Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Fri, 07 Aug 2015 15:49:35 -0000
Message-Id: <33d6a4bc5ddb4cf4b568850fe3a855e4@git.apache.org>
In-Reply-To: <51cab58be23a46e39a0612c094edb4ce@git.apache.org>
References: <51cab58be23a46e39a0612c094edb4ce@git.apache.org>
Subject: [2/3] cxf git commit: [CXF-6525] - Support for
 http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only
 when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.

[CXF-6525] - Support for http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.

Conflicts:
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
	rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6336e4a6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6336e4a6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6336e4a6

Branch: refs/heads/3.0.x-fixes
Commit: 6336e4a60ed6cfe5a2ab3aea78c6556a359d7c3c
Parents: 63d9858
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Aug 7 15:39:15 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Aug 7 15:44:29 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      | 16 ++++++++++-
 .../policyhandlers/AbstractBindingBuilder.java  | 17 +++++++++++-
 .../AbstractStaxBindingHandler.java             |  4 +++
 .../cxf/systest/ws/swa/SWAPolicyTest.java       | 29 ++++++++++++++++++++
 .../apache/cxf/systest/ws/swa/DoubleItSwa.wsdl  |  3 ++
 .../apache/cxf/systest/ws/swa/policy-client.xml |  8 ++++++
 .../apache/cxf/systest/ws/swa/policy-server.xml | 11 ++++++++
 .../cxf/systest/ws/swa/stax-policy-server.xml   | 12 ++++++++
 8 files changed, 98 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 72d8f55..c00f0ae 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -252,6 +252,15 @@ public final class SecurityConstants {
      * skipped. MTOM must be enabled for this to work. This only applies to the DOM WS-Security stack.
      */
     public static final String STORE_BYTES_IN_ATTACHMENT = "ws-security.store.bytes.in.attachment";
+    
+    /**
+     * This configuration flag allows the user to decide whether the default Attachment-Complete 
+     * transform or the Attachment-Content-Only transform should be used when an Attachment is encrypted 
+     * via a WS-SecurityPolicy expression. The default is "false", meaning that the "complete" 
+     * transformation is used.
+     */
+    public static final String USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM = 
+        "ws-security.swa.encryption.attachment.transform.content";
 
     //
     // Non-boolean WS-Security Configuration parameters
@@ -373,7 +382,7 @@ public final class SecurityConstants {
      */
     public static final String ASYMMETRIC_SIGNATURE_ALGORITHM = 
         "ws-security.asymmetric.signature.algorithm";
-    
+
     /**
      * This holds a reference to a PasswordEncryptor instance, which is used to encrypt or 
      * decrypt passwords in the Merlin Crypto implementation (or any custom Crypto implementations).
@@ -657,8 +666,13 @@ public final class SecurityConstants {
             CACHE_IDENTIFIER, CACHE_ISSUED_TOKEN_IN_ENDPOINT, PREFER_WSMEX_OVER_STS_CLIENT_CONFIG,
             DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, 
             KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, STS_TOKEN_IMMINENT_EXPIRY_VALUE,
+<<<<<<< HEAD
             KERBEROS_REQUEST_CREDENTIAL_DELEGATION, ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL,
             AUDIENCE_RESTRICTION_VALIDATION, STORE_BYTES_IN_ATTACHMENT
+=======
+            KERBEROS_REQUEST_CREDENTIAL_DELEGATION, POLICY_VALIDATOR_MAP,
+            STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
+>>>>>>> eafa719... [CXF-6525] - Support for http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 072b2ae..f084f99 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -169,7 +169,12 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected Element topDownElement;
     protected Element bstElement;
     protected Element lastEncryptedKeyElement;
+<<<<<<< HEAD
     
+=======
+
+    protected final CallbackLookup callbackLookup;
+>>>>>>> eafa719... [CXF-6525] - Support for http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
     protected boolean storeBytesInAttachment;
     
     private Element lastSupportingTokenElement;
@@ -1087,11 +1092,21 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                                                             "Header");
                 signedParts.add(wep);
             }
-            
+
             Attachments attachments = parts.getAttachments();
             if (attachments != null) {
+<<<<<<< HEAD
                 WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", "Element");
                 signedParts.add(wep);
+=======
+                String encModifier = "Element";
+                if (MessageUtils.getContextualBoolean(
+                    message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
+                    encModifier = "Content";
+                }
+                WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", encModifier);
+                securedParts.add(wep);
+>>>>>>> eafa719... [CXF-6525] - Support for http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only when using WSS-Policy. Thanks to Christian Koch for the patch. Tests added.
             }
         }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index fb12cbe..b1f59c3cb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -938,6 +938,10 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
             Attachments attachments = parts.getAttachments();
             if (attachments != null) {
                 SecurePart securePart = new SecurePart("cid:Attachments", Modifier.Element);
+                if (MessageUtils.getContextualBoolean(
+                    message, SecurityConstants.USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM, false)) {
+                    securePart.setModifier(Modifier.Content);
+                }
                 securePart.setRequired(false);
                 encryptedParts.add(securePart);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
index 99ef60e..0cac3cc 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java
@@ -176,6 +176,35 @@ public class SWAPolicyTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testSWAEncryptionContentPolicy() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = SWAPolicyTest.class.getResource("policy-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSWAEncryptionContentPolicyPort");
+        DoubleItSwaPortType port = 
+                service.getPort(portQName, DoubleItSwaPortType.class);
+        updateAddressPort(port, test.getPort());
+        
+        if (test.isStreaming()) {
+            enableStreaming(port);
+        }
+        
+        DoubleIt3 doubleIt = new DoubleIt3();
+        doubleIt.setNumberToDouble(25);
+        port.doubleIt3(doubleIt, "12345".getBytes());
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testSWACombinedPolicy() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
index d48f2c7..204bcc2 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl
@@ -214,6 +214,9 @@
         <wsdl:port name="DoubleItSWAEncryptionPolicyPort" binding="tns:DoubleItEncryptionBinding">
             <soap:address location="http://localhost:9001/DoubleItSWAEncryptionPolicy"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItSWAEncryptionContentPolicyPort" binding="tns:DoubleItEncryptionBinding">
+            <soap:address location="http://localhost:9001/DoubleItSWAEncryptionContentPolicy"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItSWACombinedPolicyPort" binding="tns:DoubleItCombinedBinding">
             <soap:address location="http://localhost:9001/DoubleItSWACombinedPolicy"/>
         </wsdl:port>

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
index 91a20da..7bee138 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-client.xml
@@ -46,6 +46,14 @@
         </jaxws:properties>
     </jaxws:client>
     
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSWAEncryptionContentPolicyPort" createdFromAPI="true">
+         <jaxws:properties>
+            <entry key="security.encryption.properties" value="bob.properties"/>
+            <entry key="security.encryption.username" value="bob"/>
+            <entry key="ws-security.swa.encryption.attachment.transform.content" value="true"/>
+        </jaxws:properties>
+    </jaxws:client>
+    
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSWACombinedPolicyPort" createdFromAPI="true">
          <jaxws:properties>
             <entry key="ws-security.encryption.properties" value="bob.properties"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
index 12b7180..817cf97 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server.xml
@@ -59,6 +59,17 @@
         </jaxws:properties>
     </jaxws:endpoint>
     
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="EncryptionContentPolicy" 
+        address="http://localhost:${testutil.ports.swa.PolicyServer}/DoubleItSWAEncryptionContentPolicy" 
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSWAEncryptionContentPolicyPort" 
+        implementor="org.apache.cxf.systest.ws.swa.DoubleIt3Impl" 
+        wsdlLocation="org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="CombinedPolicy" 
         address="http://localhost:${testutil.ports.swa.PolicyServer}/DoubleItSWACombinedPolicy" 
         serviceName="s:DoubleItService" endpointName="s:DoubleItSWACombinedPolicyPort" 

http://git-wip-us.apache.org/repos/asf/cxf/blob/6336e4a6/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
index b96a776..c587417 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server.xml
@@ -62,6 +62,18 @@
         </jaxws:properties>
     </jaxws:endpoint>
     
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="EncryptionContentPolicy" 
+        address="http://localhost:${testutil.ports.swa.StaxPolicyServer}/DoubleItSWAEncryptionContentPolicy" 
+        serviceName="s:DoubleItService" endpointName="s:DoubleItSWAEncryptionContentPolicyPort" 
+        implementor="org.apache.cxf.systest.ws.swa.DoubleIt3Impl" 
+        wsdlLocation="org/apache/cxf/systest/ws/swa/DoubleItSwa.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
+    
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="CombinedPolicy" 
         address="http://localhost:${testutil.ports.swa.StaxPolicyServer}/DoubleItSWACombinedPolicy" 
         serviceName="s:DoubleItService" endpointName="s:DoubleItSWACombinedPolicyPort"