Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 80AE4FFD1 for ; Tue, 23 Apr 2013 15:35:48 +0000 (UTC) Received: (qmail 2824 invoked by uid 500); 23 Apr 2013 15:35:48 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 2774 invoked by uid 500); 23 Apr 2013 15:35:48 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 2764 invoked by uid 99); 23 Apr 2013 15:35:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Apr 2013 15:35:48 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Apr 2013 15:35:46 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 031AB23888E4; Tue, 23 Apr 2013 15:35:26 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1471016 - in /cxf/branches/wss4j2.0-port/rt/ws/security/src: main/java/org/apache/cxf/ws/security/wss4j/ test/java/org/apache/cxf/ws/security/wss4j/ Date: Tue, 23 Apr 2013 15:35:25 -0000 To: commits@cxf.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130423153526.031AB23888E4@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Tue Apr 23 15:35:25 2013 New Revision: 1471016 URL: http://svn.apache.org/r1471016 Log: Added a way to check required Actions against inbound security events Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java?rev=1471016&view=auto ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java (added) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java Tue Apr 23 15:35:25 2013 @@ -0,0 +1,145 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import java.util.List; +import java.util.logging.Logger; + +import org.apache.cxf.binding.soap.SoapFault; +import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.binding.soap.SoapVersion; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.apache.wss4j.common.ext.WSSecurityException; +import org.apache.wss4j.stax.ext.WSSConstants; +import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; +import org.apache.xml.security.stax.securityEvent.SecurityEvent; +import org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event; + +/** + * This interceptor handles parsing the StaX WS-Security results (events) + checks to see + * whether the required Actions were fulfilled. If no Actions were defined in the configuration, + * then no checking is done on the received security events. + */ +public class StaxActionInInterceptor extends AbstractPhaseInterceptor { + + private static final Logger LOG = + LogUtils.getL7dLogger(StaxActionInInterceptor.class); + + private final List inActions; + + public StaxActionInInterceptor(List inActions) { + super(Phase.PRE_PROTOCOL); + this.inActions = inActions; + this.getBefore().add(StaxSecurityContextInInterceptor.class.getName()); + } + + @Override + public void handleMessage(SoapMessage soapMessage) throws Fault { + + if (inActions == null || inActions.isEmpty()) { + return; + } + + @SuppressWarnings("unchecked") + final List incomingSecurityEventList = + (List)soapMessage.get(SecurityEvent.class.getName() + ".in"); + + if (incomingSecurityEventList == null) { + LOG.warning("Security processing failed (actions mismatch)"); + WSSecurityException ex = + new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY); + throw createSoapFault(soapMessage.getVersion(), ex); + } + + for (XMLSecurityConstants.Action action : inActions) { + Event requiredEvent = null; + if (WSSConstants.TIMESTAMP.equals(action)) { + requiredEvent = WSSecurityEventConstants.Timestamp; + } else if (WSSConstants.USERNAMETOKEN.equals(action)) { + requiredEvent = WSSecurityEventConstants.UsernameToken; + } else if (WSSConstants.SIGNATURE.equals(action)) { + requiredEvent = WSSecurityEventConstants.SignatureValue; + } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) + || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) { + requiredEvent = WSSecurityEventConstants.SamlToken; + } + + if (requiredEvent != null + && !isEventInResults(requiredEvent, incomingSecurityEventList)) { + LOG.warning("Security processing failed (actions mismatch)"); + WSSecurityException ex = + new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY); + throw createSoapFault(soapMessage.getVersion(), ex); + } + + if (WSSConstants.ENCRYPT.equals(action)) { + boolean foundEncryptionPart = + isEventInResults(WSSecurityEventConstants.EncryptedPart, incomingSecurityEventList); + if (!foundEncryptionPart) { + foundEncryptionPart = + isEventInResults(WSSecurityEventConstants.EncryptedElement, incomingSecurityEventList); + } + if (!foundEncryptionPart) { + LOG.warning("Security processing failed (actions mismatch)"); + WSSecurityException ex = + new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY); + throw createSoapFault(soapMessage.getVersion(), ex); + } + } + } + } + + private boolean isEventInResults(Event event, List incomingSecurityEventList) { + for (SecurityEvent incomingEvent : incomingSecurityEventList) { + if (event == incomingEvent.getSecurityEventType()) { + return true; + } + } + return false; + } + + /** + * Create a SoapFault from a WSSecurityException, following the SOAP Message Security + * 1.1 specification, chapter 12 "Error Handling". + * + * When the Soap version is 1.1 then set the Fault/Code/Value from the fault code + * specified in the WSSecurityException (if it exists). + * + * Otherwise set the Fault/Code/Value to env:Sender and the Fault/Code/Subcode/Value + * as the fault code from the WSSecurityException. + */ + private SoapFault + createSoapFault(SoapVersion version, WSSecurityException e) { + SoapFault fault; + javax.xml.namespace.QName faultCode = e.getFaultCode(); + if (version.getVersion() == 1.1 && faultCode != null) { + fault = new SoapFault(e.getMessage(), e, faultCode); + } else { + fault = new SoapFault(e.getMessage(), e, version.getSender()); + if (version.getVersion() != 1.1 && faultCode != null) { + fault.setSubCode(faultCode); + } + } + return fault; + } +} Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1471016&r1=1471015&r2=1471016&view=diff ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Tue Apr 23 15:35:25 2013 @@ -38,6 +38,7 @@ import org.apache.wss4j.common.ext.WSSec import org.apache.wss4j.stax.WSSec; import org.apache.wss4j.stax.ext.InboundWSSec; import org.apache.wss4j.stax.ext.WSSSecurityProperties; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; import org.apache.xml.security.stax.securityEvent.SecurityEvent; import org.apache.xml.security.stax.securityEvent.SecurityEventListener; @@ -46,6 +47,7 @@ public class WSS4JStaxInInterceptor exte private static final Logger LOG = LogUtils.getL7dLogger(WSS4JStaxInInterceptor.class); private final InboundWSSec inboundWSSec; + private List inActions; public WSS4JStaxInInterceptor(WSSSecurityProperties securityProperties) throws WSSecurityException { super(); @@ -87,6 +89,10 @@ public class WSS4JStaxInInterceptor exte soapMessage.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList); soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor()); + if (inActions != null && !inActions.isEmpty()) { + soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(inActions)); + } + try { @SuppressWarnings("unchecked") final List requestSecurityEvents = @@ -132,4 +138,12 @@ public class WSS4JStaxInInterceptor exte } return fault; } + + public List getInActions() { + return inActions; + } + + public void setInActions(List inActions) { + this.inActions = inActions; + } } Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java?rev=1471016&view=auto ============================================================================== --- cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java (added) +++ cxf/branches/wss4j2.0-port/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java Tue Apr 23 15:35:25 2013 @@ -0,0 +1,389 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.ws.security.wss4j; + +import java.util.ArrayList; +import java.util.List; +import java.util.Properties; + +import javax.xml.namespace.QName; + +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.endpoint.Server; +import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.interceptor.LoggingInInterceptor; +import org.apache.cxf.interceptor.LoggingOutInterceptor; +import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; +import org.apache.cxf.jaxws.JaxWsServerFactoryBean; +import org.apache.cxf.service.Service; +import org.apache.cxf.transport.local.LocalTransportFactory; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.stax.ext.WSSConstants; +import org.apache.wss4j.stax.ext.WSSSecurityProperties; +import org.apache.xml.security.stax.ext.SecurePart; +import org.apache.xml.security.stax.ext.XMLSecurityConstants; +import org.junit.Test; + +/** + * Test StaX Security actions on the inbound side + */ +public class StaxRoundTripActionTest extends AbstractSecurityTest { + + @Test + public void testUsernameToken() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + inProperties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + WSS4JPrincipalInterceptor principalInterceptor = new WSS4JPrincipalInterceptor(); + principalInterceptor.setPrincipalName("username"); + + List actions = new ArrayList(); + actions.add(WSSConstants.USERNAMETOKEN); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + service.getInInterceptors().add(principalInterceptor); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.USERNAMETOKEN}); + properties.setUsernameTokenPasswordType(WSSConstants.UsernameTokenPasswordType.PASSWORD_TEXT); + properties.setTokenUser("username"); + properties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + + actions.add(WSSConstants.ENCRYPT); + + try { + echo.echo("test"); + fail("Failure expected on the wrong action"); + } catch (javax.xml.ws.soap.SOAPFaultException ex) { + // expected + String error = "An error was discovered processing"; + assertTrue(ex.getMessage().contains(error)); + } + } + + @Test + public void testEncrypt() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + inProperties.setCallbackHandler(new TestPwdCallback()); + Properties cryptoProperties = + CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); + inProperties.setDecryptionCryptoProperties(cryptoProperties); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + + List actions = new ArrayList(); + actions.add(WSSConstants.ENCRYPT); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.ENCRYPT}); + properties.setEncryptionUser("myalias"); + + Properties outCryptoProperties = + CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); + properties.setEncryptionCryptoProperties(outCryptoProperties); + properties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + + actions.add(WSSConstants.SIGNATURE); + + try { + echo.echo("test"); + fail("Failure expected on the wrong action"); + } catch (javax.xml.ws.soap.SOAPFaultException ex) { + // expected + String error = "An error was discovered processing"; + assertTrue(ex.getMessage().contains(error)); + } + } + + @Test + public void testEncryptUsernameToken() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + inProperties.setCallbackHandler(new TestPwdCallback()); + Properties cryptoProperties = + CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); + inProperties.setDecryptionCryptoProperties(cryptoProperties); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + + List actions = new ArrayList(); + actions.add(WSSConstants.ENCRYPT); + actions.add(WSSConstants.USERNAMETOKEN); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction( + new XMLSecurityConstants.Action[]{WSSConstants.USERNAMETOKEN, WSSConstants.ENCRYPT} + ); + properties.addEncryptionPart( + new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element) + ); + properties.setEncryptionUser("myalias"); + properties.setTokenUser("username"); + + Properties outCryptoProperties = + CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); + properties.setEncryptionCryptoProperties(outCryptoProperties); + properties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + } + + @Test + public void testSignature() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + inProperties.setCallbackHandler(new TestPwdCallback()); + Properties cryptoProperties = + CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); + inProperties.setSignatureVerificationCryptoProperties(cryptoProperties); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + WSS4JPrincipalInterceptor principalInterceptor = new WSS4JPrincipalInterceptor(); + principalInterceptor.setPrincipalName("CN=myAlias"); + + List actions = new ArrayList(); + actions.add(WSSConstants.SIGNATURE); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + service.getInInterceptors().add(principalInterceptor); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.SIGNATURE}); + properties.setSignatureUser("myalias"); + + Properties outCryptoProperties = + CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); + properties.setSignatureCryptoProperties(outCryptoProperties); + properties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + + actions.add(WSSConstants.ENCRYPT); + + try { + echo.echo("test"); + fail("Failure expected on the wrong action"); + } catch (javax.xml.ws.soap.SOAPFaultException ex) { + // expected + String error = "An error was discovered processing"; + assertTrue(ex.getMessage().contains(error)); + } + } + + @Test + public void testTimestamp() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + + List actions = new ArrayList(); + actions.add(WSSConstants.TIMESTAMP); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction(new XMLSecurityConstants.Action[]{WSSConstants.TIMESTAMP}); + + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + } + + @Test + public void testSignatureTimestamp() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + inProperties.setCallbackHandler(new TestPwdCallback()); + Properties cryptoProperties = + CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); + inProperties.setSignatureVerificationCryptoProperties(cryptoProperties); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + + List actions = new ArrayList(); + actions.add(WSSConstants.TIMESTAMP); + actions.add(WSSConstants.SIGNATURE); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction( + new XMLSecurityConstants.Action[]{WSSConstants.SIGNATURE, WSSConstants.TIMESTAMP} + ); + properties.addSignaturePart( + new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), SecurePart.Modifier.Element) + ); + properties.addSignaturePart( + new SecurePart(new QName(WSSConstants.NS_SOAP11, "Body"), SecurePart.Modifier.Element) + ); + properties.setSignatureUser("myalias"); + + Properties outCryptoProperties = + CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); + properties.setSignatureCryptoProperties(outCryptoProperties); + properties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + } + @Test + public void testEncryptSignature() throws Exception { + // Create + configure service + Service service = createService(); + + WSSSecurityProperties inProperties = new WSSSecurityProperties(); + inProperties.setCallbackHandler(new TestPwdCallback()); + Properties cryptoProperties = + CryptoFactory.getProperties("insecurity.properties", this.getClass().getClassLoader()); + inProperties.setSignatureVerificationCryptoProperties(cryptoProperties); + inProperties.setDecryptionCryptoProperties(cryptoProperties); + WSS4JStaxInInterceptor inhandler = new WSS4JStaxInInterceptor(inProperties); + + List actions = new ArrayList(); + actions.add(WSSConstants.ENCRYPT); + actions.add(WSSConstants.SIGNATURE); + inhandler.setInActions(actions); + + service.getInInterceptors().add(inhandler); + + // Create + configure client + Echo echo = createClientProxy(); + + Client client = ClientProxy.getClient(echo); + client.getInInterceptors().add(new LoggingInInterceptor()); + client.getOutInterceptors().add(new LoggingOutInterceptor()); + + WSSSecurityProperties properties = new WSSSecurityProperties(); + properties.setOutAction( + new XMLSecurityConstants.Action[]{WSSConstants.ENCRYPT, WSSConstants.SIGNATURE} + ); + properties.setEncryptionUser("myalias"); + properties.setSignatureUser("myalias"); + + Properties outCryptoProperties = + CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); + properties.setSignatureCryptoProperties(outCryptoProperties); + properties.setEncryptionCryptoProperties(outCryptoProperties); + properties.setCallbackHandler(new TestPwdCallback()); + WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); + client.getOutInterceptors().add(ohandler); + + assertEquals("test", echo.echo("test")); + } + + private Service createService() { + // Create the Service + JaxWsServerFactoryBean factory = new JaxWsServerFactoryBean(); + factory.setServiceBean(new EchoImpl()); + factory.setAddress("local://Echo"); + factory.setTransportId(LocalTransportFactory.TRANSPORT_ID); + Server server = factory.create(); + + Service service = server.getEndpoint().getService(); + service.getInInterceptors().add(new LoggingInInterceptor()); + service.getOutInterceptors().add(new LoggingOutInterceptor()); + + return service; + } + + private Echo createClientProxy() { + JaxWsProxyFactoryBean proxyFac = new JaxWsProxyFactoryBean(); + proxyFac.setServiceClass(Echo.class); + proxyFac.setAddress("local://Echo"); + proxyFac.getClientFactoryBean().setTransportId(LocalTransportFactory.TRANSPORT_ID); + + return (Echo)proxyFac.create(); + } +}