cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1458731 - in /cxf/branches/wss4j2.0-port: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/ systests/ws-security/src/test/resources/org/ap...
Date Wed, 20 Mar 2013 10:34:45 GMT
Author: coheigea
Date: Wed Mar 20 10:34:44 2013
New Revision: 1458731

URL: http://svn.apache.org/r1458731
Log:
[CXF-4904] - Incorrect validation of Layout LaxTimestampFirst + LaxTimestampLast

Added:
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml
      - copied, changed from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
Removed:
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml
Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml
    cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1458731&r1=1458730&r2=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Wed Mar 20 10:34:44 2013
@@ -158,7 +158,7 @@ public abstract class AbstractBindingPol
             if (results.isEmpty()) {
                 return false;
             }
-            Integer firstAction = (Integer)results.get(0).get(WSSecurityEngineResult.TAG_ACTION);
+            Integer firstAction = (Integer)results.get(results.size() - 1).get(WSSecurityEngineResult.TAG_ACTION);
             if (firstAction.intValue() != WSConstants.TS) {
                 return false;
             }
@@ -167,7 +167,7 @@ public abstract class AbstractBindingPol
                 return false;
             }
             Integer lastAction = 
-                (Integer)results.get(results.size() - 1).get(WSSecurityEngineResult.TAG_ACTION);
+                (Integer)results.get(0).get(WSSecurityEngineResult.TAG_ACTION);
             if (lastAction.intValue() != WSConstants.TS) {
                 return false;
             }

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java?rev=1458731&r1=1458730&r2=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java Wed Mar 20 10:34:44 2013
@@ -96,4 +96,222 @@ public class BindingPropertiesTest exten
         bus.shutdown(true);
     }
     
+    @org.junit.Test
+    public void testEncryptSignature() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // Successful invocation
+        QName portQName = new QName(NAMESPACE, "DoubleItEncryptSignaturePort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as the client is not encrypting the signature is specified
+        portQName = new QName(NAMESPACE, "DoubleItEncryptSignaturePort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not encrypting the signature property");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "The signature is not protected";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testIncludeTimestamp() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // Successful invocation
+        QName portQName = new QName(NAMESPACE, "DoubleItIncludeTimestampPort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as the client is not sending a Timestamp
+        portQName = new QName(NAMESPACE, "DoubleItIncludeTimestampPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not sending a Timestamp");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Received Timestamp does not match the requirements";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testEncryptBeforeSigning() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // Successful invocation
+        QName portQName = new QName(NAMESPACE, "DoubleItEncryptBeforeSigningPort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as the client is not following the correct steps for this property
+        portQName = new QName(NAMESPACE, "DoubleItEncryptBeforeSigningPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not encrypting before signing");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Not encrypted before signed";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testSignBeforeEncrypting() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // Successful invocation
+        QName portQName = new QName(NAMESPACE, "DoubleItSignBeforeEncryptingPort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as the client is not following the correct steps for this property
+        portQName = new QName(NAMESPACE, "DoubleItSignBeforeEncryptingPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on not signing before encrypting");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Not signed before encrypted";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    // TODO It's not sending the Timestamp "first" correctly
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testTimestampFirst() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // Successful invocation
+        QName portQName = new QName(NAMESPACE, "DoubleItTimestampFirstPort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as the client is sending the timestamp last
+        portQName = new QName(NAMESPACE, "DoubleItTimestampFirstPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on on sending the timestamp last");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Layout does not match the requirements";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testTimestampLast() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = BindingPropertiesTest.class.getResource("client/client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = BindingPropertiesTest.class.getResource("DoubleItBindings.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+       
+        // Successful invocation
+        QName portQName = new QName(NAMESPACE, "DoubleItTimestampLastPort");
+        DoubleItPortType port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        port.doubleIt(25);
+        
+        // This should fail, as the client is sending the timestamp first
+        portQName = new QName(NAMESPACE, "DoubleItTimestampLastPort2");
+        port = service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        try {
+            port.doubleIt(25);
+            fail("Failure expected on sending the timestamp first");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            String error = "Layout does not match the requirements";
+            assertTrue(ex.getMessage().contains(error));
+        }
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
 }

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl?rev=1458731&r1=1458730&r2=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl Wed Mar 20 10:34:44 2013
@@ -47,6 +47,25 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItStandardBinding" type="tns:DoubleItPortType">
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#SignEncryptBodyPolicy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#SignEncryptBodyPolicy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+                <wsp:PolicyReference URI="#SignEncryptBodyPolicy"/>
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItOnlySignPort" binding="tns:DoubleItOnlySignBinding">
@@ -55,6 +74,42 @@
         <wsdl:port name="DoubleItNotOnlySignPort" binding="tns:DoubleItOnlySignBinding">
             <soap:address location="http://localhost:9010/DoubleItNotOnlySign" />
         </wsdl:port>
+        <wsdl:port name="DoubleItEncryptSignaturePort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItEncryptSignature" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItEncryptSignaturePort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItEncryptSignature2" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItIncludeTimestampPort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItIncludeTimestamp" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItIncludeTimestampPort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItIncludeTimestamp2" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItEncryptBeforeSigningPort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItEncryptBeforeSigning" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItEncryptBeforeSigningPort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItEncryptBeforeSigning2" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItSignBeforeEncryptingPort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItSignBeforeEncrypting" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItSignBeforeEncryptingPort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItSignBeforeEncrypting2" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItTimestampFirstPort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItTimestampFirst" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItTimestampFirstPort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItTimestampFirst2" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItTimestampLastPort" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItTimestampLast" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItTimestampLastPort2" binding="tns:DoubleItStandardBinding">
+            <soap:address location="http://localhost:9010/DoubleItTimestampLast2" />
+        </wsdl:port>
     </wsdl:service>
     
     <wsp:Policy wsu:Id="SignBodyChildPolicy">
@@ -66,5 +121,17 @@
          </wsp:All>
       </wsp:ExactlyOne>
    </wsp:Policy>
+   <wsp:Policy wsu:Id="SignEncryptBodyPolicy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:EncryptedParts>
+               <sp:Body/>
+            </sp:EncryptedParts>
+            <sp:SignedParts>
+               <sp:Body/>
+            </sp:SignedParts>
+         </wsp:All>
+      </wsp:ExactlyOne>
+   </wsp:Policy>
 
 </wsdl:definitions>

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="CleanPolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml?rev=1458731&r1=1458730&r2=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client/client.xml Wed Mar 20 10:34:44 2013
@@ -79,7 +79,271 @@
         <jaxws:features>
             <p:policies>
                 <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
-                    URI="classpath:/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml" />
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/clean-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptSignaturePort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptSignaturePort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/clean-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItIncludeTimestampPort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItIncludeTimestampPort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/clean-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptBeforeSigningPort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItEncryptBeforeSigningPort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/clean-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItSignBeforeEncryptingPort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItSignBeforeEncryptingPort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItTimestampFirstPort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItTimestampFirstPort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItTimestampLastPort"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+    </jaxws:client>
+    
+    <jaxws:client
+        name="{http://www.example.org/contract/DoubleIt}DoubleItTimestampLastPort2"
+        createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.username" value="Alice" />
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.encryption.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="bob" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/alice.properties" />
+            <entry key="ws-security.signature.username" value="alice" />
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml" />
             </p:policies>
         </jaxws:features>
     </jaxws:client>

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="EncryptBeforeSigningPolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>
@@ -32,6 +32,7 @@
                                 <sp:Lax />
                             </wsp:Policy>
                         </sp:Layout>
+                        <sp:EncryptBeforeSigning />
                         <sp:AlgorithmSuite>
                             <wsp:Policy>
                                 <sp:Basic128 />

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="EncryptSignaturePolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>
@@ -32,6 +32,7 @@
                                 <sp:Lax />
                             </wsp:Policy>
                         </sp:Layout>
+                        <sp:EncryptSignature />
                         <sp:AlgorithmSuite>
                             <wsp:Policy>
                                 <sp:Basic128 />

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="IncludeTimestampPolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>
@@ -32,6 +32,7 @@
                                 <sp:Lax />
                             </wsp:Policy>
                         </sp:Layout>
+                        <sp:IncludeTimestamp />
                         <sp:AlgorithmSuite>
                             <wsp:Policy>
                                 <sp:Basic128 />

Modified: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml?rev=1458731&r1=1458730&r2=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server/server.xml Wed Mar 20 10:34:44 2013
@@ -84,11 +84,287 @@
         <jaxws:features>
             <p:policies>
                 <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
-                    URI="classpath:/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml" />
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/clean-policy.xml" />
             </p:policies>
         </jaxws:features>
 
     </jaxws:endpoint>
+    
+    <jaxws:endpoint id="EncryptSignatureEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItEncryptSignature"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptSignaturePort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="EncryptSignatureEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItEncryptSignature2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptSignaturePort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+
+    <jaxws:endpoint id="IncludeTimestampEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItIncludeTimestamp"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItIncludeTimestampPort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="IncludeTimestampEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItIncludeTimestamp2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItIncludeTimestampPort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/include-timestamp-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="EncryptBeforeSigningEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItEncryptBeforeSigning"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptBeforeSigningPort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+     <jaxws:endpoint id="EncryptBeforeSigningEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItEncryptBeforeSigning2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItEncryptBeforeSigningPort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="SignBeforeEncryptingEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItSignBeforeEncrypting"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSignBeforeEncryptingPort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="SignBeforeEncryptingEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItSignBeforeEncrypting2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSignBeforeEncryptingPort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="TimestampFirstEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItTimestampFirst"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItTimestampFirstPort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="TimestampFirstEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItTimestampFirst2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItTimestampFirstPort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml" />
+            </p:policies>
+        </jaxws:features>
 
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="TimestampLastEndpoint"
+        address="http://localhost:${testutil.ports.Server}/DoubleItTimestampLast"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItTimestampLastPort"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
+    <jaxws:endpoint id="TimestampLastEndpoint2"
+        address="http://localhost:${testutil.ports.Server}/DoubleItTimestampLast2"
+        serviceName="s:DoubleItService" endpointName="s:DoubleItTimestampLastPort2"
+        xmlns:s="http://www.example.org/contract/DoubleIt" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+        wsdlLocation="org/apache/cxf/systest/ws/bindings/DoubleItBindings.wsdl">
+
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler"
+                value="org.apache.cxf.systest.ws.wssec10.client.UTPasswordCallback" />
+            <entry key="ws-security.signature.properties"
+                value="org/apache/cxf/systest/ws/wssec10/client/bob.properties" />
+            <entry key="ws-security.encryption.username" value="useReqSigCert" />
+            <entry key="ws-security.subject.cert.constraints" value=".*O=apache.org.*"/>
+        </jaxws:properties>
+        <jaxws:features>
+            <p:policies>
+                <wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" 
+                    URI="classpath:/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml" />
+            </p:policies>
+        </jaxws:features>
+
+    </jaxws:endpoint>
+    
     
 </beans>

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="EncryptBeforeSigningPolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>
@@ -32,6 +32,7 @@
                                 <sp:Lax />
                             </wsp:Policy>
                         </sp:Layout>
+                        <sp:SignBeforeEncrypting />
                         <sp:AlgorithmSuite>
                             <wsp:Policy>
                                 <sp:Basic128 />

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="CleanPolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>
@@ -29,9 +29,10 @@
                         </sp:RecipientToken>
                         <sp:Layout>
                             <wsp:Policy>
-                                <sp:Lax />
+                                <sp:LaxTimestampFirst />
                             </wsp:Policy>
                         </sp:Layout>
+                        <sp:IncludeTimestamp />
                         <sp:AlgorithmSuite>
                             <wsp:Policy>
                                 <sp:Basic128 />

Copied: cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml (from r1458282, cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml)
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml?p2=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml&p1=cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml&r1=1458282&r2=1458731&rev=1458731&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/not-only-sign-policy.xml (original)
+++ cxf/branches/wss4j2.0-port/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy.xml Wed Mar 20 10:34:44 2013
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="OnlySignEntireHeadersAndBodyPolicy"
+<wsp:Policy wsu:Id="CleanPolicy"
         xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
         xmlns:wsp="http://www.w3.org/ns/ws-policy">
         <wsp:ExactlyOne>
@@ -29,9 +29,10 @@
                         </sp:RecipientToken>
                         <sp:Layout>
                             <wsp:Policy>
-                                <sp:Lax />
+                                <sp:LaxTimestampLast />
                             </wsp:Policy>
                         </sp:Layout>
+                        <sp:IncludeTimestamp />
                         <sp:AlgorithmSuite>
                             <wsp:Policy>
                                 <sp:Basic128 />



Mime
View raw message