Return-Path: Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: (qmail 95928 invoked from network); 30 Nov 2010 16:42:36 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 30 Nov 2010 16:42:36 -0000 Received: (qmail 46417 invoked by uid 500); 30 Nov 2010 16:42:36 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 45944 invoked by uid 500); 30 Nov 2010 16:42:33 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 45927 invoked by uid 99); 30 Nov 2010 16:42:32 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Nov 2010 16:42:32 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Nov 2010 16:42:26 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E090523889B9; Tue, 30 Nov 2010 16:40:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1040628 - in /cxf/sandbox/wss4j-1.6-port: distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/ distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/ ... Date: Tue, 30 Nov 2010 16:40:52 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20101130164052.E090523889B9@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Tue Nov 30 16:40:51 2010 New Revision: 1040628 URL: http://svn.apache.org/viewvc?rev=1040628&view=rev Log: Some minor changes. Modified: cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java Modified: cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java (original) +++ cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java Tue Nov 30 16:40:51 2010 @@ -61,17 +61,11 @@ public class KeystorePasswordCallback im //The above is an issue when doing encrypt or signing only. //Perhaps using a more suitable keystore format like .jks would be better pc.setPassword("password"); - return; } catch (NumberFormatException nfe) { - //not a pfx alias, carry on to next - } - - String pass = passwords.get(pc.getIdentifier()); - if (pass != null) { - pc.setPassword(pass); - return; - } else { - pc.setPassword("password"); + String pass = passwords.get(pc.getIdentifier()); + if (pass != null) { + pc.setPassword(pass); + } } } } Modified: cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java (original) +++ cxf/sandbox/wss4j-1.6-port/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java Tue Nov 30 16:40:51 2010 @@ -42,6 +42,8 @@ public class KeystorePasswordCallback im passwords.put("alice", "abcd!1234"); passwords.put("Bob", "abcd!1234"); passwords.put("bob", "abcd!1234"); + passwords.put("350334201beea6502d11342f93eea09fc0b5df01", "password"); + passwords.put("abcd", "dcba"); } /** @@ -55,9 +57,6 @@ public class KeystorePasswordCallback im String pass = passwords.get(pc.getIdentifier()); if (pass != null) { pc.setPassword(pass); - return; - } else { - pc.setPassword("password"); } } } Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Tue Nov 30 16:40:51 2010 @@ -25,6 +25,7 @@ import java.util.List; import org.apache.cxf.Bus; import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.Message; import org.apache.cxf.phase.AbstractPhaseInterceptor; @@ -199,7 +200,6 @@ public class IssuedTokenInterceptorProvi addAfter(PolicyBasedWSS4JInInterceptor.class.getName()); } - @SuppressWarnings("unchecked") public void handleMessage(Message message) throws Fault { AssertionInfoMap aim = message.get(AssertionInfoMap.class); // extract Assertion information @@ -211,7 +211,7 @@ public class IssuedTokenInterceptorProvi if (!isRequestor(message)) { boolean found = false; List results = - (List)message.get(WSHandlerConstants.RECV_RESULTS); + CastUtils.cast((List)message.get(WSHandlerConstants.RECV_RESULTS)); if (results != null) { for (WSHandlerResult rResult : results) { List wsSecEngineResults = Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Nov 30 16:40:51 2010 @@ -35,6 +35,7 @@ import org.apache.cxf.binding.soap.SoapB import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.Interceptor; @@ -445,12 +446,11 @@ class SecureConversationInInterceptor ex addAfter(WSS4JInInterceptor.class.getName()); } - @SuppressWarnings("unchecked") public void handleMessage(SoapMessage message) throws Fault { //Find the SC token boolean found = false; List results = - (List)message.get(WSHandlerConstants.RECV_RESULTS); + CastUtils.cast((List)message.get(WSHandlerConstants.RECV_RESULTS)); if (results != null) { for (WSHandlerResult rResult : results) { List wsSecEngineResults = rResult.getResults(); Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Nov 30 16:40:51 2010 @@ -454,7 +454,8 @@ public class PolicyBasedWSS4JInIntercept } protected void doResults(SoapMessage msg, String actor, - SOAPMessage doc, List results, boolean utWithCallbacks) + SOAPMessage doc, List results, + boolean utWithCallbacks) throws SOAPException, XMLStreamException, WSSecurityException { AssertionInfoMap aim = msg.get(AssertionInfoMap.class); @@ -464,9 +465,7 @@ public class PolicyBasedWSS4JInIntercept boolean hasEndorsement = false; Protections prots = Protections.NONE; - for (int j = 0; j < results.size(); j++) { - WSSecurityEngineResult wser = - (WSSecurityEngineResult) results.get(j); + for (WSSecurityEngineResult wser : results) { Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION); switch (actInt.intValue()) { case WSConstants.SIGN: Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Tue Nov 30 16:40:51 2010 @@ -128,12 +128,12 @@ public class UsernameTokenInterceptor ex try { final WSUsernameTokenPrincipal princ = getPrincipal(child, message); if (princ != null) { - Vectorv = new Vector(); + Listv = new Vector(); v.add(0, new WSSecurityEngineResult(WSConstants.UT, princ, null, null, null)); - List results = CastUtils.cast((List)message + List results = CastUtils.cast((List)message .get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { - results = new Vector(); + results = new Vector(); message.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(null, v); Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java Tue Nov 30 16:40:51 2010 @@ -52,14 +52,14 @@ public class UsernameTokenProcessorWitho private String utId; private UsernameToken ut; - @SuppressWarnings("unchecked") public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, - WSDocInfo wsDocInfo, List returnResults, WSSConfig wsc) throws WSSecurityException { + WSDocInfo wsDocInfo, List returnResults, WSSConfig wsc + ) throws WSSecurityException { if (LOG.isLoggable(Level.FINE)) { LOG.fine("Found UsernameToken list element"); } - Principal principal = handleUsernameToken((Element) elem, cb); + Principal principal = handleUsernameToken(elem, cb); returnResults.add( 0, new WSSecurityEngineResult(WSConstants.UT, principal, null, null, null) Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Tue Nov 30 16:40:51 2010 @@ -110,12 +110,11 @@ public class WSS4JInInterceptor extends ignoreActions = ignore; } - @SuppressWarnings("unchecked") public WSS4JInInterceptor(Map properties) { this(); setProperties(properties); final Map map = CastUtils.cast( - (Map)properties.get(PROCESSOR_MAP)); + (Map)properties.get(PROCESSOR_MAP)); if (map != null) { secEngineOverride = createSecurityEngine(map); } @@ -185,6 +184,7 @@ public class WSS4JInInterceptor extends } RequestData reqData = new RequestData(); + reqData.setWssConfig(engine.getWssConfig()); /* * The overall try, just to have a finally at the end to perform some * housekeeping. @@ -200,6 +200,11 @@ public class WSS4JInInterceptor extends String actor = (String)getOption(WSHandlerConstants.ACTOR); CallbackHandler cbHandler = getCallback(reqData, doAction, utWithCallbacks); + + String passwordTypeStrict = (String)getOption(WSHandlerConstants.PASSWORD_TYPE_STRICT); + if (passwordTypeStrict == null) { + setProperty(WSHandlerConstants.PASSWORD_TYPE_STRICT, "true"); + } /* * Get and check the Signature specific parameters first because @@ -207,12 +212,11 @@ public class WSS4JInInterceptor extends */ doReceiverAction(doAction, reqData); - List wsResult = null; if (doTimeLog) { t1 = System.currentTimeMillis(); } - wsResult = engine.processSecurityHeader( + List wsResult = engine.processSecurityHeader( doc.getSOAPPart(), actor, cbHandler, @@ -299,34 +303,23 @@ public class WSS4JInInterceptor extends } } - private void checkSignatures(SoapMessage msg, RequestData reqData, List wsResult) - throws WSSecurityException { - /* - * Now we can check the certificate used to sign the message. In the - * following implementation the certificate is only trusted if - * either it itself or the certificate of the issuer is installed in - * the keystore. Note: the method verifyTrust(X509Certificate) - * allows custom implementations with other validation algorithms - * for subclasses. - */ - + private void checkSignatures( + SoapMessage msg, RequestData reqData, List wsResult + ) throws WSSecurityException { // Extract the signature action result from the action vector - List signatureResults = new Vector(); + List signatureResults = new Vector(); signatureResults = WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN, signatureResults); + // Store the last signature result if (!signatureResults.isEmpty()) { - for (int i = 0; i < signatureResults.size(); i++) { - WSSecurityEngineResult result = - (WSSecurityEngineResult) signatureResults.get(i); - - msg.put(SIGNATURE_RESULT, result); - } + msg.put(SIGNATURE_RESULT, signatureResults.get(signatureResults.size() - 1)); } } - protected void checkTimestamps(SoapMessage msg, RequestData reqData, List wsResult) - throws WSSecurityException { + protected void checkTimestamps( + SoapMessage msg, RequestData reqData, List wsResult + ) throws WSSecurityException { /* * Perform further checks on the timestamp that was transmitted in * the header. In the following implementation the timestamp is @@ -336,14 +329,12 @@ public class WSS4JInInterceptor extends * other validation algorithms for subclasses. */ // Extract the timestamp action result from the action vector - List timestampResults = new Vector(); + List timestampResults = new Vector(); timestampResults = WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, timestampResults); if (!timestampResults.isEmpty()) { - for (int i = 0; i < timestampResults.size(); i++) { - WSSecurityEngineResult result = - (WSSecurityEngineResult) timestampResults.get(i); + for (WSSecurityEngineResult result : timestampResults) { Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP); if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) { @@ -366,20 +357,23 @@ public class WSS4JInInterceptor extends } - protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, List wsResult) - throws SOAPException, XMLStreamException, WSSecurityException { + protected void doResults( + SoapMessage msg, String actor, SOAPMessage doc, List wsResult + ) throws SOAPException, XMLStreamException, WSSecurityException { doResults(msg, actor, doc, wsResult, false); } - protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, List wsResult, - boolean utWithCallbacks) throws SOAPException, XMLStreamException, WSSecurityException { + protected void doResults( + SoapMessage msg, String actor, SOAPMessage doc, List wsResult, + boolean utWithCallbacks + ) throws SOAPException, XMLStreamException, WSSecurityException { /* * All ok up to this point. Now construct and setup the security result * structure. The service may fetch this and check it. */ - List results = CastUtils.cast((List)msg.get(WSHandlerConstants.RECV_RESULTS)); + List results = CastUtils.cast((List)msg.get(WSHandlerConstants.RECV_RESULTS)); if (results == null) { - results = new Vector(); + results = new Vector(); msg.put(WSHandlerConstants.RECV_RESULTS, results); } WSHandlerResult rResult = new WSHandlerResult(actor, wsResult); @@ -397,23 +391,7 @@ public class WSS4JInInterceptor extends i++; } msg.setContent(XMLStreamReader.class, reader); - String pwType = (String)getProperty(msg, "passwordType"); - if ("PasswordDigest".equals(pwType)) { - //CXF-2150 - we need to check the UsernameTokens - for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) { - Integer actInt = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION); - if (actInt == WSConstants.UT) { - WSUsernameTokenPrincipal princ - = (WSUsernameTokenPrincipal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL); - if (!princ.isPasswordDigest()) { - LOG.warning("Non-digest UsernameToken found, but digest required"); - throw new WSSecurityException(WSSecurityException.INVALID_SECURITY); - } - } - } - } - - for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) { + for (WSSecurityEngineResult o : wsResult) { final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL); if (p != null) { msg.put(PRINCIPAL_RESULT, p); @@ -568,9 +546,6 @@ public class WSS4JInInterceptor extends * construction); otherwise, it is taken to be the default * WSSecEngine instance (currently defined in the WSHandler * base class). - * - * TODO the WSHandler base class defines secEngine to be static, which - * is really bad, because the engine has mutable state on it. */ protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) { if (secEngineOverride != null) { @@ -592,11 +567,8 @@ public class WSS4JInInterceptor extends * @return a freshly minted WSSecurityEngine instance, using the * (non-null) processor map, to be used to initialize the * WSSecurityEngine instance. - * - * TODO The WSS4J APIs leave something to be desired here, but hopefully - * we'll clean all this up in WSS4J-2.0 */ - protected static WSSecurityEngine + protected WSSecurityEngine createSecurityEngine( final Map map ) { Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Tue Nov 30 16:40:51 2010 @@ -362,20 +362,20 @@ public abstract class AbstractBindingBui Collection ais; ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP); if (ais != null) { + Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL); + int ttl = 300; //default is 300 seconds + if (o instanceof Number) { + ttl = ((Number)o).intValue(); + } else if (o instanceof String) { + ttl = Integer.parseInt((String)o); + } + if (ttl <= 0) { + ttl = 300; + } + timestampEl = new WSSecTimestamp(); + timestampEl.setTimeToLive(ttl); + timestampEl.prepare(saaj.getSOAPPart()); for (AssertionInfo ai : ais) { - timestampEl = new WSSecTimestamp(); - Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL); - int ttl = 300; //default is 300 seconds - if (o instanceof Number) { - ttl = ((Number)o).intValue(); - } else if (o instanceof String) { - ttl = Integer.parseInt((String)o); - } - if (ttl <= 0) { - ttl = 300; - } - timestampEl.setTimeToLive(ttl); - timestampEl.prepare(saaj.getSOAPPart()); ai.setAsserted(true); } } @@ -1162,31 +1162,13 @@ public abstract class AbstractBindingBui } } - @SuppressWarnings("unchecked") public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token, boolean sign, Crypto crypto) { String encrUser = (String)message.getContextualProperty(sign ? SecurityConstants.SIGNATURE_USERNAME : SecurityConstants.ENCRYPT_USERNAME); - if (crypto != null) { - if (encrUser == null) { - encrUser = crypto.getDefaultX509Alias(); - } - if (encrUser == null) { - try { - Enumeration en = crypto.getKeyStore().aliases(); - if (en.hasMoreElements()) { - encrUser = en.nextElement(); - } - if (en.hasMoreElements()) { - //more than one alias in the keystore, user WILL need - //to specify - encrUser = null; - } - } catch (KeyStoreException e) { - //ignore - } - } + if (crypto != null && encrUser == null) { + encrUser = getDefaultCryptoAlias(crypto); } else if (encrUser == null || "".equals(encrUser)) { policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " crypto object found."); } @@ -1194,13 +1176,15 @@ public abstract class AbstractBindingBui policyNotAsserted(token, "No " + (sign ? "signature" : "encryption") + " username found."); } if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(encrUser)) { - Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS); - if (resultsObj != null) { - encrKeyBuilder.setUseThisCert(getReqSigCert((List)resultsObj)); + List results = + CastUtils.cast((List) + message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS)); + if (results != null) { + encrKeyBuilder.setUseThisCert(getReqSigCert(results)); //TODO This is a hack, this should not come under USE_REQ_SIG_CERT if (encrKeyBuilder.isCertSet()) { - encrKeyBuilder.setUserInfo(getUsername((List)resultsObj)); + encrKeyBuilder.setUserInfo(getUsername(results)); } } else { policyNotAsserted(token, "No security results in incoming message"); @@ -1210,6 +1194,26 @@ public abstract class AbstractBindingBui } } + protected String getDefaultCryptoAlias(Crypto crypto) { + String user = crypto.getDefaultX509Alias(); + if (user == null) { + try { + Enumeration en = crypto.getKeyStore().aliases(); + if (en.hasMoreElements()) { + user = en.nextElement(); + } + if (en.hasMoreElements()) { + //more than one alias in the keystore, user WILL need + //to specify + user = null; + } + } catch (KeyStoreException e) { + //ignore + } + } + return user; + } + private static X509Certificate getReqSigCert(List results) { /* * Scan the results for a matching actor. Use results only if the @@ -1314,25 +1318,8 @@ public abstract class AbstractBindingBui message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto); } String user = (String)message.getContextualProperty(userNameKey); - if (crypto != null) { - if (StringUtils.isEmpty(user)) { - user = crypto.getDefaultX509Alias(); - } - if (user == null) { - try { - Enumeration en = crypto.getKeyStore().aliases(); - if (en.hasMoreElements()) { - user = en.nextElement(); - } - if (en.hasMoreElements()) { - //more than one alias in the keystore, user WILL need - //to specify - user = null; - } - } catch (KeyStoreException e) { - //ignore - } - } + if (crypto != null && StringUtils.isEmpty(user)) { + user = getDefaultCryptoAlias(crypto); } if (StringUtils.isEmpty(user)) { policyNotAsserted(token, "No " + type + " username found."); @@ -1619,7 +1606,6 @@ public abstract class AbstractBindingBui doEndorsedSignatures(sgndEndSuppTokMap, tokenProtect, sigProtect); } - @SuppressWarnings("unchecked") protected void addSignatureConfirmation(List sigParts) { Wss10 wss10 = getWss10(); @@ -1630,7 +1616,8 @@ public abstract class AbstractBindingBui } List results = - (List)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS); + CastUtils.cast((List) + message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS)); /* * loop over all results gathered by all handlers in the chain. For each * handler result get the various actions. After that loop we have all Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Tue Nov 30 16:40:51 2010 @@ -34,6 +34,7 @@ import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; @@ -412,7 +413,6 @@ public class AsymmetricBindingHandler ex } } - @SuppressWarnings("unchecked") private void setupEncryptedKey(TokenWrapper wrapper, Token token) throws WSSecurityException { if (!isRequestor() && token.isDerivedKeys()) { //If we already have them, simply return @@ -421,10 +421,12 @@ public class AsymmetricBindingHandler ex } //Use the secret from the incoming EncryptedKey element - Object resultsObj = message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS); - if (resultsObj != null) { - encryptedKeyId = getRequestEncryptedKeyId((List)resultsObj); - encryptedKeyValue = getRequestEncryptedKeyValue((List)resultsObj); + List results = + CastUtils.cast( + (List)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS)); + if (results != null) { + encryptedKeyId = getRequestEncryptedKeyId(results); + encryptedKeyValue = getRequestEncryptedKeyValue(results); //In the case where we don't have the EncryptedKey in the //request, for the control to have reached this state, Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Tue Nov 30 16:40:51 2010 @@ -33,6 +33,7 @@ import org.w3c.dom.Element; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; @@ -745,11 +746,10 @@ public class SymmetricBindingHandler ext return id; } - @SuppressWarnings("unchecked") private String getEncryptedKey() { - List results = (List)message.getExchange().getInMessage() - .get(WSHandlerConstants.RECV_RESULTS); + List results = CastUtils.cast((List)message.getExchange().getInMessage() + .get(WSHandlerConstants.RECV_RESULTS)); for (WSHandlerResult rResult : results) { List wsSecEngineResults = rResult.getResults(); Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Nov 30 16:40:51 2010 @@ -338,9 +338,9 @@ public class TransportBindingHandler ext if (secTok.getX509Certificate() != null || securityTok != null) { //the "getX509Certificate" this is to workaround an issue in WCF - //In WCF, for TransportBinding, in most cases, it doesn't wan't any of - //the headers signed even if the policy sais so. HOWEVER, for KeyValue - //IssuedTokends, it DOES want them signed + //In WCF, for TransportBinding, in most cases, it doesn't want any of + //the headers signed even if the policy says so. HOWEVER, for KeyValue + //IssuedTokens, it DOES want them signed for (Header header : signdParts.getHeaders()) { WSEncryptionPart wep = new WSEncryptionPart(header.getName(), header.getNamespace(), Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java Tue Nov 30 16:40:51 2010 @@ -32,7 +32,6 @@ import org.apache.ws.security.processor. */ public class CustomProcessor implements Processor { - @SuppressWarnings("unchecked") public final void handleToken( final org.w3c.dom.Element elem, @@ -40,10 +39,10 @@ public class CustomProcessor implements final Crypto decCrypto, final javax.security.auth.callback.CallbackHandler cb, final WSDocInfo wsDocInfo, - final java.util.List returnResults, + final java.util.List returnResults, final WSSConfig config ) throws WSSecurityException { - final java.util.Map result = + final WSSecurityEngineResult result = new WSSecurityEngineResult( WSConstants.SIGN, (SecurityContextToken) null Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java Tue Nov 30 16:40:51 2010 @@ -47,6 +47,7 @@ import org.apache.cxf.binding.Binding; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.feature.AbstractFeature; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.interceptor.AbstractAttributedInterceptorProvider; import org.apache.cxf.message.Message; import org.apache.cxf.service.Service; @@ -942,14 +943,12 @@ public class PolicyBasedWss4JInOutTest e assertNotNull(result); } - @SuppressWarnings("unchecked") private void verifyWss4jEncResults(SoapMessage inmsg) { // // There should be exactly 1 (WSS4J) HandlerResult // final List handlerResults = - (List) inmsg - .get(WSHandlerConstants.RECV_RESULTS); + CastUtils.cast((List)inmsg.get(WSHandlerConstants.RECV_RESULTS)); assertNotNull(handlerResults); assertSame(handlerResults.size(), 1); @@ -963,8 +962,8 @@ public class PolicyBasedWss4JInOutTest e // final Map result = (Map) protectionResults .get(0); - final List protectedElements = (List) result - .get(WSSecurityEngineResult.TAG_DATA_REF_URIS); + final List protectedElements = + CastUtils.cast((List)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); assertNotNull(protectedElements); } Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java Tue Nov 30 16:40:51 2010 @@ -34,6 +34,7 @@ import javax.xml.transform.dom.DOMSource import org.w3c.dom.Document; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils.NullResolver; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.ExchangeImpl; @@ -42,6 +43,7 @@ import org.apache.cxf.phase.PhaseInterce import org.apache.cxf.staxutils.StaxUtils; import org.apache.ws.security.WSSecurityEngineResult; import org.apache.ws.security.handler.WSHandlerConstants; +import org.apache.ws.security.handler.WSHandlerResult; /** @@ -58,7 +60,6 @@ public class SignatureConfirmationTest e } @org.junit.Test - @SuppressWarnings("unchecked") public void testSignatureConfirmationRequest() throws Exception { Document doc = readDocument("wsse-request-clean.xml"); @@ -97,11 +98,9 @@ public class SignatureConfirmationTest e // // Save the signature for future confirmation // - Object sigv = msg.get(WSHandlerConstants.SEND_SIGV); + List sigv = CastUtils.cast((List)msg.get(WSHandlerConstants.SEND_SIGV)); assertNotNull(sigv); - assertTrue(sigv instanceof List); - assertTrue(((List)sigv).size() != 0); - List sigSaved = (List)sigv; + assertTrue(sigv.size() != 0); XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); @@ -135,17 +134,18 @@ public class SignatureConfirmationTest e (WSSecurityEngineResult) inmsg.get(WSS4JInInterceptor.SIGNATURE_RESULT); assertNotNull(result); - List sigReceived = (List)inmsg.get(WSHandlerConstants.RECV_RESULTS); + List sigReceived = + CastUtils.cast((List)inmsg.get(WSHandlerConstants.RECV_RESULTS)); assertNotNull(sigReceived); assertTrue(sigReceived.size() != 0); - testSignatureConfirmationResponse(sigSaved, sigReceived); + testSignatureConfirmationResponse(sigv, sigReceived); } private void testSignatureConfirmationResponse( - List sigSaved, - List sigReceived + List sigSaved, + List sigReceived ) throws Exception { Document doc = readDocument("wsse-request-clean.xml"); Modified: cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java URL: http://svn.apache.org/viewvc/cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java?rev=1040628&r1=1040627&r2=1040628&view=diff ============================================================================== --- cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java (original) +++ cxf/sandbox/wss4j-1.6-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java Tue Nov 30 16:40:51 2010 @@ -42,6 +42,7 @@ import org.w3c.dom.Document; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.helpers.CastUtils; import org.apache.cxf.helpers.DOMUtils.NullResolver; import org.apache.cxf.helpers.XMLUtils; import org.apache.cxf.interceptor.Interceptor; @@ -215,7 +216,6 @@ public class WSS4JInOutTest extends Abst } @Test - @SuppressWarnings("unchecked") public void testEncryption() throws Exception { Document doc = readDocument("wsse-request-clean.xml"); @@ -281,7 +281,7 @@ public class WSS4JInOutTest extends Abst // There should be exactly 1 (WSS4J) HandlerResult // final java.util.List handlerResults = - (java.util.List) inmsg.get(WSHandlerConstants.RECV_RESULTS); + CastUtils.cast((List)inmsg.get(WSHandlerConstants.RECV_RESULTS)); assertNotNull(handlerResults); assertSame(handlerResults.size(), 1); // @@ -298,8 +298,7 @@ public class WSS4JInOutTest extends Abst final java.util.Map result = (java.util.Map) protectionResults.get(0); final java.util.List protectedElements = - (java.util.List) - result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS); + CastUtils.cast((List)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS)); assertNotNull(protectedElements); assertSame(protectedElements.size(), 1); assertEquals( @@ -312,7 +311,6 @@ public class WSS4JInOutTest extends Abst } @Test - @SuppressWarnings("unchecked") public void testEncryptedUsernameToken() throws Exception { Document doc = readDocument("wsse-request-clean.xml"); @@ -387,7 +385,7 @@ public class WSS4JInOutTest extends Abst // There should be exactly 1 (WSS4J) HandlerResult // final java.util.List handlerResults = - (java.util.List) inmsg.get(WSHandlerConstants.RECV_RESULTS); + CastUtils.cast((List)inmsg.get(WSHandlerConstants.RECV_RESULTS)); assertNotNull(handlerResults); assertSame(handlerResults.size(), 1); @@ -401,6 +399,94 @@ public class WSS4JInOutTest extends Abst } @Test + public void testUsernameToken() throws Exception { + Document doc = readDocument("wsse-request-clean.xml"); + + WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(); + PhaseInterceptor handler = ohandler.createEndingInterceptor(); + + SoapMessage msg = new SoapMessage(new MessageImpl()); + Exchange ex = new ExchangeImpl(); + ex.setInMessage(msg); + + SOAPMessage saajMsg = MessageFactory.newInstance().createMessage(); + SOAPPart part = saajMsg.getSOAPPart(); + part.setContent(new DOMSource(doc)); + saajMsg.saveChanges(); + + msg.setContent(SOAPMessage.class, saajMsg); + + msg.put( + WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + ); + msg.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT); + msg.put(WSHandlerConstants.USER, "alice"); + msg.put("password", "alicePassword"); + + handler.handleMessage(msg); + doc = part; + + assertValid("//wsse:Security", doc); + + byte[] docbytes = getMessageBytes(doc); + XMLStreamReader reader = StaxUtils.createXMLStreamReader(new ByteArrayInputStream(docbytes)); + + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + dbf.setValidating(false); + dbf.setIgnoringComments(false); + dbf.setIgnoringElementContentWhitespace(true); + dbf.setNamespaceAware(true); + + DocumentBuilder db = dbf.newDocumentBuilder(); + db.setEntityResolver(new NullResolver()); + doc = StaxUtils.read(db, reader, false); + + SoapMessage inmsg = new SoapMessage(new MessageImpl()); + ex.setInMessage(inmsg); + inmsg.setContent(SOAPMessage.class, saajMsg); + + // + // This should pass, as even though passwordType is set to digest, we are + // overriding the default handler behaviour of requiring a strict password + // type + WSS4JInInterceptor inHandler = new WSS4JInInterceptor(); + inHandler.setProperty( + WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + ); + inHandler.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); + inHandler.setProperty(WSHandlerConstants.PASSWORD_TYPE_STRICT, "false"); + inHandler.setProperty( + WSHandlerConstants.PW_CALLBACK_CLASS, + "org.apache.cxf.ws.security.wss4j.TestPwdCallback" + ); + inHandler.handleMessage(inmsg); + + inmsg = new SoapMessage(new MessageImpl()); + ex.setInMessage(inmsg); + inmsg.setContent(SOAPMessage.class, saajMsg); + + // + // This should fail, as we are requiring a digest password type + // + inHandler = new WSS4JInInterceptor(); + inHandler.setProperty( + WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN + ); + inHandler.setProperty( + WSHandlerConstants.PW_CALLBACK_CLASS, + "org.apache.cxf.ws.security.wss4j.TestPwdCallback" + ); + inHandler.setProperty(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST); + try { + inHandler.handleMessage(inmsg); + fail("Expected failure on password digest"); + } catch (org.apache.cxf.interceptor.Fault fault) { + // expected + } + } + + @Test public void testCustomProcessor() throws Exception { Document doc = readDocument("wsse-request-clean.xml"); @@ -464,7 +550,6 @@ public class WSS4JInOutTest extends Abst assertNull(result); } - @Test public void testCustomProcessorObject() throws Exception { Document doc = readDocument("wsse-request-clean.xml");