servicemix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gno...@apache.org
Subject svn commit: r413900 - in /incubator/servicemix/trunk/servicemix-soap: ./ src/main/java/org/apache/servicemix/soap/ src/main/java/org/apache/servicemix/soap/handlers/ src/main/java/org/apache/servicemix/soap/handlers/addressing/ src/main/java/org/apache...
Date Tue, 13 Jun 2006 14:07:22 GMT
Author: gnodet
Date: Tue Jun 13 07:07:20 2006
New Revision: 413900

URL: http://svn.apache.org/viewvc?rev=413900&view=rev
Log:
Add more support for ws-sec (signing, still missing encryption support)

Added:
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/BaseCrypto.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/KeystoreInstanceCrypto.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/StandaloneCrypto.java
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed-bad.xml
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed.xml
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/privatestore.jks   (with props)
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersc.properties
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersp.properties
Removed:
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/users.properties
Modified:
    incubator/servicemix/trunk/servicemix-soap/pom.xml
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Context.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Handler.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapEndpoint.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapHelper.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/AbstractHandler.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/addressing/AddressingHandler.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandler.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapMessage.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapReader.java
    incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapWriter.java
    incubator/servicemix/trunk/servicemix-soap/src/test/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandlerTest.java
    incubator/servicemix/trunk/servicemix-soap/src/test/resources/login.properties

Modified: incubator/servicemix/trunk/servicemix-soap/pom.xml
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/pom.xml?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/pom.xml (original)
+++ incubator/servicemix/trunk/servicemix-soap/pom.xml Tue Jun 13 07:07:20 2006
@@ -55,7 +55,6 @@
       <groupId>wss4j</groupId>
       <artifactId>wss4j</artifactId>
     </dependency>
-    <!--
     <dependency>
       <groupId>bouncycastle</groupId>
       <artifactId>bcprov-jdk14</artifactId>
@@ -64,7 +63,6 @@
       <groupId>org.opensaml</groupId>
       <artifactId>opensaml</artifactId>
     </dependency>
-    -->
     <dependency>
       <groupId>xml-security</groupId>
       <artifactId>xmlsec</artifactId>

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Context.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Context.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Context.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Context.java Tue Jun 13 07:07:20 2006
@@ -35,6 +35,9 @@
 	public static final String OPERATION = "org.apache.servicemix.Operation";
 	public static final String SERVICE = "org.apache.servicemix.Service";
 	public static final String ENDPOINT = "org.apache.servicemix.Endpoint";
+    
+    public static final String AUTHENTICATION_SERVICE = "org.apache.servicemix.AuthenticationService";
+    public static final String KEYSTORE_MANAGER = "org.apache.servicemix.KeystoreManager";
 	
 	private Map properties;
 	

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Handler.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Handler.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Handler.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/Handler.java Tue Jun 13 07:07:20 2006
@@ -34,8 +34,8 @@
     public void onReply(Context context) throws Exception;
 	
     public void onFault(Context context) throws Exception;
+
+    public void onSend(Context context) throws Exception;
     
-	public void onComplete(Context context);
-	
-	public void onException(Context context, Exception e);
+    public void onAnswer(Context context) throws Exception;
 }

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapEndpoint.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapEndpoint.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapEndpoint.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapEndpoint.java Tue Jun 13 07:07:20 2006
@@ -31,6 +31,8 @@
 import org.apache.servicemix.common.ExchangeProcessor;
 import org.apache.servicemix.common.wsdl1.JbiExtension;
 import org.apache.servicemix.common.xbean.XBeanServiceUnit;
+import org.apache.servicemix.jbi.security.auth.AuthenticationService;
+import org.apache.servicemix.jbi.security.keystore.KeystoreManager;
 import org.apache.servicemix.soap.handlers.addressing.AddressingHandler;
 import org.springframework.core.io.Resource;
 import org.w3c.dom.Document;
@@ -53,6 +55,10 @@
     public SoapEndpoint() {
         policies = Collections.singletonList(new AddressingHandler());
     }
+    
+    public abstract AuthenticationService getAuthenticationService();
+    
+    public abstract KeystoreManager getKeystoreManager();
     
     /**
      * @return the policies

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapHelper.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapHelper.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapHelper.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/SoapHelper.java Tue Jun 13 07:07:20 2006
@@ -39,9 +39,11 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.servicemix.jbi.jaxp.W3CDOMStreamWriter;
 import org.apache.servicemix.soap.marshalers.JBIMarshaler;
 import org.apache.servicemix.soap.marshalers.SoapMarshaler;
 import org.apache.servicemix.soap.marshalers.SoapMessage;
+import org.apache.servicemix.soap.marshalers.SoapWriter;
 import org.w3c.dom.Document;
 
 /**
@@ -177,9 +179,35 @@
         }
         return soapFault;
     }
+    
+    public void onSend(Context context) throws Exception {
+        if (policies != null) {
+            for (Iterator it = policies.iterator(); it.hasNext();) {
+                Handler policy = (Handler) it.next();
+                if (policy.requireDOM()) {
+                    SoapWriter writer = soapMarshaler.createWriter(context.getInMessage());
+                    W3CDOMStreamWriter domWriter = new W3CDOMStreamWriter(); 
+                    writer.writeSoapEnvelope(domWriter);
+                    context.getInMessage().setDocument(domWriter.getDocument());
+                }
+                policy.onSend(context);
+            }
+        }
+    }
+    
+    public void onAnswer(Context context) throws Exception {
+        if (policies != null) {
+            for (Iterator it = policies.iterator(); it.hasNext();) {
+                Handler policy = (Handler) it.next();
+                policy.onAnswer(context);
+            }
+        }
+    }
 
     public Context createContext(SoapMessage message) {
         Context context = new Context();
+        context.setProperty(Context.AUTHENTICATION_SERVICE, endpoint.getAuthenticationService());
+        context.setProperty(Context.KEYSTORE_MANAGER, endpoint.getKeystoreManager());
         context.setInMessage(message);
         return context;
     }

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/AbstractHandler.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/AbstractHandler.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/AbstractHandler.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/AbstractHandler.java Tue Jun 13 07:07:20 2006
@@ -55,10 +55,10 @@
     public void onFault(Context context) throws Exception {
     }
 
-	public void onComplete(Context context) {
+	public void onSend(Context context) {
 	}
 
-	public void onException(Context context, Exception e) {
+	public void onAnswer(Context context) {
 	}
 
 }

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/addressing/AddressingHandler.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/addressing/AddressingHandler.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/addressing/AddressingHandler.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/addressing/AddressingHandler.java Tue Jun 13 07:07:20 2006
@@ -118,10 +118,6 @@
         }
     }
     
-    public void onFault(Context context) throws Exception {
-        // TODO: handle MessageID ?
-    }
-    
     protected boolean isWSANamespace(String ns) {
         return WSA_NAMESPACE_200303.equals(ns) ||
                WSA_NAMESPACE_200403.equals(ns) ||

Added: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/BaseCrypto.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/BaseCrypto.java?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/BaseCrypto.java (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/BaseCrypto.java Tue Jun 13 07:07:20 2006
@@ -0,0 +1,594 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.soap.handlers.security;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.PKIXParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.Vector;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.X509NameTokenizer;
+
+public abstract class BaseCrypto implements Crypto {
+
+    private static final String SKI_OID = "2.5.29.14";
+    
+    private String provider;
+    private CertificateFactory certFact;
+    private String defaultX509Alias;
+
+    /**
+     * @param defaultX509Alias the defaultX509Alias to set
+     */
+    public void setDefaultX509Alias(String defaultX509Alias) {
+        this.defaultX509Alias = defaultX509Alias;
+    }
+
+    /**
+     * @return the provider
+     */
+    public String getProvider() {
+        return provider;
+    }
+
+    /**
+     * @param provider the provider to set
+     */
+    public void setProvider(String provider) {
+        this.provider = provider;
+    }
+
+    /**
+     * Return a X509 Certificate alias in the keystore according to a given Certificate
+     * <p/>
+     *
+     * @param cert The certificate to lookup
+     * @return alias name of the certificate that matches the given certificate
+     *         or null if no such certificate was found.
+     */
+    public String getAliasForX509Cert(Certificate cert) throws WSSecurityException {
+        try {
+            String alias = getCertificateAlias(cert);
+            if (alias != null)
+                return alias;
+            // Use brute force search
+            String[] allAliases = getAliases();
+            for (int i = 0; i < allAliases.length; i++) {
+                Certificate cert2 = getCertificate(alias);
+                if (cert2.equals(cert)) {
+                    return alias;
+                }
+            }
+        } catch (KeyStoreException e) {
+            throw new WSSecurityException(WSSecurityException.FAILURE,
+                    "keystore");
+        }
+        return null;
+    }
+
+    /**
+     * Lookup a X509 Certificate in the keystore according to a given
+     * the issuer of a Certficate.
+     * <p/>
+     * The search gets all alias names of the keystore and gets the certificate chain
+     * for each alias. Then the Issuer fo each certificate of the chain
+     * is compared with the parameters.
+     *
+     * @param issuer The issuer's name for the certificate
+     * @return alias name of the certificate that matches the issuer name
+     *         or null if no such certificate was found.
+     */
+    public String getAliasForX509Cert(String issuer) throws WSSecurityException {
+        return getAliasForX509Cert(issuer, null, false);
+    }
+
+    /**
+     * Lookup a X509 Certificate in the keystore according to a given
+     * SubjectKeyIdentifier.
+     * <p/>
+     * The search gets all alias names of the keystore and gets the certificate chain
+     * or certificate for each alias. Then the SKI for each user certificate
+     * is compared with the SKI parameter.
+     *
+     * @param skiBytes The SKI info bytes
+     * @return alias name of the certificate that matches serialNumber and issuer name
+     *         or null if no such certificate was found.
+     * @throws org.apache.ws.security.WSSecurityException
+     *          if problems during keystore handling or wrong certificate (no SKI data)
+     */
+    public String getAliasForX509Cert(byte[] skiBytes) throws WSSecurityException {
+        Certificate cert = null;
+        try {
+            String[] allAliases = getAliases();
+            for (int i = 0; i < allAliases.length; i++) {
+                String alias = allAliases[i];
+                cert = getCertificateChainOrCertificate(alias);
+                if (cert instanceof X509Certificate) {
+                    byte[] data = getSKIBytesFromCert((X509Certificate) cert);
+                    if (Arrays.equals(data, skiBytes)) {
+                        return alias;
+                    }
+                }
+            }
+        } catch (KeyStoreException e) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
+        }
+        return null;
+    }
+
+    /**
+     * Lookup a X509 Certificate in the keystore according to a given serial number and
+     * the issuer of a Certficate.
+     * <p/>
+     * The search gets all alias names of the keystore and gets the certificate chain
+     * for each alias. Then the SerialNumber and Issuer fo each certificate of the chain
+     * is compared with the parameters.
+     *
+     * @param issuer       The issuer's name for the certificate
+     * @param serialNumber The serial number of the certificate from the named issuer
+     * @return alias name of the certificate that matches serialNumber and issuer name
+     *         or null if no such certificate was found.
+     */
+    public String getAliasForX509Cert(String issuer, BigInteger serialNumber) throws WSSecurityException {
+        return getAliasForX509Cert(issuer, serialNumber, true);
+    }
+
+    /**
+     * Lookup a X509 Certificate in the keystore according to a given
+     * Thumbprint.
+     * <p/>
+     * The search gets all alias names of the keystore, then reads the certificate chain
+     * or certificate for each alias. Then the thumbprint for each user certificate
+     * is compared with the thumbprint parameter.
+     *
+     * @param thumb The SHA1 thumbprint info bytes
+     * @return alias name of the certificate that matches the thumbprint
+     *         or null if no such certificate was found.
+     * @throws org.apache.ws.security.WSSecurityException
+     *          if problems during keystore handling or wrong certificate
+     */
+    public String getAliasForX509CertThumb(byte[] thumb) throws WSSecurityException {
+        Certificate cert = null;
+        MessageDigest sha = null;
+        try {
+            sha = MessageDigest.getInstance("SHA-1");
+        } catch (NoSuchAlgorithmException e1) {
+            throw new WSSecurityException(0, "noSHA1availabe");
+        }
+        try {
+            String[] allAliases = getAliases();
+            for (int i = 0; i < allAliases.length; i++) {
+                String alias = allAliases[i];
+                cert = getCertificateChainOrCertificate(alias);
+                if (cert instanceof X509Certificate) {
+                    sha.reset();
+                    try {
+                        sha.update(cert.getEncoded());
+                    } catch (CertificateEncodingException e1) {
+                        throw new WSSecurityException(
+                                WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                                "encodeError");
+                    }
+                    byte[] data = sha.digest();
+                    if (Arrays.equals(data, thumb)) {
+                        return alias;
+                    }
+                }
+            }
+        } catch (KeyStoreException e) {
+            throw new WSSecurityException(WSSecurityException.FAILURE,
+                    "keystore");
+        }
+        return null;
+    }
+
+    /**
+     * Lookup X509 Certificates in the keystore according to a given DN of the subject of the certificate
+     * <p/>
+     * The search gets all alias names of the keystore and gets the certificate (chain)
+     * for each alias. Then the DN of the certificate is compared with the parameters.
+     *
+     * @param subjectDN The DN of subject to look for in the keystore
+     * @return Vector with all alias of certificates with the same DN as given in the parameters
+     * @throws org.apache.ws.security.WSSecurityException
+     *
+     */
+    public String[] getAliasesForDN(String subjectDN) throws WSSecurityException {
+        // Store the aliases found
+        Vector aliases = new Vector();
+        Certificate cert = null;
+        // The DN to search the keystore for
+        Vector subjectRDN = splitAndTrim(subjectDN);
+        // Look at every certificate in the keystore
+        try {
+            String[] allAliases = getAliases();
+            for (int i = 0; i < allAliases.length; i++) {
+                String alias = allAliases[i];
+                cert = getCertificateChainOrCertificate(alias);
+                if (cert instanceof X509Certificate) {
+                    Vector foundRDN = splitAndTrim(((X509Certificate) cert).getSubjectDN().getName());
+                    if (subjectRDN.equals(foundRDN)) {
+                        aliases.add(alias);
+                    }
+                }
+            }
+        } catch (KeyStoreException e) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
+        }
+        // Convert the vector into an array
+        return (String[]) aliases.toArray(new String[aliases.size()]);
+    }
+
+    /**
+     * get a byte array given an array of X509 certificates.
+     * <p/>
+     *
+     * @param reverse If set the first certificate in the array data will
+     *                the last in the byte array
+     * @param certs   The certificates to convert
+     * @return The byte array for the certficates ordered according
+     *         to the reverse flag
+     * @throws WSSecurityException
+     */
+    public byte[] getCertificateData(boolean reverse, X509Certificate[] certs) throws WSSecurityException {
+        Vector list = new Vector();
+        for (int i = 0; i < certs.length; i++) {
+            if (reverse) {
+                list.insertElementAt(certs[i], 0);
+            } else {
+                list.add(certs[i]);
+            }
+        }
+        try {
+            CertPath path = getCertificateFactory().generateCertPath(list);
+            return path.getEncoded();
+        } catch (CertificateEncodingException e) {
+            throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                    "encodeError");
+        } catch (CertificateException e) {
+            throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                    "parseError");
+        }
+    }
+
+    /**
+     * Singleton certificate factory for this Crypto instance.
+     * <p/>
+     *
+     * @return Returns a <code>CertificateFactory</code> to construct
+     *         X509 certficates
+     * @throws org.apache.ws.security.WSSecurityException
+     *
+     */
+    public synchronized CertificateFactory getCertificateFactory() throws WSSecurityException {
+        if (certFact == null) {
+            try {
+                if (provider == null || provider.length() == 0) {
+                    certFact = CertificateFactory.getInstance("X.509");
+                } else {
+                    certFact = CertificateFactory.getInstance("X.509", provider);
+                }
+            } catch (CertificateException e) {
+                throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                        "unsupportedCertType");
+            } catch (NoSuchProviderException e) {
+                throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                        "noSecProvider");
+            }
+        }
+        return certFact;
+    }
+
+    /**
+     * Gets the list of certificates for a given alias.
+     * <p/>
+     *
+     * @param alias Lookup certificate chain for this alias
+     * @return Array of X509 certificates for this alias name, or
+     *         null if this alias does not exist in the keystore
+     */
+    public X509Certificate[] getCertificates(String alias) throws WSSecurityException {
+        try {
+            Certificate[] certs = getCertificateChain(alias);
+            if (certs != null && certs.length > 0) {
+                List x509certs = new ArrayList();
+                for (int i = 0; i < certs.length; i++) {
+                    if (certs[i] instanceof X509Certificate) {
+                        x509certs.add(certs[i]);
+                    }
+                }
+                return (X509Certificate[]) x509certs.toArray(new X509Certificate[x509certs.size()]);
+            }
+            // no cert chain, so lets check if getCertificate gives us a  result.
+            Certificate cert = getCertificate(alias);
+            if (cert instanceof X509Certificate) {
+                return new X509Certificate[] { (X509Certificate) cert };
+            }
+            return null;
+        } catch (KeyStoreException e) {
+            throw new WSSecurityException(WSSecurityException.FAILURE, "keystore");
+        }
+    }
+
+    public String getDefaultX509Alias() {
+        return defaultX509Alias;
+    }
+
+    public KeyStore getKeyStore() {
+        return null;
+    }
+
+    /**
+     * Gets the private key identified by <code>alias</> and <code>password</code>.
+     * <p/>
+     *
+     * @param alias    The alias (<code>KeyStore</code>) of the key owner
+     * @param password The password needed to access the private key
+     * @return The private key
+     * @throws Exception
+     */
+    public abstract PrivateKey getPrivateKey(String alias, String password) throws Exception;
+
+    /**
+     * Reads the SubjectKeyIdentifier information from the certificate.
+     * <p/>
+     * If the the certificate does not contain a SKI extension then
+     * try to compute the SKI according to RFC3280 using the
+     * SHA-1 hash value of the public key. The second method described
+     * in RFC3280 is not support. Also only RSA public keys are supported.
+     * If we cannot compute the SKI throw a WSSecurityException.
+     *
+     * @param cert The certificate to read SKI
+     * @return The byte array conating the binary SKI data
+     */
+    public byte[] getSKIBytesFromCert(X509Certificate cert) throws WSSecurityException {
+        /*
+         * Gets the DER-encoded OCTET string for the extension value (extnValue)
+         * identified by the passed-in oid String. The oid string is represented
+         * by a set of positive whole numbers separated by periods.
+         */
+        byte[] derEncodedValue = cert.getExtensionValue(SKI_OID);
+        if (cert.getVersion() < 3 || derEncodedValue == null) {
+            PublicKey key = cert.getPublicKey();
+            if (!(key instanceof RSAPublicKey)) {
+                throw new WSSecurityException(1, "noSKIHandling", new Object[] { "Support for RSA key only" });
+            }
+            byte[] encoded = key.getEncoded();
+            // remove 22-byte algorithm ID and header
+            byte[] value = new byte[encoded.length - 22];
+            System.arraycopy(encoded, 22, value, 0, value.length);
+            MessageDigest sha;
+            try {
+                sha = MessageDigest.getInstance("SHA-1");
+            } catch (NoSuchAlgorithmException ex) {
+                throw new WSSecurityException(1, "noSKIHandling", new Object[] { "Wrong certificate version (<3) and no SHA1 message digest availabe" });
+            }
+            sha.reset();
+            sha.update(value);
+            return sha.digest();
+        }
+        /*
+         * Strip away first four bytes from the DerValue (tag and length of
+         * ExtensionValue OCTET STRING and KeyIdentifier OCTET STRING)
+         */
+        byte abyte0[] = new byte[derEncodedValue.length - 4];
+        System.arraycopy(derEncodedValue, 4, abyte0, 0, abyte0.length);
+        return abyte0;
+    }
+
+    public X509Certificate[] getX509Certificates(byte[] data, boolean reverse) throws WSSecurityException {
+        InputStream in = new ByteArrayInputStream(data);
+        CertPath path = null;
+        try {
+            path = getCertificateFactory().generateCertPath(in);
+        } catch (CertificateException e) {
+            throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                    "parseError");
+        }
+        List l = path.getCertificates();
+        X509Certificate[] certs = new X509Certificate[l.size()];
+        Iterator iterator = l.iterator();
+        for (int i = 0; i < l.size(); i++) {
+            certs[(reverse) ? (l.size() - 1 - i) : i] = (X509Certificate) iterator.next();
+        }
+        return certs;
+    }
+
+    /**
+     * load a X509Certificate from the input stream.
+     * <p/>
+     *
+     * @param in The <code>InputStream</code> array containg the X509 data
+     * @return An X509 certificate
+     * @throws WSSecurityException
+     */
+    public X509Certificate loadCertificate(InputStream in) throws WSSecurityException {
+        X509Certificate cert = null;
+        try {
+            cert = (X509Certificate) getCertificateFactory().generateCertificate(in);
+        } catch (CertificateException e) {
+            throw new WSSecurityException(WSSecurityException.SECURITY_TOKEN_UNAVAILABLE,
+                    "parseError");
+        }
+        return cert;
+    }
+
+    /**
+     * Uses the CertPath API to validate a given certificate chain
+     * <p/>
+     *
+     * @param certs Certificate chain to validate
+     * @return true if the certificate chain is valid, false otherwise
+     * @throws WSSecurityException
+     */
+    public boolean validateCertPath(X509Certificate[] certs) throws WSSecurityException {
+        try {
+            // Generate cert path
+            java.util.List certList = java.util.Arrays.asList(certs);
+            CertPath path = this.getCertificateFactory().generateCertPath(certList);
+
+            // Use the certificates in the keystore as TrustAnchors
+            Set<TrustAnchor> hashSet = new HashSet<TrustAnchor>();
+            String[] aliases = getTrustCertificates();
+            for (int i = 0; i < aliases.length; i++) {
+                Certificate cert = getCertificate(aliases[i]);
+                if (cert instanceof X509Certificate) {
+                    hashSet.add(new TrustAnchor((X509Certificate) cert, null));
+                }
+            }
+            PKIXParameters param = new PKIXParameters(hashSet);
+            // Do not check a revocation list
+            param.setRevocationEnabled(false);
+            // Verify the trust path using the above settings
+            CertPathValidator certPathValidator;
+            if (provider == null || provider.length() == 0) {
+                certPathValidator = CertPathValidator.getInstance("PKIX");
+            } else {
+                certPathValidator = CertPathValidator.getInstance("PKIX", provider);
+            }
+            certPathValidator.validate(path, param);
+        } catch (NoSuchProviderException ex) {
+                throw new WSSecurityException(WSSecurityException.FAILURE,
+                                "certpath", new Object[] { ex.getMessage() },
+                                (Throwable) ex);
+        } catch (NoSuchAlgorithmException ex) {
+                throw new WSSecurityException(WSSecurityException.FAILURE,
+                                "certpath", new Object[] { ex.getMessage() },
+                                (Throwable) ex);
+        } catch (CertificateException ex) {
+                throw new WSSecurityException(WSSecurityException.FAILURE,
+                                "certpath", new Object[] { ex.getMessage() },
+                                (Throwable) ex);
+        } catch (InvalidAlgorithmParameterException ex) {
+                throw new WSSecurityException(WSSecurityException.FAILURE,
+                                "certpath", new Object[] { ex.getMessage() },
+                                (Throwable) ex);
+        } catch (CertPathValidatorException ex) {
+                throw new WSSecurityException(WSSecurityException.FAILURE,
+                                "certpath", new Object[] { ex.getMessage() },
+                                (Throwable) ex);
+        } catch (KeyStoreException ex) {
+                throw new WSSecurityException(WSSecurityException.FAILURE,
+                                "certpath", new Object[] { ex.getMessage() },
+                                (Throwable) ex);
+        }
+
+        return true;
+    }
+
+    protected Vector splitAndTrim(String inString) {
+        X509NameTokenizer nmTokens = new X509NameTokenizer(inString);
+        Vector vr = new Vector();
+
+        while (nmTokens.hasMoreTokens()) {
+            vr.add(nmTokens.nextToken());
+        }
+        java.util.Collections.sort(vr);
+        return vr;
+    }
+    
+    protected Certificate getCertificateChainOrCertificate(String alias) throws KeyStoreException {
+        Certificate[] certs = getCertificateChain(alias);
+        Certificate cert = null;
+        if (certs == null || certs.length == 0) {
+            // no cert chain, so lets check if getCertificate gives us a  result.
+            cert = getCertificate(alias);
+            if (cert == null) {
+                return null;
+            }
+        } else {
+            cert = certs[0];
+        }
+        return cert;
+    }
+    
+    /*
+     * need to check if "getCertificateChain" also finds certificates that are
+     * used for enryption only, i.e. they may not be signed by a CA
+     * Otherwise we must define a restriction how to use certificate:
+     * each certificate must be signed by a CA or is a self signed Certificate
+     * (this should work as well).
+     * --- remains to be tested in several ways --
+     */
+     private String getAliasForX509Cert(String issuer, BigInteger serialNumber,
+                                        boolean useSerialNumber)
+             throws WSSecurityException {
+         Vector issuerRDN = splitAndTrim(issuer);
+         X509Certificate x509cert = null;
+         Vector certRDN = null;
+         Certificate cert = null;
+
+         try {
+             String[] allAliases = getAliases();
+             for (int i = 0; i < allAliases.length; i++) {
+                 String alias = allAliases[i];
+                 cert = getCertificateChainOrCertificate(alias);
+                 if (cert instanceof X509Certificate) {
+                     x509cert = (X509Certificate) cert;
+                     if (!useSerialNumber ||
+                             useSerialNumber && x509cert.getSerialNumber().compareTo(serialNumber) == 0) {
+                         certRDN = splitAndTrim(x509cert.getIssuerDN().getName());
+                         if (certRDN.equals(issuerRDN)) {
+                             return alias;
+                         }
+                     }
+                 }
+             }
+         } catch (KeyStoreException e) {
+             throw new WSSecurityException(WSSecurityException.FAILURE,
+                     "keystore");
+         }
+         return null;
+     }
+
+    protected abstract String[] getAliases() throws KeyStoreException;
+    
+    protected abstract Certificate[] getCertificateChain(String alias) throws KeyStoreException;
+    
+    protected abstract Certificate getCertificate(String alias) throws KeyStoreException;
+
+    protected abstract String getCertificateAlias(Certificate cert) throws KeyStoreException;
+    
+    protected abstract String[] getTrustCertificates() throws KeyStoreException;
+
+}

Added: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/KeystoreInstanceCrypto.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/KeystoreInstanceCrypto.java?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/KeystoreInstanceCrypto.java (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/KeystoreInstanceCrypto.java Tue Jun 13 07:07:20 2006
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.soap.handlers.security;
+
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.servicemix.jbi.security.keystore.KeystoreInstance;
+import org.apache.servicemix.jbi.security.keystore.KeystoreManager;
+
+public class KeystoreInstanceCrypto extends BaseCrypto {
+
+    private KeystoreInstance keystore;
+    
+    public KeystoreInstanceCrypto() {
+    }
+    
+    public KeystoreInstanceCrypto(KeystoreInstance keystore) {
+        this.keystore = keystore;
+    }
+    
+    public KeystoreInstanceCrypto(KeystoreManager keystoreManager, String keystore) {
+        this.keystore = keystoreManager.getKeystore(keystore);
+    }
+    
+    /**
+     * @return the keystore
+     */
+    public KeystoreInstance getKeystore() {
+        return keystore;
+    }
+
+    /**
+     * @param keystore the keystore to set
+     */
+    public void setKeystore(KeystoreInstance keystore) {
+        this.keystore = keystore;
+    }
+
+    protected String[] getAliases() throws KeyStoreException {
+        String[] pks = keystore.listPrivateKeys();
+        String[] tcs = keystore.listTrustCertificates();
+        List aliases = new ArrayList();
+        aliases.addAll(Arrays.asList(pks));
+        aliases.addAll(Arrays.asList(tcs));
+        return (String[]) aliases.toArray(new String[aliases.size()]);
+    }
+
+    protected Certificate getCertificate(String alias) throws KeyStoreException {
+        return keystore.getCertificate(alias);
+    }
+
+    protected String getCertificateAlias(Certificate cert) throws KeyStoreException {
+        return keystore.getCertificateAlias(cert);
+    }
+
+    protected Certificate[] getCertificateChain(String alias) throws KeyStoreException {
+        return keystore.getCertificateChain(alias);
+    }
+
+    public PrivateKey getPrivateKey(String alias, String password) throws Exception {
+        return keystore.getPrivateKey(alias);
+    }
+
+    protected String[] getTrustCertificates() throws KeyStoreException {
+        return keystore.listTrustCertificates();
+    }
+
+}

Added: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/StandaloneCrypto.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/StandaloneCrypto.java?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/StandaloneCrypto.java (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/StandaloneCrypto.java Tue Jun 13 07:07:20 2006
@@ -0,0 +1,188 @@
+/*
+ * Copyright 2005-2006 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.servicemix.soap.handlers.security;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.ws.security.components.crypto.CredentialException;
+import org.springframework.core.io.Resource;
+
+public class StandaloneCrypto extends BaseCrypto {
+
+    private Resource keyStoreUrl;
+    private String keyStoreType;
+    private String keyStorePassword;
+    private KeyStore keyStore;
+    private String keyPassword;
+    
+    /**
+     * @return the keyPassword
+     */
+    public String getKeyPassword() {
+        return keyPassword;
+    }
+
+    /**
+     * @param keyPassword the keyPassword to set
+     */
+    public void setKeyPassword(String keyPassword) {
+        this.keyPassword = keyPassword;
+    }
+
+    /**
+     * @return the keyStorePassword
+     */
+    public String getKeyStorePassword() {
+        return keyStorePassword;
+    }
+
+    /**
+     * @param keyStorePassword the keyStorePassword to set
+     */
+    public void setKeyStorePassword(String keyStorePassword) {
+        this.keyStorePassword = keyStorePassword;
+    }
+
+    /**
+     * @return the keyStoreType
+     */
+    public String getKeyStoreType() {
+        return keyStoreType;
+    }
+
+    /**
+     * @param keyStoreType the keyStoreType to set
+     */
+    public void setKeyStoreType(String keyStoreType) {
+        this.keyStoreType = keyStoreType;
+    }
+
+    /**
+     * @return the keyStoreUrl
+     */
+    public Resource getKeyStoreUrl() {
+        return keyStoreUrl;
+    }
+
+    /**
+     * @param keyStoreUrl the keyStoreUrl to set
+     */
+    public void setKeyStoreUrl(Resource keyStoreUrl) {
+        this.keyStoreUrl = keyStoreUrl;
+    }
+
+    protected String[] getAliases() throws KeyStoreException {
+        List aliases = Collections.list(loadKeyStore().aliases());
+        return (String[]) aliases.toArray(new String[aliases.size()]);
+    }
+
+    protected Certificate getCertificate(String alias) throws KeyStoreException {
+        return loadKeyStore().getCertificate(alias);
+    }
+
+    protected String getCertificateAlias(Certificate cert) throws KeyStoreException {
+        return loadKeyStore().getCertificateAlias(cert);
+    }
+
+    protected Certificate[] getCertificateChain(String alias) throws KeyStoreException {
+        return loadKeyStore().getCertificateChain(alias);
+    }
+
+    public PrivateKey getPrivateKey(String alias, String password) throws Exception {
+        // The password given here is a dummy password
+        // See WSSecurityHandler.DefaultHandler#processSignature
+        password = keyPassword;
+        if (password == null) {
+            password = keyStorePassword;
+        }
+        if (alias == null) {
+            throw new Exception("alias is null");
+        }
+        KeyStore keystore = loadKeyStore();
+        boolean b = keystore.isKeyEntry(alias);
+        if (!b) {
+            throw new Exception("Cannot find key for alias: " + alias);
+        }
+        Key keyTmp = keystore.getKey(alias, (password == null || password.length() == 0) ? new char[0] : password.toCharArray());
+        if (!(keyTmp instanceof PrivateKey)) {
+            throw new Exception("Key is not a private key, alias: " + alias);
+        }
+        return (PrivateKey) keyTmp;
+    }
+
+    protected String[] getTrustCertificates() throws KeyStoreException {
+        KeyStore keystore = loadKeyStore();
+        Set hashSet = new HashSet();
+        Enumeration aliases = keystore.aliases();
+        while (aliases.hasMoreElements()) {
+            String alias = (String) aliases.nextElement();
+            if (keystore.isCertificateEntry(alias)) {
+                hashSet.add(alias);
+            }
+        }
+        return (String[]) hashSet.toArray(new String[hashSet.size()]);
+    }
+    
+    /**
+     * Loads the the keystore.
+     *
+     * @throws CredentialException
+     */
+    public synchronized KeyStore loadKeyStore() throws KeyStoreException {
+        if (keyStore != null) {
+            return keyStore;
+        }
+        if (keyStoreUrl == null) {
+            throw new IllegalArgumentException("keyStoreUrl not specified in this StandaloneCrypto");
+        }
+        InputStream input = null;
+        try {
+            input = keyStoreUrl.getInputStream();
+            String provider = getProvider();
+            String type = keyStoreType != null ? keyStoreType : KeyStore.getDefaultType();
+            if (provider == null || provider.length() == 0) {
+                keyStore = KeyStore.getInstance(type);
+            } else {
+                keyStore = KeyStore.getInstance(type, provider);
+            }
+            keyStore.load(input, (keyStorePassword == null || keyStorePassword.length() == 0) ? new char[0] : keyStorePassword.toCharArray());
+            return keyStore;
+        } catch (IOException e) {
+            throw new KeyStoreException(e);
+        } catch (GeneralSecurityException e) {
+            throw new KeyStoreException(e);
+        } catch (Exception e) {
+            throw new KeyStoreException(e);
+        } finally {
+            if (input != null) {
+                try { input.close(); } catch (Exception ignore) {} 
+            }
+        }
+    }
+
+}

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandler.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandler.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandler.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandler.java Tue Jun 13 07:07:20 2006
@@ -16,38 +16,45 @@
 package org.apache.servicemix.soap.handlers.security;
 
 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Set;
 import java.util.Vector;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.NameCallback;
-import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
-import javax.security.auth.login.LoginContext;
-import javax.security.auth.login.LoginException;
-import javax.xml.transform.Source;
-import javax.xml.transform.dom.DOMSource;
+import javax.xml.namespace.QName;
 
+import org.apache.servicemix.jbi.security.auth.AuthenticationService;
+import org.apache.servicemix.jbi.security.keystore.KeystoreManager;
 import org.apache.servicemix.soap.Context;
 import org.apache.servicemix.soap.Handler;
 import org.apache.servicemix.soap.SoapFault;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSDocInfoStore;
 import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.processor.Processor;
 import org.apache.ws.security.util.WSSecurityUtil;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 /**
  * WS-Security handler.
@@ -59,15 +66,113 @@
 
     private Map properties = new HashMap();
     private String domain = "servicemix-domain";
-
+    private AuthenticationService authenticationService;
     private boolean required;
     private String sendAction;
     private String receiveAction;
     private String actor;
+    private String username;
+    private String keystore;
+    private Crypto crypto;
     private CallbackHandler handler = new DefaultHandler();
     
     private ThreadLocal currentSubject = new ThreadLocal();
 
+    public WSSecurityHandler() {
+        WSSecurityEngine.setWssConfig(new ServiceMixWssConfig());
+    }
+    
+    /**
+     * @return the authenticationService
+     */
+    public AuthenticationService getAuthenticationService() {
+        return authenticationService;
+    }
+
+    /**
+     * @param authenticationService the authenticationService to set
+     */
+    public void setAuthenticationService(AuthenticationService authenticationService) {
+        this.authenticationService = authenticationService;
+    }
+
+    private class ServiceMixWssConfig extends WSSConfig {
+        public Processor getProcessor(QName el) throws WSSecurityException {
+            if (el.equals(WSSecurityEngine.SIGNATURE)) {
+                return new SignatureProcessor();
+            } else {
+                return super.getProcessor(el);
+            }
+        }
+    }
+    
+    private class SignatureProcessor extends org.apache.ws.security.processor.SignatureProcessor {
+        private String signatureId;
+        public void handleToken(Element elem, Crypto crypto, Crypto decCrypto, CallbackHandler cb, WSDocInfo wsDocInfo, Vector returnResults, WSSConfig wsc) throws WSSecurityException {
+            WSDocInfoStore.store(wsDocInfo);
+            X509Certificate[] returnCert = new X509Certificate[1];
+            Set returnElements = new HashSet();
+            byte[][] signatureValue = new byte[1][];
+            Principal lastPrincipalFound = null;
+            try {
+                lastPrincipalFound = verifyXMLSignature((Element) elem,
+                        crypto, returnCert, returnElements, signatureValue);
+                if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) {
+                    WSUsernameTokenPrincipal p = (WSUsernameTokenPrincipal) lastPrincipalFound;
+                    checkUser(p.getName(), p.getPassword());
+                } else {
+                    checkUser(returnCert[0].getSubjectX500Principal().getName(), returnCert[0]);
+                }
+            } catch (GeneralSecurityException e) {
+                throw new WSSecurityException("Unable to authenticate user", e);
+            } finally {
+                WSDocInfoStore.delete(wsDocInfo);
+            }
+            if (lastPrincipalFound instanceof WSUsernameTokenPrincipal) {
+                returnResults.add(0, new WSSecurityEngineResult(
+                        WSConstants.UT_SIGN, lastPrincipalFound, null,
+                        returnElements, signatureValue[0]));
+
+            } else {
+                returnResults.add(0, new WSSecurityEngineResult(
+                        WSConstants.SIGN, lastPrincipalFound,
+                        returnCert[0], returnElements, signatureValue[0]));
+            }
+            signatureId = elem.getAttributeNS(null, "Id");
+        }
+        public String getId() {
+            return signatureId;
+        }
+    }
+    
+    /**
+     * @return the username
+     */
+    public String getUsername() {
+        return username;
+    }
+
+    /**
+     * @param username the username to set
+     */
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    /**
+     * @return the crypto
+     */
+    public Crypto getCrypto() {
+        return crypto;
+    }
+
+    /**
+     * @param crypto the crypto to set
+     */
+    public void setCrypto(Crypto crypto) {
+        this.crypto = crypto;
+    }
+
     /**
      * @return the actor
      */
@@ -155,6 +260,9 @@
     }
 
     public Object getProperty(Object msgContext, String key) {
+        if (WSHandlerConstants.PW_CALLBACK_REF.equals(key)) {
+            return handler;
+        }
         return ((Context) msgContext).getProperty(key); 
     }
 
@@ -166,25 +274,23 @@
         ((Context) msgContext).setProperty(key, value);
     }
 
-    public void onComplete(Context context) {
-        // TODO Auto-generated method stub
-
+    protected Crypto loadDecryptionCrypto(RequestData reqData) throws WSSecurityException {
+        return crypto;
     }
-
-    public void onException(Context context, Exception e) {
-        // TODO Auto-generated method stub
-
+    
+    protected Crypto loadEncryptionCrypto(RequestData reqData) throws WSSecurityException {
+        return crypto;
     }
-
-    public void onFault(Context context) throws Exception {
-        // TODO Auto-generated method stub
-
+    
+    public Crypto loadSignatureCrypto(RequestData reqData) throws WSSecurityException {
+        return crypto;
     }
-
+    
     public void onReceive(Context context) throws Exception {
         RequestData reqData = new RequestData();
-        currentSubject.set(null);
+        init(context);
         try {
+            reqData.setNoSerialization(true);
             reqData.setMsgContext(context);
 
             Vector actions = new Vector();
@@ -194,11 +300,10 @@
             }
             int doAction = WSSecurityUtil.decodeAction(action, actions);
 
-            Source src = context.getInMessage().getSource();
-            if (src instanceof DOMSource == false) {
+            Document doc = context.getInMessage().getDocument();
+            if (doc == null) {
                 throw new IllegalStateException("WSSecurityHandler: The soap message has not been parsed using DOM");
             }
-            Document doc = ((DOMSource) src).getNode().getOwnerDocument();
 
             /*
              * Get and check the Signature specific parameters first because
@@ -324,46 +429,143 @@
 
     public void onReply(Context context) throws Exception {
         // TODO Auto-generated method stub
+        
+    }
+    
+    public void onFault(Context context) throws Exception {
+        // TODO Auto-generated method stub
+
+    }
+
+    public void onSend(Context context) throws Exception {
+        RequestData reqData = new RequestData();
+        reqData.setMsgContext(context);
+        init(context);
+        /*
+         * The overall try, just to have a finally at the end to perform some
+         * housekeeping.
+         */
+        try {
+            /*
+             * Get the action first.
+             */
+            Vector actions = new Vector();
+            String action = this.sendAction;
+            if (action == null) {
+                throw new IllegalStateException("WSSecurityHandler: No sendAction defined");
+            }
+            
+            int doAction = WSSecurityUtil.decodeAction(action, actions);
+            if (doAction == WSConstants.NO_SECURITY) {
+                return;
+            }
+
+            /*
+             * For every action we need a username, so get this now. The
+             * username defined in the deployment descriptor takes precedence.
+             */
+            reqData.setUsername((String) getOption(WSHandlerConstants.USER));
+            if (reqData.getUsername() == null || reqData.getUsername().equals("")) {
+                String username = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.USER);
+                if (username != null) {
+                    reqData.setUsername(username);
+                } else {
+                    reqData.setUsername(this.username);
+                }
+            }
+            
+            /*
+             * Now we perform some set-up for UsernameToken and Signature
+             * functions. No need to do it for encryption only. Check if
+             * username is available and then get a passowrd.
+             */
+            if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0) {
+                /*
+                 * We need a username - if none throw an XFireFault. For
+                 * encryption there is a specific parameter to get a username.
+                 */
+                if (reqData.getUsername() == null || reqData.getUsername().equals("")) {
+                    throw new IllegalStateException("WSSecurityHandler: Empty username for specified action");
+                }
+            }
+            /*
+             * Now get the SOAP part from the request message and convert it
+             * into a Document.
+             * 
+             * Now we can perform our security operations on this request.
+             */
+            Document doc = context.getInMessage().getDocument();
+            if (doc == null) {
+                throw new IllegalStateException("WSSecurityHandler: The soap message has not been parsed using DOM");
+            }
+            
+            doSenderAction(doAction, doc, reqData, actions, true);
+        }
+        catch (WSSecurityException e) {
+            throw new SoapFault(e);
+        }
+        finally {
+            reqData.clear();
+            reqData = null;
+        }
+    }
+
+    public void onAnswer(Context context) {
+        // TODO Auto-generated method stub
 
     }
     
+    protected void checkUser(String user, Object credentials) throws GeneralSecurityException {
+        if (authenticationService == null) {
+            throw new IllegalArgumentException("authenticationService is null");
+        }
+        Subject subject = (Subject) currentSubject.get();
+        if (subject == null) {
+            subject = new Subject();
+            currentSubject.set(subject);
+        }
+        authenticationService.authenticate(subject, domain, user, credentials);
+    }
+
     protected class DefaultHandler extends BaseSecurityCallbackHandler {
 
+        protected void processSignature(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
+            callback.setPassword("");
+        }
+        
         protected void processUsernameTokenUnkown(WSPasswordCallback callback) throws IOException, UnsupportedCallbackException {
-            /* either an not specified 
-             * password type or a password type passwordText. In these both cases <b>only</b>
-             * the password variable is <b>set</>. The callback class now may check if
-             * the username and password match. If they don't match the callback class must
-             * throw an exception. The exception can be a UnsupportedCallbackException or
-             * an IOException.</li>
-             */
-            final String username = callback.getIdentifer();
-            final String password = callback.getPassword();
-            Subject subject = (Subject) currentSubject.get();
-            if (subject == null) {
-                subject = new Subject();
-                currentSubject.set(subject);
-            }
             try {
-                LoginContext loginContext = new LoginContext(domain, subject, new CallbackHandler() {
-                    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-                        for (int i = 0; i < callbacks.length; i++) {
-                            if (callbacks[i] instanceof NameCallback) {
-                                ((NameCallback) callbacks[i]).setName(username);
-                            } else if (callbacks[i] instanceof PasswordCallback) {
-                                ((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
-                            } else {
-                                throw new UnsupportedCallbackException(callbacks[i]);
-                            }
-                        }
-                    }
-                });
-                loginContext.login();
-            } catch (LoginException e) {
+                checkUser(callback.getIdentifer(), callback.getPassword());
+            } catch (GeneralSecurityException e) {
                 throw new UnsupportedCallbackException(callback, "Unable to authenticate user");
             }
         }
-        
+
+    }
+
+    /**
+     * @return the keystore
+     */
+    public String getKeystore() {
+        return keystore;
+    }
+
+    /**
+     * @param keystore the keystore to set
+     */
+    public void setKeystore(String keystore) {
+        this.keystore = keystore;
+    }
+    
+    protected void init(Context context) {
+        currentSubject.set(null);
+        if (context.getProperty(Context.AUTHENTICATION_SERVICE) != null) {
+            setAuthenticationService((AuthenticationService) context.getProperty(Context.AUTHENTICATION_SERVICE));
+        }
+        if (crypto == null && context.getProperty(Context.KEYSTORE_MANAGER) != null) {
+            KeystoreManager km = (KeystoreManager) context.getProperty(Context.KEYSTORE_MANAGER);
+            setCrypto(new KeystoreInstanceCrypto(km, keystore));
+        }
     }
 
 }

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapMessage.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapMessage.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapMessage.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapMessage.java Tue Jun 13 07:07:20 2006
@@ -25,6 +25,7 @@
 import javax.xml.transform.Source;
 
 import org.apache.servicemix.soap.SoapFault;
+import org.w3c.dom.Document;
 import org.w3c.dom.DocumentFragment;
 
 /**
@@ -43,8 +44,21 @@
 	private Map headers;
 	private SoapFault fault;
     private Subject subject;
+    private Document document;
 	
 	/**
+     * @return the document
+     */
+    public Document getDocument() {
+        return document;
+    }
+    /**
+     * @param document the document to set
+     */
+    public void setDocument(Document document) {
+        this.document = document;
+    }
+    /**
      * @return the subject
      */
     public Subject getSubject() {

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapReader.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapReader.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapReader.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapReader.java Tue Jun 13 07:07:20 2006
@@ -92,6 +92,7 @@
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         Document doc = factory.newDocumentBuilder().parse(is);
+        message.setDocument(doc);
         Element env = doc.getDocumentElement();
         QName envName = DOMUtil.getQName(env);
         if (!envName.getLocalPart().equals(SoapMarshaler.ENVELOPE)) {

Modified: incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapWriter.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapWriter.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapWriter.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/main/java/org/apache/servicemix/soap/marshalers/SoapWriter.java Tue Jun 13 07:07:20 2006
@@ -161,7 +161,7 @@
         mime.writeTo(os, headers);
     }
 
-    private void writeSoapEnvelope(XMLStreamWriter writer) throws Exception {
+    public void writeSoapEnvelope(XMLStreamWriter writer) throws Exception {
         QName envelope = getEnvelopeName();
         String soapUri = envelope.getNamespaceURI();
         String soapPrefix = envelope.getPrefix();

Modified: incubator/servicemix/trunk/servicemix-soap/src/test/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandlerTest.java
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandlerTest.java?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/test/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandlerTest.java (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/test/java/org/apache/servicemix/soap/handlers/security/WSSecurityHandlerTest.java Tue Jun 13 07:07:20 2006
@@ -22,14 +22,24 @@
 
 import junit.framework.TestCase;
 
+import org.apache.servicemix.jbi.jaxp.StringSource;
+import org.apache.servicemix.jbi.jaxp.W3CDOMStreamWriter;
+import org.apache.servicemix.jbi.security.auth.impl.JAASAuthenticationService;
+import org.apache.servicemix.jbi.util.DOMUtil;
 import org.apache.servicemix.soap.Context;
+import org.apache.servicemix.soap.SoapFault;
 import org.apache.servicemix.soap.marshalers.SoapMarshaler;
 import org.apache.servicemix.soap.marshalers.SoapMessage;
 import org.apache.servicemix.soap.marshalers.SoapReader;
+import org.apache.servicemix.soap.marshalers.SoapWriter;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
+import org.springframework.core.io.ClassPathResource;
+import org.w3c.dom.Document;
+
+import sun.security.x509.X500Name;
 
 public class WSSecurityHandlerTest extends TestCase {
     
@@ -53,6 +63,7 @@
         ctx.setInMessage(msg);
         
         WSSecurityHandler handler = new WSSecurityHandler();
+        handler.setAuthenticationService(new JAASAuthenticationService());
         handler.setReceiveAction(WSHandlerConstants.USERNAME_TOKEN);
         handler.onReceive(ctx);
         List l = (List) ctx.getProperty(WSHandlerConstants.RECV_RESULTS);
@@ -72,6 +83,109 @@
         assertNotNull(ctx.getInMessage().getSubject());
         assertNotNull(ctx.getInMessage().getSubject().getPrincipals());
         assertTrue(ctx.getInMessage().getSubject().getPrincipals().size() > 0);
+    }
+    
+    public void testSignatureRoundtrip() throws Exception {
+        SoapMarshaler marshaler = new SoapMarshaler(true, true);
+        SoapMessage msg = new SoapMessage();
+        Context ctx = new Context();
+        ctx.setInMessage(msg);
+        msg.setSource(new StringSource("<hello>world</hello>"));
+        SoapWriter writer = marshaler.createWriter(ctx.getInMessage());
+        W3CDOMStreamWriter domWriter = new W3CDOMStreamWriter(); 
+        writer.writeSoapEnvelope(domWriter);
+        ctx.getInMessage().setDocument(domWriter.getDocument());
+        
+        StandaloneCrypto crypto = new StandaloneCrypto();
+        crypto.setKeyStoreUrl(new ClassPathResource("privatestore.jks"));
+        crypto.setKeyStorePassword("keyStorePassword");
+        WSSecurityHandler handler = new WSSecurityHandler();
+        handler.setAuthenticationService(new JAASAuthenticationService());
+        handler.setCrypto(crypto);
+        handler.setUsername("myalias");
+        crypto.setKeyPassword("myAliasPassword");
+        handler.setSendAction(WSHandlerConstants.SIGNATURE);
+        handler.onSend(ctx);
+        
+        Document doc = ctx.getInMessage().getDocument();
+        System.err.println(DOMUtil.asXML(doc));
+        
+        handler.setReceiveAction(WSHandlerConstants.SIGNATURE);
+        handler.onReceive(ctx);
+        List l = (List) ctx.getProperty(WSHandlerConstants.RECV_RESULTS);
+        assertNotNull(l);
+        assertEquals(1, l.size());
+        WSHandlerResult result = (WSHandlerResult) l.get(0);
+        assertNotNull(result);
+        assertNotNull(result.getResults());
+        assertEquals(1, result.getResults().size());
+        WSSecurityEngineResult engResult = (WSSecurityEngineResult) result.getResults().get(0);
+        assertNotNull(engResult);
+        Principal principal = engResult.getPrincipal();
+        assertNotNull(principal);
+        assertTrue(principal instanceof X500Name);
+        assertEquals("CN=myAlias", ((X500Name) principal).getName());
+        assertNotNull(ctx.getInMessage().getSubject());
+        assertNotNull(ctx.getInMessage().getSubject().getPrincipals());
+        assertTrue(ctx.getInMessage().getSubject().getPrincipals().size() > 0);
+    }
+    
+    public void testSignatureServer() throws Exception {
+        SoapMarshaler marshaler = new SoapMarshaler(true, true);
+        SoapReader reader = marshaler.createReader();
+        SoapMessage msg = reader.read(getClass().getResourceAsStream("signed.xml"));
+        Context ctx = new Context();
+        ctx.setInMessage(msg);
+        
+        StandaloneCrypto crypto = new StandaloneCrypto();
+        crypto.setKeyStoreUrl(new ClassPathResource("privatestore.jks"));
+        crypto.setKeyStorePassword("keyStorePassword");
+        WSSecurityHandler handler = new WSSecurityHandler();
+        handler.setAuthenticationService(new JAASAuthenticationService());
+        handler.setCrypto(crypto);
+        handler.setUsername("myalias");
+        crypto.setKeyPassword("myAliasPassword");
+        handler.setReceiveAction(WSHandlerConstants.SIGNATURE);
+        handler.onReceive(ctx);
+        List l = (List) ctx.getProperty(WSHandlerConstants.RECV_RESULTS);
+        assertNotNull(l);
+        assertEquals(1, l.size());
+        WSHandlerResult result = (WSHandlerResult) l.get(0);
+        assertNotNull(result);
+        assertNotNull(result.getResults());
+        assertEquals(1, result.getResults().size());
+        WSSecurityEngineResult engResult = (WSSecurityEngineResult) result.getResults().get(0);
+        assertNotNull(engResult);
+        Principal principal = engResult.getPrincipal();
+        assertNotNull(principal);
+        assertTrue(principal instanceof X500Name);
+        assertEquals("CN=myAlias", ((X500Name) principal).getName());
+        assertNotNull(ctx.getInMessage().getSubject());
+        assertNotNull(ctx.getInMessage().getSubject().getPrincipals());
+        assertTrue(ctx.getInMessage().getSubject().getPrincipals().size() > 0);
+    }
+    
+    public void testBadSignatureServer() throws Exception {
+        SoapMarshaler marshaler = new SoapMarshaler(true, true);
+        SoapReader reader = marshaler.createReader();
+        SoapMessage msg = reader.read(getClass().getResourceAsStream("signed-bad.xml"));
+        Context ctx = new Context();
+        ctx.setInMessage(msg);
+        
+        StandaloneCrypto crypto = new StandaloneCrypto();
+        crypto.setKeyStoreUrl(new ClassPathResource("privatestore.jks"));
+        crypto.setKeyStorePassword("keyStorePassword");
+        WSSecurityHandler handler = new WSSecurityHandler();
+        handler.setCrypto(crypto);
+        handler.setUsername("myalias");
+        crypto.setKeyPassword("myAliasPassword");
+        handler.setReceiveAction(WSHandlerConstants.SIGNATURE);
+        try {
+            handler.onReceive(ctx);
+            fail("Signature verification should have failed");
+        } catch (SoapFault f) {
+            // ok
+        }
     }
     
 }

Modified: incubator/servicemix/trunk/servicemix-soap/src/test/resources/login.properties
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/resources/login.properties?rev=413900&r1=413899&r2=413900&view=diff
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/test/resources/login.properties (original)
+++ incubator/servicemix/trunk/servicemix-soap/src/test/resources/login.properties Tue Jun 13 07:07:20 2006
@@ -1,6 +1,12 @@
 servicemix-domain {
-    org.apache.servicemix.jbi.security.PropertiesLoginModule required
-        debug=true
-        org.apache.servicemix.security.properties.user="users.properties"
+    org.apache.servicemix.jbi.security.PropertiesLoginModule 
+        sufficient
+        org.apache.servicemix.security.properties.user="usersp.properties"
         org.apache.servicemix.security.properties.group="groups.properties";
+    
+    org.apache.servicemix.jbi.security.CertificatesLoginModule 
+        sufficient
+        org.apache.servicemix.security.certificates.user="usersc.properties"
+        org.apache.servicemix.security.certificates.group="groups.properties";
+   
 };

Added: incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed-bad.xml
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed-bad.xml?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed-bad.xml (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed-bad.xml Tue Jun 13 07:07:20 2006
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
+<env:Header>
+<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="true"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8687308">
+<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+<ds:Reference URI="#id-26760685" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">fD7r9twmt+QI7+9EPHFeJAZ22P0=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+bjj+tlszWLnjyf41Lv9xZMm3073hOKSiPQiw9Lafi2X7m5uFDkipQtxzVa6JHrRo3gpsoKQymhZ/
+ML3/GbwCyCxqUV76rXn9ePhvGzQkQa3zL4g98hqpshmrbGmhoUpqlgvSk8gIIJJEvpiVaxR6WTz+
+KUOkE9G4pAwWaEqzJ8Y=
+</ds:SignatureValue>
+<ds:KeyInfo Id="KeyId-2972067" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-12129459" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=myAlias</ds:X509IssuerName>
+
+<ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1146191984</ds:X509SerialNumber>
+</ds:X509IssuerSerial>
+</ds:X509Data></wsse:SecurityTokenReference>
+</ds:KeyInfo>
+</ds:Signature></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-26760685"><hello xmlns="">world2</hello></env:Body></env:Envelope>

Added: incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed.xml
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed.xml?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed.xml (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/test/resources/org/apache/servicemix/soap/handlers/security/signed.xml Tue Jun 13 07:07:20 2006
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
+<env:Header>
+<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="true"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8687308">
+<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+<ds:Reference URI="#id-26760685" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">fD7r9twmt+QI7+9EPHFeJAZ22P0=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+bjj+tlszWLnjyf41Lv9xZMm3073hOKSiPQiw9Lafi2X7m5uFDkipQtxzVa6JHrRo3gpsoKQymhZ/
+ML3/GbwCyCxqUV76rXn9ePhvGzQkQa3zL4g98hqpshmrbGmhoUpqlgvSk8gIIJJEvpiVaxR6WTz+
+KUOkE9G4pAwWaEqzJ8Y=
+</ds:SignatureValue>
+<ds:KeyInfo Id="KeyId-2972067" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-12129459" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:X509IssuerSerial xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:X509IssuerName xmlns:ds="http://www.w3.org/2000/09/xmldsig#">CN=myAlias</ds:X509IssuerName>
+
+<ds:X509SerialNumber xmlns:ds="http://www.w3.org/2000/09/xmldsig#">1146191984</ds:X509SerialNumber>
+</ds:X509IssuerSerial>
+</ds:X509Data></wsse:SecurityTokenReference>
+</ds:KeyInfo>
+</ds:Signature></wsse:Security></env:Header><env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-26760685"><hello xmlns="">world</hello></env:Body></env:Envelope>

Added: incubator/servicemix/trunk/servicemix-soap/src/test/resources/privatestore.jks
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/resources/privatestore.jks?rev=413900&view=auto
==============================================================================
Binary file - no diff available.

Propchange: incubator/servicemix/trunk/servicemix-soap/src/test/resources/privatestore.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersc.properties
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersc.properties?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersc.properties (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersc.properties Tue Jun 13 07:07:20 2006
@@ -0,0 +1,3 @@
+first=CN=myAlias
+second=CN=anotherAlias
+third=CN=lastAlias
\ No newline at end of file

Added: incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersp.properties
URL: http://svn.apache.org/viewvc/incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersp.properties?rev=413900&view=auto
==============================================================================
--- incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersp.properties (added)
+++ incubator/servicemix/trunk/servicemix-soap/src/test/resources/usersp.properties Tue Jun 13 07:07:20 2006
@@ -0,0 +1,3 @@
+first=secret
+second=password
+third=another
\ No newline at end of file



Mime
View raw message