaths = p.getXPathExpressions();
@@ -329,55 +327,15 @@
                     namespaces = p.getDeclaredNamespaces();
                     xpaths = p.getXPathExpressions();
                 }
+                
                 if (xpaths != null) {
-                    XPathFactory factory = XPathFactory.newInstance();
-                    for (String expression : xpaths) {
-                        XPath xpath = factory.newXPath();
-                        if (namespaces != null) {
-                            xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
-                        }
+                    for (String xPath : xpaths) {
                         try {
-                            NodeList list = (NodeList)xpath.evaluate(expression, 
-                                                                     doc.getSOAPPart().getEnvelope(),
-                                                                     XPathConstants.NODESET);
-                            boolean found = list.getLength() == 0;
-                            for (int x = 0; x < list.getLength(); x++) {
-                                Element el = (Element)list.item(x);
-                                for (WSDataRef r : refs) {
-                                    if (r.getProtectedElement() == el
-                                        && r.isContent() == content) {
-                                        found = true;
-                                    }
-                                }
-                            }
-                            if (!found && "signed".equals(type)) {
-                                for (int x = 0; x < list.getLength(); x++) {
-                                    Element el = (Element)list.item(x);
-                                    
-                                    Attr idAttr = el.getAttributeNodeNS(PolicyConstants.WSU_NAMESPACE_URI,
-                                                                   "Id");
-                                    if (idAttr == null) {
-                                        idAttr = el.getAttributeNode("Id");
-                                    }
-                                    String id = idAttr == null ? null : idAttr.getValue();
-
-                                    for (WSDataRef r : refs) {
-                                        if (r.getName().equals(new QName(el.getNamespaceURI(),
-                                                                     el.getLocalName()))
-                                            && r.getWsuId() != null
-                                            && (r.getWsuId().equals(id)
-                                             || r.getWsuId().equals("#" + id))) {
-                                            found = true;
-                                        }
-                                    }
-                                }
-                            }
-                            if (!found) {
-                                ai.setNotAsserted("No " + type 
-                                                  + " element found matching XPath " + expression);
-                            }
-                        } catch (Exception ex) {
-                            //REVISIT
+                            CryptoCoverageUtil.checkCoverage(doc, refs,
+                                    namespaces, xPath, type, scope);
+                        } catch (WSSecurityException e) {
+                            ai.setNotAsserted("No " + type 
+                                    + " element found matching XPath " + xPath);
                         }
                     }
                 }
@@ -385,48 +343,44 @@
         }
     }
 
-    private boolean contains(Collection<WSDataRef> refs, QName qn) {
-        for (WSDataRef r : refs) {
-            if (r.getName().equals(qn)) {
-                return true;
-            }
-        }
-        return false;
-    }
+    
     private void assertTokens(AssertionInfoMap aim, 
                               QName name, 
                               Collection<WSDataRef> signed,
                               SoapMessage msg,
                               SOAPMessage doc,
-                              String type) throws SOAPException {
+                              CoverageType type) throws SOAPException {
         Collection<AssertionInfo> ais = aim.get(name);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
                 SignedEncryptedParts p = (SignedEncryptedParts)ai.getAssertion();
-                if (p.isBody() && !contains(signed, msg.getVersion().getBody())) {
-                    ai.setNotAsserted(msg.getVersion().getBody() + " not " + type);
+                
+                if (p.isBody()) {
+                    try {
+                        if (CoverageType.SIGNED.equals(type)) {
+                            CryptoCoverageUtil.checkBodyCoverage(doc, signed, type, CoverageScope.ELEMENT);
+                        } else {
+                            CryptoCoverageUtil.checkBodyCoverage(doc, signed, type, CoverageScope.CONTENT);
+                        }
+                    } catch (WSSecurityException e) {
+                        ai.setNotAsserted(msg.getVersion().getBody() + " not " + type);
+                    }
                 }
+                
                 for (Header h : p.getHeaders()) {
-                    if (!contains(signed, h.getQName())) {
-                        boolean found = false;
-                        Element nd = DOMUtils.getFirstElement(doc.getSOAPHeader());
-                        while (nd != null && !found) {
-                            if (h.getNamespace().equals(nd.getNamespaceURI())
-                                && (nd.getLocalName().equals(h.getName())
-                                    || h.getName() == null)) {
-                                found = true;
-                            }
-                            nd = DOMUtils.getNextElement(nd);
-                        }
-                        if (found) {
-                            ai.setNotAsserted(h.getQName() + " not + " + type);
-                        }
+                    try {
+                        CryptoCoverageUtil.checkHeaderCoverage(doc, signed, h
+                                .getNamespace(), h.getName(), type,
+                                CoverageScope.ELEMENT);
+                    } catch (WSSecurityException e) {
+                        ai.setNotAsserted(h.getQName() + " not + " + type);
                     }
                 }
             }
         }
     }
+    
     protected void computeAction(SoapMessage message, RequestData data) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
@@ -569,12 +523,14 @@
                 //anything else to process?  Maybe check tokens for BKT requirements?
             }                        
         }
-        assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc, "signed");
-        assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc, "encrypted");
-        assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg, doc, "signed", false);
-        assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, msg, doc, "encrypted", false);
-        assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, msg,
-                          doc, "encrypted", true);
+        assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc, CoverageType.SIGNED);
+        assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc, CoverageType.ENCRYPTED);
+        assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg, doc,
+                CoverageType.SIGNED, CoverageScope.ELEMENT);
+        assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, msg, doc,
+                CoverageType.ENCRYPTED, CoverageScope.ELEMENT);
+        assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, msg, doc,
+                CoverageType.ENCRYPTED, CoverageScope.CONTENT);
         
         assertHeadersExists(aim, msg, doc);
 

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Tue Feb  2 17:16:20 2010
@@ -0,0 +1,363 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.MessageFactory;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusException;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSDataRef;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.junit.Test;
+
+
+public class PolicyBasedWss4JInOutTest extends AbstractSecurityTest {
+    private PolicyBuilder policyBuilder;
+    
+    protected Bus createBus() throws BusException {
+        Bus b = super.createBus();
+        this.policyBuilder = 
+            b.getExtension(PolicyBuilder.class);
+        return b;
+    }
+    @Test
+    public void testSignedElementsPolicyWithIncompleteCoverage() throws Exception {
+        this.runAndValidatePolicyNotAsserted(
+                "signed_missing_signed_header.xml",
+                "signed_elements_policy.xml",
+                SP12Constants.SIGNED_ELEMENTS,
+                CoverageType.SIGNED);
+    }
+    
+    @Test
+    public void testSignedElementsPolicyWithCompleteCoverage() throws Exception {
+        this.runAndValidatePolicyAsserted(
+                "signed.xml",
+                "signed_elements_policy.xml",
+                SP12Constants.SIGNED_ELEMENTS,
+                CoverageType.SIGNED);
+    }
+
+    @Test
+    public void testSignedPartsPolicyWithIncompleteCoverage() throws Exception {
+        this.runAndValidatePolicyNotAsserted(
+                "signed_missing_signed_body.xml",
+                "signed_parts_policy_body.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+        
+        this.runAndValidatePolicyNotAsserted(
+                "signed_missing_signed_header.xml",
+                "signed_parts_policy_header_namespace_only.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+        
+        this.runAndValidatePolicyNotAsserted(
+                "signed_missing_signed_header.xml",
+                "signed_parts_policy_header.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+    }
+    
+    @Test
+    public void testSignedPartsPolicyWithCompleteCoverage() throws Exception {
+        this.runAndValidatePolicyAsserted(
+                "signed.xml",
+                "signed_parts_policy_body.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+        
+        this.runAndValidatePolicyAsserted(
+                "signed.xml",
+                "signed_parts_policy_header_namespace_only.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+        
+        this.runAndValidatePolicyAsserted(
+                "signed.xml",
+                "signed_parts_policy_header.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+        
+        this.runAndValidatePolicyAsserted(
+                "signed.xml",
+                "signed_parts_policy_header_and_body.xml",
+                SP12Constants.SIGNED_PARTS,
+                CoverageType.SIGNED);
+    }
+    
+    @Test
+    public void testEncryptedElementsPolicyWithIncompleteCoverage() throws Exception {
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_missing_enc_header.xml",
+                "encrypted_elements_policy.xml",
+                SP12Constants.ENCRYPTED_ELEMENTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_body_content.xml",
+                "encrypted_elements_policy2.xml",
+                SP12Constants.ENCRYPTED_ELEMENTS,
+                CoverageType.ENCRYPTED);
+    }
+    
+    @Test
+    public void testEncryptedElementsPolicyWithCompleteCoverage() throws Exception {
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_content.xml",
+                "encrypted_elements_policy.xml",
+                SP12Constants.ENCRYPTED_ELEMENTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_element.xml",
+                "encrypted_elements_policy2.xml",
+                SP12Constants.ENCRYPTED_ELEMENTS,
+                CoverageType.ENCRYPTED);
+    }
+    
+    @Test
+    public void testContentEncryptedElementsPolicyWithIncompleteCoverage() throws Exception {
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_body_element.xml",
+                "content_encrypted_elements_policy.xml",
+                SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
+                CoverageType.ENCRYPTED);
+    }
+    
+    @Test
+    public void testContentEncryptedElementsPolicyWithCompleteCoverage() throws Exception {
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_content.xml",
+                "content_encrypted_elements_policy.xml",
+                SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
+                CoverageType.ENCRYPTED);
+    }
+    
+    @Test
+    public void testEncryptedPartsPolicyWithIncompleteCoverage() throws Exception {
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_missing_enc_body.xml",
+                "encrypted_parts_policy_body.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_body_element.xml",
+                "encrypted_parts_policy_body.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_missing_enc_header.xml",
+                "encrypted_parts_policy_header_namespace_only.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyNotAsserted(
+                "encrypted_missing_enc_header.xml",
+                "encrypted_parts_policy_header.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+    }
+    
+    @Test
+    public void testEncryptedPartsPolicyWithCompleteCoverage() throws Exception {
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_content.xml",
+                "encrypted_parts_policy_body.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_content.xml",
+                "encrypted_parts_policy_header_namespace_only.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_content.xml",
+                "encrypted_parts_policy_header.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+        
+        this.runAndValidatePolicyAsserted(
+                "encrypted_body_content.xml",
+                "encrypted_parts_policy_header_and_body.xml",
+                SP12Constants.ENCRYPTED_PARTS,
+                CoverageType.ENCRYPTED);
+    }
+    
+    private void runAndValidatePolicyAsserted(String document,
+            String policyDocument, QName assertionType,
+            CoverageType type) throws Exception {
+        Policy policy = this.policyBuilder.getPolicy(
+                this.readDocument(policyDocument).getDocumentElement());
+        
+        AssertionInfoMap aim = new AssertionInfoMap(policy);
+        
+        this.runAndValidateWss(document, aim, type);
+        
+        try {
+            aim.checkEffectivePolicy(policy);
+            
+        } catch (PolicyException e) {
+            fail(assertionType + " policy erroneously failed.");
+        }
+    }
+    
+    private void runAndValidatePolicyNotAsserted(String document,
+            String policyDocument, QName assertionType,
+            CoverageType type) throws Exception {
+        Policy policy = this.policyBuilder.getPolicy(
+                this.readDocument(policyDocument).getDocumentElement());
+        
+        AssertionInfoMap aim = new AssertionInfoMap(policy);
+        
+        this.runAndValidateWss(document, aim, type);
+        
+        try {
+            aim.checkEffectivePolicy(policy);
+            fail(assertionType + " policy erroneously asserted.");
+        } catch (PolicyException e) {
+            Collection<AssertionInfo> ais = aim.get(assertionType);
+            for (AssertionInfo ai : ais) {
+                assertFalse(ai.getAssertion().isAsserted(aim));
+            }
+        }
+    }
+    
+    private void runAndValidateWss(String document, AssertionInfoMap aim, CoverageType type)
+        throws Exception {
+        Document doc = readDocument(document);
+        
+        PolicyBasedWSS4JInInterceptor inHandler = 
+            CoverageType.SIGNED.equals(type)
+                    ? this.getInInterceptorForSignature()
+                            : this.getInInterceptorForEncryption();
+
+        SoapMessage inmsg = this.getSoapMessageForDom(doc, aim);
+
+        inHandler.handleMessage(inmsg);
+        
+        if (CoverageType.SIGNED.equals(type)) {
+            this.verifyWss4jSigResults(inmsg);
+        } else {
+            this.verifyWss4jEncResults(inmsg);
+        }
+    }
+    
+    private PolicyBasedWSS4JInInterceptor getInInterceptorForSignature() {
+        PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
+        inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
+        inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
+                "META-INF/cxf/insecurity.properties");
+        
+        return inHandler;
+    }
+    
+    private PolicyBasedWSS4JInInterceptor getInInterceptorForEncryption() {
+        PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
+        inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
+        inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
+                "META-INF/cxf/insecurity.properties");
+        inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, 
+                "org.apache.cxf.ws.security.wss4j.TestPwdCallback");
+        
+        return inHandler;
+    }
+    
+    private SoapMessage getSoapMessageForDom(Document doc, AssertionInfoMap aim)
+        throws SOAPException {
+        SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
+        SOAPPart part = saajMsg.getSOAPPart();
+        part.setContent(new DOMSource(doc));
+        saajMsg.saveChanges();
+        
+        SoapMessage inmsg = new SoapMessage(new MessageImpl());
+        Exchange ex = new ExchangeImpl();
+        ex.setInMessage(inmsg);
+        inmsg.setContent(SOAPMessage.class, saajMsg);
+        if (aim != null) {
+            inmsg.put(AssertionInfoMap.class, aim);
+        }
+        return inmsg;
+    }
+    
+    private void verifyWss4jSigResults(SoapMessage inmsg) {
+        WSSecurityEngineResult result = 
+            (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
+        assertNotNull(result);
+        X509Certificate certificate = (X509Certificate)result
+            .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+        assertNotNull(certificate);
+    }
+    
+    @SuppressWarnings("unchecked")
+    private void verifyWss4jEncResults(SoapMessage inmsg) {
+        //
+        // There should be exactly 1 (WSS4J) HandlerResult
+        //
+        final List<WSHandlerResult> handlerResults = 
+            (List<WSHandlerResult>) inmsg
+                .get(WSHandlerConstants.RECV_RESULTS);
+        assertNotNull(handlerResults);
+        assertSame(handlerResults.size(), 1);
+        //
+        // This should contain exactly 1 protection result
+        //
+        final List<Object> protectionResults = (List<Object>) handlerResults
+                .get(0).getResults();
+        assertNotNull(protectionResults);
+        //
+        // This result should contain a reference to the decrypted element
+        //
+        final Map<String, Object> result = (Map<String, Object>) protectionResults
+                .get(0);
+        final List<WSDataRef> protectedElements = (List<WSDataRef>) result
+                .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        assertNotNull(protectedElements);
+    }
+}

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+    xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:ContentEncryptedElements>
+        <sp:XPath>//soap:Body</sp:XPath>
+      </sp:ContentEncryptedElements>  
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:ser="http://blah" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="B5419464DCB3C8B05A126477591769528" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBmDCCAQECBEZu1OowDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHbXlBbGlhczAgFw0wNzA2MTIxNzE2MjZaGA80NzQ1MDUwOTE3MTYyNlowEjEQMA4GA1UEAxMHbXlBbGlhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApeOd8EfprmTD+6/nOe3nK3eXFlPsaiRnz5+R3gA6xz4WOOOQX7l1Pa4S65TZmVOxkfPzP+rFvbOJ4sn7ct0EtMiAYuqwnDiHVkqYIhz5WkoPBQet6J7dtcPIAEI9i5Mmf5gsiIMTo8UxqXnsrjCNX6MSrLFr2yspdR/xFYK5IqkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQB/nqtFF6u4FJI90JS+RogSTYFc9mngpvXv8WJsfdR+IQovdFjzqCufOAGPctuq6olgW1A5DRNLIQwr7sIPUhHBFZssuggwEQtF/lvJ51MGhp+p
 qySbpcPo31WppQO+t4Zsu78DZO4GB3Njr1MqOnux5gPGHftujzlJh31SpkEfjA==</wsse:BinarySecurityToken><xenc:EncryptedKey Id="EncKeyId-B5419464DCB3C8B05A126477591769529"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference><wsse:Reference URI="#B5419464DCB3C8B05A126477591769528" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>dkJt+HU9g1DoF/Y4xx4xz7+94DcRpjb2es/pm4CTv8mue62QTJNqOJm5V6uszhWDVmdUmqNnINxrB1DN3WHafiZWB07rhfNS4LwCnYJ6YlKd/sc9SKBT4cj/48I+CKgiZGdjSBYXhI7L4/r91Aa0EAPxRXnbXCNTYPMRympFcz4=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#EncDataId-24"/><xenc:DataReference URI="#EncDataId-25"/><xenc:DataReference URI="#EncDataId-26"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security>
+      <xenc:EncryptedData Id="EncDataId-24" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477591769529"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>f4IfKdctdqR84RB+95xlA5ag5jaf2zctMeWszvgfkyxqjPSHUoq1cX8Sosxz8x891CYL98p1pKhk
+eRycP9of78+YoCJSKxx5jXbhwiLIPePnOLm8MxlJFLj68OKNLh6LViPKtnqb8JeJal1THXzkGrcU
+8L5cy85IiAmrv7T/exJMN1QZyJ+0+hIG6EXjEy0/UBDuyO5fUzarP5mVPhXSWpomnFLGhvClxyqy
+CTpOCkU/WIUuJPOqgD/oMUnkcFDQ9rxo0uJNm20oGVi8UW1/SQ==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+      <xenc:EncryptedData Id="EncDataId-25" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477591769529"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>YSMMHntzXcQ0NfDn4l0q/O8ccC4cIEc8ajagSlSvu1OsKA/NrEsLLucQLNG9oL9cyoeHNhtXJNbg
+BqfIs447vOrI08avOisCCPBGB6d4pKLHLlKDF82kAv7vpzceBQBGJrGQYBEwO2/ByJMyglshyENG
+R3gS7YUEgjcDQrsw56lIgHRpKlxsxg4RD3YFlrX9BhVfd/vwUsEvI62l6NkAgNE7+VkY9073MqA2
++ZtUfws=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+   </soapenv:Header>
+   <soapenv:Body><xenc:EncryptedData Id="EncDataId-26" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477591769529"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>VBAbiFjB64AmVnqcbhoSnJ1cITItO83lX27GmFPcX223K49Ik3V6MTUC8m6XV9z24zxHdmOb24EW
+VYXecBTzo2QNbm1zZuRS+cyZ8AY3yILy5Lgw0F9P/5ip5KID8fjK</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body>
+</soapenv:Envelope>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:ser="http://blah" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="B5419464DCB3C8B05A126477600899230" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBmDCCAQECBEZu1OowDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHbXlBbGlhczAgFw0wNzA2MTIxNzE2MjZaGA80NzQ1MDUwOTE3MTYyNlowEjEQMA4GA1UEAxMHbXlBbGlhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApeOd8EfprmTD+6/nOe3nK3eXFlPsaiRnz5+R3gA6xz4WOOOQX7l1Pa4S65TZmVOxkfPzP+rFvbOJ4sn7ct0EtMiAYuqwnDiHVkqYIhz5WkoPBQet6J7dtcPIAEI9i5Mmf5gsiIMTo8UxqXnsrjCNX6MSrLFr2yspdR/xFYK5IqkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQB/nqtFF6u4FJI90JS+RogSTYFc9mngpvXv8WJsfdR+IQovdFjzqCufOAGPctuq6olgW1A5DRNLIQwr7sIPUhHBFZssuggwEQtF/lvJ51MGhp+p
 qySbpcPo31WppQO+t4Zsu78DZO4GB3Njr1MqOnux5gPGHftujzlJh31SpkEfjA==</wsse:BinarySecurityToken><xenc:EncryptedKey Id="EncKeyId-B5419464DCB3C8B05A126477600899231"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference><wsse:Reference URI="#B5419464DCB3C8B05A126477600899230" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>JvbAu8aVVm1MQHL6JxlJfMxf14vy34fNIW6vs5PdeSl+F7V1P5N/jFocPUbvkiEJYwhBheabT0h/udcA3mQBfbXgrW9pW3b4zPVd4Isf0cpxjmNb962O92SuU6PbT+D9BEp1DKVIY2MyGYudbk9A21bqj2JoGJ+IoRurL6YaHgc=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#EncDataId-27"/><xenc:DataReference URI="#EncDataId-28"/><xenc:DataReference URI="#EncDataId-29"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security>
+      <xenc:EncryptedData Id="EncDataId-27" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477600899231"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Qm9HBqYbcycgz17gnMhYi1+T2xeducaseWfijmBhSN3mM3p57OMqdkYP/ujMt7bKk5K2xHC+KyGi
+WdlWnY7sBxpMMp5a5oNkh1mPLJwuu/zaxufZwPLkOaKIZMUnkGtRLCnXRyn1I4R3lQzC3KChRWQ7
++CdMdCRWTzmOnt4Gwx1bInA9hp5+iJurFXB8T2Qv9JCuvPywHwrY3L0WczLADBBJhTnK6p+FST3W
+A3B2IHRIXh6gQt6IOaPVx6Kr40iOF/pIEgduwjufdxIyLaZ8Kw==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+      <xenc:EncryptedData Id="EncDataId-28" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477600899231"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>HkoIFKvj16wXtyjzGhrE2s8Ww9lLO9ANi5ecBK0JbbNvX88EGvf+R5yccumyd24uEoa8VPCkcKiA
+eiABl3UKy5T4Pgj1nqlhIzVDRpgBwcK/YMzl2wCH1adAdaoasqWiDZ+rcM0nRe20AmdAgHY9nHzK
+QNDO/rDYtor5eMvxU0RlQuQRpjOiN1UE933Lwn+u4pRbEbAhHrIiiOSvMKZiy55yIpla3icdMkix
+TrimPtM=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+   </soapenv:Header>
+   <xenc:EncryptedData Id="EncDataId-29" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477600899231"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>T2Ubw+nTSRx7cR4kBU0GpEOXxrboGR/5c3lQpI71atQTnUXEUgXAQ4ysLaJj/isyQK9mLUWlKfT9
+5i4XkBQXRLx0xy6YnDKKTqLCwUs/TkJ056jgiD0XYfwYWpNTEs9FrMvKgL+2cIrIYBGV5OfG/RAi
+mcqWnf/sXrKez9vPEwE=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+</soapenv:Envelope>
\ No newline at end of file

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_element.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+    xmlns:ser="http://www.sdj.pl">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:EncryptedElements>
+        <sp:XPath>//ser:Header</sp:XPath>
+      </sp:EncryptedElements>  
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+    xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:EncryptedElements>
+        <sp:XPath>//soap:Body</sp:XPath>
+      </sp:EncryptedElements>  
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:ser="http://blah" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="B5419464DCB3C8B05A126477609119532" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBmDCCAQECBEZu1OowDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHbXlBbGlhczAgFw0wNzA2MTIxNzE2MjZaGA80NzQ1MDUwOTE3MTYyNlowEjEQMA4GA1UEAxMHbXlBbGlhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApeOd8EfprmTD+6/nOe3nK3eXFlPsaiRnz5+R3gA6xz4WOOOQX7l1Pa4S65TZmVOxkfPzP+rFvbOJ4sn7ct0EtMiAYuqwnDiHVkqYIhz5WkoPBQet6J7dtcPIAEI9i5Mmf5gsiIMTo8UxqXnsrjCNX6MSrLFr2yspdR/xFYK5IqkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQB/nqtFF6u4FJI90JS+RogSTYFc9mngpvXv8WJsfdR+IQovdFjzqCufOAGPctuq6olgW1A5DRNLIQwr7sIPUhHBFZssuggwEQtF/lvJ51MGhp+p
 qySbpcPo31WppQO+t4Zsu78DZO4GB3Njr1MqOnux5gPGHftujzlJh31SpkEfjA==</wsse:BinarySecurityToken><xenc:EncryptedKey Id="EncKeyId-B5419464DCB3C8B05A126477609119533"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference><wsse:Reference URI="#B5419464DCB3C8B05A126477609119532" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>HqNraw10eZRK2CUH8iYQy3c5wRKtRb/byoXBXQj1aWxPqGYSmK+HvvL+jzsMJpVyuicnDRXRQn7Mkc43fgM0YhuHy78etwUvZ4OUVCJoACgeUxoHtU+XmFqRsYcyrYNVro1qXyGQLb7vmX2KJ6HDyp/UuFC9WIT970e4cRPuNYs=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#EncDataId-30"/><xenc:DataReference URI="#EncDataId-31"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security>
+      <xenc:EncryptedData Id="EncDataId-30" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477609119533"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Q0CEiBM7OKmI7T8qwUgt5S+0y9GXwBqSHoeutrm/+btjaDr2Pt6e1T2AlIN+GDjRHEkC8shFz2X1
+W9f4hxl8qcLKyAHZOD4wLQzXHn2v4Y1wFyI8E3wYnRa2j8CRTdfqefiuu7O7DtRLxHeFZIzcnnG4
+SEyTwVL81y3X7Ggp/vzkHDGtYd9gKP6AY+KDuBVXdTSgyK31seZswoDfJy7CWuDPv65egwm83u1/
+GfvRsB2H2Ojljw8ZixfBvlz/TEZB4slzJ/aG3WLK7VnONBb2+g==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+      <xenc:EncryptedData Id="EncDataId-31" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477609119533"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>moL+xsIwAD61UWYyEkN44KaZ+JG4mBtyCLr1siQU/l5bbsWSDs+RKyNmDeAsJiSftemK+zX+7Yxr
+1rMni55zJY5x21Gm/FlzQTG7qpsbzWtHtt2f9Hvku5SveLvI35EioEIObixD3W77Vs9TxSGYWDMH
+fyNLHFFSmy9Fw3GcC4Afl3MnwYrJ7qnigz3qiVTkq1MPUbgaA2RHnNL4wW+S26xEwKggzsi8l8O1
+kW9fGqo=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+   </soapenv:Header>
+   <soapenv:Body>
+     <echo xmlns="http://www.sdj.pl">
+       <in0>A</in0>    
+     </echo>
+   </soapenv:Body>
+</soapenv:Envelope>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_body.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<soapenv:Envelope xmlns:ser="http://blah" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="B5419464DCB3C8B05A126477617153934" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">MIIBmDCCAQECBEZu1OowDQYJKoZIhvcNAQEEBQAwEjEQMA4GA1UEAxMHbXlBbGlhczAgFw0wNzA2MTIxNzE2MjZaGA80NzQ1MDUwOTE3MTYyNlowEjEQMA4GA1UEAxMHbXlBbGlhczCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApeOd8EfprmTD+6/nOe3nK3eXFlPsaiRnz5+R3gA6xz4WOOOQX7l1Pa4S65TZmVOxkfPzP+rFvbOJ4sn7ct0EtMiAYuqwnDiHVkqYIhz5WkoPBQet6J7dtcPIAEI9i5Mmf5gsiIMTo8UxqXnsrjCNX6MSrLFr2yspdR/xFYK5IqkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQB/nqtFF6u4FJI90JS+RogSTYFc9mngpvXv8WJsfdR+IQovdFjzqCufOAGPctuq6olgW1A5DRNLIQwr7sIPUhHBFZssuggwEQtF/lvJ51MGhp+p
 qySbpcPo31WppQO+t4Zsu78DZO4GB3Njr1MqOnux5gPGHftujzlJh31SpkEfjA==</wsse:BinarySecurityToken><xenc:EncryptedKey Id="EncKeyId-B5419464DCB3C8B05A126477617153935"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference><wsse:Reference URI="#B5419464DCB3C8B05A126477617153934" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>m13ly9QKLRs84WajNrbwP924UpomcwHLkx4Sie6sZcE7x63UU370i54K3fu43o4E+lMC5tcUS1xUKa96kR12yQzJj090JEXPRHKtHxe/wPJNwXtgFBg6UFcvPA05RUp/najUQdPMSzigQKyxRJXr9kkA2p0y5dDqnR4aJ+4zPM8=</xenc:CipherValue></xenc:CipherData><xenc:ReferenceList><xenc:DataReference URI="#EncDataId-32"/><xenc:DataReference URI="#EncDataId-33"/></xenc:ReferenceList></xenc:EncryptedKey></wsse:Security>
+      <xenc:EncryptedData Id="EncDataId-32" Type="http://www.w3.org/2001/04/xmlenc#Element"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477617153935"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>vTatwDvt+/G1ijDRy2d1dNeFbgRnAUNDOvOO7a/ACYTk52KRk9JJZoZ7ak4uozRYEzQ4pKM2euwJ
+qsitWwI5XPtJjIVASD9lgUfYahgnpxDG13tLYJlMeTrnjkjGQM4Be0h9HnibLAIVYgz9KCu+Khc7
+3itIz66pfg7BfVhhKr9D/DPX1ZiZsf1oIsaA/ElewjsyFkpAjzOD9aCOJ3peEUnH901Iu60kGyp8
+wfqLKSUYeqvn/bN4BAIWQdSXMXA9f2nXVi6ttiyBcAZBVyVDsA==</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData>
+      <Header wsu:Id="id-8" xmlns="http://www.sdj.pl" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">5678</Header>
+   </soapenv:Header>
+   <soapenv:Body><xenc:EncryptedData Id="EncDataId-33" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsse:Reference URI="#EncKeyId-B5419464DCB3C8B05A126477617153935"/></wsse:SecurityTokenReference>
+</ds:KeyInfo><xenc:CipherData><xenc:CipherValue>Fc7aMmlKxE0BBF4HsoHFCn3bgZv8y5QAtg5+OuMzUNWheoYJDM01GwyWpurf+RrjbLWUXvYavPag
+LUVVG0IrGmoSFrJg0HYLTooZ9naDkDI9Tdd/M40u9khNsqHkbVpy</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></soapenv:Body>
+</soapenv:Envelope>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_missing_enc_header.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:EncryptedParts>
+        <sp:Body/>
+      </sp:EncryptedParts>  
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:EncryptedParts>
+        <sp:Header Name="Header" Namespace="http://www.sdj.pl"/>
+      </sp:EncryptedParts>  
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:EncryptedParts>
+        <sp:Body/>
+        <sp:Header Name="Header" Namespace="http://www.sdj.pl"/>
+      </sp:EncryptedParts>  
+      <sp:EncryptedParts>
+        <sp:Body/>
+        <sp:Header Namespace="http://www.sdj.pl"/>
+      </sp:EncryptedParts>
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml?rev=905712&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml (added)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml Tue Feb  2 17:16:20 2010
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy 
+    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" 
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+  <wsp:ExactlyOne>
+    <wsp:All>
+      <sp:EncryptedParts>
+        <sp:Header Namespace="http://www.sdj.pl"/>
+      </sp:EncryptedParts>  
+    </wsp:All>
+  </wsp:ExactlyOne>
+</wsp:Policy>

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message