Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: svn commit: r1291635 - in /cxf/branches/2.5.x-fixes: ./
 rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/
 systests/ws-security/src/test/resources/org/apache/cxf/systest...
Date: Tue, 21 Feb 2012 07:45:51 -0000
To: commits@cxf.apache.org
From: ffang@apache.org
Message-Id: <20120221074552.79B1B238897D@eris.apache.org>

Author: ffang
Date: Tue Feb 21 07:45:50 2012
New Revision: 1291635

URL: http://svn.apache.org/viewvc?rev=1291635&view=rev
Log:
Merged revisions 1291628 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1291628 | ffang | 2012-02-21 15:31:08 +0800 (二, 21  2 2012) | 1 line
  
  [CXF-4122]CXFRequestData should get chance to setEnableRevocation from message context When use WS-SecurityPolicy
........

Modified:
    cxf/branches/2.5.x-fixes/   (props changed)
    cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl

Propchange: cxf/branches/2.5.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1291635&r1=1291634&r2=1291635&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/branches/2.5.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Tue Feb 21 07:45:50 2012
@@ -195,6 +195,7 @@ public class WSS4JInInterceptor extends 
         }
         reqData.setWssConfig(config);
         
+                
         SOAPMessage doc = getSOAPMessage(msg);
         
         boolean doDebug = LOG.isLoggable(Level.FINE);
@@ -241,6 +242,14 @@ public class WSS4JInInterceptor extends 
              */
             doReceiverAction(doAction, reqData);
             
+            /*get chance to check msg context enableRevocation setting
+             *when use policy based ws-security where the WSHandler configuration
+             *isn't available
+             */
+            boolean enableRevocation = reqData.isRevocationEnabled() 
+                || MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
+            reqData.setEnableRevocation(enableRevocation);
+            
             if (doTimeLog) {
                 t1 = System.currentTimeMillis();
             }

Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=1291635&r1=1291634&r2=1291635&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Tue Feb 21 07:45:50 2012
@@ -84,6 +84,7 @@ public class SecurityPolicyTest extends 
     public static final String POLICY_CXF3041_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3041";
     public static final String POLICY_CXF3042_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3042";
     public static final String POLICY_CXF3452_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3452";
+    public static final String POLICY_CXF4122_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF4122";
     
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
     private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
@@ -529,4 +530,52 @@ public class SecurityPolicyTest extends 
                        || errorMessage.contains("Error during certificate path validation"));
         }
     }
+    
+    @Test
+    public void testCXF4122() throws Exception {
+        URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl");
+        EndpointImpl ep = (EndpointImpl)Endpoint.create(new DoubleItImpl());
+        ep.setEndpointName(
+            new QName("http://www.example.org/contract/DoubleIt", "DoubleItPortCXF4122")
+        );
+        ep.setWsdlLocation(wsdl.getPath());
+        ep.setAddress(POLICY_CXF4122_ADDRESS);
+        ep.publish();
+        EndpointInfo ei = ep.getServer().getEndpoint().getEndpointInfo();
+        setCryptoProperties(ei, "bob.properties", "revocation.properties");
+        ei.setProperty(SecurityConstants.ENABLE_REVOCATION, Boolean.TRUE);
+
+        
+        
+        SpringBusFactory bf = new SpringBusFactory();
+
+        Bus bus = bf.createBus();
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+
+        DoubleItPortType pt;
+
+        QName
+        portQName = new QName(NAMESPACE, "DoubleItPortCXF4122");
+        pt = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(pt, PORT);
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
+                                                      new KeystorePasswordCallback());
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+                                                      getClass().getResource("revocation.properties"));
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
+                                                      getClass().getResource("bob.properties"));
+        try {
+            pt.doubleIt(5);
+            fail("should fail on server side when do signature validation due the revoked certificates");
+        } catch (Exception ex) {
+            String errorMessage = ex.getMessage();
+            // Different errors using different JDKs...
+            assertTrue(errorMessage.contains("Certificate has been revoked")
+                       || errorMessage.contains("Certificate revocation")
+                       || errorMessage.contains("Error during certificate path validation"));
+        }
+
+    }
 }

Modified: cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl?rev=1291635&r1=1291634&r2=1291635&view=diff
==============================================================================
--- cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl (original)
+++ cxf/branches/2.5.x-fixes/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl Tue Feb 21 07:45:50 2012
@@ -222,6 +222,23 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingCXF4122" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#CXF4122" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
 
 
 
@@ -262,6 +279,9 @@
         <wsdl:port name="DoubleItPortCXF4119" binding="tns:DoubleItBindingCXF4119">
             <soap:address location="http://localhost:9010/SecPolTestCXF4119" />
         </wsdl:port>
+        <wsdl:port name="DoubleItPortCXF4122" binding="tns:DoubleItBindingCXF4122">
+            <soap:address location="http://localhost:9010/SecPolTestCXF4122" />
+        </wsdl:port>
     </wsdl:service>
 
     <wsp:Policy wsu:Id="DoubleItBindingPolicy">
@@ -864,4 +884,62 @@
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>
+    <wsp:Policy wsu:Id="CXF4122">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDesRsa15 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:EncryptSignature />
+                        <sp:OnlySignEntireHeadersAndBody />
+                        <sp:EncryptBeforeSigning />
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+                <sp:SignedParts
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:SignedParts>
+                <sp:EncryptedParts
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:EncryptedParts>
+                <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <sp:MustSupportRefIssuerSerial />
+                    </wsp:Policy>
+                </sp:Wss10>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
 </wsdl:definitions>