Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A370F200C1C for ; Wed, 15 Feb 2017 16:08:40 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id A1176160B5E; Wed, 15 Feb 2017 15:08:40 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 53E96160B46 for ; Wed, 15 Feb 2017 16:08:39 +0100 (CET) Received: (qmail 43696 invoked by uid 500); 15 Feb 2017 15:08:38 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 43687 invoked by uid 99); 15 Feb 2017 15:08:38 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Feb 2017 15:08:38 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 53348DF9FC; Wed, 15 Feb 2017 15:08:38 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Message-Id: <9d00d2e8f25e43e584c848a287e10a36@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: Enabling MTOM security tests Date: Wed, 15 Feb 2017 15:08:38 +0000 (UTC) archived-at: Wed, 15 Feb 2017 15:08:40 -0000 Repository: cxf Updated Branches: refs/heads/master 003fb1e7d -> 7dbce543a Enabling MTOM security tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7dbce543 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7dbce543 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7dbce543 Branch: refs/heads/master Commit: 7dbce543a96c6ec1c6f02ab0530146c3507fa205 Parents: 003fb1e Author: Colm O hEigeartaigh Authored: Wed Feb 15 15:08:27 2017 +0000 Committer: Colm O hEigeartaigh Committed: Wed Feb 15 15:08:27 2017 +0000 ---------------------------------------------------------------------- .../wss4j/AttachmentCallbackHandler.java | 19 +++ .../wss4j/PolicyBasedWSS4JOutInterceptor.java | 12 -- .../ws/security/wss4j/WSS4JOutInterceptor.java | 15 +-- .../policyhandlers/AbstractBindingBuilder.java | 115 ++++++++++++------- .../AsymmetricBindingHandler.java | 6 + .../policyhandlers/SymmetricBindingHandler.java | 8 ++ .../policyhandlers/TransportBindingHandler.java | 15 +++ .../cxf/systest/ws/mtom/MTOMSecurityTest.java | 4 - 8 files changed, 127 insertions(+), 67 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java index 705e366..959f119 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AttachmentCallbackHandler.java @@ -34,6 +34,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; import org.apache.cxf.attachment.AttachmentDataSource; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.message.Attachment; +import org.apache.wss4j.common.ext.AttachmentRemovalCallback; import org.apache.wss4j.common.ext.AttachmentRequestCallback; import org.apache.wss4j.common.ext.AttachmentResultCallback; @@ -88,6 +89,24 @@ public class AttachmentCallbackHandler implements CallbackHandler { } attachments.add(securedAttachment); + } else if (callback instanceof AttachmentRemovalCallback) { + AttachmentRemovalCallback attachmentRemovalCallback = (AttachmentRemovalCallback) callback; + String attachmentId = attachmentRemovalCallback.getAttachmentId(); + if (attachmentId != null) { + final Collection attachments = soapMessage.getAttachments(); + // Calling LazyAttachmentCollection.size() here to force it to load the attachments + if (attachments != null && attachments.size() > 0) { + for (Iterator iterator = attachments.iterator(); + iterator.hasNext();) { + org.apache.cxf.message.Attachment attachment = iterator.next(); + + if (attachmentId.equals(attachment.getId())) { + iterator.remove(); + break; + } + } + } + } } else { throw new UnsupportedCallbackException(callback, "Unsupported callback"); } http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java index ea11515..7aa2feb 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java @@ -28,7 +28,6 @@ import javax.xml.soap.SOAPException; import javax.xml.soap.SOAPMessage; import org.w3c.dom.Element; -import org.apache.cxf.attachment.AttachmentUtil; import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; @@ -128,12 +127,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor attachments = mc.getAttachments(); - return attachments != null && !attachments.isEmpty(); - } - public Set getAfter() { return Collections.emptySet(); } http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java index 43fd622..c092906 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java @@ -194,10 +194,12 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { reqData.setMsgContext(mc); reqData.setAttachmentCallbackHandler(new AttachmentCallbackHandler(mc)); - if (AttachmentUtil.isMtomEnabled(mc) && hasAttachments(mc)) { - LOG.warning("MTOM is enabled with WS-Security. Please note that if an attachment is " - + "referenced in the SOAP Body, only the reference will be signed and not the " - + "SOAP Body!"); + // Enable XOP Include unless the user has explicitly configured it + if (getString(WSHandlerConstants.EXPAND_XOP_INCLUDE, mc) == null) { + reqData.setExpandXopInclude(AttachmentUtil.isMtomEnabled(mc)); + } + if (getString(WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, mc) == null) { + reqData.setStoreBytesInAttachment(AttachmentUtil.isMtomEnabled(mc)); } /* @@ -291,11 +293,6 @@ public class WSS4JOutInterceptor extends AbstractWSS4JInterceptor { //nothing } - private boolean hasAttachments(SoapMessage mc) { - final Collection attachments = mc.getAttachments(); - return attachments != null && !attachments.isEmpty(); - } - private void configureActions(SoapMessage mc, boolean doDebug, SoapVersion version, WSSConfig config) { http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java index d515f8b..e7b7a66 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java @@ -100,6 +100,7 @@ import org.apache.wss4j.common.token.X509Security; import org.apache.wss4j.common.util.Loader; import org.apache.wss4j.common.util.XMLUtils; import org.apache.wss4j.dom.WSConstants; +import org.apache.wss4j.dom.WSDocInfo; import org.apache.wss4j.dom.callback.CallbackLookup; import org.apache.wss4j.dom.engine.WSSConfig; import org.apache.wss4j.dom.engine.WSSecurityEngineResult; @@ -178,6 +179,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle protected final CallbackLookup callbackLookup; protected boolean storeBytesInAttachment; + protected WSDocInfo wsDocInfo; + private boolean expandXopInclude; private Element lastSupportingTokenElement; private Element lastDerivedKeyElement; @@ -205,17 +208,21 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle MessageUtils.getContextualBoolean( message, SecurityConstants.STORE_BYTES_IN_ATTACHMENT, true ); - if (storeBytes && AttachmentUtil.isMtomEnabled(message)) { + boolean mtomEnabled = AttachmentUtil.isMtomEnabled(message); + if (storeBytes && mtomEnabled) { storeBytesInAttachment = true; if (binding instanceof AbstractSymmetricAsymmetricBinding && (ProtectionOrder.EncryptBeforeSigning == ((AbstractSymmetricAsymmetricBinding)binding).getProtectionOrder() || ((AbstractSymmetricAsymmetricBinding)binding).isProtectTokens())) { LOG.fine("Disabling SecurityConstants.STORE_BYTES_IN_ATTACHMENT due to " - + "EncryptBeforeSigning or ProtectTokens policy."); + + "EncryptBeforeSigning or ProtectTokens policy."); storeBytesInAttachment = false; } } + expandXopInclude = mtomEnabled; + + wsDocInfo = new WSDocInfo(secHeader.getSecurityHeaderElement().getOwnerDocument()); Element soapBody = SAAJUtils.getBody(saaj); if (soapBody != null) { @@ -485,46 +492,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle getSignedParts(suppTokens)) ); } else { - WSSecSignature sig = new WSSecSignature(secHeader); - sig.setIdAllocator(wssConfig.getIdAllocator()); - sig.setCallbackLookup(callbackLookup); - sig.setX509Certificate(secToken.getX509Certificate()); - sig.setCustomTokenId(id); - sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); - String tokenType = secToken.getTokenType(); - if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); - } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) - || WSConstants.SAML2_NS.equals(tokenType)) { - sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); - } else if (tokenType != null) { - sig.setCustomTokenValueType(tokenType); - } else { - sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); - } - sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); - sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); - - Crypto crypto = secToken.getCrypto(); - String uname = null; - try { - uname = crypto.getX509Identifier(secToken.getX509Certificate()); - } catch (WSSecurityException e1) { - LOG.log(Level.FINE, e1.getMessage(), e1); - throw new Fault(e1); - } - - String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); - sig.setUserInfo(uname, password); - try { - sig.prepare(secToken.getCrypto()); - } catch (WSSecurityException e) { - LOG.log(Level.FINE, e.getMessage(), e); - throw new Fault(e); - } - - ret.add(new SupportingToken(token, sig, getSignedParts(suppTokens))); + ret.add(signSupportingToken(secToken, id, token, suppTokens)); } } else if (token instanceof X509Token) { @@ -575,6 +543,56 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle return ret; } + + private SupportingToken signSupportingToken(SecurityToken secToken, String id, + AbstractToken token, SupportingTokens suppTokens) + throws SOAPException { + WSSecSignature sig = new WSSecSignature(secHeader); + sig.setIdAllocator(wssConfig.getIdAllocator()); + sig.setCallbackLookup(callbackLookup); + sig.setX509Certificate(secToken.getX509Certificate()); + sig.setCustomTokenId(id); + sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER); + sig.setWsDocInfo(wsDocInfo); + sig.setExpandXopInclude(isExpandXopInclude()); + sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + sig.setStoreBytesInAttachment(storeBytesInAttachment); + + String tokenType = secToken.getTokenType(); + if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) + || WSConstants.SAML_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); + } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) + || WSConstants.SAML2_NS.equals(tokenType)) { + sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE); + } else if (tokenType != null) { + sig.setCustomTokenValueType(tokenType); + } else { + sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE); + } + sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature()); + sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); + + Crypto crypto = secToken.getCrypto(); + String uname = null; + try { + uname = crypto.getX509Identifier(secToken.getX509Certificate()); + } catch (WSSecurityException e1) { + LOG.log(Level.FINE, e1.getMessage(), e1); + throw new Fault(e1); + } + + String password = getPassword(uname, token, WSPasswordCallback.SIGNATURE); + sig.setUserInfo(uname, password); + try { + sig.prepare(secToken.getCrypto()); + } catch (WSSecurityException e) { + LOG.log(Level.FINE, e.getMessage(), e); + throw new Fault(e); + } + + return new SupportingToken(token, sig, getSignedParts(suppTokens)); + } protected void handleUsernameTokenSupportingToken( UsernameToken token, boolean endorse, boolean encryptedToken, List ret @@ -1725,6 +1743,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle sig.setCallbackLookup(callbackLookup); sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); sig.setStoreBytesInAttachment(storeBytesInAttachment); + sig.setExpandXopInclude(isExpandXopInclude()); + sig.setWsDocInfo(wsDocInfo); + checkForX509PkiPath(sig, token); if (token instanceof IssuedToken || token instanceof SamlToken) { assertToken(token); @@ -1947,6 +1968,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle WSSecDKSign dkSign = new WSSecDKSign(secHeader); dkSign.setIdAllocator(wssConfig.getIdAllocator()); dkSign.setCallbackLookup(callbackLookup); + dkSign.setStoreBytesInAttachment(storeBytesInAttachment); + dkSign.setExpandXopInclude(isExpandXopInclude()); //Check whether it is security policy 1.2 and use the secure conversation accordingly if (policyToken.getVersion() == SPConstants.SPVersion.SP11) { @@ -2032,6 +2055,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle WSSecSignature sig = new WSSecSignature(secHeader); sig.setIdAllocator(wssConfig.getIdAllocator()); sig.setCallbackLookup(callbackLookup); + sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + sig.setStoreBytesInAttachment(storeBytesInAttachment); + sig.setExpandXopInclude(isExpandXopInclude()); + sig.setWsDocInfo(wsDocInfo); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo @@ -2307,4 +2334,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle signatures.add(Arrays.hashCode(val)); } } + + public boolean isExpandXopInclude() { + return expandXopInclude; + } } http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 3ae627a..ae4447e 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -452,6 +452,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { encr.setCallbackLookup(callbackLookup); encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); encr.setStoreBytesInAttachment(storeBytesInAttachment); + encr.setExpandXopInclude(isExpandXopInclude()); + encr.setWsDocInfo(wsDocInfo); Crypto crypto = getEncryptionCrypto(); @@ -559,6 +561,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { dkEncr.setCallbackLookup(callbackLookup); dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); dkEncr.setStoreBytesInAttachment(storeBytesInAttachment); + dkEncr.setExpandXopInclude(isExpandXopInclude()); + dkEncr.setWsDocInfo(wsDocInfo); if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); } @@ -643,6 +647,8 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { dkSign.setCallbackLookup(callbackLookup); dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); dkSign.setStoreBytesInAttachment(storeBytesInAttachment); + dkSign.setExpandXopInclude(isExpandXopInclude()); + dkSign.setWsDocInfo(wsDocInfo); if (wrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java index aa66be3..9c6dca2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java @@ -408,6 +408,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { dkEncr.setCallbackLookup(callbackLookup); dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); dkEncr.setStoreBytesInAttachment(storeBytesInAttachment); + dkEncr.setExpandXopInclude(isExpandXopInclude()); + dkEncr.setWsDocInfo(wsDocInfo); if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkEncr.setWscVersion(ConversationConstants.VERSION_05_02); } @@ -525,6 +527,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { encr.setCallbackLookup(callbackLookup); encr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); encr.setStoreBytesInAttachment(storeBytesInAttachment); + encr.setExpandXopInclude(isExpandXopInclude()); + encr.setWsDocInfo(wsDocInfo); String encrTokId = encrTok.getId(); if (attached) { encrTokId = encrTok.getWsuId(); @@ -647,6 +651,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { dkSign.setCallbackLookup(callbackLookup); dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); dkSign.setStoreBytesInAttachment(storeBytesInAttachment); + dkSign.setExpandXopInclude(isExpandXopInclude()); + dkSign.setWsDocInfo(wsDocInfo); if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) { dkSign.setWscVersion(ConversationConstants.VERSION_05_02); } @@ -787,6 +793,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder { sig.setCallbackLookup(callbackLookup); sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); sig.setStoreBytesInAttachment(storeBytesInAttachment); + sig.setExpandXopInclude(isExpandXopInclude()); + sig.setWsDocInfo(wsDocInfo); // If a EncryptedKeyToken is used, set the correct value type to // be used in the wsse:Reference in ds:KeyInfo int type = included ? WSConstants.CUSTOM_SYMM_SIGNING http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java index 9b86d33..dea5d91 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java @@ -37,6 +37,7 @@ import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler; import org.apache.cxf.ws.security.wss4j.WSS4JUtils; import org.apache.wss4j.common.WSEncryptionPart; import org.apache.wss4j.common.bsp.BSPEnforcer; @@ -366,6 +367,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder { dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue()); dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature()); + dkSig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkSig.setStoreBytesInAttachment(storeBytesInAttachment); + dkSig.setExpandXopInclude(isExpandXopInclude()); + dkSig.setWsDocInfo(wsDocInfo); + AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType(); dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8); @@ -451,6 +457,11 @@ public class TransportBindingHandler extends AbstractBindingBuilder { WSSecDKSign dkSign = new WSSecDKSign(secHeader); dkSign.setIdAllocator(wssConfig.getIdAllocator()); dkSign.setCallbackLookup(callbackLookup); + dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + dkSign.setStoreBytesInAttachment(storeBytesInAttachment); + dkSign.setExpandXopInclude(isExpandXopInclude()); + dkSign.setWsDocInfo(wsDocInfo); + AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite(); //Setting the AttachedReference or the UnattachedReference according to the flag @@ -501,6 +512,10 @@ public class TransportBindingHandler extends AbstractBindingBuilder { WSSecSignature sig = new WSSecSignature(secHeader); sig.setIdAllocator(wssConfig.getIdAllocator()); sig.setCallbackLookup(callbackLookup); + sig.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message)); + sig.setStoreBytesInAttachment(storeBytesInAttachment); + sig.setExpandXopInclude(isExpandXopInclude()); + sig.setWsDocInfo(wsDocInfo); //Setting the AttachedReference or the UnattachedReference according to the flag Element ref; http://git-wip-us.apache.org/repos/asf/cxf/blob/7dbce543/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java ---------------------------------------------------------------------- diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java index 6b92d07..455985e 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java @@ -91,7 +91,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase { // Sign an attachment without inlining @org.junit.Test - @org.junit.Ignore public void testSignedMTOMAction() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -194,7 +193,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase { // The difference between this test + the testAsymmetricBytesInAttachment test above is that // the SOAP Body already contains BASE-64 encoded content. @org.junit.Test - @org.junit.Ignore public void testAsymmetricBinaryBytesInAttachment() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -221,7 +219,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase { } @org.junit.Test - @org.junit.Ignore public void testAsymmetricBinaryEncryptBeforeSigningBytesInAttachment() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -248,7 +245,6 @@ public class MTOMSecurityTest extends AbstractBusClientServerTestBase { } @org.junit.Test - @org.junit.Ignore public void testSymmetricBinaryBytesInAttachment() throws Exception { SpringBusFactory bf = new SpringBusFactory();