Return-Path: X-Original-To: apmail-cxf-dev-archive@www.apache.org Delivered-To: apmail-cxf-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E78099937 for ; Mon, 20 Feb 2012 10:06:08 +0000 (UTC) Received: (qmail 75223 invoked by uid 500); 20 Feb 2012 10:06:08 -0000 Delivered-To: apmail-cxf-dev-archive@cxf.apache.org Received: (qmail 75151 invoked by uid 500); 20 Feb 2012 10:06:07 -0000 Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list dev@cxf.apache.org Received: (qmail 75138 invoked by uid 99); 20 Feb 2012 10:06:07 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Feb 2012 10:06:07 +0000 Received: from localhost (HELO mail-tul01m020-f169.google.com) (127.0.0.1) (smtp-auth username coheigea, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Feb 2012 10:06:07 +0000 Received: by obbta7 with SMTP id ta7so8429947obb.0 for ; Mon, 20 Feb 2012 02:06:06 -0800 (PST) Received-SPF: pass (google.com: domain of coheigea@apache.org designates 10.182.89.65 as permitted sender) client-ip=10.182.89.65; Authentication-Results: mr.google.com; spf=pass (google.com: domain of coheigea@apache.org designates 10.182.89.65 as permitted sender) smtp.mail=coheigea@apache.org Received: from mr.google.com ([10.182.89.65]) by 10.182.89.65 with SMTP id bm1mr12620752obb.52.1329732366608 (num_hops = 1); Mon, 20 Feb 2012 02:06:06 -0800 (PST) MIME-Version: 1.0 Received: by 10.182.89.65 with SMTP id bm1mr10712143obb.52.1329732366592; Mon, 20 Feb 2012 02:06:06 -0800 (PST) Reply-To: coheigea@apache.org Received: by 10.182.90.161 with HTTP; Mon, 20 Feb 2012 02:06:06 -0800 (PST) Date: Mon, 20 Feb 2012 10:06:06 +0000 Message-ID: Subject: Re: svn commit: r1291166 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ r From: Colm O hEigeartaigh To: dev@cxf.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi Freeman, I'm -1 to the way you are configuring this patch. WSS10 and WSS11 are standard policies defined in the WS-SP 1.3 spec, and so it's not a good idea to add a custom policy for these. The best way to configure it is to define a (boolean) tag in SecurityConstants so that it can be set as a JAX-WS property. Colm. On Mon, Feb 20, 2012 at 9:51 AM, wrote: > Author: ffang > Date: Mon Feb 20 09:51:20 2012 > New Revision: 1291166 > > URL: http://svn.apache.org/viewvc?rev=3D1291166&view=3Drev > Log: > [CXF-4119]support Certificates revocation check before encrypt when use C= XF WS-SecurityPolicy > > Added: > =A0 =A0cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/revocation.properties > =A0 =A0cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/wss40CA.jks =A0 (with props) > =A0 =A0cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/wss40CACRL.pem > =A0 =A0cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/wss40rev.jks =A0 (with props) > Modified: > =A0 =A0cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/= policy/SPConstants.java > =A0 =A0cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/= policy/builders/WSS10Builder.java > =A0 =A0cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/= policy/builders/WSS11Builder.java > =A0 =A0cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/= policy/model/Wss10.java > =A0 =A0cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/= policy/model/Wss11.java > =A0 =A0cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/= wss4j/policyhandlers/AbstractBindingBuilder.java > =A0 =A0cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systes= t/ws/security/KeystorePasswordCallback.java > =A0 =A0cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systes= t/ws/security/SecurityPolicyTest.java > =A0 =A0cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/DoubleIt.wsdl > > Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/securi= ty/policy/SPConstants.java > URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/= org/apache/cxf/ws/security/policy/SPConstants.java?rev=3D1291166&r1=3D12911= 65&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/SPConstants.java (original) > +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/SPConstants.java Mon Feb 20 09:51:20 2012 > @@ -386,6 +386,8 @@ public abstract class SPConstants { > > =A0 =A0 public static final String MUST_SUPPORT_ISSUED_TOKENS =3D "MustSu= pportIssuedTokens"; > > + =A0 =A0public static final String ENABLE_REVOCATION =3D "EnableRevocati= on"; > + > =A0 =A0 public static final String REQUIRE_REQUEST_SECURITY_TOKEN_COLLECT= ION > =A0 =A0 =A0 =A0 =3D "RequireRequestSecurityTokenCollection"; > > > Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/securi= ty/policy/builders/WSS10Builder.java > URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/= org/apache/cxf/ws/security/policy/builders/WSS10Builder.java?rev=3D1291166&= r1=3D1291165&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/builders/WSS10Builder.java (original) > +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/builders/WSS10Builder.java Mon Feb 20 09:51:20 2012 > @@ -65,6 +65,8 @@ public class WSS10Builder implements Ass > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 parent.setMustSupportRefExternalU= RI(true); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 } else if (SPConstants.MUST_SUPPORT_REF_E= MBEDDED_TOKEN.equals(name)) { > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 parent.setMustSupportRefEmbeddedT= oken(true); > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0} else if (SPConstants.ENABLE_REVOCATION= .equals(name)) { > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0parent.setEnableRevocation(true)= ; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 } > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 child =3D DOMUtils.getNextElement(child); > =A0 =A0 =A0 =A0 =A0 =A0 } > > Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/securi= ty/policy/builders/WSS11Builder.java > URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/= org/apache/cxf/ws/security/policy/builders/WSS11Builder.java?rev=3D1291166&= r1=3D1291165&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/builders/WSS11Builder.java (original) > +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/builders/WSS11Builder.java Mon Feb 20 09:51:20 2012 > @@ -75,6 +75,8 @@ public class WSS11Builder implements Ass > > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 } else if (SPConstants.REQUIRE_SIGNATURE_= CONFIRMATION.equals(name)) { > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 parent.setRequireSignatureConfirm= ation(true); > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0} else if (SPConstants.ENABLE_REVOCATION= .equals(name)) { > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0parent.setEnableRevocation(true)= ; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 } > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 child =3D DOMUtils.getNextElement(child); > =A0 =A0 =A0 =A0 =A0 =A0 } > > Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/securi= ty/policy/model/Wss10.java > URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/= org/apache/cxf/ws/security/policy/model/Wss10.java?rev=3D1291166&r1=3D12911= 65&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/model/Wss10.java (original) > +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/model/Wss10.java Mon Feb 20 09:51:20 2012 > @@ -31,6 +31,7 @@ public class Wss10 extends AbstractSecur > =A0 =A0 private boolean mustSupportRefIssuerSerial; > =A0 =A0 private boolean mustSupportRefExternalURI; > =A0 =A0 private boolean mustSupportRefEmbeddedToken; > + =A0 =A0private boolean enableRevocation; > > =A0 =A0 public Wss10(SPConstants version) { > =A0 =A0 =A0 =A0 super(version); > @@ -91,6 +92,20 @@ public class Wss10 extends AbstractSecur > =A0 =A0 public void setMustSupportRefKeyIdentifier(boolean mustSupportRef= KeyIdentifier) { > =A0 =A0 =A0 =A0 this.mustSupportRefKeyIdentifier =3D mustSupportRefKeyIde= ntifier; > =A0 =A0 } > + > + =A0 =A0/** > + =A0 =A0 * @return Returns the enableRevocation. > + =A0 =A0 */ > + =A0 =A0public boolean isEnableRevocation() { > + =A0 =A0 =A0 =A0return enableRevocation; > + =A0 =A0} > + > + =A0 =A0/** > + =A0 =A0 * @param enableRevocation The enableRevocation to set. > + =A0 =A0 */ > + =A0 =A0public void setEnableRevocation(boolean enableRevocation) { > + =A0 =A0 =A0 =A0this.enableRevocation =3D enableRevocation; > + =A0 =A0} > > =A0 =A0 public QName getRealName() { > =A0 =A0 =A0 =A0 return constants.getWSS10(); > @@ -150,6 +165,13 @@ public class Wss10 extends AbstractSecur > =A0 =A0 =A0 =A0 =A0 =A0 writer.writeEndElement(); > > =A0 =A0 =A0 =A0 } > + > + =A0 =A0 =A0 =A0if (isEnableRevocation()) { > + =A0 =A0 =A0 =A0 =A0 =A0// > + =A0 =A0 =A0 =A0 =A0 =A0writer.writeStartElement(prefix, SPConstants.ENA= BLE_REVOCATION, namespaceURI); > + =A0 =A0 =A0 =A0 =A0 =A0writer.writeEndElement(); > + > + =A0 =A0 =A0 =A0} > > =A0 =A0 =A0 =A0 // > =A0 =A0 =A0 =A0 writer.writeEndElement(); > > Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/securi= ty/policy/model/Wss11.java > URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/= org/apache/cxf/ws/security/policy/model/Wss11.java?rev=3D1291166&r1=3D12911= 65&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/model/Wss11.java (original) > +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/pol= icy/model/Wss11.java Mon Feb 20 09:51:20 2012 > @@ -151,6 +151,13 @@ public class Wss11 extends Wss10 { > =A0 =A0 =A0 =A0 =A0 =A0 writer.writeStartElement(prefix, SPConstants.REQU= IRE_SIGNATURE_CONFIRMATION, namespaceURI); > =A0 =A0 =A0 =A0 =A0 =A0 writer.writeEndElement(); > =A0 =A0 =A0 =A0 } > + > + =A0 =A0 =A0 =A0if (isEnableRevocation()) { > + =A0 =A0 =A0 =A0 =A0 =A0// > + =A0 =A0 =A0 =A0 =A0 =A0writer.writeStartElement(prefix, SPConstants.ENA= BLE_REVOCATION, namespaceURI); > + =A0 =A0 =A0 =A0 =A0 =A0writer.writeEndElement(); > + > + =A0 =A0 =A0 =A0} > > =A0 =A0 =A0 =A0 // > =A0 =A0 =A0 =A0 writer.writeEndElement(); > > Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/securi= ty/wss4j/policyhandlers/AbstractBindingBuilder.java > URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/= org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java= ?rev=3D1291166&r1=3D1291165&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss= 4j/policyhandlers/AbstractBindingBuilder.java (original) > +++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss= 4j/policyhandlers/AbstractBindingBuilder.java Mon Feb 20 09:51:20 2012 > @@ -108,6 +108,7 @@ import org.apache.ws.security.WSSecurity > =A0import org.apache.ws.security.WSUsernameTokenPrincipal; > =A0import org.apache.ws.security.components.crypto.Crypto; > =A0import org.apache.ws.security.components.crypto.CryptoFactory; > +import org.apache.ws.security.components.crypto.CryptoType; > =A0import org.apache.ws.security.conversation.ConversationConstants; > =A0import org.apache.ws.security.conversation.ConversationException; > =A0import org.apache.ws.security.handler.WSHandlerConstants; > @@ -1371,9 +1372,28 @@ public abstract class AbstractBindingBui > > > =A0 =A0 public Crypto getEncryptionCrypto(TokenWrapper wrapper) throws WS= SecurityException { > - =A0 =A0 =A0 =A0return getCrypto(wrapper, > - =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 SecurityConstants.ENCRY= PT_CRYPTO, > - =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 SecurityConstants.ENCRY= PT_PROPERTIES); > + =A0 =A0 =A0 =A0Crypto crypto =3D getCrypto(wrapper, SecurityConstants.E= NCRYPT_CRYPTO, > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Secu= rityConstants.ENCRYPT_PROPERTIES); > + =A0 =A0 =A0 =A0Wss10 wss10 =3D getWss10(); > + =A0 =A0 =A0 =A0boolean enableRevocation =3D wss10.isEnableRevocation(); > + =A0 =A0 =A0 =A0if (enableRevocation && crypto !=3D null) { > + =A0 =A0 =A0 =A0 =A0 =A0CryptoType cryptoType =3D new CryptoType(CryptoT= ype.TYPE.ALIAS); > + =A0 =A0 =A0 =A0 =A0 =A0String encrUser =3D (String)message.getContextua= lProperty(SecurityConstants.ENCRYPT_USERNAME); > + =A0 =A0 =A0 =A0 =A0 =A0if (crypto !=3D null && encrUser =3D=3D null) { > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0try { > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0encrUser =3D crypto.getDefaultX5= 09Identifier(); > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0} catch (WSSecurityException e1) { > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0throw new Fault(e1); > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0} > + =A0 =A0 =A0 =A0 =A0 =A0} > + =A0 =A0 =A0 =A0 =A0 =A0cryptoType.setAlias(encrUser); > + =A0 =A0 =A0 =A0 =A0 =A0X509Certificate[] certs =3D crypto.getX509Certif= icates(cryptoType); > + =A0 =A0 =A0 =A0 =A0 =A0if (certs !=3D null && certs.length > 0) { > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0crypto.verifyTrust(certs, enableRevocati= on); > + =A0 =A0 =A0 =A0 =A0 =A0} > + =A0 =A0 =A0 =A0} > + =A0 =A0 =A0 =A0return crypto; > + > =A0 =A0 } > > =A0 =A0 public Crypto getCrypto( > > Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/sys= test/ws/security/KeystorePasswordCallback.java > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /java/org/apache/cxf/systest/ws/security/KeystorePasswordCallback.java?rev= =3D1291166&r1=3D1291165&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/w= s/security/KeystorePasswordCallback.java (original) > +++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/w= s/security/KeystorePasswordCallback.java Mon Feb 20 09:51:20 2012 > @@ -39,6 +39,7 @@ public class KeystorePasswordCallback im > =A0 =A0 public KeystorePasswordCallback() { > =A0 =A0 =A0 =A0 passwords.put("alice", "password"); > =A0 =A0 =A0 =A0 passwords.put("bob", "password"); > + =A0 =A0 =A0 =A0passwords.put("wss40rev", "security"); > =A0 =A0 } > > =A0 =A0 /** > > Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/sys= test/ws/security/SecurityPolicyTest.java > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=3D1291= 166&r1=3D1291165&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/w= s/security/SecurityPolicyTest.java (original) > +++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/w= s/security/SecurityPolicyTest.java Mon Feb 20 09:51:20 2012 > @@ -489,4 +489,42 @@ public class SecurityPolicyTest extends > =A0 =A0 =A0 =A0 di.setNumberToDouble(5); > =A0 =A0 =A0 =A0 assertEquals(10, pt.doubleIt(di, 1).getDoubledNumber()); > =A0 =A0 } > + > + =A0 =A0@Test > + =A0 =A0public void testCXF4119() throws Exception { > + =A0 =A0 =A0 =A0SpringBusFactory bf =3D new SpringBusFactory(); > + > + =A0 =A0 =A0 =A0Bus bus =3D bf.createBus(); > + =A0 =A0 =A0 =A0SpringBusFactory.setDefaultBus(bus); > + =A0 =A0 =A0 =A0SpringBusFactory.setThreadDefaultBus(bus); > + > + =A0 =A0 =A0 =A0URL wsdl =3D SecurityPolicyTest.class.getResource("Doubl= eIt.wsdl"); > + =A0 =A0 =A0 =A0Service service =3D Service.create(wsdl, SERVICE_QNAME); > + > + =A0 =A0 =A0 =A0DoubleItPortTypeHeader pt; > + > + =A0 =A0 =A0 =A0QName portQName =3D new QName(NAMESPACE, "DoubleItPortCX= F4119"); > + =A0 =A0 =A0 =A0pt =3D service.getPort(portQName, DoubleItPortTypeHeader= .class); > + > + =A0 =A0 =A0 =A0updateAddressPort(pt, PORT); > + =A0 =A0 =A0 =A0((BindingProvider)pt).getRequestContext().put(SecurityCo= nstants.CALLBACK_HANDLER, > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0new KeystorePasswordCallback()); > + =A0 =A0 =A0 =A0((BindingProvider)pt).getRequestContext().put(SecurityCo= nstants.SIGNATURE_PROPERTIES, > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0getClass().getResource("alice.propertie= s")); > + =A0 =A0 =A0 =A0((BindingProvider)pt).getRequestContext().put(SecurityCo= nstants.ENCRYPT_PROPERTIES, > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0getClass().getResource("revocation.prop= erties")); > + > + =A0 =A0 =A0 =A0DoubleIt di =3D new DoubleIt(); > + =A0 =A0 =A0 =A0di.setNumberToDouble(5); > + =A0 =A0 =A0 =A0try { > + =A0 =A0 =A0 =A0 =A0 =A0pt.doubleIt(di, 1); > + =A0 =A0 =A0 =A0 =A0 =A0fail("Failure expected on a revoked certificate"= ); > + =A0 =A0 =A0 =A0} catch (Exception ex) { > + =A0 =A0 =A0 =A0 =A0 =A0String errorMessage =3D ex.getMessage(); > + =A0 =A0 =A0 =A0 =A0 =A0// Different errors using different JDKs... > + =A0 =A0 =A0 =A0 =A0 =A0assertTrue(errorMessage.contains("Certificate ha= s been revoked") > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 || errorMessage.contains("C= ertificate revocation") > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 || errorMessage.contains("E= rror during certificate path validation")); > + =A0 =A0 =A0 =A0} > + =A0 =A0} > =A0} > > Modified: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cx= f/systest/ws/security/DoubleIt.wsdl > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /resources/org/apache/cxf/systest/ws/security/DoubleIt.wsdl?rev=3D1291166&r= 1=3D1291165&r2=3D1291166&view=3Ddiff > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/syst= est/ws/security/DoubleIt.wsdl (original) > +++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/syst= est/ws/security/DoubleIt.wsdl Mon Feb 20 09:51:20 2012 > @@ -205,6 +205,24 @@ > =A0 =A0 =A0 =A0 =A0 =A0 > =A0 =A0 =A0 =A0 > =A0 =A0 > + =A0 =A0 > + =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 + =A0 =A0 =A0 =A0 =A0transport=3D"http://schemas.xmlsoap.org/soap/http" /= > > + =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 > + =A0 =A0 > + > > > =A0 =A0 > @@ -241,6 +259,9 @@ > =A0 =A0 =A0 =A0 > =A0 =A0 =A0 =A0 =A0 =A0 > =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 > =A0 =A0 > > =A0 =A0 > @@ -785,5 +806,63 @@ > =A0 =A0 =A0 =A0 =A0 =A0 > =A0 =A0 =A0 =A0 > =A0 =A0 > - > + =A0 =A0 > + =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0xmlns:sp=3D"http://schemas.xmlsoap.o= rg/ws/2005/07/securitypolicy"> > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0sp:I= ncludeToken=3D"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Include= Token/AlwaysToRecipient"> > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0sp:I= ncludeToken=3D"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/Include= Token/Never"> > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0= > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0xmlns:sp=3D"http://schemas.xmlsoap.o= rg/ws/2005/07/securitypolicy"> > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0xmlns:sp=3D"http://schemas.xmlsoap.o= rg/ws/2005/07/securitypolicy"> > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 =A0 =A0 > + =A0 =A0 =A0 =A0 > + =A0 =A0 > =A0 > > Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/revocation.properties > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /resources/org/apache/cxf/systest/ws/security/revocation.properties?rev=3D1= 291166&view=3Dauto > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/syst= est/ws/security/revocation.properties (added) > +++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/syst= est/ws/security/revocation.properties Mon Feb 20 09:51:20 2012 > @@ -0,0 +1,26 @@ > +# > +# =A0 =A0Licensed to the Apache Software Foundation (ASF) under one > +# =A0 =A0or more contributor license agreements. See the NOTICE file > +# =A0 =A0distributed with this work for additional information > +# =A0 =A0regarding copyright ownership. The ASF licenses this file > +# =A0 =A0to you under the Apache License, Version 2.0 (the > +# =A0 =A0"License"); you may not use this file except in compliance > +# =A0 =A0with the License. You may obtain a copy of the License at > +# > +# =A0 =A0http://www.apache.org/licenses/LICENSE-2.0 > +# > +# =A0 =A0Unless required by applicable law or agreed to in writing, > +# =A0 =A0software distributed under the License is distributed on an > +# =A0 =A0"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > +# =A0 =A0KIND, either express or implied. See the License for the > +# =A0 =A0specific language governing permissions and limitations > +# =A0 =A0under the License. > +# > +org.apache.ws.security.crypto.provider=3Dorg.apache.ws.security.componen= ts.crypto.Merlin > +org.apache.ws.security.crypto.merlin.keystore.type=3Djks > +org.apache.ws.security.crypto.merlin.keystore.password=3Dsecurity > +org.apache.ws.security.crypto.merlin.keystore.alias=3Dwss40rev > +org.apache.ws.security.crypto.merlin.keystore.file=3Dorg/apache/cxf/syst= est/ws/security/wss40rev.jks > +org.apache.ws.security.crypto.merlin.truststore.password=3Dsecurity > +org.apache.ws.security.crypto.merlin.truststore.file=3Dorg/apache/cxf/sy= stest/ws/security/wss40CA.jks > +org.apache.ws.security.crypto.merlin.x509crl.file=3Dorg/apache/cxf/syste= st/ws/security/wss40CACRL.pem > > Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/wss40CA.jks > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /resources/org/apache/cxf/systest/ws/security/wss40CA.jks?rev=3D1291166&vie= w=3Dauto > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > Binary file - no diff available. > > Propchange: cxf/trunk/systests/ws-security/src/test/resources/org/apache/= cxf/systest/ws/security/wss40CA.jks > -------------------------------------------------------------------------= ----- > =A0 =A0svn:mime-type =3D application/octet-stream > > Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/wss40CACRL.pem > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /resources/org/apache/cxf/systest/ws/security/wss40CACRL.pem?rev=3D1291166&= view=3Dauto > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/syst= est/ws/security/wss40CACRL.pem (added) > +++ cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/syst= est/ws/security/wss40CACRL.pem Mon Feb 20 09:51:20 2012 > @@ -0,0 +1,9 @@ > +-----BEGIN X509 CRL----- > +MIIBQTCBqzANBgkqhkiG9w0BAQQFADBmMQswCQYDVQQGEwJERTEPMA0GA1UECBMG > +QmF5ZXJuMQ8wDQYDVQQHEwZNdW5pY2gxDTALBgNVBAoTBEhvbWUxFTATBgNVBAsT > +DEFwYWNoZSBXU1M0SjEPMA0GA1UEAxMGV2VybmVyFw0xMTA1MzAxMTU0MzFaFw0y > +MTA1MjcxMTU0MzFaMBQwEgIBGRcNMTEwNTMwMTE1MzU3WjANBgkqhkiG9w0BAQQF > +AAOBgQB0fgOhsp2l0wL/TYiXJqXuKbkhmzQv8LFXmKKCpLSVktrXvVNCBAM9TWVJ > +35SrZ9eqjoI1sQPsbWSDp+QSieasQf9VgC3P4SFhki6ZupeXqrFgdbzOsXEm0FIR > +uY1WJGFrF0Co/YUM00ee8jy89jX2rDCgmonKHrKBf7CkD+R2bw=3D=3D > +-----END X509 CRL----- > > Added: cxf/trunk/systests/ws-security/src/test/resources/org/apache/cxf/s= ystest/ws/security/wss40rev.jks > URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test= /resources/org/apache/cxf/systest/ws/security/wss40rev.jks?rev=3D1291166&vi= ew=3Dauto > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > Binary file - no diff available. > > Propchange: cxf/trunk/systests/ws-security/src/test/resources/org/apache/= cxf/systest/ws/security/wss40rev.jks > -------------------------------------------------------------------------= ----- > =A0 =A0svn:mime-type =3D application/octet-stream > > --=20 Colm O hEigeartaigh Talend Community Coder http://coders.talend.com