cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/3] cxf git commit: Adding some modified request testing for WS-Security
Date Fri, 23 Jan 2015 17:15:43 GMT
Adding some modified request testing for WS-Security

Conflicts:
	systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
	systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d90bfa10
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d90bfa10
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d90bfa10

Branch: refs/heads/2.7.x-fixes
Commit: d90bfa10439b0dc3333439816dd1dda417672bd3
Parents: 6a79c36
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jan 23 16:34:53 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jan 23 16:48:12 2015 +0000

----------------------------------------------------------------------
 .../ws/common/KeystorePasswordCallback.java     |  73 ++++
 .../fault/AbstractModifyRequestInterceptor.java | 102 ++++++
 .../systest/ws/fault/ModifiedRequestServer.java |  47 +++
 .../systest/ws/fault/ModifiedRequestTest.java   | 335 +++++++++++++++++++
 .../cxf/systest/ws/fault/DoubleItFault.wsdl     |  69 ++++
 .../cxf/systest/ws/fault/client-untrusted.xml   |  37 ++
 .../org/apache/cxf/systest/ws/fault/client.xml  |  51 +++
 .../cxf/systest/ws/fault/modified-server.xml    |  38 +++
 8 files changed, 752 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
new file mode 100644
index 0000000..511155a
--- /dev/null
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/common/KeystorePasswordCallback.java
@@ -0,0 +1,73 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.common;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+/**
+ * A CallbackHandler implementation for keystores.
+ */
+public class KeystorePasswordCallback implements CallbackHandler {
+    
+    private Map<String, String> passwords = 
+        new HashMap<String, String>();
+    
+    public KeystorePasswordCallback() {
+        passwords.put("Alice", "abcd!1234");
+        passwords.put("alice", "password");
+        passwords.put("Bob", "abcd!1234");
+        passwords.put("bob", "password");
+        passwords.put("abcd", "dcba");
+        passwords.put("6e0e88f36ebb8744d470f62f604d03ea4ebe5094", "password");
+        passwords.put("wss40rev", "security");
+        passwords.put("morpit", "password");
+    }
+
+    /**
+     * It attempts to get the password from the private 
+     * alias/passwords map.
+     */
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        for (int i = 0; i < callbacks.length; i++) {
+            WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+            if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
+                pc.setPassword("this-is-a-secret");
+            } else {
+                String pass = passwords.get(pc.getIdentifier());
+                if (pass != null) {
+                    pc.setPassword(pass);
+                    return;
+                } else {
+                    pc.setPassword("password");
+                }
+            }
+        }
+    }
+    
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
new file mode 100644
index 0000000..53432e9
--- /dev/null
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/AbstractModifyRequestInterceptor.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.fault;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPHeaderElement;
+import javax.xml.soap.SOAPMessage;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.binding.soap.saaj.SAAJUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
+import org.apache.wss4j.dom.WSConstants;
+
+public abstract class AbstractModifyRequestInterceptor implements PhaseInterceptor<SoapMessage>
{
+    
+    private static final QName SEC_HEADER = 
+        new QName(WSConstants.WSSE_NS, WSConstants.WSSE_LN, WSConstants.WSSE_PREFIX);
+    private Set<String> afterInterceptors = new HashSet<String>();
+    
+    public AbstractModifyRequestInterceptor() {
+        getAfter().add(PolicyBasedWSS4JOutInterceptor.class.getName());
+    }
+    
+    public void handleMessage(SoapMessage mc) throws Fault {
+        SOAPMessage saaj = mc.getContent(SOAPMessage.class);
+        try {
+            Iterator<?> secHeadersIterator = 
+                SAAJUtils.getHeader(saaj).getChildElements(SEC_HEADER);
+            if (secHeadersIterator.hasNext()) {
+                SOAPHeaderElement securityHeader = 
+                    (SOAPHeaderElement)secHeadersIterator.next();
+                modifySecurityHeader(securityHeader);
+            }
+            
+            modifySOAPBody(SAAJUtils.getBody(saaj));
+        } catch (SOAPException ex) {
+            throw new Fault(ex);
+        }
+    }
+    
+    public abstract void modifySecurityHeader(Element securityHeader);
+    
+    public abstract void modifySOAPBody(Element soapBody);
+
+    public void clear() {
+    }
+    
+    public void handleFault(SoapMessage arg0) {
+        // Complete
+    }
+
+    public Collection<PhaseInterceptor<? extends Message>> getAdditionalInterceptors()
{
+        return null;
+    }
+
+    public Set<String> getAfter() {
+        return afterInterceptors;
+    }
+
+    public Set<String> getBefore() {
+        return Collections.emptySet();
+    }
+
+    public String getId() {
+        return AbstractModifyRequestInterceptor.class.getName();
+    }
+
+    public String getPhase() {
+        return Phase.PRE_PROTOCOL_ENDING;
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
new file mode 100644
index 0000000..ab2009b
--- /dev/null
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java
@@ -0,0 +1,47 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.fault;
+
+import java.net.URL;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.testutil.common.AbstractBusTestServerBase;
+
+public class ModifiedRequestServer extends AbstractBusTestServerBase {
+
+    public ModifiedRequestServer() {
+
+    }
+
+    protected void run()  {
+        URL busFile = ModifiedRequestServer.class.getResource("modified-server.xml");
+        Bus busLocal = new SpringBusFactory().createBus(busFile);
+        BusFactory.setDefaultBus(busLocal);
+        setBus(busLocal);
+
+        try {
+            new ModifiedRequestServer();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
new file mode 100644
index 0000000..9523c47
--- /dev/null
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java
@@ -0,0 +1,335 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.ws.fault;
+
+import java.net.URL;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Iterator;
+
+import javax.xml.datatype.Duration;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPFault;
+import javax.xml.ws.Service;
+import javax.xml.ws.soap.SOAPFaultException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.systest.ws.common.SecurityTestUtil;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
+import org.example.contract.doubleit.DoubleItFault;
+import org.example.contract.doubleit.DoubleItPortType;
+import org.junit.BeforeClass;
+
+/**
+ * Some tests for modified requests
+ */
+public class ModifiedRequestTest extends AbstractBusClientServerTestBase {
+    static final String PORT = allocatePort(ModifiedRequestServer.class);
+    
+    private static final String NAMESPACE = "http://www.example.org/contract/DoubleIt";
+    private static final QName SERVICE_QNAME = new QName(NAMESPACE, "DoubleItService");
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork
+            launchServer(ModifiedRequestServer.class, true)
+        );
+    }
+    
+    @org.junit.AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @org.junit.Test
+    public void testModifiedSignedTimestamp() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        Client cxfClient = ClientProxy.getClient(port);
+        ModifiedTimestampInterceptor modifyInterceptor = 
+            new ModifiedTimestampInterceptor();
+        cxfClient.getOutInterceptors().add(modifyInterceptor);
+        
+        makeInvocation(port);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testModifiedSignature() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        Client cxfClient = ClientProxy.getClient(port);
+        ModifiedSignatureInterceptor modifyInterceptor = 
+            new ModifiedSignatureInterceptor();
+        cxfClient.getOutInterceptors().add(modifyInterceptor);
+        
+        makeInvocation(port);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testUntrustedSignature() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ModifiedRequestTest.class.getResource("client-untrusted.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        makeInvocation(port);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testModifiedEncryptedKey() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        Client cxfClient = ClientProxy.getClient(port);
+        ModifiedEncryptedKeyInterceptor modifyInterceptor = 
+            new ModifiedEncryptedKeyInterceptor();
+        cxfClient.getOutInterceptors().add(modifyInterceptor);
+        
+        makeInvocation(port);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testModifiedEncryptedSOAPBody() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = ModifiedRequestTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort");
+        DoubleItPortType port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(port, PORT);
+        
+        Client cxfClient = ClientProxy.getClient(port);
+        ModifiedEncryptedSOAPBody modifyInterceptor = 
+            new ModifiedEncryptedSOAPBody();
+        cxfClient.getOutInterceptors().add(modifyInterceptor);
+        
+        makeInvocation(port);
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    private void makeInvocation(DoubleItPortType port) throws DoubleItFault {
+        try {
+            port.doubleIt(25);
+            fail("Expected failure on a modified request");
+        } catch (SOAPFaultException ex) {
+            SOAPFault fault = ex.getFault();
+            assertEquals("soap:Sender", fault.getFaultCode());
+            assertEquals("The signature or decryption was invalid", fault.getFaultString());
+            Iterator<?> subcodeIterator = fault.getFaultSubcodes();
+            assertTrue(subcodeIterator.hasNext());
+            Object subcode = subcodeIterator.next();
+            assertEquals(WSSecurityException.FAILED_CHECK, subcode);
+            assertFalse(subcodeIterator.hasNext());
+        }
+    }
+    
+    private static class ModifiedTimestampInterceptor extends AbstractModifyRequestInterceptor
{
+
+        @Override
+        public void modifySecurityHeader(Element securityHeader) {
+            if (securityHeader != null) {
+                // Find the Timestamp + change it.
+                
+                Element timestampElement = 
+                    WSSecurityUtil.findElement(securityHeader, "Timestamp", WSConstants.WSU_NS);
+                Element createdValue = 
+                    WSSecurityUtil.findElement(timestampElement, "Created", WSConstants.WSU_NS);
+                DateFormat zulu = new XmlSchemaDateFormat();
+                
+                XMLGregorianCalendar createdCalendar = 
+                    WSSConfig.datatypeFactory.newXMLGregorianCalendar(createdValue.getTextContent());
+                // Add 5 seconds
+                Duration duration = WSSConfig.datatypeFactory.newDuration(5000L);
+                createdCalendar.add(duration);
+                Date createdDate = createdCalendar.toGregorianCalendar().getTime();
+                createdValue.setTextContent(zulu.format(createdDate));
+            }
+        }
+        
+        public void modifySOAPBody(Element soapBody) {
+            //
+        }
+    }
+    
+    private static class ModifiedSignatureInterceptor extends AbstractModifyRequestInterceptor
{
+
+        @Override
+        public void modifySecurityHeader(Element securityHeader) {
+            if (securityHeader != null) {
+                Element signatureElement = 
+                    WSSecurityUtil.findElement(securityHeader, "Signature", WSConstants.SIG_NS);
+                
+                Node firstChild = signatureElement.getFirstChild();
+                while (!(firstChild instanceof Element) && firstChild != null) {
+                    firstChild = signatureElement.getNextSibling();
+                }
+                ((Element)firstChild).setAttributeNS(null, "Id", "xyz");
+            }
+        }
+        
+        public void modifySOAPBody(Element soapBody) {
+            //
+        }
+    }
+    
+    private static class ModifiedEncryptedKeyInterceptor extends AbstractModifyRequestInterceptor
{
+
+        @Override
+        public void modifySecurityHeader(Element securityHeader) {
+            if (securityHeader != null) {
+                Element encryptedKey = 
+                    WSSecurityUtil.findElement(securityHeader, "EncryptedKey", WSConstants.ENC_NS);
+                Element cipherValue = 
+                    WSSecurityUtil.findElement(encryptedKey, "CipherValue", WSConstants.ENC_NS);
+                String cipherText = cipherValue.getTextContent();
+                
+                StringBuilder stringBuilder = new StringBuilder(cipherText);
+                int index = stringBuilder.length() / 2;
+                char ch = stringBuilder.charAt(index);
+                if (ch != 'A') {
+                    ch = 'A';
+                } else {
+                    ch = 'B';
+                }
+                stringBuilder.setCharAt(index, ch);
+                cipherValue.setTextContent(stringBuilder.toString());
+            }
+        }
+        
+        public void modifySOAPBody(Element soapBody) {
+            //
+        }
+        
+    }
+    
+    private static class ModifiedEncryptedSOAPBody extends AbstractModifyRequestInterceptor
{
+
+        @Override
+        public void modifySecurityHeader(Element securityHeader) {
+           //
+        }
+        
+        public void modifySOAPBody(Element soapBody) {
+            if (soapBody != null) {
+                Element cipherValue = 
+                    WSSecurityUtil.findElement(soapBody, "CipherValue", WSConstants.ENC_NS);
+                String cipherText = cipherValue.getTextContent();
+                
+                StringBuilder stringBuilder = new StringBuilder(cipherText);
+                int index = stringBuilder.length() / 2;
+                char ch = stringBuilder.charAt(index);
+                if (ch != 'A') {
+                    ch = 'A';
+                } else {
+                    ch = 'B';
+                }
+                stringBuilder.setCharAt(index, ch);
+                cipherValue.setTextContent(stringBuilder.toString());
+            }
+        }
+        
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
index 0608d14..7d3ef5d 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl
@@ -92,7 +92,28 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+<<<<<<< HEAD
     
+=======
+    <wsdl:binding name="DoubleItAsymmetricBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItAsymmetricPolicy"/>
+        <soap12:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap12:operation soapAction="" style="document"/>
+            <wsdl:input>
+                <soap12:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap12:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap12:fault use="literal" name="DoubleItFault"/>
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
+>>>>>>> c748748... Adding some modified request testing for WS-Security
     <wsdl:service name="DoubleItService">
         <wsdl:port name="DoubleItSoap11Port" binding="tns:DoubleItSoap11Binding">
             <soap:address location="http://localhost:9009/DoubleItSoap11" />
@@ -103,6 +124,9 @@
         <wsdl:port name="DoubleItSoap12DispatchPort" binding="tns:DoubleItSoap12DispatchBinding">
             <soap12:address location="http://localhost:9009/DoubleItSoap12Dispatch" />
         </wsdl:port>
+        <wsdl:port name="DoubleItAsymmetricPort" binding="tns:DoubleItAsymmetricBinding">
+            <soap12:address location="http://localhost:9009/DoubleItAsymmetric"/>
+        </wsdl:port>
     </wsdl:service>
 
     <wsp:Policy wsu:Id="DoubleItPlaintextPolicy">
@@ -148,7 +172,52 @@
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>
+<<<<<<< HEAD
     
+=======
+    <wsp:Policy wsu:Id="DoubleItAsymmetricPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding>
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10/>
+                                        <sp:RequireIssuerSerialReference/>
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10/>
+                                        <sp:RequireIssuerSerialReference/>
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                        <sp:OnlySignEntireHeadersAndBody/>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+>>>>>>> c748748... Adding some modified request testing for WS-Security
     <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
       <wsp:ExactlyOne>
          <wsp:All>

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
new file mode 100644
index 0000000..9ed4ae4
--- /dev/null
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="           http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd
          http://cxf.apache.org/jaxws                           http://cxf.apache.org/schemas/jaxws.xsd
          http://cxf.apache.org/transports/http/configuration   http://cxf.apache.org/schemas/configuration/http-conf.xsd
          http://cxf.apache.org/configuration/security          http://cxf.apache.org/schemas/configuration/security.xsd
          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd           http://cxf.apache.org/policy
http://cxf.apache.org/schemas/poli
 cy.xsd">
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.encryption.properties" value="bob-enc.properties"/>
+            <entry key="ws-security.encryption.username" value="bob"/>
+            <entry key="ws-security.signature.properties" value="morpit.properties"/>
+            <entry key="ws-security.signature.username" value="morpit"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+        </jaxws:properties>
+    </jaxws:client>
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
new file mode 100644
index 0000000..8011c39
--- /dev/null
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="           http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd
          http://cxf.apache.org/jaxws                           http://cxf.apache.org/schemas/jaxws.xsd
          http://cxf.apache.org/transports/http/configuration   http://cxf.apache.org/schemas/configuration/http-conf.xsd
          http://cxf.apache.org/configuration/security          http://cxf.apache.org/schemas/configuration/security.xsd
          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd           http://cxf.apache.org/policy
http://cxf.apache.org/schemas/poli
 cy.xsd">
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSoap11Port"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="ws-security.encryption.properties" value="bob.properties"/>
+            <entry key="ws-security.encryption.username" value="bob"/>
+        </jaxws:properties>
+    </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSoap12Port"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="ws-security.encryption.properties" value="bob.properties"/>
+            <entry key="ws-security.encryption.username" value="bob"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricPort"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="ws-security.encryption.properties" value="bob-enc.properties"/>
+            <entry key="ws-security.encryption.username" value="bob"/>
+            <entry key="ws-security.signature.properties" value="alice-enc.properties"/>
+            <entry key="ws-security.signature.username" value="alice"/>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+        </jaxws:properties>
+    </jaxws:client>
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/d90bfa10/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
new file mode 100644
index 0000000..84390e7
--- /dev/null
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation="
        http://www.springframework.org/schema/beans                     http://www.springframework.org/schema/beans/spring-beans.xsd
        http://cxf.apache.org/jaxws                                     http://cxf.apache.org/schemas/jaxws.xsd
        http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd         http://cxf.apache.org/policy
http://cxf.apache.org/schemas/policy.xsd         http://cxf.apache.org/transports/http/configuration
            http://cxf.apache.org/schemas/configuration/http-conf.xsd         http://cxf.apa
 che.org/transports/http-jetty/configuration       http://cxf.apache.org/schemas/configuration/http-jetty.xsd
        http://cxf.apache.org/configuration/security                    http://cxf.apache.org/schemas/configuration/security.xsd
    ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+    <cxf:bus>
+        <cxf:features>
+            <p:policies/>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Asymmetric"
address="http://localhost:${testutil.ports.ModifiedRequestServer}/DoubleItAsymmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItAsymmetricPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/fault/DoubleItFault.wsdl">
+        <jaxws:properties>
+            <entry key="ws-security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="ws-security.signature.properties" value="bob.properties"/>
+            <entry key="ws-security.encryption.properties" value="alice.properties"/>
+            <entry key="ws-security.encryption.username" value="alice"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
+</beans>


Mime
View raw message