cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf git commit: [CXF-6582] - Support newer symmetric signature algorithms with WS-SecurityPolicy
Date Mon, 07 Sep 2015 14:02:43 GMT
[CXF-6582] - Support newer symmetric signature algorithms with WS-SecurityPolicy


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5fbe7b49
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5fbe7b49
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5fbe7b49

Branch: refs/heads/master
Commit: 5fbe7b49b88deff15f755c15f5a4c421943acc4f
Parents: d86fd8e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Sep 7 15:02:20 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Sep 7 15:02:20 2015 +0100

----------------------------------------------------------------------
 .../cxf/ws/security/SecurityConstants.java      | 11 ++++-
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    | 24 +++++++--
 .../wss4j/PolicyBasedWSS4JOutInterceptor.java   |  6 +++
 .../PolicyBasedWSS4JStaxInInterceptor.java      | 13 +++--
 .../StaxAsymmetricBindingHandler.java           |  5 ++
 .../StaxSymmetricBindingHandler.java            |  5 ++
 .../StaxTransportBindingHandler.java            |  5 ++
 .../cxf/systest/ws/x509/X509TokenTest.java      | 25 ++++++++++
 .../cxf/systest/ws/x509/DoubleItX509.wsdl       | 52 ++++++++++++++++++++
 .../org/apache/cxf/systest/ws/x509/client.xml   |  7 +++
 .../org/apache/cxf/systest/ws/x509/server.xml   |  7 +++
 .../apache/cxf/systest/ws/x509/stax-server.xml  |  8 +++
 12 files changed, 161 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
index 7d6fcdb..c88a4ec 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
@@ -239,6 +239,14 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
      */
     public static final String ASYMMETRIC_SIGNATURE_ALGORITHM = 
         "ws-security.asymmetric.signature.algorithm";
+    
+    /**
+     * This configuration tag allows the user to override the default Symmetric Signature

+     * algorithm (HMAC-SHA1) for use in WS-SecurityPolicy, as the WS-SecurityPolicy specification
+     * does not allow the use of other algorithms at present.
+     */
+    public static final String SYMMETRIC_SIGNATURE_ALGORITHM = 
+        "ws-security.symmetric.signature.algorithm";
 
     /**
      * This holds a reference to a PasswordEncryptor instance, which is used to encrypt or

@@ -381,7 +389,8 @@ public final class SecurityConstants extends org.apache.cxf.rt.security.Security
             SAML_ONE_TIME_USE_CACHE_INSTANCE, ENABLE_STREAMING_SECURITY, RETURN_SECURITY_ERROR,
             CACHE_IDENTIFIER, DELEGATED_CREDENTIAL, KERBEROS_USE_CREDENTIAL_DELEGATION, 
             KERBEROS_IS_USERNAME_IN_SERVICENAME_FORM, KERBEROS_REQUEST_CREDENTIAL_DELEGATION,

-            POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM
+            POLICY_VALIDATOR_MAP, STORE_BYTES_IN_ATTACHMENT, USE_ATTACHMENT_ENCRYPTION_CONTENT_ONLY_TRANSFORM,
+            SYMMETRIC_SIGNATURE_ALGORITHM
         }));
         for (String commonProperty : COMMON_PROPERTIES) {
             s.add(commonProperty);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 96b58b3..9d2f27b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -361,12 +361,23 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         AlgorithmSuiteTranslater translater = new AlgorithmSuiteTranslater();
         translater.translateAlgorithmSuites(message.get(AssertionInfoMap.class), data);
         
-        // Allow for setting non-standard asymmetric signature algorithms
+        // Allow for setting non-standard signature algorithms
+        boolean asymmAlgSet = false;
         String asymSignatureAlgorithm = 
             (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
         if (asymSignatureAlgorithm != null && data.getAlgorithmSuite() != null) {
             data.getAlgorithmSuite().getSignatureMethods().clear();
             data.getAlgorithmSuite().getSignatureMethods().add(asymSignatureAlgorithm);
+            asymmAlgSet = true;
+        }
+        
+        String symSignatureAlgorithm = 
+            (String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+        if (symSignatureAlgorithm != null && data.getAlgorithmSuite() != null) {
+            if (!asymmAlgSet) {
+                data.getAlgorithmSuite().getSignatureMethods().clear();
+            }
+            data.getAlgorithmSuite().getSignatureMethods().add(symSignatureAlgorithm);
         }
     }
 
@@ -389,13 +400,20 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
             // Allow for setting non-standard asymmetric signature algorithms
             String asymSignatureAlgorithm = 
                 (String)message.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
-            if (asymSignatureAlgorithm != null) {
+            String symSignatureAlgorithm = 
+                (String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+            if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
                 Collection<AssertionInfo> algorithmSuites = 
                     aim.get(SP12Constants.ALGORITHM_SUITE);
                 if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
                     for (AssertionInfo algorithmSuite : algorithmSuites) {
                         AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
-                        algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+                        if (asymSignatureAlgorithm != null) {
+                            algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+                        }
+                        if (symSignatureAlgorithm != null) {
+                            algSuite.setSymmetricSignature(symSignatureAlgorithm);
+                        }
                     }
                 }
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index d406ae8..42e9ab4 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -172,6 +172,12 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
                 if (asymSignatureAlgorithm != null && binding.getAlgorithmSuite()
!= null) {
                     binding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
                 }
+                
+                String symSignatureAlgorithm = 
+                    (String)message.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+                if (symSignatureAlgorithm != null && binding.getAlgorithmSuite()
!= null) {
+                    binding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+                }
 
                 try {
                     if (binding instanceof TransportBinding) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 7d5efa2..698f548 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -257,16 +257,23 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         checkSymmetricBinding(aim, msg, securityProperties);
         checkTransportBinding(aim, msg, securityProperties);
         
-        // Allow for setting non-standard asymmetric signature algorithms
+        // Allow for setting non-standard signature algorithms
         String asymSignatureAlgorithm = 
             (String)msg.getContextualProperty(SecurityConstants.ASYMMETRIC_SIGNATURE_ALGORITHM);
-        if (asymSignatureAlgorithm != null) {
+        String symSignatureAlgorithm = 
+            (String)msg.getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+        if (asymSignatureAlgorithm != null || symSignatureAlgorithm != null) {
             Collection<AssertionInfo> algorithmSuites = 
                 aim.get(SP12Constants.ALGORITHM_SUITE);
             if (algorithmSuites != null && !algorithmSuites.isEmpty()) {
                 for (AssertionInfo algorithmSuite : algorithmSuites) {
                     AlgorithmSuite algSuite = (AlgorithmSuite)algorithmSuite.getAssertion();
-                    algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+                    if (asymSignatureAlgorithm != null) {
+                        algSuite.setAsymmetricSignature(asymSignatureAlgorithm);
+                    }
+                    if (symSignatureAlgorithm != null) {
+                        algSuite.setSymmetricSignature(symSignatureAlgorithm);
+                    }
                 }
             }
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index ab4537e..771c5e2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -90,6 +90,11 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler
{
         if (asymSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null)
{
             abinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
         }
+        String symSignatureAlgorithm = 
+            (String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+        if (symSignatureAlgorithm != null && abinding.getAlgorithmSuite() != null)
{
+            abinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+        }
         
         if (abinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index 118be9b..32a038b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -113,6 +113,11 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler
{
         if (asymSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null)
{
             sbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
         }
+        String symSignatureAlgorithm = 
+            (String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+        if (symSignatureAlgorithm != null && sbinding.getAlgorithmSuite() != null)
{
+            sbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+        }
         
         // Set up CallbackHandler which wraps the configured Handler
         WSSSecurityProperties properties = getProperties();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index 9c35d2c..4f6ba2d 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -95,6 +95,11 @@ public class StaxTransportBindingHandler extends AbstractStaxBindingHandler
{
                 if (asymSignatureAlgorithm != null && tbinding.getAlgorithmSuite()
!= null) {
                     tbinding.getAlgorithmSuite().setAsymmetricSignature(asymSignatureAlgorithm);
                 }
+                String symSignatureAlgorithm = 
+                    (String)getMessage().getContextualProperty(SecurityConstants.SYMMETRIC_SIGNATURE_ALGORITHM);
+                if (symSignatureAlgorithm != null && tbinding.getAlgorithmSuite()
!= null) {
+                    tbinding.getAlgorithmSuite().setSymmetricSignature(symSignatureAlgorithm);
+                }
                 
                 TransportToken token = tbinding.getTransportToken();
                 if (token.getToken() instanceof IssuedToken) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
index 808ef07..4fb6422 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java
@@ -442,6 +442,31 @@ public class X509TokenTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testSymmetric256() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = X509TokenTest.class.getResource("client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl");
+        Service service = Service.create(wsdl, SERVICE_QNAME);
+        QName portQName = new QName(NAMESPACE, "DoubleItSymmetric256Port");
+        DoubleItPortType x509Port = 
+                service.getPort(portQName, DoubleItPortType.class);
+        updateAddressPort(x509Port, test.getPort());
+        
+        if (!test.isStreaming()) {
+            x509Port.doubleIt(25);
+        }
+        
+        ((java.io.Closeable)x509Port).close();
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testAsymmetricIssuerSerial() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
index 172b1bd..dcf01b2 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl
@@ -199,6 +199,24 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItSymmetric256Binding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSymmetric256Policy"/>
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction=""/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Input_Policy"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+                <wsp:PolicyReference URI="#DoubleItBinding_DoubleIt_Output_Policy"/>
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault"/>
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:binding name="DoubleItAsymmetricIssuerSerialBinding" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#DoubleItAsymmetricIssuerSerialPolicy"/>
         <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
@@ -638,6 +656,9 @@
         <wsdl:port name="DoubleItContentEncryptedElementsPort" binding="tns:DoubleItContentEncryptedElementsBinding">
             <soap:address location="http://localhost:9001/DoubleItX509ContentEncryptedElements"/>
         </wsdl:port>
+        <wsdl:port name="DoubleItSymmetric256Port" binding="tns:DoubleItSymmetric256Binding">
+            <soap:address location="http://localhost:9001/DoubleItX509Symmetric256"/>
+        </wsdl:port>
         <wsdl:port name="DoubleItAsymmetricIssuerSerialPort" binding="tns:DoubleItAsymmetricIssuerSerialBinding">
             <soap:address location="http://localhost:9001/DoubleItX509Asymmetric"/>
         </wsdl:port>
@@ -1015,6 +1036,37 @@
             </wsp:All>
         </wsp:ExactlyOne>
     </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItSymmetric256Policy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SymmetricBinding>
+                    <wsp:Policy>
+                        <sp:ProtectionToken>
+                            <wsp:Policy>
+                                <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10/>
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:ProtectionToken>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax/>
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp/>
+                        <sp:OnlySignEntireHeadersAndBody/>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128Sha256/>
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                    </wsp:Policy>
+                </sp:SymmetricBinding>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
     <wsp:Policy wsu:Id="DoubleItAsymmetricIssuerSerialPolicy">
         <wsp:ExactlyOne>
             <wsp:All>

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
index ab037e4..c3e58f8 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client.xml
@@ -96,6 +96,13 @@
             <entry key="security.encryption.username" value="bob"/>
         </jaxws:properties>
     </jaxws:client>
+    <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItSymmetric256Port"
createdFromAPI="true">
+        <jaxws:properties>
+            <entry key="security.encryption.properties" value="bob.properties"/>
+            <entry key="security.encryption.username" value="bob"/>
+            <entry key="ws-security.symmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+        </jaxws:properties>
+    </jaxws:client>
     <jaxws:client name="{http://www.example.org/contract/DoubleIt}DoubleItAsymmetricIssuerSerialPort"
createdFromAPI="true">
         <jaxws:properties>
             <entry key="security.encryption.properties" value="bob.properties"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
index 57bb8f0..fa2796b 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server.xml
@@ -111,6 +111,13 @@
             <entry key="security.signature.properties" value="bob.properties"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric256"
address="http://localhost:${testutil.ports.x509.Server}/DoubleItX509Symmetric256" serviceName="s:DoubleItService"
endpointName="s:DoubleItSymmetric256Port" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+            <entry key="ws-security.symmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Asymmetric"
address="http://localhost:${testutil.ports.x509.Server}/DoubleItX509Asymmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItAsymmetricIssuerSerialPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>

http://git-wip-us.apache.org/repos/asf/cxf/blob/5fbe7b49/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
index 94a886d..6c770d9 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server.xml
@@ -122,6 +122,14 @@
             <entry key="ws-security.enable.streaming" value="true"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Symmetric256"
address="http://localhost:${testutil.ports.x509.StaxServer}/DoubleItX509Symmetric256" serviceName="s:DoubleItService"
endpointName="s:DoubleItSymmetric256Port" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
+        <jaxws:properties>
+            <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>
+            <entry key="security.signature.properties" value="bob.properties"/>
+            <entry key="ws-security.enable.streaming" value="true"/>
+            <entry key="ws-security.symmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+        </jaxws:properties>
+    </jaxws:endpoint>
     <jaxws:endpoint xmlns:s="http://www.example.org/contract/DoubleIt" id="Asymmetric"
address="http://localhost:${testutil.ports.x509.StaxServer}/DoubleItX509Asymmetric" serviceName="s:DoubleItService"
endpointName="s:DoubleItAsymmetricIssuerSerialPort" implementor="org.apache.cxf.systest.ws.common.DoubleItImpl"
wsdlLocation="org/apache/cxf/systest/ws/x509/DoubleItX509.wsdl">
         <jaxws:properties>
             <entry key="security.callback-handler" value="org.apache.cxf.systest.ws.common.KeystorePasswordCallback"/>


Mime
View raw message