cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1513875 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ systests/ws-secu...
Date Wed, 14 Aug 2013 13:32:06 GMT
Author: coheigea
Date: Wed Aug 14 13:32:06 2013
New Revision: 1513875

URL: http://svn.apache.org/r1513875
Log:
[CXF-5200] - Support newer signature algorithms in WS-SecurityPolicy (such as RSA-SHA256)

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
    cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Wed Aug 14 13:32:06 2013
@@ -304,6 +304,14 @@ public final class SecurityConstants {
      */
     public static final String SUBJECT_ROLE_CLASSIFIER_TYPE = "ws-security.role.classifier.type";
     
+    /**
+     * This configuration tag allows the user to override the default Asymmetric Signature

+     * algorithm (RSA-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification
+     * does not allow the use of other algorithms at present.
+     */
+    public static final String ASYMMETRIC_SIGNATURE_ALGORITHM = 
+        "ws-security.asymmetric.signature.algorithm";
+    
     //
     // Validator implementations for validating received security tokens
     //
@@ -486,7 +494,8 @@ public final class SecurityConstants {
             STS_TOKEN_DO_CANCEL, CACHE_ISSUED_TOKEN_IN_ENDPOINT,
             DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, STS_TOKEN_CRYPTO,
             STS_TOKEN_PROPERTIES, STS_TOKEN_USERNAME, STS_TOKEN_ACT_AS, STS_TOKEN_ON_BEHALF_OF,
-            TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND
+            TOKEN, TOKEN_ID, SUBJECT_ROLE_CLASSIFIER, SUBJECT_ROLE_CLASSIFIER_TYPE, MUST_UNDERSTAND,
+            ASYMMETRIC_SIGNATURE_ALGORITHM
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed Aug 14 13:32:06 2013
@@ -43,7 +43,6 @@ import javax.xml.xpath.XPathFactory;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
@@ -94,6 +93,7 @@ import org.apache.wss4j.policy.SP11Const
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
 import org.apache.wss4j.policy.model.Header;
 import org.apache.wss4j.policy.model.RequiredElements;
 import org.apache.wss4j.policy.model.RequiredParts;
@@ -541,6 +541,14 @@ public class PolicyBasedWSS4JInIntercept
     protected void setAlgorithmSuites(SoapMessage message, RequestData data) throws WSSecurityException
{
         AlgorithmSuiteTranslater translater = new AlgorithmSuiteTranslater();
         translater.translateAlgorithmSuites(message.get(AssertionInfoMap.class), data);
+        
+        // Allow for setting non-standard asymmetric signature algorithms
+        String asymSignatureAlgorithm = 
+            (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+        if (asymSignatureAlgorithm != null && data.getAlgorithmSuite() != null) {
+            data.getAlgorithmSuite().getSignatureMethods().clear();
+            data.getAlgorithmSuite().getSignatureMethods().add(asymSignatureAlgorithm);
+        }
     }
 
     protected void computeAction(SoapMessage message, RequestData data) throws WSSecurityException
{
@@ -558,6 +566,21 @@ public class PolicyBasedWSS4JInIntercept
             if ("".equals(action) || (ais != null && !ais.isEmpty())) {
                 action = checkDefaultBinding(aim, action, message);
             }
+            
+            // Allow for setting non-standard asymmetric signature algorithms
+            String asymSignatureAlgorithm = 
+                (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+            if (asymSignatureAlgorithm != null) {
+                Collection<AssertionInfo> algorithmSuites = 
+                    aim.get(SP12Constants.ALGORITHM_SUITE);
+                if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
+                    for (AssertionInfo algorithmSuite : algorithmSuites) {
+                        AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
+                        algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+                    }
+                }
+            }
+            
             checkUsernameToken(aim, message);
             
             // stuff we can default to asserted and un-assert if a condition isn't met

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
Wed Aug 14 13:32:06 2013
@@ -167,6 +167,12 @@ public class PolicyBasedWSS4JOutIntercep
                         config = WSSConfig.getNewInstance();
                     }
                     translateProperties(message);
+                    
+                    String asymSignatureAlgorithm = 
+                        (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+                    if (asymSignatureAlgorithm != null && transport.getAlgorithmSuite()
!= null) {
+                        transport.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+                    }
 
                     if (transport instanceof TransportBinding) {
                         new TransportBindingHandler(config, (TransportBinding)transport,
saaj,

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
Wed Aug 14 13:32:06 2013
@@ -62,6 +62,7 @@ import org.apache.wss4j.policy.SP11Const
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.WSSPolicyException;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
 import org.apache.wss4j.policy.stax.OperationPolicy;
 import org.apache.wss4j.policy.stax.PolicyEnforcer;
 import org.apache.wss4j.policy.stax.PolicyInputProcessor;
@@ -384,6 +385,20 @@ public class PolicyBasedWSS4JStaxInInter
         checkSymmetricBinding(aim, msg);
         checkTransportBinding(aim, msg);
         
+        // Allow for setting non-standard asymmetric signature algorithms
+        String asymSignatureAlgorithm = 
+            (String)msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+        if (asymSignatureAlgorithm != null) {
+            Collection<AssertionInfo> algorithmSuites = 
+                aim.get(SP12Constants.ALGORITHM_SUITE);
+            if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
+                for (AssertionInfo algorithmSuite : algorithmSuites) {
+                    AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
+                    algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+                }
+            }
+        }
+        
         super.configureProperties(msg);
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
Wed Aug 14 13:32:06 2013
@@ -73,6 +73,12 @@ public class StaxAsymmetricBindingHandle
         configureTimestamp(aim);
         abinding = (AsymmetricBinding)getBinding(aim);
         
+        String asymSignatureAlgorithm = 
+            (String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+        if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null)
{
+            abinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+        }
+        
         if (abinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Wed Aug 14 13:32:06 2013
@@ -114,6 +114,12 @@ public class StaxSymmetricBindingHandler
         configureTimestamp(aim);
         sbinding = (SymmetricBinding)getBinding(aim);
         
+        String asymSignatureAlgorithm = 
+            (String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+        if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null)
{
+            sbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+        }
+        
         // Set up CallbackHandler which wraps the configured Handler
         Map<String, Object> config = getProperties();
         TokenStoreCallbackHandler callbackHandler = 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Wed Aug 14 13:32:06 2013
@@ -31,6 +31,7 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.policy.SPConstants;
@@ -76,6 +77,12 @@ public class StaxTransportBindingHandler
         if (this.isRequestor()) {
             tbinding = (TransportBinding)getBinding(aim);
             if (tbinding != null) {
+                String asymSignatureAlgorithm = 
+                    (String)getMessage().getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
+                if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite()
!= null) {
+                    tbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
+                }
+                
                 TransportToken token = tbinding.getTransportToken();
                 if (token.getToken() instanceof IssuedToken) {
                     SecurityToken secToken = getSecurityToken();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxX509TokenTest.java
Wed Aug 14 13:32:06 2013
@@ -301,6 +301,34 @@ public class StaxX509TokenTest extends A
     }
     
     @org.junit.Test
+    public void testAsymmetricSHA256() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSHA256Port");
+        DoubleItPortType x509Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(x509Port, PORT);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
+        
+        ((java.io.Closeable)x509Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testAsymmetricThumbprint() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
(original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
Wed Aug 14 13:32:06 2013
@@ -356,6 +356,34 @@ public class X509TokenTest extends Abstr
     }
     
     @org.junit.Test
+    public void testAsymmetricSHA256() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSHA256Port");
+        DoubleItPortType x509Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(x509Port, PORT);
+        
+        // DOM
+        x509Port.doubleIt(25);
+        
+        // Streaming
+        SecurityTestUtil.enableStreaming(x509Port);
+        x509Port.doubleIt(25);
+        
+        ((java.io.Closeable)x509Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testAsymmetricThumbprint() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
Wed Aug 14 13:32:06 2013
@@ -182,6 +182,25 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItAsymmetricSHA256Binding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItAsymmetricSHA256Policy" />
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:binding name="DoubleItAsymmetricThumbprintBinding" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#DoubleItAsymmetricThumbprintPolicy" />
         <soap:binding style="document"
@@ -491,6 +510,10 @@
                    binding="tns:DoubleItAsymmetricIssuerSerialBinding">
             <soap:address location="http://localhost:9001/DoubleItX509Asymmetric" />
         </wsdl:port>
+        <wsdl:port name="DoubleItAsymmetricSHA256Port" 
+                   binding="tns:DoubleItAsymmetricSHA256Binding">
+            <soap:address location="http://localhost:9001/DoubleItX509AsymmetricSHA256"
/>
+        </wsdl:port>
         <wsdl:port name="DoubleItAsymmetricThumbprintPort" 
                    binding="tns:DoubleItAsymmetricThumbprintBinding">
             <soap:address location="http://localhost:9001/DoubleItX509AsymmetricThumbprint"
/>
@@ -828,6 +851,50 @@
       </wsp:ExactlyOne>
     </wsp:Policy>
     
+    <wsp:Policy wsu:Id="DoubleItAsymmetricSHA256Policy">
+      <wsp:ExactlyOne>
+         <wsp:All>
+            <sp:AsymmetricBinding>
+               <wsp:Policy>
+                  <sp:InitiatorToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:InitiatorToken>
+                  <sp:RecipientToken>
+                     <wsp:Policy>
+                        <sp:X509Token
+                           sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                           <wsp:Policy>
+                              <sp:WssX509V3Token10 />
+                           </wsp:Policy>
+                        </sp:X509Token>
+                     </wsp:Policy>
+                  </sp:RecipientToken>
+                  <sp:Layout>
+                     <wsp:Policy>
+                        <sp:Lax/>
+                     </wsp:Policy>
+                  </sp:Layout>
+                  <sp:IncludeTimestamp/>
+                  <sp:OnlySignEntireHeadersAndBody/>
+                  <sp:AlgorithmSuite>
+                     <wsp:Policy>
+                        <sp:Basic128Sha256 />
+                     </wsp:Policy>
+                  </sp:AlgorithmSuite>
+               </wsp:Policy>
+            </sp:AsymmetricBinding>
+         </wsp:All>
+      </wsp:ExactlyOne>
+    </wsp:Policy>
+    
+    
     <wsp:Policy wsu:Id="DoubleItAsymmetricThumbprintPolicy">
       <wsp:ExactlyOne>
          <wsp:All>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
Wed Aug 14 13:32:06 2013
@@ -115,6 +115,20 @@
        </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricSHA256Port"

+                  createdFromAPI="true">
+       <jaxws:properties>
+           <entry key="ws-security.encryption.properties" value="bob.properties"/>

+           <entry key="ws-security.encryption.username" value="bob"/>
+           <entry key="ws-security.signature.properties" value="alice.properties"/>

+           <entry key="ws-security.signature.username" value="alice"/>
+           <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+           <entry key="ws-security.asymmetric.signature.algorithm" 
+                  value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+       </jaxws:properties>
+    </jaxws:client>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricThumbprintPort"

                   createdFromAPI="true">
        <jaxws:properties>

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
Wed Aug 14 13:32:06 2013
@@ -232,6 +232,27 @@
     </jaxws:endpoint> 
     
     <jaxws:endpoint 
+       id="AsymmetricSHA256"
+       address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricSHA256" 
+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSHA256Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" value="bob.properties"/> 
+          <entry key="ws-security.encryption.properties" value="alice.properties"/>

+          <entry key="ws-security.encryption.username" value="alice"/>
+          <entry key="ws-security.asymmetric.signature.algorithm" 
+                 value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
        id="AsymmetricThumbprint"
        address="http://localhost:${testutil.ports.Server}/DoubleItX509AsymmetricThumbprint"

        serviceName="s:DoubleItService"

Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml?rev=1513875&r1=1513874&r2=1513875&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
(original)
+++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
Wed Aug 14 13:32:06 2013
@@ -241,6 +241,27 @@
     </jaxws:endpoint> 
     
     <jaxws:endpoint 
+       id="AsymmetricSHA256"
+       address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricSHA256"

+       serviceName="s:DoubleItService"
+       endpointName="s:DoubleItAsymmetricSHA256Port"
+       xmlns:s="http://www.example.org/contract/DoubleIt"
+       implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
+       wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        
+       <jaxws:properties>
+          <entry key="ws-security.callback-handler" 
+                  value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+          <entry key="ws-security.signature.properties" value="bob.properties"/> 
+          <entry key="ws-security.encryption.properties" value="alice.properties"/>

+          <entry key="ws-security.encryption.username" value="alice"/>
+          <entry key="ws-security.asymmetric.signature.algorithm" 
+                 value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+       </jaxws:properties> 
+     
+    </jaxws:endpoint> 
+    
+    <jaxws:endpoint 
        id="AsymmetricThumbprint"
        address="http://localhost:${testutil.ports.StaxServer}/DoubleItX509AsymmetricThumbprint"

        serviceName="s:DoubleItService"



Mime
View raw message