cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1213242 - in /cxf/branches/2.4.x-fixes: ./ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol...
Date Mon, 12 Dec 2011 13:47:10 GMT
Author: coheigea
Date: Mon Dec 12 13:47:09 2011
New Revision: 1213242

URL: http://svn.apache.org/viewvc?rev=1213242&view=rev
Log:
[CXF-3970] - Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy
 - Patch applied, thanks.
 - Added a systest. 

Added:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorEncryptionTokenBuilder.java
      - copied unchanged from r1213230, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorEncryptionTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientEncryptionTokenBuilder.java
      - copied unchanged from r1213230, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientEncryptionTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientSignatureTokenBuilder.java
      - copied unchanged from r1213230, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/RecipientSignatureTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorEncryptionToken.java
      - copied unchanged from r1213230, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorEncryptionToken.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientEncryptionToken.java
      - copied unchanged from r1213230, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientEncryptionToken.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientSignatureToken.java
      - copied unchanged from r1213230, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RecipientSignatureToken.java
Modified:
    cxf/branches/2.4.x-fixes/   (props changed)
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
    cxf/branches/2.4.x-fixes/systests/   (props changed)
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java
    cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
    cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml

Propchange: cxf/branches/2.4.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec 12 13:47:09 2011
@@ -1 +1 @@
-/cxf/trunk:1213150
+/cxf/trunk:1213150,1213230

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java Mon Dec 12 13:47:09 2011
@@ -180,10 +180,19 @@ public final class SP11Constants extends
     
     public static final QName INITIATOR_SIGNATURE_TOKEN = new QName(SP11Constants.SP_NS,
             SPConstants.INITIATOR_SIGNATURE_TOKEN , SP11Constants.SP_PREFIX);
+    
+    public static final QName INITIATOR_ENCRYPTION_TOKEN = new QName(SP11Constants.SP_NS,
+            SPConstants.INITIATOR_ENCRYPTION_TOKEN , SP11Constants.SP_PREFIX);
 
     public static final QName RECIPIENT_TOKEN = new QName(SP11Constants.SP_NS,
             SPConstants.RECIPIENT_TOKEN , SP11Constants.SP_PREFIX);
+    
+    public static final QName RECIPIENT_SIGNATURE_TOKEN = new QName(SP11Constants.SP_NS,
+            SPConstants.RECIPIENT_SIGNATURE_TOKEN , SP11Constants.SP_PREFIX);
 
+    public static final QName RECIPIENT_ENCRYPTION_TOKEN = new QName(SP11Constants.SP_NS,
+            SPConstants.RECIPIENT_ENCRYPTION_TOKEN , SP11Constants.SP_PREFIX);
+    
     public static final QName ENCRYPT_SIGNATURE = new QName(SP11Constants.SP_NS,
             SPConstants.ENCRYPT_SIGNATURE , SP11Constants.SP_PREFIX);
 
@@ -348,6 +357,9 @@ public final class SP11Constants extends
     public QName getInitiatorSignatureToken() {
         return INITIATOR_SIGNATURE_TOKEN;
     }
+    public QName getInitiatorEncryptionToken() {
+        return INITIATOR_ENCRYPTION_TOKEN;
+    }
     public QName getIssuedToken() {
         return ISSUED_TOKEN;
     }
@@ -360,6 +372,12 @@ public final class SP11Constants extends
     public QName getRecipientToken() {
         return RECIPIENT_TOKEN;
     }
+    public QName getRecipientSignatureToken() {
+        return RECIPIENT_SIGNATURE_TOKEN;
+    }
+    public QName getRecipientEncryptionToken() {
+        return RECIPIENT_ENCRYPTION_TOKEN;
+    }
     public QName getRequiredElements() {
         return REQUIRED_ELEMENTS;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java Mon Dec 12 13:47:09 2011
@@ -216,10 +216,19 @@ public final class SP12Constants extends
     
     public static final QName INITIATOR_SIGNATURE_TOKEN = new QName(SP12Constants.SP_NS,
             SPConstants.INITIATOR_SIGNATURE_TOKEN , SP12Constants.SP_PREFIX);
-        
+
+    public static final QName INITIATOR_ENCRYPTION_TOKEN = new QName(SP12Constants.SP_NS,
+            SPConstants.INITIATOR_ENCRYPTION_TOKEN , SP12Constants.SP_PREFIX);
+    
     public static final QName RECIPIENT_TOKEN = new QName(SP12Constants.SP_NS,
             SPConstants.RECIPIENT_TOKEN , SP12Constants.SP_PREFIX);
 
+    public static final QName RECIPIENT_SIGNATURE_TOKEN = new QName(SP12Constants.SP_NS,
+            SPConstants.RECIPIENT_SIGNATURE_TOKEN , SP12Constants.SP_PREFIX);
+
+    public static final QName RECIPIENT_ENCRYPTION_TOKEN = new QName(SP12Constants.SP_NS,
+            SPConstants.RECIPIENT_ENCRYPTION_TOKEN , SP12Constants.SP_PREFIX);
+    
     public static final QName ENCRYPT_SIGNATURE = new QName(SP12Constants.SP_NS,
             SPConstants.ENCRYPT_SIGNATURE , SP12Constants.SP_PREFIX);
 
@@ -407,6 +416,9 @@ public final class SP12Constants extends
     public QName getInitiatorSignatureToken() {
         return INITIATOR_SIGNATURE_TOKEN;
     }
+    public QName getInitiatorEncryptionToken() {
+        return INITIATOR_ENCRYPTION_TOKEN;
+    }
     public QName getIssuedToken() {
         return ISSUED_TOKEN;
     }
@@ -419,6 +431,12 @@ public final class SP12Constants extends
     public QName getRecipientToken() {
         return RECIPIENT_TOKEN;
     }
+    public QName getRecipientSignatureToken() {
+        return RECIPIENT_SIGNATURE_TOKEN;
+    }
+    public QName getRecipientEncryptionToken() {
+        return RECIPIENT_ENCRYPTION_TOKEN;
+    }
     public QName getRequiredElements() {
         return REQUIRED_ELEMENTS;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java Mon Dec 12 13:47:09 2011
@@ -173,8 +173,14 @@ public abstract class SPConstants {
     
     public static final String INITIATOR_SIGNATURE_TOKEN = "InitiatorSignatureToken";
     
+    public static final String INITIATOR_ENCRYPTION_TOKEN = "InitiatorEncryptionToken";
+    
     public static final String RECIPIENT_TOKEN = "RecipientToken";
     
+    public static final String RECIPIENT_SIGNATURE_TOKEN = "RecipientSignatureToken";
+    
+    public static final String RECIPIENT_ENCRYPTION_TOKEN = "RecipientEncryptionToken";
+    
     public static final String SUPPORTING_TOKENS = "SupportingTokens";
     
     public static final String SIGNED_SUPPORTING_TOKENS = "SignedSupportingTokens";
@@ -440,11 +446,14 @@ public abstract class SPConstants {
     public abstract QName getHttpsToken();
     public abstract QName getInitiatorToken();
     public abstract QName getInitiatorSignatureToken();
+    public abstract QName getInitiatorEncryptionToken();
     public abstract QName getIssuedToken();
     public abstract QName getIncludeToken();
     public abstract QName getLayout();
     public abstract QName getProtectionToken();
     public abstract QName getRecipientToken();
+    public abstract QName getRecipientSignatureToken();
+    public abstract QName getRecipientEncryptionToken();
     public abstract QName getRequiredElements();
     public abstract QName getSecureConversationToken();
     public abstract QName getSecurityContextToken();

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java Mon Dec 12 13:47:09 2011
@@ -38,6 +38,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.builders.EncryptedElementsBuilder;
 import org.apache.cxf.ws.security.policy.builders.EncryptedPartsBuilder;
 import org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder;
+import org.apache.cxf.ws.security.policy.builders.InitiatorEncryptionTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.InitiatorSignatureTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.InitiatorTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.IssuedTokenBuilder;
@@ -45,6 +46,8 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.LayoutBuilder;
 import org.apache.cxf.ws.security.policy.builders.ProtectionTokenBuilder;
+import org.apache.cxf.ws.security.policy.builders.RecipientEncryptionTokenBuilder;
+import org.apache.cxf.ws.security.policy.builders.RecipientSignatureTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.RecipientTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.RequiredElementsBuilder;
 import org.apache.cxf.ws.security.policy.builders.RequiredPartsBuilder;
@@ -102,10 +105,13 @@ public final class WSSecurityPolicyLoade
         reg.registerBuilder(new HttpsTokenBuilder(pbuild));
         reg.registerBuilder(new InitiatorTokenBuilder(pbuild));
         reg.registerBuilder(new InitiatorSignatureTokenBuilder(pbuild));
+        reg.registerBuilder(new InitiatorEncryptionTokenBuilder(pbuild));
         reg.registerBuilder(new IssuedTokenBuilder(pbuild));
         reg.registerBuilder(new LayoutBuilder());
         reg.registerBuilder(new ProtectionTokenBuilder(pbuild));
         reg.registerBuilder(new RecipientTokenBuilder(pbuild));
+        reg.registerBuilder(new RecipientSignatureTokenBuilder(pbuild));
+        reg.registerBuilder(new RecipientEncryptionTokenBuilder(pbuild));
         reg.registerBuilder(new RequiredElementsBuilder());
         reg.registerBuilder(new RequiredPartsBuilder());
         reg.registerBuilder(new SamlTokenBuilder(pbuild));

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java Mon Dec 12 13:47:09 2011
@@ -32,9 +32,12 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.InitiatorEncryptionToken;
 import org.apache.cxf.ws.security.policy.model.InitiatorSignatureToken;
 import org.apache.cxf.ws.security.policy.model.InitiatorToken;
 import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.RecipientEncryptionToken;
+import org.apache.cxf.ws.security.policy.model.RecipientSignatureToken;
 import org.apache.cxf.ws.security.policy.model.RecipientToken;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.AssertionBuilderFactory;
@@ -98,9 +101,19 @@ public class AsymmetricBindingBuilder im
             } else if (SPConstants.INITIATOR_SIGNATURE_TOKEN.equals(name.getLocalPart())) {
                 asymmetricBinding.setInitiatorSignatureToken((InitiatorSignatureToken)assertion);
                 
+            } else if (SPConstants.INITIATOR_ENCRYPTION_TOKEN.equals(name.getLocalPart())) {
+                asymmetricBinding.setInitiatorEncryptionToken(
+                    (InitiatorEncryptionToken)assertion);                
+                
             } else if (SPConstants.RECIPIENT_TOKEN.equals(name.getLocalPart())) {
                 asymmetricBinding.setRecipientToken((RecipientToken)assertion);
 
+            } else if (SPConstants.RECIPIENT_SIGNATURE_TOKEN.equals(name.getLocalPart())) {
+                asymmetricBinding.setRecipientSignatureToken((RecipientSignatureToken)assertion);
+
+            } else if (SPConstants.RECIPIENT_ENCRYPTION_TOKEN.equals(name.getLocalPart())) {
+                asymmetricBinding.setRecipientEncryptionToken((RecipientEncryptionToken)assertion);
+
             } else if (SPConstants.ALGO_SUITE.equals(name.getLocalPart())) {
                 asymmetricBinding.setAlgorithmSuite((AlgorithmSuite)assertion);
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Mon Dec 12 13:47:09 2011
@@ -49,7 +49,10 @@ public class WSSecurityPolicyInterceptor
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);            
         ASSERTION_TYPES.add(SP12Constants.INITIATOR_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.INITIATOR_SIGNATURE_TOKEN);
-        ASSERTION_TYPES.add(SP12Constants.RECIPIENT_TOKEN);   
+        ASSERTION_TYPES.add(SP12Constants.INITIATOR_ENCRYPTION_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.RECIPIENT_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.RECIPIENT_SIGNATURE_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.RECIPIENT_ENCRYPTION_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
         ASSERTION_TYPES.add(SP12Constants.REQUIRED_PARTS);
         ASSERTION_TYPES.add(SP12Constants.REQUIRED_ELEMENTS);

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java Mon Dec 12 13:47:09 2011
@@ -37,8 +37,14 @@ public class AsymmetricBinding extends S
     private InitiatorToken initiatorToken;
     
     private InitiatorSignatureToken initiatorSignatureToken;
+    
+    private InitiatorEncryptionToken initiatorEncryptionToken;
 
     private RecipientToken recipientToken;
+    
+    private RecipientSignatureToken recipientSignatureToken;
+    
+    private RecipientEncryptionToken recipientEncryptionToken;
 
     public AsymmetricBinding(SPConstants version, PolicyBuilder b) {
         super(version, b);
@@ -59,20 +65,34 @@ public class AsymmetricBinding extends S
     }
     
     /**
-     * @return Returns the initiatorToken.
+     * @return Returns the initiatorSignatureToken.
      */
     public InitiatorSignatureToken getInitiatorSignatureToken() {
         return initiatorSignatureToken;
     }
 
     /**
-     * @param initiatorToken The initiatorToken to set.
+     * @param initiatorSignatureToken The initiatorSignatureToken to set.
      */
     public void setInitiatorSignatureToken(InitiatorSignatureToken initiatorSignatureToken) {
         this.initiatorSignatureToken = initiatorSignatureToken;
     }
+    
+    /**
+     * @return Returns the initiatorEncryptionToken.
+     */
+    public InitiatorEncryptionToken getInitiatorEncryptionToken() {
+        return initiatorEncryptionToken;
+    }
 
     /**
+     * @param initiatorEncryptionToken The initiatorEncryptionToken to set.
+     */
+    public void setInitiatorEncryptionToken(InitiatorEncryptionToken initiatorEncryptionToken) {
+        this.initiatorEncryptionToken = initiatorEncryptionToken;
+    }
+    
+    /**
      * @return Returns the recipientToken.
      */
     public RecipientToken getRecipientToken() {
@@ -86,6 +106,34 @@ public class AsymmetricBinding extends S
         this.recipientToken = recipientToken;
     }
 
+    /**
+     * @return Returns the recipientSignatureToken.
+     */
+    public RecipientSignatureToken getRecipientSignatureToken() {
+        return recipientSignatureToken;
+    }
+
+    /**
+     * @param recipientSignatureToken The recipientSignatureToken to set.
+     */
+    public void setRecipientSignatureToken(RecipientSignatureToken recipientSignatureToken) {
+        this.recipientSignatureToken = recipientSignatureToken;
+    }    
+
+    /**
+     * @return Returns the recipientEncryptionToken.
+     */
+    public RecipientEncryptionToken getRecipientEncryptionToken() {
+        return recipientEncryptionToken;
+    }
+
+    /**
+     * @param recipientEncryptionToken The recipientEncryptionToken to set.
+     */
+    public void setRecipientEncryptionToken(RecipientEncryptionToken recipientEncryptionToken) {
+        this.recipientEncryptionToken = recipientEncryptionToken;
+    }        
+    
     public QName getRealName() {
         return constants.getAsymmetricBinding();
     }
@@ -114,9 +162,18 @@ public class AsymmetricBinding extends S
         if (getInitiatorSignatureToken() != null) {
             all.addPolicyComponent(getInitiatorSignatureToken());
         }
+        if (getInitiatorEncryptionToken() != null) {
+            all.addPolicyComponent(getInitiatorEncryptionToken());
+        }
         if (getRecipientToken() != null) {
             all.addPolicyComponent(getRecipientToken());
         }
+        if (getRecipientSignatureToken() != null) {
+            all.addPolicyComponent(getRecipientSignatureToken());
+        }
+        if (getRecipientEncryptionToken() != null) {
+            all.addPolicyComponent(getRecipientEncryptionToken());
+        }
         /*
         if (isEntireHeadersAndBodySignatures()) {
             all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
@@ -180,14 +237,33 @@ public class AsymmetricBinding extends S
             // </sp:InitiatorSignatureToken>
         }
         
-
-        if (recipientToken == null) {
-            throw new RuntimeException("RecipientToken is not set");
+        if (initiatorEncryptionToken != null) {
+            // <sp:InitiatorEncryptionToken>
+            initiatorEncryptionToken.serialize(writer);
+            // </sp:InitiatorEncryptionToken>
+        }
+        
+        if (recipientToken == null && recipientSignatureToken == null) {
+            throw new RuntimeException("RecipientToken or RecipientSignatureToken is not set");
         }
 
-        // <sp:RecipientToken>
-        recipientToken.serialize(writer);
-        // </sp:RecipientToken>
+        if (recipientToken != null) {
+            // <sp:RecipientToken>
+            recipientToken.serialize(writer);
+            // </sp:RecipientToken>
+        }
+        
+        if (recipientSignatureToken != null) {
+            // <sp:RecipientSignatureToken>
+            recipientSignatureToken.serialize(writer);
+            // </sp:RecipientSignatureToken>
+        }
+        
+        if (recipientEncryptionToken != null) {
+            // <sp:RecipientEncryptionToken>
+            recipientEncryptionToken.serialize(writer);
+            // </sp:RecipientEncryptionToken>
+        }
 
         AlgorithmSuite algorithmSuite = getAlgorithmSuite();
         if (algorithmSuite == null) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Mon Dec 12 13:47:09 2011
@@ -1420,7 +1420,7 @@ public abstract class AbstractBindingBui
                 
                 Wss10 wss = getWss10();
                 policyAsserted(wss);
-                if (wss.isMustSupportRefKeyIdentifier()) {
+                if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
                     secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
                 } else if (wss.isMustSupportRefIssuerSerial()) {
                     secBase.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Mon Dec 12 13:47:09 2011
@@ -41,7 +41,6 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.RecipientToken;
 import org.apache.cxf.ws.security.policy.model.SamlToken;
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.TokenWrapper;
@@ -101,9 +100,9 @@ public class AsymmetricBindingHandler ex
 
     private void doSignBeforeEncrypt() {
         try {
-            TokenWrapper initiatorWrapper = abinding.getInitiatorToken();
+            TokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
             if (initiatorWrapper == null) {
-                initiatorWrapper = abinding.getInitiatorSignatureToken();
+                initiatorWrapper = abinding.getInitiatorToken();
             }
             boolean attached = false;
             if (initiatorWrapper != null) {
@@ -134,30 +133,29 @@ public class AsymmetricBindingHandler ex
                 }
             }
             
+            // Add timestamp
             List<WSEncryptionPart> sigs = new ArrayList<WSEncryptionPart>();
-            if (isRequestor()) {
-                //Add timestamp
-                if (timestampEl != null) {
-                    WSEncryptionPart timestampPart = 
-                        convertToEncryptionPart(timestampEl.getElement());
-                    sigs.add(timestampPart);
-                }
-
-                addSupportingTokens(sigs);
+            if (timestampEl != null) {
+                WSEncryptionPart timestampPart = 
+                    convertToEncryptionPart(timestampEl.getElement());
+                sigs.add(timestampPart);
+            }
+            addSupportingTokens(sigs);
+            
+            if (isRequestor() && initiatorWrapper != null) {
                 doSignature(initiatorWrapper, sigs, attached);
                 doEndorse();
-            } else {
+            } else if (!isRequestor()) {
                 //confirm sig
-                assertSupportingTokens(sigs);
+                addSignatureConfirmation(sigs);
                 
-                //Add timestamp
-                if (timestampEl != null) {
-                    WSEncryptionPart timestampPart = 
-                        convertToEncryptionPart(timestampEl.getElement());
-                    sigs.add(timestampPart);
+                TokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
+                if (recipientSignatureToken == null) {
+                    recipientSignatureToken = abinding.getRecipientToken();
+                }
+                if (recipientSignatureToken != null) {
+                    doSignature(recipientSignatureToken, sigs, attached);
                 }
-                addSignatureConfirmation(sigs);
-                doSignature(abinding.getRecipientToken(), sigs, attached);
             }
 
             List<WSEncryptionPart> enc = getEncryptedParts();
@@ -174,14 +172,22 @@ public class AsymmetricBindingHandler ex
                 }
             }
             
+            //Do encryption
+            TokenWrapper encToken;
             if (isRequestor()) {
                 enc.addAll(encryptedTokensList);
-            }
-
-            //Do encryption
-            RecipientToken recToken = abinding.getRecipientToken();
+                encToken = abinding.getRecipientEncryptionToken();
+                if (encToken == null) {
+                    encToken = abinding.getRecipientToken();
+                }
+            } else {
+                encToken = abinding.getInitiatorEncryptionToken();
+                if (encToken == null) {
+                    encToken = abinding.getInitiatorToken();
+                }
+            }            
+            doEncryption(encToken, enc, false);
             
-            doEncryption(recToken, enc, false);
         } catch (Exception e) {
             String reason = e.getMessage();
             LOG.log(Level.WARNING, "Sign before encryption failed due to : " + reason);
@@ -193,18 +199,21 @@ public class AsymmetricBindingHandler ex
         TokenWrapper wrapper;
         Token encryptionToken = null;
         if (isRequestor()) {
-            wrapper = abinding.getRecipientToken();
+            wrapper = abinding.getRecipientEncryptionToken();
+            if (wrapper == null) {
+                wrapper = abinding.getRecipientToken();
+            }            
         } else {
-            wrapper = abinding.getInitiatorToken();
+            wrapper = abinding.getInitiatorEncryptionToken();
             if (wrapper == null) {
-                wrapper = abinding.getInitiatorSignatureToken();
+                wrapper = abinding.getInitiatorToken();
             }
         }
         encryptionToken = wrapper.getToken();
         
-        TokenWrapper initiatorWrapper = abinding.getInitiatorToken();
+        TokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
         if (initiatorWrapper == null) {
-            initiatorWrapper = abinding.getInitiatorSignatureToken();
+            initiatorWrapper = abinding.getInitiatorToken();
         }
         boolean attached = false;
         if (initiatorWrapper != null) {
@@ -279,8 +288,14 @@ public class AsymmetricBindingHandler ex
             try {
                 if ((sigParts.size() > 0) && initiatorWrapper != null && isRequestor()) {
                     doSignature(initiatorWrapper, sigParts, attached);
-                } else if (!isRequestor() && abinding.getRecipientToken() != null) {
-                    doSignature(abinding.getRecipientToken(), sigParts, attached);
+                } else if (!isRequestor()) {
+                    TokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
+                    if (recipientSignatureToken == null) {
+                        recipientSignatureToken = abinding.getRecipientToken(); 
+                    }
+                    if (recipientSignatureToken != null) {
+                        doSignature(recipientSignatureToken, sigParts, attached);
+                    }
                 }
             } catch (WSSecurityException ex) {
                 throw new Fault(ex);
@@ -292,49 +307,54 @@ public class AsymmetricBindingHandler ex
                 doEndorse();
             }
             
-            // Check for signature protection
-            if (abinding.isSignatureProtection()) {
-                List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
-
-                // Now encrypt the signature using the above token
-                if (mainSigId != null) {
-                    WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
-                    sigPart.setElement(bottomUpElement);
-                    secondEncrParts.add(sigPart);
-                }
-                
-                if (sigConfList != null && !sigConfList.isEmpty()) {
-                    secondEncrParts.addAll(sigConfList);
-                }
-                
-                if (isRequestor()) {
-                    secondEncrParts.addAll(encryptedTokensList);
-                }
+            checkForSignatureProtection(encryptionToken, encrBase);
+        }
+    }
+    
+    
+    private void checkForSignatureProtection(Token encryptionToken, WSSecBase encrBase) {
+        // Check for signature protection
+        if (abinding.isSignatureProtection()) {
+            List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
+
+            // Now encrypt the signature using the above token
+            if (mainSigId != null) {
+                WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
+                sigPart.setElement(bottomUpElement);
+                secondEncrParts.add(sigPart);
+            }
+            
+            if (sigConfList != null && !sigConfList.isEmpty()) {
+                secondEncrParts.addAll(sigConfList);
+            }
+            
+            if (isRequestor()) {
+                secondEncrParts.addAll(encryptedTokensList);
+            }
 
-                if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()) {
-                    try {
-                        Element secondRefList 
-                            = ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
-                        ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
+            if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()) {
+                try {
+                    Element secondRefList 
+                        = ((WSSecDKEncrypt)encrBase).encryptForExternalRef(null, secondEncrParts);
+                    ((WSSecDKEncrypt)encrBase).addExternalRefElement(secondRefList, secHeader);
 
-                    } catch (WSSecurityException ex) {
-                        throw new Fault(ex);
-                    }
-                } else if (!secondEncrParts.isEmpty()) {
-                    try {
-                        // Encrypt, get hold of the ref list and add it
-                        Element secondRefList = saaj.getSOAPPart()
-                            .createElementNS(WSConstants.ENC_NS,
-                                             WSConstants.ENC_PREFIX + ":ReferenceList");
-                        this.insertBeforeBottomUp(secondRefList);
-                        ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
-                        
-                    } catch (WSSecurityException ex) {
-                        throw new Fault(ex);
-                    }
+                } catch (WSSecurityException ex) {
+                    throw new Fault(ex);
+                }
+            } else if (!secondEncrParts.isEmpty()) {
+                try {
+                    // Encrypt, get hold of the ref list and add it
+                    Element secondRefList = saaj.getSOAPPart()
+                        .createElementNS(WSConstants.ENC_NS,
+                                         WSConstants.ENC_PREFIX + ":ReferenceList");
+                    this.insertBeforeBottomUp(secondRefList);
+                    ((WSSecEncrypt)encrBase).encryptForRef(secondRefList, secondEncrParts);
+                    
+                } catch (WSSecurityException ex) {
+                    throw new Fault(ex);
                 }
             }
-        }
+        }        
     }
     
     private WSSecBase doEncryption(TokenWrapper recToken,
@@ -445,7 +465,12 @@ public class AsymmetricBindingHandler ex
         
         if (!isRequestor()) {
             assertUnusedTokens(abinding.getInitiatorToken());
+            assertUnusedTokens(abinding.getInitiatorEncryptionToken());
             assertUnusedTokens(abinding.getInitiatorSignatureToken());
+        } else {
+            assertUnusedTokens(abinding.getRecipientToken());
+            assertUnusedTokens(abinding.getRecipientEncryptionToken());
+            assertUnusedTokens(abinding.getRecipientSignatureToken());
         }
         
         Token sigToken = wrapper.getToken();

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java (original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java Mon Dec 12 13:47:09 2011
@@ -31,6 +31,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.TokenWrapper;
 import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -85,6 +86,7 @@ public class AsymmetricBindingPolicyVali
         return true;
     }
     
+    
     /**
      * Check various tokens of the binding
      */
@@ -96,70 +98,86 @@ public class AsymmetricBindingPolicyVali
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
+        boolean result = true;
         if (binding.getInitiatorToken() != null) {
-            Token token = binding.getInitiatorToken().getToken();
-            if (token instanceof X509Token) {
-                boolean foundCert = false;
-                for (WSSecurityEngineResult result : signedResults) {
-                    X509Certificate cert = 
-                        (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-                    if (cert != null) {
-                        foundCert = true;
-                        break;
-                    }
-                }
-                if (!foundCert && !signedResults.isEmpty()) {
-                    String error = "An X.509 certificate was not used for the initiator token";
-                    notAssertPolicy(aim, binding.getInitiatorToken().getName(), error);
-                    ai.setNotAsserted(error);
-                    return false;
-                }
-            }
-            assertPolicy(aim, binding.getInitiatorToken());
-            if (!checkDerivedKeys(
-                binding.getInitiatorToken(), hasDerivedKeys, signedResults, encryptedResults
-            )) {
-                ai.setNotAsserted("Message fails the DerivedKeys requirement");
-                return false;
-            }
+            result &= checkInitiatorTokens(binding.getInitiatorToken(), binding, ai, aim, hasDerivedKeys,
+                                        signedResults, encryptedResults);            
         }
         if (binding.getInitiatorSignatureToken() != null) {
-            Token token = binding.getInitiatorSignatureToken().getToken();
-            if (token instanceof X509Token) {
-                boolean foundCert = false;
-                for (WSSecurityEngineResult result : signedResults) {
-                    X509Certificate cert = 
-                        (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-                    if (cert != null) {
-                        foundCert = true;
-                        break;
-                    }
-                }
-                if (!foundCert && !signedResults.isEmpty()) {
-                    String error = "An X.509 certificate was not used for the initiator signature token";
-                    notAssertPolicy(aim, binding.getInitiatorSignatureToken().getName(), error);
-                    ai.setNotAsserted(error);
-                    return false;
+            result &= checkInitiatorTokens(binding.getInitiatorSignatureToken(), binding, ai, aim,
+                                        hasDerivedKeys, signedResults, encryptedResults);
+        }
+        if (binding.getInitiatorEncryptionToken() != null) {
+            result &= checkInitiatorTokens(binding.getInitiatorEncryptionToken(), binding, ai, aim,
+                                        hasDerivedKeys, signedResults, encryptedResults);
+        }
+        if (binding.getRecipientToken() != null) {
+            result &= checkRecipientTokens(binding.getRecipientToken(), binding, ai, aim, hasDerivedKeys,
+                                        signedResults, encryptedResults);
+        }
+        if (binding.getRecipientSignatureToken() != null) {
+            result &= checkRecipientTokens(binding.getRecipientSignatureToken(), binding, ai, aim,
+                                        hasDerivedKeys, signedResults, encryptedResults);
+        }
+        if (binding.getRecipientEncryptionToken() != null) {
+            result &= checkRecipientTokens(binding.getRecipientEncryptionToken(), binding, ai, aim,
+                                        hasDerivedKeys, signedResults, encryptedResults);
+        }
+        
+        return result;
+    }
+    
+    private boolean checkInitiatorTokens(
+        TokenWrapper wrapper, 
+        AsymmetricBinding binding, 
+        AssertionInfo ai,
+        AssertionInfoMap aim, 
+        boolean hasDerivedKeys,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults) {
+
+        Token token = wrapper.getToken();
+        if (token instanceof X509Token) {
+            boolean foundCert = false;
+            for (WSSecurityEngineResult result : signedResults) {
+                X509Certificate cert = (X509Certificate)result
+                    .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                if (cert != null) {
+                    foundCert = true;
+                    break;
                 }
             }
-            assertPolicy(aim, binding.getInitiatorSignatureToken());
-            if (!checkDerivedKeys(
-                binding.getInitiatorSignatureToken(), hasDerivedKeys, signedResults, encryptedResults
-            )) {
-                ai.setNotAsserted("Message fails the DerivedKeys requirement");
+            if (!foundCert && !signedResults.isEmpty()) {
+                String error = "An X.509 certificate was not used for the " + wrapper.getName();
+                notAssertPolicy(aim, wrapper.getName(), error);
+                ai.setNotAsserted(error);
                 return false;
             }
         }
-        if (binding.getRecipientToken() != null) {
-            assertPolicy(aim, binding.getRecipientToken());
-            if (!checkDerivedKeys(
-                binding.getRecipientToken(), hasDerivedKeys, signedResults, encryptedResults
-            )) {
-                ai.setNotAsserted("Message fails the DerivedKeys requirement");
-                return false;
-            }
+        assertPolicy(aim, wrapper);
+        if (!checkDerivedKeys(wrapper, hasDerivedKeys, signedResults, encryptedResults)) {
+            ai.setNotAsserted("Message fails the DerivedKeys requirement");
+            return false;
         }
-        
+
+        return true;
+    }
+
+    private boolean checkRecipientTokens(
+        TokenWrapper wrapper, 
+        AsymmetricBinding binding, 
+        AssertionInfo ai,
+        AssertionInfoMap aim, 
+        boolean hasDerivedKeys,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults) {
+
+        assertPolicy(aim, wrapper);
+        if (!checkDerivedKeys(wrapper, hasDerivedKeys, signedResults, encryptedResults)) {
+            ai.setNotAsserted("Message fails the DerivedKeys requirement");
+            return false;
+        }
+
         return true;
     }
     

Propchange: cxf/branches/2.4.x-fixes/systests/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec 12 13:47:09 2011
@@ -1 +1 @@
-/cxf/trunk/systests:1211875,1213150
+/cxf/trunk/systests:1211875,1213150,1213230

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java Mon Dec 12 13:47:09 2011
@@ -171,11 +171,8 @@ public class UsernameTokenTest extends A
     
     /**
      * 2.1.3.1 (WSS 1.0) Encrypted UsernameToken with X.509v3
-     * TODO Implement when InitiatorEncryption and RecipientSignature policies
-     * are supported
      */
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricEncrSupporting() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

Modified: cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt.wsdl Mon Dec 12 13:47:09 2011
@@ -313,10 +313,13 @@
     </wsp:Policy>
     
     <!-- 2.1.3.1 (WSS 1.0) Encrypted UsernameToken with X.509v3 -->
+    <!-- NOTE that the policy as specified in the spec appears to be incorrect - where it gives a -->
+    <!-- InitiatorEncryptionToken instead of a RecipientEncryptionToken policy -->
+    <!-- Also, a Timestamp must be signed, and so this is also excluded -->
     <wsp:Policy wsu:Id="DoubleItAsymmetricEncrSupportingPolicy">
         <sp:AsymmetricBinding>
             <wsp:Policy>
-                <sp:InitiatorEncryptionToken>
+                <sp:RecipientEncryptionToken>
                     <wsp:Policy>
                         <sp:X509Token
                             sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
@@ -325,7 +328,7 @@
                             </wsp:Policy>
                         </sp:X509Token>
                     </wsp:Policy>
-                </sp:InitiatorEncryptionToken>
+                </sp:RecipientEncryptionToken>
                 <sp:RecipientSignatureToken>
                     <wsp:Policy>
                         <sp:X509Token
@@ -346,7 +349,6 @@
                         <sp:Lax/>
                     </wsp:Policy>
                 </sp:Layout>
-                <sp:IncludeTimestamp/>
                 <sp:OnlySignEntireHeadersAndBody/>
             </wsp:Policy>
         </sp:AsymmetricBinding>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java Mon Dec 12 13:47:09 2011
@@ -300,6 +300,28 @@ public class X509TokenTest extends Abstr
         x509Port.doubleIt(25);
     }
     
+    @org.junit.Test
+    public void testAsymmetricEncryption() throws Exception {
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptionPort");
+        DoubleItPortType x509Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(x509Port, PORT);
+        x509Port.doubleIt(25);
+    }
+    
     private boolean checkUnrestrictedPoliciesInstalled() {
         try {
             byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl Mon Dec 12 13:47:09 2011
@@ -50,11 +50,35 @@
         </wsdl:operation>
     </wsdl:binding>
     
+    <wsdl:binding name="DoubleItAsymmetricEncryptionBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItAsymmetricEncryptionPolicy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy2"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy2"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+    
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItAsymmetricSignaturePort" 
                    binding="tns:DoubleItAsymmetricSignatureBinding">
             <soap:address location="http://localhost:9001/DoubleItX509AsymmetricSignature" />
         </wsdl:port>
+        <wsdl:port name="DoubleItAsymmetricEncryptionPort" 
+                   binding="tns:DoubleItAsymmetricEncryptionBinding">
+            <soap:address location="http://localhost:9001/DoubleItX509AsymmetricEncryption" />
+        </wsdl:port>
     </wsdl:service>
 
     <wsp:Policy wsu:Id="DoubleItAsymmetricSignaturePolicy">
@@ -72,7 +96,7 @@
                         </sp:X509Token>
                      </wsp:Policy>
                   </sp:InitiatorSignatureToken>
-                  <sp:RecipientToken>
+                  <sp:RecipientSignatureToken>
                      <wsp:Policy>
                         <sp:X509Token
                            sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
@@ -82,7 +106,7 @@
                            </wsp:Policy>
                         </sp:X509Token>
                      </wsp:Policy>
-                  </sp:RecipientToken>
+                  </sp:RecipientSignatureToken>
                   <sp:Layout>
                      <wsp:Policy>
                         <sp:Lax/>
@@ -101,6 +125,49 @@
       </wsp:ExactlyOne>
     </wsp:Policy>
     
+    <wsp:Policy wsu:Id="DoubleItAsymmetricEncryptionPolicy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:AsymmetricBinding>
+               <wsp:Policy>
+                  <sp:InitiatorEncryptionToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:InitiatorEncryptionToken>
+                  <sp:RecipientEncryptionToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                              <sp:RequireIssuerSerialReference />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:RecipientEncryptionToken>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax/>
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:OnlySignEntireHeadersAndBody/>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic256/>
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+               </wsp:Policy>
+            </sp:AsymmetricBinding>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
+    
     
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
       <wsp:ExactlyOne>
@@ -110,8 +177,17 @@
             </sp:SignedParts>
          </wsp:All>
       </wsp:ExactlyOne>
-   </wsp:Policy>
-   <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy">
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy2">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:EncryptedParts>
+               <sp:Body/>
+            </sp:EncryptedParts>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy">
       <wsp:ExactlyOne>
          <wsp:All>
             <sp:SignedParts>
@@ -119,6 +195,15 @@
             </sp:SignedParts>
          </wsp:All>
       </wsp:ExactlyOne>
-   </wsp:Policy>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy2">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:EncryptedParts>
+               <sp:Body/>
+            </sp:EncryptedParts>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
     
 </wsdl:definitions>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client/client.xml Mon Dec 12 13:47:09 2011
@@ -85,7 +85,6 @@
        <jaxws:properties>
            <entry key="ws-security.encryption.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
-           <entry key="ws-security.encryption.username" value="bob"/>
            <entry key="ws-security.signature.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
            <entry key="ws-security.signature.username" value="alice"/>
@@ -94,6 +93,19 @@
        </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricEncryptionPort" 
+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+           <entry key="ws-security.encryption.username" value="bob"/>
+           <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricProtectTokensPort" 
                   createdFromAPI="true">
        <jaxws:properties>

Modified: cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml?rev=1213242&r1=1213241&r2=1213242&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server/server.xml Mon Dec 12 13:47:09 2011
@@ -157,6 +157,26 @@
                   value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
           <entry key="ws-security.encryption.properties" 
                   value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
+       id="AsymmetricEncryption"
+       address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricEncryption" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricEncryptionPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509Signature.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/> 
+          <entry key="ws-security.encryption.properties" 
+                  value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/> 
           <entry key="ws-security.encryption.username" value="alice"/>
        </jaxws:properties> 
      



Mime
View raw message