cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1368978 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/ systests/...
Date Fri, 03 Aug 2012 14:23:18 GMT
Author: coheigea
Date: Fri Aug  3 14:23:18 2012
New Revision: 1368978

URL: http://svn.apache.org/viewvc?rev=1368978&view=rev
Log:
[CXF-4453] - Added SOAP Body decryption checking support + some reshuffling following feedback
from Glen

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
      - copied, changed from r1368958, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
      - copied, changed from r1368958, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java
Removed:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SignatureCoverageChecker.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=1368978&r1=1368977&r2=1368978&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
Fri Aug  3 14:23:18 2012
@@ -346,5 +346,48 @@ public class CryptoCoverageChecker exten
         public CoverageScope getScope() {
             return this.scope;
         }
+        
+        @Override
+        public boolean equals(Object xpathObject) {
+            if (!(xpathObject instanceof XPathExpression)) {
+                return false;
+            }
+            
+            if (xpathObject == this) {
+                return true;
+            }
+            
+            XPathExpression xpath = (XPathExpression)xpathObject;
+            if (xpath.getScope() != getScope()) {
+                return false;
+            }
+            
+            if (xpath.getType() != getType()) {
+                return false;
+            }
+            
+            if (getXPath() == null && xpath.getXPath() != null) {
+                return false;
+            } else if (getXPath() != null && !getXPath().equals(xpath.getXPath()))
{
+                return false;
+            }
+            
+            return true;
+        }
+        
+        @Override
+        public int hashCode() {
+            int result = 17;
+            if (getXPath() != null) {
+                result = 31 * result + getXPath().hashCode();
+            }
+            if (getType() != null) {
+                result = 31 * result + getType().hashCode();
+            }
+            if (getScope() != null) {
+                result = 31 * result + getScope().hashCode();
+            }
+            return result;
+        }
     }
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java?rev=1368978&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
(added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageChecker.java
Fri Aug  3 14:23:18 2012
@@ -0,0 +1,156 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.ws.security.wss4j;
+
+
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
+import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
+import org.apache.ws.security.WSConstants;
+
+/**
+ * This utility extends the CryptoCoverageChecker to provide an easy way to check to see
+ * if the SOAP (1.1 + 1.2) Body was signed and/or encrypted, and if the Timestamp was signed.
+ * The default configuration is that the SOAP Body and Timestamp must be signed.
+ */
+public class DefaultCryptoCoverageChecker extends CryptoCoverageChecker {
+    
+    public static final String SOAP_NS = WSConstants.URI_SOAP11_ENV;
+    public static final String SOAP12_NS = WSConstants.URI_SOAP12_ENV;
+    public static final String WSU_NS = WSConstants.WSU_NS;
+    public static final String WSSE_NS = WSConstants.WSSE_NS;
+    
+    private boolean signBody;
+    private boolean signTimestamp;
+    private boolean encryptBody;
+    
+    /**
+     * Creates a new instance. Enforces that the SOAP Body and Timestamp must be signed
+     * (if they exist in the message body).
+     */
+    public DefaultCryptoCoverageChecker() {
+        super(null, null);
+        
+        prefixMap.put("soapenv", SOAP_NS);
+        prefixMap.put("soapenv12", SOAP12_NS);
+        prefixMap.put("wsu", WSU_NS);
+        prefixMap.put("wsse", WSSE_NS);
+        
+        // Sign SOAP Body
+        setSignBody(true);
+        
+        // Sign Timestamp
+        setSignTimestamp(true);
+    }
+    
+    public boolean isSignBody() {
+        return signBody;
+    }
+
+    public final void setSignBody(boolean signBody) {
+        this.signBody = signBody;
+        
+        XPathExpression soap11Expression = 
+            new XPathExpression("/soapenv:Envelope/soapenv:Body", CoverageType.SIGNED);
+        XPathExpression soap12Expression = 
+            new XPathExpression("/soapenv12:Envelope/soapenv12:Body", CoverageType.SIGNED);
+
+        if (signBody) {
+            if (!xPaths.contains(soap11Expression)) {
+                xPaths.add(soap11Expression);
+            }
+            if (!xPaths.contains(soap12Expression)) {
+                xPaths.add(soap12Expression);
+            }
+        } else {
+            if (xPaths.contains(soap11Expression)) {
+                xPaths.remove(soap11Expression);
+            }
+            if (xPaths.contains(soap12Expression)) {
+                xPaths.remove(soap12Expression);
+            }
+        }
+    }
+
+    public boolean isSignTimestamp() {
+        return signTimestamp;
+    }
+
+    public final void setSignTimestamp(boolean signTimestamp) {
+        this.signTimestamp = signTimestamp;
+        
+        XPathExpression soap11Expression = 
+            new XPathExpression(
+                "/soapenv:Envelope/soapenv:Header/wsse:Security/wsu:Timestamp", 
+                CoverageType.SIGNED
+            );
+        XPathExpression soap12Expression = 
+            new XPathExpression(
+                "/soapenv12:Envelope/soapenv12:Header/wsse:Security/wsu:Timestamp", 
+                CoverageType.SIGNED
+            );
+        
+        if (signTimestamp) {
+            if (!xPaths.contains(soap11Expression)) {
+                xPaths.add(soap11Expression);
+            }
+            if (!xPaths.contains(soap12Expression)) {
+                xPaths.add(soap12Expression);
+            }
+        } else {
+            if (xPaths.contains(soap11Expression)) {
+                xPaths.remove(soap11Expression);
+            }
+            if (xPaths.contains(soap12Expression)) {
+                xPaths.remove(soap12Expression);
+            }
+        }
+    }
+
+    public boolean isEncryptBody() {
+        return encryptBody;
+    }
+
+    public final void setEncryptBody(boolean encryptBody) {
+        this.encryptBody = encryptBody;
+        
+        XPathExpression soap11Expression = 
+            new XPathExpression("/soapenv:Envelope/soapenv:Body", CoverageType.ENCRYPTED,
+                    CoverageScope.CONTENT);
+        XPathExpression soap12Expression = 
+            new XPathExpression("/soapenv12:Envelope/soapenv12:Body", CoverageType.ENCRYPTED,
+                    CoverageScope.CONTENT);
+
+        if (encryptBody) {
+            if (!xPaths.contains(soap11Expression)) {
+                xPaths.add(soap11Expression);
+            }
+            if (!xPaths.contains(soap12Expression)) {
+                xPaths.add(soap12Expression);
+            }
+        } else {
+            if (xPaths.contains(soap11Expression)) {
+                xPaths.remove(soap11Expression);
+            }
+            if (xPaths.contains(soap12Expression)) {
+                xPaths.remove(soap12Expression);
+            }
+        }
+    }
+    
+}

Copied: cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
(from r1368958, cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java?p2=cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java&p1=cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java&r1=1368958&r2=1368978&rev=1368978&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureCheckerTest.java
(original)
+++ cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DefaultCryptoCoverageCheckerTest.java
Fri Aug  3 14:23:18 2012
@@ -36,10 +36,11 @@ import org.apache.ws.security.handler.WS
 import org.junit.Test;
 
 /**
- * Test the SignatureCoverageChecker, which extends the CryptoCoverageChecker to provide
- * an easier way to check to see if the SOAP Body and Timestamp were signed.
+ * Test the DefaultCryptoCoverageChecker, which extends the CryptoCoverageChecker to provide
+ * an easier way to check to see if the SOAP (1.1 + 1.2) Body was signed and/or encrypted,
and 
+ * if the Timestamp was signed.
  */
-public class SignatureCheckerTest extends AbstractSecurityTest {
+public class DefaultCryptoCoverageCheckerTest extends AbstractSecurityTest {
     
     @Test
     public void testSignedWithIncompleteCoverage() throws Exception {
@@ -97,8 +98,7 @@ public class SignatureCheckerTest extend
         
         final Document doc = this.readDocument(document);
         final SoapMessage msg = this.getSoapMessageForDom(doc);
-        final SignatureCoverageChecker checker = 
-            new SignatureCoverageChecker(true, true);
+        final CryptoCoverageChecker checker = new DefaultCryptoCoverageChecker();
         checker.addPrefixes(prefixes);
         checker.addXPaths(xpaths);
         final PhaseInterceptor<SoapMessage> wss4jInInterceptor = this.getWss4jInInterceptor();

Copied: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
(from r1368958, cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java)
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java?p2=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java&p1=cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java&r1=1368958&r2=1368978&rev=1368978&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/SignatureCoverageCheckerTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/coverage_checker/DefaultCryptoCoverageCheckerTest.java
Fri Aug  3 14:23:18 2012
@@ -39,9 +39,9 @@ import org.example.contract.doubleit.Dou
 import org.junit.BeforeClass;
 
 /**
- * A set of tests for the SignatureCoverageChecker.
+ * A set of tests for the DefaultCryptoCoverageChecker.
  */
-public class SignatureCoverageCheckerTest extends AbstractBusClientServerTestBase {
+public class DefaultCryptoCoverageCheckerTest extends AbstractBusClientServerTestBase {
     public static final String PORT = allocatePort(Server.class);
 
     private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
@@ -72,13 +72,13 @@ public class SignatureCoverageCheckerTes
         }
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort");
         DoubleItPortType port = 
@@ -111,13 +111,13 @@ public class SignatureCoverageCheckerTes
         }
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort");
         DoubleItPortType port = 
@@ -153,13 +153,13 @@ public class SignatureCoverageCheckerTes
         }
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampPort");
         DoubleItPortType port = 
@@ -196,13 +196,13 @@ public class SignatureCoverageCheckerTes
         }
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port");
         DoubleItPortType port = 
@@ -235,13 +235,13 @@ public class SignatureCoverageCheckerTes
         }
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port");
         DoubleItPortType port = 
@@ -277,13 +277,13 @@ public class SignatureCoverageCheckerTes
         }
 
         SpringBusFactory bf = new SpringBusFactory();
-        URL busFile = SignatureCoverageCheckerTest.class.getResource("client/client.xml");
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
 
         Bus bus = bf.createBus(busFile.toString());
         SpringBusFactory.setDefaultBus(bus);
         SpringBusFactory.setThreadDefaultBus(bus);
         
-        URL wsdl = SignatureCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
         Service service = Service.create(wsdl, SERVICE_QNAME);
         QName portQName = new QName(NAMESPACE, "DoubleItBodyTimestampSoap12Port");
         DoubleItPortType port = 
@@ -313,6 +313,96 @@ public class SignatureCoverageCheckerTes
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testSignedEncryptedBody() throws Exception {
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedBodyPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        Map<String, Object> outProps = new HashMap<String, Object>();
+        outProps.put("action", "Timestamp Signature Encrypt");
+        outProps.put("signaturePropFile", 
+                     "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
+        outProps.put("encryptionPropFile", 
+                     "org/apache/cxf/systest/ws/wssec10/client/bob.properties");
+        outProps.put("user", "alice");
+        outProps.put("encryptionUser", "bob");
+        outProps.put("passwordCallbackClass", 
+                     "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+        outProps.put("signatureParts",
+                     "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+        outProps.put("encryptionParts",
+                     "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+        
+        bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
+        
+        port.doubleIt(25);
+        
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSignedNotEncryptedBody() throws Exception {
+        if (!unrestrictedPoliciesInstalled) {
+            return;
+        }
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = DefaultCryptoCoverageCheckerTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = DefaultCryptoCoverageCheckerTest.class.getResource("DoubleItCoverageChecker.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedBodyPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        Map<String, Object> outProps = new HashMap<String, Object>();
+        outProps.put("action", "Timestamp Signature Encrypt");
+        outProps.put("signaturePropFile", 
+                     "org/apache/cxf/systest/ws/wssec10/client/alice.properties");
+        outProps.put("encryptionPropFile", 
+                     "org/apache/cxf/systest/ws/wssec10/client/bob.properties");
+        outProps.put("user", "alice");
+        outProps.put("encryptionUser", "bob");
+        outProps.put("passwordCallbackClass", 
+                     "org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback");
+        outProps.put("signatureParts",
+                     "{}{http://schemas.xmlsoap.org/soap/envelope/}Body;");
+        outProps.put("encryptionParts",
+                     "{}{http://docs.oasis-open.org/wss/2004/01/oasis-"
+                     + "200401-wss-wssecurity-utility-1.0.xsd}Timestamp;");
+        
+        bus.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not encrypting the SOAP Body");
+        } catch (Exception ex) {
+            // expected
+        }
+        
+        bus.shutdown(true);
+    }
+    
     private boolean checkUnrestrictedPoliciesInstalled() {
         try {
             byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl?rev=1368978&r1=1368977&r2=1368978&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl
Fri Aug  3 14:23:18 2012
@@ -71,6 +71,9 @@
         <wsdl:port name="DoubleItBodyTimestampSoap12Port" binding="tns:DoubleItSoap12Binding">
             <soap12:address location="http://localhost:9001/DoubleItBodyTimestampSoap12"
/>
         </wsdl:port>
+        <wsdl:port name="DoubleItSignedEncryptedBodyPort" binding="tns:DoubleItSoapBinding">
+            <soap:address location="http://localhost:9001/DoubleItSignedEncrypted" />
+        </wsdl:port>
     </wsdl:service>
     
 </wsdl:definitions>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml?rev=1368978&r1=1368977&r2=1368978&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/client/client.xml
Fri Aug  3 14:23:18 2012
@@ -47,4 +47,8 @@
                   createdFromAPI="true">
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSignedEncryptedBodyPort"

+                  createdFromAPI="true">
+    </jaxws:client>
+    
 </beans>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml?rev=1368978&r1=1368977&r2=1368978&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/coverage_checker/server/server.xml
Fri Aug  3 14:23:18 2012
@@ -63,10 +63,7 @@
             </map>
            </constructor-arg>
         </bean>
-        <bean class="org.apache.cxf.ws.security.wss4j.SignatureCoverageChecker">
-           <constructor-arg><value>true</value></constructor-arg>
-           <constructor-arg><value>true</value></constructor-arg>
-        </bean>
+        <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker"/>
        </jaxws:inInterceptors>
     </jaxws:endpoint> 
     
@@ -90,12 +87,40 @@
             </map>
            </constructor-arg>
         </bean>
-        <bean class="org.apache.cxf.ws.security.wss4j.SignatureCoverageChecker">
-           <constructor-arg><value>true</value></constructor-arg>
-           <constructor-arg><value>true</value></constructor-arg>
+        <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker">
+           <property name="signBody" value="true"/>
+           <property name="signTimestamp" value="true"/>
         </bean>
        </jaxws:inInterceptors>
     </jaxws:endpoint> 
     
+    <jaxws:endpoint 
+       id="SignedEncryptedBody"
+       address="http://localhost:${testutil.ports.Server}/DoubleItSignedEncrypted" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItSignedEncryptedBodyPort"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/coverage_checker/DoubleItCoverageChecker.wsdl">
+        
+       <jaxws:inInterceptors>
+         <bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
+           <constructor-arg>
+            <map>
+               <entry key="action" value="Encrypt Signature Timestamp"/>
+               <entry key="signaturePropFile" value="org/apache/cxf/systest/ws/wssec10/client/alice.properties"/>
+               <entry key="decryptionPropFile" value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
+               <entry key="passwordCallbackClass" 
+                  value="org.apache.cxf.systest.ws.wssec10.client.KeystorePasswordCallback"/>
+            </map>
+           </constructor-arg>
+        </bean>
+        <bean class="org.apache.cxf.ws.security.wss4j.DefaultCryptoCoverageChecker">
+           <property name="signBody" value="true"/>
+           <property name="signTimestamp" value="false"/>
+           <property name="encryptBody" value="true"/>
+        </bean>
+       </jaxws:inInterceptors>
+    </jaxws:endpoint> 
    
 </beans>



Mime
View raw message