cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: Enabling MTOM security tests
Date Wed, 15 Feb 2017 15:08:38 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 003fb1e7d -> 7dbce543a


Enabling MTOM security tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7dbce543
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7dbce543
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7dbce543

Branch: refs/heads/master
Commit: 7dbce543a96c6ec1c6f02ab0530146c3507fa205
Parents: 003fb1e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Feb 15 15:08:27 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Feb 15 15:08:27 2017 +0000

----------------------------------------------------------------------
 .../wss4j/AttachmentCallbackHandler.java        |  19 +++
 .../wss4j/PolicyBasedWSS4JOutInterceptor.java   |  12 --
 .../ws/security/wss4j/WSS4JOutInterceptor.java  |  15 +--
 .../policyhandlers/AbstractBindingBuilder.java  | 115 ++++++++++++-------
 .../AsymmetricBindingHandler.java               |   6 +
 .../policyhandlers/SymmetricBindingHandler.java |   8 ++
 .../policyhandlers/TransportBindingHandler.java |  15 +++
 .../cxf/systest/ws/mtom/MTOMSecurityTest.java   |   4 -
 8 files changed, 127 insertions(+), 67 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
index 705e366..959f119 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java
@@ -34,6 +34,7 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import org.apache.cxf.attachment.AttachmentDataSource;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.message.Attachment;
+import org.apache.wss4j.common.ext.AttachmentRemovalCallback;
 import org.apache.wss4j.common.ext.AttachmentRequestCallback;
 import org.apache.wss4j.common.ext.AttachmentResultCallback;
 
@@ -88,6 +89,24 @@ public class AttachmentCallbackHandler implements CallbackHandler {
                 }
                 attachments.add(securedAttachment);
 
+            } else if (callback instanceof AttachmentRemovalCallback) {
+                AttachmentRemovalCallback attachmentRemovalCallback = (AttachmentRemovalCallback)
callback;
+                String attachmentId = attachmentRemovalCallback.getAttachmentId();
+                if (attachmentId != null) {
+                    final Collection<org.apache.cxf.message.Attachment> attachments
= soapMessage.getAttachments();
+                    // Calling LazyAttachmentCollection.size() here to force it to load the
attachments
+                    if (attachments != null && attachments.size() > 0) {
+                        for (Iterator<org.apache.cxf.message.Attachment> iterator =
attachments.iterator(); 
+                            iterator.hasNext();) {
+                            org.apache.cxf.message.Attachment attachment = iterator.next();
+
+                            if (attachmentId.equals(attachment.getId())) {
+                                iterator.remove();
+                                break;
+                            }
+                        }
+                    }
+                }
             } else {
                 throw new UnsupportedCallbackException(callback, "Unsupported callback");
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index ea11515..7aa2feb 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -28,7 +28,6 @@ import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Element;
-import org.apache.cxf.attachment.AttachmentUtil;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
@@ -128,12 +127,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
                 );
             String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
 
-            if (AttachmentUtil.isMtomEnabled(message) && hasAttachments(message))
{
-                LOG.warning("MTOM is enabled with WS-Security. Please note that if an attachment
is "
-                    + "referenced in the SOAP Body, only the reference will be signed and
not the "
-                    + "SOAP Body!");
-            }
-
             // extract Assertion information
             AbstractBinding binding = PolicyUtils.getSecurityBinding(aim);
 
@@ -203,11 +196,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
 
         }
 
-        private boolean hasAttachments(SoapMessage mc) {
-            final Collection<org.apache.cxf.message.Attachment> attachments = mc.getAttachments();
-            return attachments != null && !attachments.isEmpty();
-        }
-
         public Set<String> getAfter() {
             return Collections.emptySet();
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
index 43fd622..c092906 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
@@ -194,10 +194,12 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
                 reqData.setMsgContext(mc);
                 reqData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc));
 
-                if (AttachmentUtil.isMtomEnabled(mc) && hasAttachments(mc)) {
-                    LOG.warning("MTOM is enabled with WS-Security. Please note that if an
attachment is "
-                        + "referenced in the SOAP Body, only the reference will be signed
and not the "
-                        + "SOAP Body!");
+                // Enable XOP Include unless the user has explicitly configured it
+                if (getString(WSHandlerConstants.EXPAND_XOP_INCLUDE, mc) == null) {
+                    reqData.setExpandXopInclude(AttachmentUtil.isMtomEnabled(mc));
+                }
+                if (getString(WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, mc) == null)
{
+                    reqData.setStoreBytesInAttachment(AttachmentUtil.isMtomEnabled(mc));
                 }
 
                 /*
@@ -291,11 +293,6 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor {
             //nothing
         }
 
-        private boolean hasAttachments(SoapMessage mc) {
-            final Collection<org.apache.cxf.message.Attachment> attachments = mc.getAttachments();
-            return attachments != null && !attachments.isEmpty();
-        }
-
         private void configureActions(SoapMessage mc, boolean doDebug,
                 SoapVersion version, WSSConfig config) {
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index d515f8b..e7b7a66 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -100,6 +100,7 @@ import org.apache.wss4j.common.token.X509Security;
 import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.common.util.XMLUtils;
 import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSDocInfo;
 import org.apache.wss4j.dom.callback.CallbackLookup;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
@@ -178,6 +179,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
 
     protected final CallbackLookup callbackLookup;
     protected boolean storeBytesInAttachment;
+    protected WSDocInfo wsDocInfo;
+    private boolean expandXopInclude;
 
     private Element lastSupportingTokenElement;
     private Element lastDerivedKeyElement;
@@ -205,17 +208,21 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             MessageUtils.getContextualBoolean(
                 message, SecurityConstants.STORE_BYTES_IN_ATTACHMENT, true
             );
-        if (storeBytes && AttachmentUtil.isMtomEnabled(message)) {
+        boolean mtomEnabled = AttachmentUtil.isMtomEnabled(message);
+        if (storeBytes && mtomEnabled) {
             storeBytesInAttachment = true;
             if (binding instanceof AbstractSymmetricAsymmetricBinding
                 && (ProtectionOrder.EncryptBeforeSigning
                     == ((AbstractSymmetricAsymmetricBinding)binding).getProtectionOrder()
                     || ((AbstractSymmetricAsymmetricBinding)binding).isProtectTokens()))
{
                 LOG.fine("Disabling SecurityConstants.STORE_BYTES_IN_ATTACHMENT due to "
-                         + "EncryptBeforeSigning or ProtectTokens policy.");
+                    + "EncryptBeforeSigning or ProtectTokens policy.");
                 storeBytesInAttachment = false;
             }
         }
+        expandXopInclude = mtomEnabled;
+        
+        wsDocInfo = new WSDocInfo(secHeader.getSecurityHeaderElement().getOwnerDocument());
 
         Element soapBody = SAAJUtils.getBody(saaj);
         if (soapBody != null) {
@@ -485,46 +492,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                                             getSignedParts(suppTokens))
                     );
                 } else {
-                    WSSecSignature sig = new WSSecSignature(secHeader);
-                    sig.setIdAllocator(wssConfig.getIdAllocator());
-                    sig.setCallbackLookup(callbackLookup);
-                    sig.setX509Certificate(secToken.getX509Certificate());
-                    sig.setCustomTokenId(id);
-                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                    String tokenType = secToken.getTokenType();
-                    if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                        || WSConstants.SAML_NS.equals(tokenType)) {
-                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                    } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                        || WSConstants.SAML2_NS.equals(tokenType)) {
-                        sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
-                    } else if (tokenType != null) {
-                        sig.setCustomTokenValueType(tokenType);
-                    } else {
-                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                    }
-                    sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
-                    sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
-
-                    Crypto crypto = secToken.getCrypto();
-                    String uname = null;
-                    try {
-                        uname = crypto.getX509Identifier(secToken.getX509Certificate());
-                    } catch (WSSecurityException e1) {
-                        LOG.log(Level.FINE, e1.getMessage(), e1);
-                        throw new Fault(e1);
-                    }
-
-                    String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
-                    sig.setUserInfo(uname, password);
-                    try {
-                        sig.prepare(secToken.getCrypto());
-                    } catch (WSSecurityException e) {
-                        LOG.log(Level.FINE, e.getMessage(), e);
-                        throw new Fault(e);
-                    }
-
-                    ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens)));
+                    ret.add(signSupportingToken(secToken, id, token, suppTokens));
                 }
 
             } else if (token instanceof X509Token) {
@@ -575,6 +543,56 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
 
         return ret;
     }
+    
+    private SupportingToken signSupportingToken(SecurityToken secToken, String id, 
+                                                AbstractToken token, SupportingTokens suppTokens)

+        throws SOAPException {
+        WSSecSignature sig = new WSSecSignature(secHeader);
+        sig.setIdAllocator(wssConfig.getIdAllocator());
+        sig.setCallbackLookup(callbackLookup);
+        sig.setX509Certificate(secToken.getX509Certificate());
+        sig.setCustomTokenId(id);
+        sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+        sig.setWsDocInfo(wsDocInfo);
+        sig.setExpandXopInclude(isExpandXopInclude());
+        sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        sig.setStoreBytesInAttachment(storeBytesInAttachment);
+        
+        String tokenType = secToken.getTokenType();
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+            || WSConstants.SAML_NS.equals(tokenType)) {
+            sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+            || WSConstants.SAML2_NS.equals(tokenType)) {
+            sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+        } else if (tokenType != null) {
+            sig.setCustomTokenValueType(tokenType);
+        } else {
+            sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+        }
+        sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+        sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+        Crypto crypto = secToken.getCrypto();
+        String uname = null;
+        try {
+            uname = crypto.getX509Identifier(secToken.getX509Certificate());
+        } catch (WSSecurityException e1) {
+            LOG.log(Level.FINE, e1.getMessage(), e1);
+            throw new Fault(e1);
+        }
+
+        String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE);
+        sig.setUserInfo(uname, password);
+        try {
+            sig.prepare(secToken.getCrypto());
+        } catch (WSSecurityException e) {
+            LOG.log(Level.FINE, e.getMessage(), e);
+            throw new Fault(e);
+        }
+
+        return new SupportingToken(token, sig, getSignedParts(suppTokens));
+    }
 
     protected void handleUsernameTokenSupportingToken(
         UsernameToken token, boolean endorse, boolean encryptedToken, List<SupportingToken>
ret
@@ -1725,6 +1743,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         sig.setCallbackLookup(callbackLookup);
         sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
         sig.setStoreBytesInAttachment(storeBytesInAttachment);
+        sig.setExpandXopInclude(isExpandXopInclude());
+        sig.setWsDocInfo(wsDocInfo);
+        
         checkForX509PkiPath(sig, token);
         if (token instanceof IssuedToken || token instanceof SamlToken) {
             assertToken(token);
@@ -1947,6 +1968,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         WSSecDKSign dkSign = new WSSecDKSign(secHeader);
         dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
+        dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+        dkSign.setExpandXopInclude(isExpandXopInclude());
 
         //Check whether it is security policy 1.2 and use the secure conversation accordingly
         if (policyToken.getVersion() == SPConstants.SPVersion.SP11) {
@@ -2032,6 +2055,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         WSSecSignature sig = new WSSecSignature(secHeader);
         sig.setIdAllocator(wssConfig.getIdAllocator());
         sig.setCallbackLookup(callbackLookup);
+        sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        sig.setStoreBytesInAttachment(storeBytesInAttachment);
+        sig.setExpandXopInclude(isExpandXopInclude());
+        sig.setWsDocInfo(wsDocInfo);
 
         // If a EncryptedKeyToken is used, set the correct value type to
         // be used in the wsse:Reference in ds:KeyInfo
@@ -2307,4 +2334,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             signatures.add(Arrays.hashCode(val));
         }
     }
+    
+    public boolean isExpandXopInclude() {
+        return expandXopInclude;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 3ae627a..ae4447e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -452,6 +452,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                     encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                     encr.setStoreBytesInAttachment(storeBytesInAttachment);
+                    encr.setExpandXopInclude(isExpandXopInclude());
+                    encr.setWsDocInfo(wsDocInfo);
 
                     Crypto crypto = getEncryptionCrypto();
 
@@ -559,6 +561,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             dkEncr.setCallbackLookup(callbackLookup);
             dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
+            dkEncr.setExpandXopInclude(isExpandXopInclude());
+            dkEncr.setWsDocInfo(wsDocInfo);
             if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
             }
@@ -643,6 +647,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             dkSign.setCallbackLookup(callbackLookup);
             dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+            dkSign.setExpandXopInclude(isExpandXopInclude());
+            dkSign.setWsDocInfo(wsDocInfo);
             if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index aa66be3..9c6dca2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -408,6 +408,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             dkEncr.setCallbackLookup(callbackLookup);
             dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             dkEncr.setStoreBytesInAttachment(storeBytesInAttachment);
+            dkEncr.setExpandXopInclude(isExpandXopInclude());
+            dkEncr.setWsDocInfo(wsDocInfo);
             if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
             }
@@ -525,6 +527,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                     encr.setCallbackLookup(callbackLookup);
                     encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
                     encr.setStoreBytesInAttachment(storeBytesInAttachment);
+                    encr.setExpandXopInclude(isExpandXopInclude());
+                    encr.setWsDocInfo(wsDocInfo);
                     String encrTokId = encrTok.getId();
                     if (attached) {
                         encrTokId = encrTok.getWsuId();
@@ -647,6 +651,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         dkSign.setCallbackLookup(callbackLookup);
         dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
         dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+        dkSign.setExpandXopInclude(isExpandXopInclude());
+        dkSign.setWsDocInfo(wsDocInfo);
         if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11)
{
             dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
         }
@@ -787,6 +793,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             sig.setCallbackLookup(callbackLookup);
             sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             sig.setStoreBytesInAttachment(storeBytesInAttachment);
+            sig.setExpandXopInclude(isExpandXopInclude());
+            sig.setWsDocInfo(wsDocInfo);
             // If a EncryptedKeyToken is used, set the correct value type to
             // be used in the wsse:Reference in ds:KeyInfo
             int type = included ? WSConstants.CUSTOM_SYMM_SIGNING

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 9b86d33..dea5d91 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -37,6 +37,7 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.WSEncryptionPart;
 import org.apache.wss4j.common.bsp.BSPEnforcer;
@@ -366,6 +367,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
 
             dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
             dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+            dkSig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+            dkSig.setStoreBytesInAttachment(storeBytesInAttachment);
+            dkSig.setExpandXopInclude(isExpandXopInclude());
+            dkSig.setWsDocInfo(wsDocInfo);
+            
             AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
             dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
 
@@ -451,6 +457,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         WSSecDKSign dkSign = new WSSecDKSign(secHeader);
         dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
+        dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        dkSign.setStoreBytesInAttachment(storeBytesInAttachment);
+        dkSign.setExpandXopInclude(isExpandXopInclude());
+        dkSign.setWsDocInfo(wsDocInfo);
+        
         AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
 
         //Setting the AttachedReference or the UnattachedReference according to the flag
@@ -501,6 +512,10 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         WSSecSignature sig = new WSSecSignature(secHeader);
         sig.setIdAllocator(wssConfig.getIdAllocator());
         sig.setCallbackLookup(callbackLookup);
+        sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
+        sig.setStoreBytesInAttachment(storeBytesInAttachment);
+        sig.setExpandXopInclude(isExpandXopInclude());
+        sig.setWsDocInfo(wsDocInfo);
 
         //Setting the AttachedReference or the UnattachedReference according to the flag
         Element ref;

http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
index 6b92d07..455985e 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java
@@ -91,7 +91,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase {
 
     // Sign an attachment without inlining
     @org.junit.Test
-    @org.junit.Ignore
     public void testSignedMTOMAction() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -194,7 +193,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase
{
     // The difference between this test + the testAsymmetricBytesInAttachment test above
is that
     // the SOAP Body already contains BASE-64 encoded content.
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricBinaryBytesInAttachment() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -221,7 +219,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase
{
     }
 
     @org.junit.Test
-    @org.junit.Ignore
     public void testAsymmetricBinaryEncryptBeforeSigningBytesInAttachment() throws Exception
{
 
         SpringBusFactory bf = new SpringBusFactory();
@@ -248,7 +245,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase
{
     }
 
     @org.junit.Test
-    @org.junit.Ignore
     public void testSymmetricBinaryBytesInAttachment() throws Exception {
 
         SpringBusFactory bf = new SpringBusFactory();


Mime
View raw message