cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r909567 [1/2] - in /cxf/branches/2.2.x-fixes: ./ common/common/src/main/java/org/apache/cxf/helpers/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers...
Date Fri, 12 Feb 2010 19:20:20 GMT
Author: dkulp
Date: Fri Feb 12 19:20:10 2010
New Revision: 909567

URL: http://svn.apache.org/viewvc?rev=909567&view=rev
Log:
Merged revisions 909486,909506,909557 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r909486 | dkulp | 2010-02-12 11:23:21 -0500 (Fri, 12 Feb 2010) | 2 lines
  
  [CXF-2654] Fix bunch of issues with signed and encrypted elements
  Patch from David Valeri applied
........
  r909506 | dkulp | 2010-02-12 12:29:34 -0500 (Fri, 12 Feb 2010) | 1 line
  
  Remove @Override that are confusing java5
........
  r909557 | dkulp | 2010-02-12 13:57:53 -0500 (Fri, 12 Feb 2010) | 2 lines
  
  Test failed in hudson, I think due to not having the strong encryption
  stuff.
........

Added:
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed_missing_signed_header.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_body_content_signed_missing_signed_header.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body_signed.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body_signed.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body_encrypted.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref_token_prot.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_direct_ref_token_prot.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted_missing_enc_header.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_encrypted_missing_enc_header.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_token_prot.xml
      - copied unchanged from r909486, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_x509_issuer_serial_token_prot.xml
Modified:
    cxf/branches/2.2.x-fixes/   (props changed)
    cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_missing_signed_body.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_missing_signed_header.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_body.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_and_body.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_parts_policy_header_namespace_only.xml
    cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/wsse-request-clean.xml

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Feb 12 19:20:10 2010
@@ -1 +1 @@
-/cxf/trunk:908451,909102,909396,909411
+/cxf/trunk:908451,909102,909396,909411,909486,909506-909557

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java (original)
+++ cxf/branches/2.2.x-fixes/common/common/src/main/java/org/apache/cxf/helpers/DOMUtils.java Fri Feb 12 19:20:10 2010
@@ -337,6 +337,27 @@
         }
         return r;
     }
+    
+    /**
+     * Returns all child elements with specified namespace.
+     * 
+     * @param parent the element to search under
+     * @param ns the namespace to find elements in
+     * @return all child elements with specified namespace
+     */
+    public static List<Element> getChildrenWithNamespace(Element parent, String ns) {
+        List<Element> r = new ArrayList<Element>();
+        for (Node n = parent.getFirstChild(); n != null; n = n.getNextSibling()) {
+            if (n instanceof Element) {
+                Element e = (Element)n;
+                String eNs = (e.getNamespaceURI() == null) ? "" : e.getNamespaceURI();
+                if (ns.equals(eNs)) {
+                    r.add(e);
+                }
+            }
+        }
+        return r;
+    }
 
     /**
      * Get the first child of the specified type.

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Fri Feb 12 19:20:10 2010
@@ -20,9 +20,10 @@
 package org.apache.cxf.ws.security.wss4j;
 
 
-import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Iterator;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 
@@ -36,7 +37,6 @@
 
 import org.w3c.dom.Attr;
 import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
 import org.apache.cxf.helpers.DOMUtils;
@@ -59,6 +59,54 @@
     }
     
     /**
+     * Inspects the signed and encrypted content in the message and accurately
+     * resolves encrypted and then signed elements in {@code signedRefs}.
+     * Entries in {@code signedRefs} that correspond to an encrypted element
+     * are resolved to the decrypted element and added to {@code signedRefs}.
+     * The original reference to the encrypted content remains unaltered in the
+     * list to allow for matching against a requirement that xenc:EncryptedData
+     * elements be signed.
+     * 
+     * @param signedRefs references to the signed content in the message
+     * @param encryptedRefs refernces to the encrypted content in the message
+     */
+    public static void reconcileEncryptedSignedRefs(final Collection<WSDataRef> signedRefs, 
+            final Collection<WSDataRef> encryptedRefs) {
+        
+        final List<WSDataRef> encryptedSignedRefs = new LinkedList<WSDataRef>();
+        
+        for (WSDataRef encryptedRef : encryptedRefs) {
+            final String encryptedRefId = encryptedRef.getWsuId();
+            final Iterator<WSDataRef> signedRefsIt = signedRefs.iterator();
+            while (signedRefsIt.hasNext()) {
+                final WSDataRef signedRef = signedRefsIt.next();
+                
+                if (signedRef.getWsuId().equals(encryptedRefId)
+                        || signedRef.getWsuId().equals("#" + encryptedRefId)) {
+                    
+                    final WSDataRef encryptedSignedRef = 
+                        new WSDataRef(signedRef.getDataref());
+                    
+                    encryptedSignedRef.setContent(false);
+                    encryptedSignedRef.setName(encryptedRef.getName());
+                    encryptedSignedRef.setProtectedElement(encryptedRef
+                            .getProtectedElement());
+                    // This value is the ID of the encrypted element, not
+                    // the value of the ID in the decrypted content 
+                    // (WSS4J 1.5.8).  Therefore, passing it along does
+                    // not provide much value.
+                    //encryptedSignedRef.setWsuId(encryptedRef.getWsuId());
+                    encryptedSignedRef.setXpath(encryptedRef.getXpath());
+                    
+                    encryptedSignedRefs.add(encryptedSignedRef);
+                }
+            }
+        }
+        
+        signedRefs.addAll(encryptedSignedRefs);
+    }
+    
+    /**
      * Checks that the references provided refer to the
      * signed/encrypted SOAP body element.
      * 
@@ -141,20 +189,7 @@
         }
         
         if (name == null) {
-            // TODO add to DOMUtils as findChildElementsByNamespace
-            final String ns = namespace;
-            List<Element> r = new ArrayList<Element>();
-            for (Node n = parent.getFirstChild(); n != null; n = n.getNextSibling()) {
-                if (n instanceof Element) {
-                    Element e = (Element)n;
-                    String eNs = (e.getNamespaceURI() == null) ? "" : e.getNamespaceURI();
-                    if (ns.equals(eNs)) {
-                        r.add(e);
-                    }
-                }
-            }
-            
-            elements = r;
+            elements = DOMUtils.getChildrenWithNamespace(parent, namespace);
         } else {
             elements = DOMUtils.getChildrenWithName(
                     parent, namespace, name);

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Feb 12 19:20:10 2010
@@ -523,6 +523,9 @@
                 //anything else to process?  Maybe check tokens for BKT requirements?
             }                        
         }
+        
+        CryptoCoverageUtil.reconcileEncryptedSignedRefs(signed, encrypted);
+        
         assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc, CoverageType.SIGNED);
         assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc, CoverageType.ENCRYPTED);
         assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg, doc,

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Fri Feb 12 19:20:10 2010
@@ -29,6 +29,7 @@
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -634,6 +635,14 @@
         return cb[0].getPassword();
     }
 
+    /**
+     * Generates a wsu:Id attribute for the provided {@code Element} and returns the attribute value
+     * or finds and returns the value of the attribute if it already exists.
+     * 
+     * @param element the {@code Element} to check/create the attribute on
+     *
+     * @return the generated or discovered wsu:Id attribute value
+     */
     public String addWsuIdToElement(Element elem) {
         String id;
         
@@ -710,12 +719,15 @@
             for (Header head : parts.getHeaders()) {
                 WSEncryptionPart wep = new WSEncryptionPart(head.getName(),
                                                             head.getNamespace(),
-                                                            "Content");
+                                                            "Element");
                 signedParts.add(wep);
             }
         }
     
-        
+        // REVISIT consider catching exceptions and unassert failed assertions or
+        // to process and assert them one at a time.  Additionally, a found list
+        // should be applied to all operations that involve adding anything to
+        // the encrypted vector to prevent duplication / errors in encryption.
         return getPartsAndElements(false, 
                                    isBody,
                                    signedParts,
@@ -754,12 +766,15 @@
             for (Header head : parts.getHeaders()) {
                 WSEncryptionPart wep = new WSEncryptionPart(head.getName(),
                                                             head.getNamespace(),
-                                                            "Content");
+                                                            "Element");
                 signedParts.add(wep);
             }
         }
-
         
+        // REVISIT consider catching exceptions and unassert failed assertions or
+        // to process and assert them one at a time.  Additionally, a found list
+        // should be applied to all operations that involve adding anything to
+        // the signed vector to prevent duplication in the signature.
         return getPartsAndElements(true, 
                                    isSignBody,
                                    signedParts,
@@ -767,6 +782,38 @@
                                    elements == null ? null : elements.getDeclaredNamespaces(),
                                    null, null);
     }
+
+    /**
+     * Identifies the portions of the message to be signed/encrypted.
+     * 
+     * @param sign
+     *            whether the matches are to be signed or encrypted
+     * @param includeBody
+     *            if the body should be included in the signature/encryption
+     * @param parts
+     *            any {@code WSEncryptionPart}s to match for signature or
+     *            encryption as specified by WS-SP signed parts or encrypted
+     *            parts. Parts without a name match all elements with the
+     *            provided namespace.
+     * @param xpaths
+     *            any XPath expressions to sign/encrypt matches
+     * @param namespaces
+     *            namespace prefix to namespace mappings for XPath expressions
+     *            in {@code xpaths}
+     * @param contentXpaths
+     *            any XPath expressions to content encrypt
+     * @param cnamespaces
+     *            namespace prefix to namespace mappings for XPath expressions
+     *            in {@code contentXpaths}
+     * @return a configured vector of {@code WSEncryptionPart}s suitable for
+     *         processing by WSS4J
+     * @throws SOAPException
+     *             if there is an error extracting SOAP content from the SAAJ
+     *             model
+     *             
+     * @deprecated Use {@link #getSignedParts()} and {@link #getEncryptedParts()}
+     *             instead.
+     */
     public Vector<WSEncryptionPart> getPartsAndElements(boolean sign, 
                                                     boolean includeBody,
                                                     List<WSEncryptionPart> parts,
@@ -777,68 +824,141 @@
         throws SOAPException {
         
         Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+        
         List<Element> found = new ArrayList<Element>();
-        if (includeBody) {
+        
+        // Handle sign/enc parts
+        result.addAll(this.getParts(sign, includeBody, parts, found));
+        
+        
+        // Handle sign/enc elements
+        try {
+            result.addAll(this.getElements("Element", xpaths, namespaces, found));
+        } catch (XPathExpressionException e) {  
+            // REVISIT
+        }
+        
+        // Handle content encrypted elements
+        try {
+            result.addAll(this.getElements("Content", contentXpaths, cnamespaces, found));
+        } catch (XPathExpressionException e) {
+            // REVISIT
+        }
+        
+        return result;
+    }
+    
+    /**
+     * Identifies the portions of the message to be signed/encrypted.
+     * 
+     * @param sign
+     *            whether the matches are to be signed or encrypted
+     * @param includeBody
+     *            if the body should be included in the signature/encryption
+     * @param parts
+     *            any {@code WSEncryptionPart}s to match for signature or
+     *            encryption as specified by WS-SP signed parts or encrypted
+     *            parts. Parts without a name match all elements with the
+     *            provided namespace.
+     * @param found 
+     *            a list of elements that have previously been tagged for
+     *            signing/encryption. Populated with additional matches found by
+     *            this method and used to prevent including the same element
+     *            twice under the same operation.
+     * @return a configured vector of {@code WSEncryptionPart}s suitable for
+     *         processing by WSS4J
+     * @throws SOAPException
+     *             if there is an error extracting SOAP content from the SAAJ
+     *             model
+     */
+    private Vector<WSEncryptionPart> getParts(boolean sign,
+            boolean includeBody, List<WSEncryptionPart> parts,
+            List<Element> found) throws SOAPException {
+        
+        Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+        
+        
+        if (includeBody && !found.contains(this.saaj.getSOAPBody())) {
+            found.add(saaj.getSOAPBody());
+            final String id = this.addWsuIdToElement(this.saaj.getSOAPBody());
             if (sign) {
-                result.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody()),
-                                                null, WSConstants.PART_TYPE_BODY));
+                result.add(new WSEncryptionPart(
+                        id,
+                        "Element",
+                        WSConstants.PART_TYPE_BODY));
             } else {
-                result.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody()),
-                                                "Content", WSConstants.PART_TYPE_BODY));
+                result.add(new WSEncryptionPart(
+                        id,
+                        "Content",
+                        WSConstants.PART_TYPE_BODY));
             }
-            found.add(saaj.getSOAPBody());
         }
-        SOAPHeader header = saaj.getSOAPHeader();
+        
+        final SOAPHeader header = saaj.getSOAPHeader();
+        
+        // Handle sign/enc parts
         for (WSEncryptionPart part : parts) {
+            final List<Element> elements;
+            
             if (StringUtils.isEmpty(part.getName())) {
-                //an entire namespace
-                Element el = DOMUtils.getFirstElement(header);
-                while (el != null) {
-                    if (part.getNamespace().equals(el.getNamespaceURI())
-                        && !found.contains(el)) {
-                        found.add(el);
-                        
-                        if (sign) {
-                            result.add(new WSEncryptionPart(el.getLocalName(), 
-                                                            part.getNamespace(),
-                                                            "Content",
-                                                            WSConstants.PART_TYPE_HEADER));
-                        } else {
-                            WSEncryptionPart encryptedHeader 
-                                = new WSEncryptionPart(el.getLocalName(),
-                                                       part.getNamespace(), 
-                                                       "Element",
-                                                       WSConstants.PART_TYPE_HEADER);
-                            String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
-                            
-                            if (!StringUtils.isEmpty(wsuId)) {
-                                encryptedHeader.setEncId(wsuId);
-                            }
-                            result.add(encryptedHeader);
-                        }
-                    }
-                }
-                el = DOMUtils.getNextElement(el);
+                // An entire namespace
+                elements = 
+                    DOMUtils.getChildrenWithNamespace(header, part.getNamespace());    
             } else {
-                Element el = DOMUtils.getFirstElement(header);
-                while (el != null) {
-                    if (part.getName().equals(el.getLocalName())
-                        && part.getNamespace().equals(el.getNamespaceURI())
-                        && !found.contains(el)) {
-                        found.add(el);          
-                        part.setType(WSConstants.PART_TYPE_HEADER);
-                        String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
-                        
-                        if (!StringUtils.isEmpty(wsuId)) {
-                            part.setEncId(wsuId);
-                        }
-                        
-                        result.add(part);
-                    }
-                    el = DOMUtils.getNextElement(el);
+                // All elements with a given name and namespace 
+                elements = 
+                    DOMUtils.getChildrenWithName(header, part.getNamespace(), part.getName());
+            }
+            
+            for (Element el : elements) {
+                if (!found.contains(el)) {
+                    found.add(el);
+                    // Generate an ID for the element and use this ID or else
+                    // WSS4J will only ever sign/encrypt the first matching
+                    // elemenet with the same name and namespace as that in the
+                    // WSEncryptionPart
+                    final String id = this.addWsuIdToElement(el);
+                    result.add(new WSEncryptionPart(
+                            id,
+                            part.getEncModifier(),
+                            WSConstants.PART_TYPE_HEADER));
                 }
             }
         }
+        
+        return result;
+    }
+    
+    /**
+     * Identifies the portions of the message to be signed/encrypted.
+     * 
+     * @param encryptionModifier
+     *            indicates the scope of the crypto operation over matched
+     *            elements. Either "Content" or "Element".
+     * @param xpaths
+     *            any XPath expressions to sign/encrypt matches
+     * @param namespaces
+     *            namespace prefix to namespace mappings for XPath expressions
+     *            in {@code xpaths}
+     * @param found
+     *            a list of elements that have previously been tagged for
+     *            signing/encryption. Populated with additional matches found by
+     *            this method and used to prevent including the same element
+     *            twice under the same operation.
+     * @return a configured vector of {@code WSEncryptionPart}s suitable for
+     *         processing by WSS4J
+     * @throws XPathExpressionException
+     *             if a provided XPath is invalid
+     * @throws SOAPException
+     *             if there is an error extracting SOAP content from the SAAJ
+     *             model
+     */
+    private Vector<WSEncryptionPart> getElements(String encryptionModifier,
+            List<String> xpaths, Map<String, String> namespaces,
+            List<Element> found) throws XPathExpressionException, SOAPException {
+        
+        Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
+        
         if (xpaths != null && !xpaths.isEmpty()) {
             XPathFactory factory = XPathFactory.newInstance();
             for (String expression : xpaths) {
@@ -846,72 +966,43 @@
                 if (namespaces != null) {
                     xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
                 }
-                try {
-                    NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
-                                                   XPathConstants.NODESET);
-                    for (int x = 0; x < list.getLength(); x++) {
-                        Element el = (Element)list.item(x);
-                        if (sign) {
-                            WSEncryptionPart part = new WSEncryptionPart(el.getLocalName(),
-                                                            el.getNamespaceURI(), 
-                                                            "Content",
-                                                            WSConstants.PART_TYPE_ELEMENT);
-                            part.setXpath(expression);
-                            result.add(part);
-                        } else {
-                            WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
-                                                                                  el.getNamespaceURI(),
-                                                                                  "Element",
-                                                                                  WSConstants
-                                                                                      .PART_TYPE_ELEMENT);
-                            encryptedElem.setXpath(expression);
-                            String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
-                            
-                            if (!StringUtils.isEmpty(wsuId)) {
-                                encryptedElem.setEncId(wsuId);
-                            }
-                            result.add(encryptedElem);
-                        }
-                    }
-                } catch (XPathExpressionException e) {
-                    //REVISIT!!!!
-                }
-            }
-        }
-        if (contentXpaths != null && !contentXpaths.isEmpty()) {
-            XPathFactory factory = XPathFactory.newInstance();
-            for (String expression : contentXpaths) {
-                XPath xpath = factory.newXPath();
-                if (cnamespaces != null) {
-                    xpath.setNamespaceContext(new MapNamespaceContext(cnamespaces));
-                }
-                try {
-                    NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
-                                                   XPathConstants.NODESET);
-                    for (int x = 0; x < list.getLength(); x++) {
-                        Element el = (Element)list.item(x);
-                        WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
-                                                                              el.getNamespaceURI(),
-                                                                              "Content",
-                                                                              WSConstants
-                                                                                  .PART_TYPE_ELEMENT);
-                        encryptedElem.setXpath(expression);
+               
+                NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
+                                               XPathConstants.NODESET);
+                for (int x = 0; x < list.getLength(); x++) {
+                    Element el = (Element)list.item(x);
+                    
+                    if (!found.contains(el)) {
+                        // Generate an ID for the element and use this ID or else
+                        // WSS4J will only ever sign/encrypt the first matching
+                        // element with the same name and namespace as that in the
+                        // WSEncryptionPart
+                        final String id = this.addWsuIdToElement(el);
+                        
+                        
+                        WSEncryptionPart part = new WSEncryptionPart(
+                                id, 
+                                encryptionModifier,
+                                WSConstants.PART_TYPE_ELEMENT);
+                        part.setXpath(expression);
+                        
+                        /**
                         String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
                         
                         if (!StringUtils.isEmpty(wsuId)) {
                             encryptedElem.setEncId(wsuId);
                         }
-                        result.add(encryptedElem);
+                        **/
+                        
+                        result.add(part);
                     }
-                } catch (XPathExpressionException e) {
-                    //REVISIT!!!!
                 }
             }
         }
+        
         return result;
     }
     
-    
     protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper, 
                                                        Token token) throws WSSecurityException {
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
@@ -1555,43 +1646,47 @@
         }
     }
     
-    
+    /**
+     * Processes the parts to be signed and reconfigures those parts that have
+     * already been encrypted.
+     * 
+     * @param encryptedParts
+     *            the parts that have been encrypted
+     * @param signedParts
+     *            the parts that are to be signed
+     * 
+     * @throws IllegalArgumentException
+     *             if an element in {@code signedParts} contains a {@code
+     *             WSEncryptionPart} with a {@code null} {@code id} value
+     */
     public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> encryptedParts, 
                                              Vector<WSEncryptionPart> signedParts) {
-       
-        for (WSEncryptionPart signedPart : signedParts) {
-            if (signedPart.getNamespace() == null || signedPart.getName() == null) {
-                continue;
-            }
-            
-            for (WSEncryptionPart encryptedPart : encryptedParts) {
-                if (encryptedPart.getNamespace() == null 
-                    || encryptedPart.getName() == null) {
-                    continue;
-                }
-               
-                if (signedPart.getName().equals(encryptedPart.getName()) 
-                    && signedPart.getNamespace().equals(encryptedPart.getNamespace())) {
-                   
-                    String encDataID =  encryptedPart.getEncId();                    
-                    Element encDataElem = WSSecurityUtil
-                           .findElementById(saaj.getSOAPPart().getDocumentElement(),
-                                            encDataID, null);
-                   
-                    if (encDataElem != null) {
-                        Element encHeader = (Element)encDataElem.getParentNode();
-                        String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
-                        
-                        if (!StringUtils.isEmpty(encHeaderId)) {
-                            signedParts.remove(signedPart);
-                            WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
-                            signedParts.add(encHeaderToSign);
-                        }
-                    }
+
+        final Vector<WSEncryptionPart> signedEncryptedParts = new Vector<WSEncryptionPart>();
+        
+        for (WSEncryptionPart encryptedPart : encryptedParts) {
+            final Iterator<WSEncryptionPart> signedPartsIt = signedParts.iterator();
+            while (signedPartsIt.hasNext()) {
+                WSEncryptionPart signedPart = signedPartsIt.next();
+                if (signedPart.getId() == null) {
+                    throw new IllegalArgumentException(
+                            "WSEncryptionPart must be ID based but no id was found.");
+                } else if (encryptedPart.getEncModifier().equals("Element")
+                        && signedPart.getId().equals(encryptedPart.getId())) {
+                    // We are to sign something that has already been encrypted.
+                    // We need to preserve the original aspects of signedPart but
+                    // change the ID to the encrypted ID.
+                    
+                    signedPartsIt.remove();
+                    signedEncryptedParts.add(
+                            new WSEncryptionPart(
+                                    encryptedPart.getEncId(),
+                                    encryptedPart.getEncModifier(),
+                                    encryptedPart.getType()));
                 }
             }
         }
+        
+        signedParts.addAll(signedEncryptedParts);
     }
-   
-  
 }

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Fri Feb 12 19:20:10 2010
@@ -20,11 +20,16 @@
 package org.apache.cxf.ws.security.wss4j;
 
 
-import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
+import java.util.Vector;
+import java.util.concurrent.Executor;
 
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
 import javax.xml.namespace.QName;
 import javax.xml.soap.MessageFactory;
 import javax.xml.soap.SOAPException;
@@ -33,282 +38,662 @@
 import javax.xml.transform.dom.DOMSource;
 
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusException;
+import org.apache.cxf.binding.Binding;
 import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.feature.AbstractFeature;
+import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider;
 import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.model.BindingInfo;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.MessageObserver;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyBuilder;
 import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor.PolicyBasedWSS4JOutInterceptorInternal;
 import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSDataRef;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.util.WSSecurityUtil;
 import org.junit.Test;
 
 
 public class PolicyBasedWss4JInOutTest extends AbstractSecurityTest {
     private PolicyBuilder policyBuilder;
-    
-    protected Bus createBus() throws BusException {
-        Bus b = super.createBus();
-        this.policyBuilder = 
-            b.getExtension(PolicyBuilder.class);
-        return b;
+       
+    public static boolean checkUnrestrictedPoliciesInstalled() {
+        try {
+            byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+            SecretKey key192 = new SecretKeySpec(
+                new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+                            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+                            "AES");
+            Cipher c = Cipher.getInstance("AES");
+            c.init(Cipher.ENCRYPT_MODE, key192);
+            c.doFinal(data);
+            return true;
+        } catch (Exception e) {
+            //ignore
+        }
+        return false;
     }
+    
     @Test
+    @org.junit.Ignore("missing file")
     public void testSignedElementsPolicyWithIncompleteCoverage() throws Exception {
-        this.runAndValidatePolicyNotAsserted(
-                "signed_missing_signed_header.xml",
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_header.xml",
                 "signed_elements_policy.xml",
+                null,
                 SP12Constants.SIGNED_ELEMENTS,
                 CoverageType.SIGNED);
     }
     
     @Test
     public void testSignedElementsPolicyWithCompleteCoverage() throws Exception {
-        this.runAndValidatePolicyAsserted(
-                "signed.xml",
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
                 "signed_elements_policy.xml",
                 SP12Constants.SIGNED_ELEMENTS,
+                null,
                 CoverageType.SIGNED);
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "signed_elements_policy.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.SIGNED_ELEMENTS),
+                null,
+                Arrays.asList(CoverageType.SIGNED));
     }
 
     @Test
+    @org.junit.Ignore("missing file")
     public void testSignedPartsPolicyWithIncompleteCoverage() throws Exception {
-        this.runAndValidatePolicyNotAsserted(
-                "signed_missing_signed_body.xml",
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_body.xml",
                 "signed_parts_policy_body.xml",
+                null,
                 SP12Constants.SIGNED_PARTS,
                 CoverageType.SIGNED);
         
-        this.runAndValidatePolicyNotAsserted(
-                "signed_missing_signed_header.xml",
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_header.xml",
                 "signed_parts_policy_header_namespace_only.xml",
+                null,
                 SP12Constants.SIGNED_PARTS,
                 CoverageType.SIGNED);
         
-        this.runAndValidatePolicyNotAsserted(
-                "signed_missing_signed_header.xml",
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial_missing_signed_header.xml",
                 "signed_parts_policy_header.xml",
+                null,
                 SP12Constants.SIGNED_PARTS,
                 CoverageType.SIGNED);
     }
     
     @Test
     public void testSignedPartsPolicyWithCompleteCoverage() throws Exception {
-        this.runAndValidatePolicyAsserted(
-                "signed.xml",
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
                 "signed_parts_policy_body.xml",
                 SP12Constants.SIGNED_PARTS,
+                null,
                 CoverageType.SIGNED);
         
-        this.runAndValidatePolicyAsserted(
-                "signed.xml",
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "signed_parts_policy_body.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.SIGNED));
+        
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
                 "signed_parts_policy_header_namespace_only.xml",
                 SP12Constants.SIGNED_PARTS,
+                null,
                 CoverageType.SIGNED);
         
-        this.runAndValidatePolicyAsserted(
-                "signed.xml",
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "signed_parts_policy_header_namespace_only.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.SIGNED));
+        
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
                 "signed_parts_policy_header.xml",
                 SP12Constants.SIGNED_PARTS,
+                null,
                 CoverageType.SIGNED);
         
-        this.runAndValidatePolicyAsserted(
-                "signed.xml",
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "signed_parts_policy_header.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.SIGNED));
+        
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial.xml",
                 "signed_parts_policy_header_and_body.xml",
                 SP12Constants.SIGNED_PARTS,
+                null,
                 CoverageType.SIGNED);
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "signed_parts_policy_header_and_body.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.SIGNED));
     }
     
     @Test
     public void testEncryptedElementsPolicyWithIncompleteCoverage() throws Exception {
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_missing_enc_header.xml",
                 "encrypted_elements_policy.xml",
+                null,
                 SP12Constants.ENCRYPTED_ELEMENTS,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "encrypted_elements_policy2.xml",
+                null,
                 SP12Constants.ENCRYPTED_ELEMENTS,
                 CoverageType.ENCRYPTED);
     }
     
     @Test
     public void testEncryptedElementsPolicyWithCompleteCoverage() throws Exception {
-        this.runAndValidatePolicyAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "encrypted_elements_policy.xml",
                 SP12Constants.ENCRYPTED_ELEMENTS,
+                null,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyAsserted(
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_elements_policy.xml",
+                null,
+                null,
+                Arrays.asList(new QName[] {SP12Constants.ENCRYPTED_ELEMENTS}),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
+        
+        this.runInInterceptorAndValidate(
                 "encrypted_body_element.xml",
                 "encrypted_elements_policy2.xml",
                 SP12Constants.ENCRYPTED_ELEMENTS,
+                null,
                 CoverageType.ENCRYPTED);
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_elements_policy2.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_ELEMENTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
     }
     
     @Test
     public void testContentEncryptedElementsPolicyWithIncompleteCoverage() throws Exception {
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_body_element.xml",
                 "content_encrypted_elements_policy.xml",
+                null,
                 SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
                 CoverageType.ENCRYPTED);
     }
     
     @Test
     public void testContentEncryptedElementsPolicyWithCompleteCoverage() throws Exception {
-        this.runAndValidatePolicyAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "content_encrypted_elements_policy.xml",
                 SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
+                null,
                 CoverageType.ENCRYPTED);
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "content_encrypted_elements_policy.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
     }
     
     @Test
     public void testEncryptedPartsPolicyWithIncompleteCoverage() throws Exception {
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_missing_enc_body.xml",
                 "encrypted_parts_policy_body.xml",
+                null,
                 SP12Constants.ENCRYPTED_PARTS,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_body_element.xml",
                 "encrypted_parts_policy_body.xml",
+                null,
                 SP12Constants.ENCRYPTED_PARTS,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_missing_enc_header.xml",
                 "encrypted_parts_policy_header_namespace_only.xml",
+                null,
                 SP12Constants.ENCRYPTED_PARTS,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyNotAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_missing_enc_header.xml",
                 "encrypted_parts_policy_header.xml",
+                null,
                 SP12Constants.ENCRYPTED_PARTS,
                 CoverageType.ENCRYPTED);
     }
     
     @Test
     public void testEncryptedPartsPolicyWithCompleteCoverage() throws Exception {
-        this.runAndValidatePolicyAsserted(
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "encrypted_parts_policy_body.xml",
                 SP12Constants.ENCRYPTED_PARTS,
+                null,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyAsserted(
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_parts_policy_body.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
+        
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "encrypted_parts_policy_header_namespace_only.xml",
                 SP12Constants.ENCRYPTED_PARTS,
+                null,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyAsserted(
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_parts_policy_header_namespace_only.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
+        
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "encrypted_parts_policy_header.xml",
                 SP12Constants.ENCRYPTED_PARTS,
+                null,
                 CoverageType.ENCRYPTED);
         
-        this.runAndValidatePolicyAsserted(
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_parts_policy_header.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
+        
+        this.runInInterceptorAndValidate(
                 "encrypted_body_content.xml",
                 "encrypted_parts_policy_header_and_body.xml",
                 SP12Constants.ENCRYPTED_PARTS,
+                null,
                 CoverageType.ENCRYPTED);
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_parts_policy_header_and_body.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED));
     }
     
-    private void runAndValidatePolicyAsserted(String document,
-            String policyDocument, QName assertionType,
+    @Test
+    public void testSignedEncryptedPartsWithIncompleteCoverage() throws Exception {
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial_encrypted_missing_enc_header.xml",
+                "signed_parts_policy_header_and_body_encrypted.xml",
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS),
+                Arrays.asList(CoverageType.ENCRYPTED,
+                        CoverageType.SIGNED));
+    }
+    
+    @Test
+    public void testSignedEncryptedPartsWithCompleteCoverage() throws Exception {
+        if (!checkUnrestrictedPoliciesInstalled()) {
+            return;
+        }
+        this.runInInterceptorAndValidate(
+                "signed_x509_issuer_serial_encrypted.xml",
+                "signed_parts_policy_header_and_body_encrypted.xml",
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS, 
+                        SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED,
+                        CoverageType.SIGNED));
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "signed_parts_policy_header_and_body_encrypted.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS, 
+                        SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED,
+                        CoverageType.SIGNED));
+    }
+    
+    @Test
+    public void testEncryptedSignedPartsWithIncompleteCoverage() throws Exception {
+        this.runInInterceptorAndValidate(
+                "encrypted_body_content_signed_missing_signed_header.xml",
+                "encrypted_parts_policy_header_and_body_signed.xml",
+                null,
+                Arrays.asList(SP12Constants.SIGNED_PARTS),
+                Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED));
+    }
+    
+    @Test
+    public void testEncryptedSignedPartsWithCompleteCoverage() throws Exception {
+        this.runInInterceptorAndValidate(
+                "encrypted_body_content_signed.xml",
+                "encrypted_parts_policy_header_and_body_signed.xml",
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS, 
+                        SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED, CoverageType.SIGNED));
+        
+        this.runAndValidate(
+                "wsse-request-clean.xml",
+                "encrypted_parts_policy_header_and_body_signed.xml",
+                null,
+                null,
+                Arrays.asList(SP12Constants.ENCRYPTED_PARTS,
+                        SP12Constants.SIGNED_PARTS),
+                null,
+                Arrays.asList(CoverageType.ENCRYPTED,
+                        CoverageType.SIGNED));
+    }
+    
+    protected Bus createBus() throws BusException {
+        Bus b = super.createBus();
+        this.policyBuilder = 
+            b.getExtension(PolicyBuilder.class);
+        return b;
+    }
+    
+    private void runAndValidate(String document, String policyDocument,
+            List<QName> assertedOutAssertions, List<QName> notAssertedOutAssertions,
+            List<QName> assertedInAssertions, List<QName> notAssertedInAssertions,
+            List<CoverageType> types) throws Exception {
+        
+        final Element policyElement = 
+            this.readDocument(policyDocument).getDocumentElement();
+        
+        final Policy outPolicy = this.policyBuilder.getPolicy(policyElement);
+        final Policy inPolicy = this.policyBuilder.getPolicy(policyElement);
+        
+        final Document originalDoc = this.readDocument(document);
+        
+        final Document inDoc = this.runOutInterceptorAndValidate(
+                originalDoc, outPolicy, assertedOutAssertions,
+                notAssertedOutAssertions);
+        
+        // Can't use this method if you want output that is not mangled.
+        // Such is the case when you want to capture output to use
+        // as input to another test case.
+        //DOMUtils.writeXml(inDoc, System.out);
+        
+        // Use this snippet if you need intermediate output for debugging.
+        /*
+        TransformerFactory tf = TransformerFactory.newInstance();
+        Transformer t = tf.newTransformer();
+        t.setOutputProperty(OutputKeys.INDENT, "no");
+        t.transform(new DOMSource(inDoc), new StreamResult(System.out));
+        */
+        
+        this.runInInterceptorAndValidate(inDoc,
+                inPolicy, assertedInAssertions,
+                assertedOutAssertions, types);
+    }
+    
+    private void runInInterceptorAndValidate(String document,
+            String policyDocument, QName assertedInAssertion,
+            QName notAssertedInAssertion, 
             CoverageType type) throws Exception {
-        Policy policy = this.policyBuilder.getPolicy(
-                this.readDocument(policyDocument).getDocumentElement());
         
-        AssertionInfoMap aim = new AssertionInfoMap(policy);
+        this.runInInterceptorAndValidate(
+                document, policyDocument, 
+                assertedInAssertion == null ? null 
+                        : Arrays.asList(assertedInAssertion),
+                notAssertedInAssertion == null ? null
+                        : Arrays.asList(notAssertedInAssertion),
+                Arrays.asList(type));
+    }
+    
+    private void runInInterceptorAndValidate(String document,
+            String policyDocument, List<QName> assertedInAssertions,
+            List<QName> notAssertedInAssertions,
+            List<CoverageType> types) throws Exception {
+        
+        final Policy policy = this.policyBuilder.getPolicy(
+                this.readDocument(policyDocument).getDocumentElement());
         
-        this.runAndValidateWss(document, aim, type);
+        final Document doc = this.readDocument(document);
         
-        try {
-            aim.checkEffectivePolicy(policy);
-            
-        } catch (PolicyException e) {
-            fail(assertionType + " policy erroneously failed.");
-        }
+        this.runInInterceptorAndValidate(
+                doc, policy, 
+                assertedInAssertions,
+                notAssertedInAssertions,
+                types);
     }
     
-    private void runAndValidatePolicyNotAsserted(String document,
-            String policyDocument, QName assertionType,
-            CoverageType type) throws Exception {
-        Policy policy = this.policyBuilder.getPolicy(
-                this.readDocument(policyDocument).getDocumentElement());
+    private void runInInterceptorAndValidate(Document document,
+            Policy policy, List<QName> assertedInAssertions,
+            List<QName> notAssertedInAssertions,
+            List<CoverageType> types) throws Exception {
         
-        AssertionInfoMap aim = new AssertionInfoMap(policy);
+        final AssertionInfoMap aim = new AssertionInfoMap(policy);
         
-        this.runAndValidateWss(document, aim, type);
+        this.runInInterceptorAndValidateWss(document, aim, types);
         
         try {
             aim.checkEffectivePolicy(policy);
-            fail(assertionType + " policy erroneously asserted.");
         } catch (PolicyException e) {
-            Collection<AssertionInfo> ais = aim.get(assertionType);
-            for (AssertionInfo ai : ais) {
-                assertFalse(ai.getAssertion().isAsserted(aim));
+            // Expected but not relevant
+        } finally {
+            if (assertedInAssertions != null) {
+                for (QName assertionType : assertedInAssertions) {
+                    Collection<AssertionInfo> ais = aim.get(assertionType);
+                    assertNotNull(ais);
+                    for (AssertionInfo ai : ais) {
+                        assertTrue(assertionType + " policy erroneously failed.",
+                                ai.getAssertion().isAsserted(aim));
+                    }
+                }
+            }
+            
+            if (notAssertedInAssertions != null) {
+                for (QName assertionType : notAssertedInAssertions) {
+                    Collection<AssertionInfo> ais = aim.get(assertionType);
+                    assertNotNull(ais);
+                    for (AssertionInfo ai : ais) {
+                        assertFalse(assertionType + " policy erroneously asserted.",
+                                ai.getAssertion().isAsserted(aim));
+                    }
+                }
             }
         }
     }
     
-    private void runAndValidateWss(String document, AssertionInfoMap aim, CoverageType type)
-        throws Exception {
-        Document doc = readDocument(document);
+    private void runInInterceptorAndValidateWss(Document document, AssertionInfoMap aim,
+            List<CoverageType> types) throws Exception {
         
         PolicyBasedWSS4JInInterceptor inHandler = 
-            CoverageType.SIGNED.equals(type)
-                    ? this.getInInterceptorForSignature()
-                            : this.getInInterceptorForEncryption();
-
-        SoapMessage inmsg = this.getSoapMessageForDom(doc, aim);
+            this.getInInterceptor(types);
+            
+        SoapMessage inmsg = this.getSoapMessageForDom(document, aim);
 
         inHandler.handleMessage(inmsg);
         
-        if (CoverageType.SIGNED.equals(type)) {
-            this.verifyWss4jSigResults(inmsg);
-        } else {
-            this.verifyWss4jEncResults(inmsg);
+        for (CoverageType type : types) {
+            switch(type) {
+            case SIGNED:
+                this.verifyWss4jSigResults(inmsg);
+                break;
+            case ENCRYPTED:
+                this.verifyWss4jEncResults(inmsg);
+                break;
+            default:
+                fail("Unsupported coverage type.");
+            }
         }
     }
     
-    private PolicyBasedWSS4JInInterceptor getInInterceptorForSignature() {
-        PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
-        inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE);
-        inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
-                "META-INF/cxf/insecurity.properties");
+    private Document runOutInterceptorAndValidate(Document document, Policy policy,
+            List<QName> assertedOutAssertions, 
+            List<QName> notAssertedOutAssertions) throws Exception {
         
-        return inHandler;
+        AssertionInfoMap aim = new AssertionInfoMap(policy);
+        
+        final SoapMessage msg = 
+            this.getOutSoapMessageForDom(document, aim); 
+        
+        this.getOutInterceptor().handleMessage(msg);
+        
+        try {
+            aim.checkEffectivePolicy(policy);
+        } catch (PolicyException e) {
+            // Expected but not relevant
+        } finally {
+            if (assertedOutAssertions != null) {
+                for (QName assertionType : assertedOutAssertions) {
+                    Collection<AssertionInfo> ais = aim.get(assertionType);
+                    assertNotNull(ais);
+                    for (AssertionInfo ai : ais) {
+                        assertTrue(assertionType + " policy erroneously failed.",
+                                ai.getAssertion().isAsserted(aim));
+                    }
+                }
+            }
+            
+            if (notAssertedOutAssertions != null) {
+                for (QName assertionType : notAssertedOutAssertions) {
+                    Collection<AssertionInfo> ais = aim.get(assertionType);
+                    assertNotNull(ais);
+                    for (AssertionInfo ai : ais) {
+                        assertFalse(assertionType + " policy erroneously asserted.",
+                                ai.getAssertion().isAsserted(aim));
+                    }
+                }
+            }
+        }
+        
+        return msg.getContent(SOAPMessage.class).getSOAPPart();
+    }
+    
+    private PolicyBasedWSS4JOutInterceptorInternal getOutInterceptor() {
+        return (new PolicyBasedWSS4JOutInterceptor()).createEndingInterceptor();
     }
     
-    private PolicyBasedWSS4JInInterceptor getInInterceptorForEncryption() {
+    private PolicyBasedWSS4JInInterceptor getInInterceptor(List<CoverageType> types) {
         PolicyBasedWSS4JInInterceptor inHandler = new PolicyBasedWSS4JInInterceptor();
-        inHandler.setProperty(WSHandlerConstants.ACTION, WSHandlerConstants.ENCRYPT);
+        String action = "";
+        
+        for (CoverageType type : types) {
+            switch(type) {
+            case SIGNED:
+                action += " " + WSHandlerConstants.SIGNATURE;
+                break;
+            case ENCRYPTED:
+                action += " " + WSHandlerConstants.ENCRYPT;
+                break;
+            default:
+                fail("Unsupported coverage type.");
+            }
+        }
+        inHandler.setProperty(WSHandlerConstants.ACTION, action);
+        inHandler.setProperty(WSHandlerConstants.SIG_PROP_FILE, 
+                "META-INF/cxf/insecurity.properties");
         inHandler.setProperty(WSHandlerConstants.DEC_PROP_FILE,
                 "META-INF/cxf/insecurity.properties");
         inHandler.setProperty(WSHandlerConstants.PW_CALLBACK_CLASS, 
-                "org.apache.cxf.ws.security.wss4j.TestPwdCallback");
+                TestPwdCallback.class.getName());
         
         return inHandler;
     }
     
+    /**
+     * Gets a SoapMessage, but with the needed SecurityConstants in the context propreties
+     * so that it can be passed to PolicyBasedWSS4JOutInterceptor.
+     *
+     * @see #getSoapMessageForDom(Document, AssertionInfoMap)
+     */
+    private SoapMessage getOutSoapMessageForDom(Document doc, AssertionInfoMap aim)
+        throws SOAPException {
+        SoapMessage msg = this.getSoapMessageForDom(doc, aim);
+        msg.put(SecurityConstants.SIGNATURE_PROPERTIES, "META-INF/cxf/outsecurity.properties");
+        msg.put(SecurityConstants.ENCRYPT_PROPERTIES, "META-INF/cxf/outsecurity.properties");
+        msg.put(SecurityConstants.CALLBACK_HANDLER, TestPwdCallback.class.getName());
+        msg.put(SecurityConstants.SIGNATURE_USERNAME, "myalias");
+        msg.put(SecurityConstants.ENCRYPT_USERNAME, "myalias");
+        
+        msg.getExchange().put(Endpoint.class, new MockEndpoint());
+        msg.getExchange().put(Bus.class, this.bus);
+        msg.put(Message.REQUESTOR_ROLE, true);
+        
+        return msg;
+    }
+    
     private SoapMessage getSoapMessageForDom(Document doc, AssertionInfoMap aim)
         throws SOAPException {
         SOAPMessage saajMsg = MessageFactory.newInstance().createMessage();
@@ -316,23 +701,21 @@
         part.setContent(new DOMSource(doc));
         saajMsg.saveChanges();
         
-        SoapMessage inmsg = new SoapMessage(new MessageImpl());
+        SoapMessage msg = new SoapMessage(new MessageImpl());
         Exchange ex = new ExchangeImpl();
-        ex.setInMessage(inmsg);
-        inmsg.setContent(SOAPMessage.class, saajMsg);
+        ex.setInMessage(msg);
+        msg.setContent(SOAPMessage.class, saajMsg);
         if (aim != null) {
-            inmsg.put(AssertionInfoMap.class, aim);
+            msg.put(AssertionInfoMap.class, aim);
         }
-        return inmsg;
+        
+        return msg;
     }
     
     private void verifyWss4jSigResults(SoapMessage inmsg) {
         WSSecurityEngineResult result = 
             (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT);
         assertNotNull(result);
-        X509Certificate certificate = (X509Certificate)result
-            .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-        assertNotNull(certificate);
     }
     
     @SuppressWarnings("unchecked")
@@ -345,12 +728,12 @@
                 .get(WSHandlerConstants.RECV_RESULTS);
         assertNotNull(handlerResults);
         assertSame(handlerResults.size(), 1);
-        //
-        // This should contain exactly 1 protection result
-        //
-        final List<Object> protectionResults = (List<Object>) handlerResults
-                .get(0).getResults();
+
+        Vector<Object> protectionResults = new Vector<Object>();
+        WSSecurityUtil.fetchAllActionResults(handlerResults.get(0).getResults(),
+                WSConstants.ENCR, protectionResults);
         assertNotNull(protectionResults);
+        
         //
         // This result should contain a reference to the decrypted element
         //
@@ -360,4 +743,55 @@
                 .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
         assertNotNull(protectedElements);
     }
+    
+    private static final class MockEndpoint extends 
+        AbstractAttributedInterceptorProvider implements Endpoint {
+
+        private static final long serialVersionUID = 1L;
+
+        private EndpointInfo epi = new EndpointInfo();
+        
+        public MockEndpoint() {
+            epi.setBinding(new BindingInfo(null, null));
+        }
+        
+        
+        public List<AbstractFeature> getActiveFeatures() {
+            return null;
+        }
+
+        public Binding getBinding() {
+            return null;
+        }
+
+        public EndpointInfo getEndpointInfo() {
+            return this.epi;
+        }
+
+        public Executor getExecutor() {
+            return null;
+        }
+
+        public MessageObserver getInFaultObserver() {
+            return null;
+        }
+
+        public MessageObserver getOutFaultObserver() {
+            return null;
+        }
+
+        public Service getService() {
+            return null;
+        }
+
+        public void setExecutor(Executor executor) {   
+        }
+
+        public void setInFaultObserver(MessageObserver observer) {
+        }
+
+        public void setOutFaultObserver(MessageObserver observer) {            
+        }
+        
+    }
 }

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/content_encrypted_elements_policy.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,30 @@
     xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:ContentEncryptedElements>
         <sp:XPath>//soap:Body</sp:XPath>
       </sp:ContentEncryptedElements>  

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,30 @@
     xmlns:ser="http://www.sdj.pl">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:EncryptedElements>
         <sp:XPath>//ser:Header</sp:XPath>
       </sp:EncryptedElements>  

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_elements_policy2.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,30 @@
     xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:EncryptedElements>
         <sp:XPath>//soap:Body</sp:XPath>
       </sp:EncryptedElements>  

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_body.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
     xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:EncryptedParts>
         <sp:Body/>
       </sp:EncryptedParts>  

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
     xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:EncryptedParts>
         <sp:Header Name="Header" Namespace="http://www.sdj.pl"/>
       </sp:EncryptedParts>  

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_and_body.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
     xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:EncryptedParts>
         <sp:Body/>
         <sp:Header Name="Header" Namespace="http://www.sdj.pl"/>

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/encrypted_parts_policy_header_namespace_only.xml Fri Feb 12 19:20:10 2010
@@ -4,6 +4,30 @@
     xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:SymmetricBinding>
+        <wsp:Policy>
+          <sp:ProtectionToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
+                <wsp:Policy>
+                  <sp:RequireEmbeddedTokenReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:ProtectionToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic128 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:SymmetricBinding>
       <sp:EncryptedParts>
         <sp:Header Namespace="http://www.sdj.pl"/>
       </sp:EncryptedParts>  

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed.xml Fri Feb 12 19:20:10 2010
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<soapenv:Envelope xmlns:ser="http://blah" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
-   <soapenv:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:Signature Id="Signature-13" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-<ds:SignedInfo>
-<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
-<ds:Reference URI="#id-14">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>wDPX14XCrVsUWZn6j8rs+m7I8O8=</ds:DigestValue>
-</ds:Reference>
-<ds:Reference URI="#id-8">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>TJj4H4XAG1HaH/gPprXOv5zwkXQ=</ds:DigestValue>
-</ds:Reference>
-<ds:Reference URI="#id-15">
-<ds:Transforms>
-<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
-<ds:DigestValue>NL4WOzgXO8Lc2aBiWr78AXzK/gM=</ds:DigestValue>
-</ds:Reference>
-</ds:SignedInfo>
-<ds:SignatureValue>
-bAx2CT83LxVKReQzYCEHGxxTo3MZzOHMA6e/CcHOQlfvJXwOWcOe/gzk5APRzOJBC1fKGAH0dAiO
-f70WVCU0wRjcjj3+PHiSRRfgqAGk6M/Txl2uGgoSW5JCGYsgTrSLtE6c/n75XGfQr38yiZwAKT8P
-dFHSXRu3Q9SBx0idbBg=
-</ds:SignatureValue>
-<ds:KeyInfo Id="KeyId-B5419464DCB3C8B05A126477266969520">
-<wsse:SecurityTokenReference wsu:Id="STRId-B5419464DCB3C8B05A126477266969521" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><ds:X509Data>
-<ds:X509IssuerSerial>
-<ds:X509IssuerName>CN=myAlias</ds:X509IssuerName>
-<ds:X509SerialNumber>1181668586</ds:X509SerialNumber>
-</ds:X509IssuerSerial>
-</ds:X509Data></wsse:SecurityTokenReference>
-</ds:KeyInfo>
-</ds:Signature></wsse:Security>
-      <Header wsu:Id="id-14" xmlns="http://www.sdj.pl" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">1234</Header>
-      <Header wsu:Id="id-8" xmlns="http://www.sdj.pl" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">5678</Header>
-   </soapenv:Header>
-   <soapenv:Body wsu:Id="id-15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
-     <echo xmlns="http://www.sdj.pl">
-       <in0>A</in0>    
-     </echo>
-   </soapenv:Body>
-</soapenv:Envelope>

Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml?rev=909567&r1=909566&r2=909567&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/signed_elements_policy.xml Fri Feb 12 19:20:10 2010
@@ -5,6 +5,40 @@
     xmlns:ser="http://www.sdj.pl">
   <wsp:ExactlyOne>
     <wsp:All>
+      <sp:AsymmetricBinding>
+        <wsp:Policy>
+          <sp:InitiatorToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                <wsp:Policy>
+                  <sp:RequireIssuerSerialReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:InitiatorToken>
+          <sp:RecipientToken>
+            <wsp:Policy>
+              <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                <wsp:Policy>
+                  <sp:RequireIssuerSerialReference />
+                  <sp:WssX509V3Token10 />
+                </wsp:Policy>
+              </sp:X509Token>
+            </wsp:Policy>
+          </sp:RecipientToken>
+          <sp:AlgorithmSuite>
+            <wsp:Policy>
+              <sp:Basic256 />
+            </wsp:Policy>
+          </sp:AlgorithmSuite>
+          <sp:Layout>
+            <wsp:Policy>
+              <sp:Strict />
+            </wsp:Policy>
+          </sp:Layout>
+        </wsp:Policy>
+      </sp:AsymmetricBinding>
       <sp:SignedElements>
         <sp:XPath>//ser:Header</sp:XPath>
       </sp:SignedElements>  



Mime
View raw message