diff options
Diffstat (limited to 'neethi/test/test-resources')
-rw-r--r-- | neethi/test/test-resources/different-level-policies.xml | 109 | ||||
-rw-r--r-- | neethi/test/test-resources/echo-services.xml | 115 | ||||
-rw-r--r-- | neethi/test/test-resources/message-services-sc.xml | 116 | ||||
-rw-r--r-- | neethi/test/test-resources/services-1.xml | 51 | ||||
-rw-r--r-- | neethi/test/test-resources/services-2.xml | 76 | ||||
-rw-r--r-- | neethi/test/test-resources/services-3.xml | 88 | ||||
-rw-r--r-- | neethi/test/test-resources/services-4.xml | 89 | ||||
-rw-r--r-- | neethi/test/test-resources/services-5.xml | 89 | ||||
-rw-r--r-- | neethi/test/test-resources/services-6.xml | 86 | ||||
-rw-r--r-- | neethi/test/test-resources/services-7.xml | 89 | ||||
-rw-r--r-- | neethi/test/test-resources/services-8.xml | 89 | ||||
-rw-r--r-- | neethi/test/test-resources/services-9.xml | 87 | ||||
-rw-r--r-- | neethi/test/test-resources/services-sc-1.xml | 176 | ||||
-rw-r--r-- | neethi/test/test-resources/services-sc-2.xml | 186 |
14 files changed, 1446 insertions, 0 deletions
diff --git a/neethi/test/test-resources/different-level-policies.xml b/neethi/test/test-resources/different-level-policies.xml new file mode 100644 index 0000000..de5a707 --- /dev/null +++ b/neethi/test/test-resources/different-level-policies.xml @@ -0,0 +1,109 @@ +<service name="sec_echo"> + <parameter name="ServiceClass" locked="xsd:false">sec_echo</parameter> + + <description> + This is a testing service , to test the system is working or not + </description> + <module ref="rampart"/> + <operation name="echoString"> + <parameter name="wsamapping">http://example.com/ws/2004/09/policy/Test/EchoRequest</parameter> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + <!--message label="in"> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + </message--> + <!--message label="out"> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + </message--> + </operation> + + <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256Rsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <!--sp:EncryptSignature/--> + <!--sp:EncryptBeforeSigning/--> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/> + </wsp:Policy> + </sp:SignedSupportingTokens> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefEmbeddedToken/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <!--sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts--> + <!--sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts--> + <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy"> + <rampc:User>Bob</rampc:User> + <rampc:TimeToLive>360</rampc:TimeToLive> + <rampc:EncryptionUser>b</rampc:EncryptionUser> + <rampc:PasswordType>Digest</rampc:PasswordType> + <rampc:PasswordCallbackClass>/home/manjula/axis2/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass> + <rampc:ReceiverCertificate>/home/manjula/axis2/c/deploy/bin/samples/rampart/keys/bhome/alice_cert.cert</rampc:ReceiverCertificate> + <rampc:Certificate>/home/manjula/axis2/c/deploy/bin/samples/rampart/keys/bhome/bob_cert.cert</rampc:Certificate> + <rampc:PrivateKey>/home/manjula/axis2/c/deploy/bin/samples/rampart/keys/bhome/bob_key.pem</rampc:PrivateKey> + </rampc:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</service> diff --git a/neethi/test/test-resources/echo-services.xml b/neethi/test/test-resources/echo-services.xml new file mode 100644 index 0000000..c7fc88b --- /dev/null +++ b/neethi/test/test-resources/echo-services.xml @@ -0,0 +1,115 @@ +<service name="echo"> + <parameter name="ServiceClass" locked="xsd:false">echo</parameter> + + <description> + This is a testing service , to test the system is working or not + </description> + + <operation name="echoString"> + <parameter name="wsamapping" >http://ws.apache.org/axis2/c/samples/echoString</parameter> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + <message label="in"> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + </message> + <message label="out"> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + </message> + </operation> + + <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/message-services-sc.xml b/neethi/test/test-resources/message-services-sc.xml new file mode 100644 index 0000000..2f293df --- /dev/null +++ b/neethi/test/test-resources/message-services-sc.xml @@ -0,0 +1,116 @@ +<service name="SecureService3"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + <message label="in"> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + </message> + <message label="out"> + <wsp:Policy wsu:Id="SigEncrMessage" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:Policy> + </message> + </operation> + + <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/services-1.xml b/neethi/test/test-resources/services-1.xml new file mode 100644 index 0000000..4c727d3 --- /dev/null +++ b/neethi/test/test-resources/services-1.xml @@ -0,0 +1,51 @@ +<service name="SecureService1"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:TransportToken> + <wsp:Policy> + <sp:HttpsToken RequireClientCertificate="false"/> + </wsp:Policy> + </sp:TransportToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + </wsp:Policy> + </sp:TransportBinding> + <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" /> + </wsp:Policy> + </sp:SignedSupportingTokens> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/services-2.xml b/neethi/test/test-resources/services-2.xml new file mode 100644 index 0000000..ec80dd5 --- /dev/null +++ b/neethi/test/test-resources/services-2.xml @@ -0,0 +1,76 @@ +<service name="SecureService2"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + </ramp:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/services-3.xml b/neethi/test/test-resources/services-3.xml new file mode 100644 index 0000000..3d1bf60 --- /dev/null +++ b/neethi/test/test-resources/services-3.xml @@ -0,0 +1,88 @@ +<service name="SecureService3"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/services-4.xml b/neethi/test/test-resources/services-4.xml new file mode 100644 index 0000000..537164f --- /dev/null +++ b/neethi/test/test-resources/services-4.xml @@ -0,0 +1,89 @@ +<service name="SecureService4"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + +<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptBeforeSigning /> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> +</wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/services-5.xml b/neethi/test/test-resources/services-5.xml new file mode 100644 index 0000000..64fcecb --- /dev/null +++ b/neethi/test/test-resources/services-5.xml @@ -0,0 +1,89 @@ +<service name="SecureService5"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + +</service> diff --git a/neethi/test/test-resources/services-6.xml b/neethi/test/test-resources/services-6.xml new file mode 100644 index 0000000..ff37936 --- /dev/null +++ b/neethi/test/test-resources/services-6.xml @@ -0,0 +1,86 @@ +<service name="SecureService6"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDesRsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</service> diff --git a/neethi/test/test-resources/services-7.xml b/neethi/test/test-resources/services-7.xml new file mode 100644 index 0000000..b476623 --- /dev/null +++ b/neethi/test/test-resources/services-7.xml @@ -0,0 +1,89 @@ +<service name="SecureService7"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDesRsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</service> diff --git a/neethi/test/test-resources/services-8.xml b/neethi/test/test-resources/services-8.xml new file mode 100644 index 0000000..5e67653 --- /dev/null +++ b/neethi/test/test-resources/services-8.xml @@ -0,0 +1,89 @@ +<service name="SecureService8"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDesRsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</service> diff --git a/neethi/test/test-resources/services-9.xml b/neethi/test/test-resources/services-9.xml new file mode 100644 index 0000000..fbf1eda --- /dev/null +++ b/neethi/test/test-resources/services-9.xml @@ -0,0 +1,87 @@ +<service name="SecureService9"> + + <module ref="addressing"/> + <module ref="rampart"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDesRsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature /> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> +</service> diff --git a/neethi/test/test-resources/services-sc-1.xml b/neethi/test/test-resources/services-sc-1.xml new file mode 100644 index 0000000..1bd254f --- /dev/null +++ b/neethi/test/test-resources/services-sc-1.xml @@ -0,0 +1,176 @@ +<service name="SecureServiceSC1"> + + <module ref="addressing"/> + <module ref="rampart"/> + <module ref="rahas"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:BootstrapPolicy> + <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:InitiatorToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:InitiatorToken> + <sp:RecipientToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:RecipientToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:TripleDesRsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:AsymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:SignedParts> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + </sp:BootstrapPolicy> + </wsp:Policy> + </sp:SecureConversationToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic256/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Lax/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + </wsp:Policy> + </sp:Wss10> + <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust10> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>alice</ramp:user> + <ramp:encryptionUser>bob</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + </ramp:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <parameter name="sct-issuer-config"> + <sct-issuer-config> + <cryptoProperties> + <crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> + <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property> + <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property> + </crypto> + </cryptoProperties> + <addRequestedAttachedRef /> + <addRequestedUnattachedRef /> + + <!-- + Key computation mechanism + 1 - Use Request Entropy + 2 - Provide Entropy + 3 - Use Own Key + --> + <keyComputation>3</keyComputation> + + <!-- + proofKeyType element is valid only if the keyComputation is set to 3 + i.e. Use Own Key + + Valid values are: EncryptedKey & BinarySecret + --> + <proofKeyType>BinarySecret</proofKeyType> + </sct-issuer-config> + </parameter> + + <parameter name="token-canceler-config"> + <token-canceler-config> + <!--<proofToken>EncryptedKey</proofToken>--> + <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>--> + <!--<addRequestedAttachedRef />--> + </token-canceler-config> + </parameter> + + +</service> diff --git a/neethi/test/test-resources/services-sc-2.xml b/neethi/test/test-resources/services-sc-2.xml new file mode 100644 index 0000000..2d0febe --- /dev/null +++ b/neethi/test/test-resources/services-sc-2.xml @@ -0,0 +1,186 @@ +<service name="SecureServiceSC2"> + + <module ref="addressing"/> + <module ref="rampart"/> + <module ref="rahas"/> + + <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> + + <operation name="echo"> + <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> + <actionMapping>urn:echo</actionMapping> + </operation> + + <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> + <wsp:ExactlyOne> + <wsp:All> + <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:BootstrapPolicy> + <wsp:Policy> + <sp:EncryptedParts> + <sp:Body/> + </sp:EncryptedParts> + <sp:SymmetricBinding> + <wsp:Policy> + <sp:ProtectionToken> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> + <wsp:Policy> + <sp:RequireDerivedKeys/> + <sp:RequireThumbprintReference/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128Rsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:EndorsingSupportingTokens> + <wsp:Policy> + <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> + <wsp:Policy> + <sp:RequireThumbprintReference/> + <sp:WssX509V3Token10/> + </wsp:Policy> + </sp:X509Token> + </wsp:Policy> + </sp:EndorsingSupportingTokens> + <sp:Wss11> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + <sp:RequireSignatureConfirmation/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust10> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust10> + </wsp:Policy> + </sp:BootstrapPolicy> + </wsp:Policy> + </sp:SecureConversationToken> + </wsp:Policy> + </sp:ProtectionToken> + <sp:AlgorithmSuite> + <wsp:Policy> + <sp:Basic128Rsa15/> + </wsp:Policy> + </sp:AlgorithmSuite> + <sp:Layout> + <wsp:Policy> + <sp:Strict/> + </wsp:Policy> + </sp:Layout> + <sp:IncludeTimestamp/> + <sp:EncryptSignature/> + <sp:OnlySignEntireHeadersAndBody/> + </wsp:Policy> + </sp:SymmetricBinding> + <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportRefKeyIdentifier/> + <sp:MustSupportRefIssuerSerial/> + <sp:MustSupportRefThumbprint/> + <sp:MustSupportRefEncryptedKey/> + </wsp:Policy> + </sp:Wss11> + <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <wsp:Policy> + <sp:MustSupportIssuedTokens/> + <sp:RequireClientEntropy/> + <sp:RequireServerEntropy/> + </wsp:Policy> + </sp:Trust10> + <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> + <sp:Body/> + </sp:EncryptedParts> + <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> + <ramp:user>bob</ramp:user> + <ramp:encryptionUser>alice</ramp:encryptionUser> + <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> + + <ramp:signatureCrypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:signatureCrypto> + <ramp:encryptionCypto> + <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> + <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> + </ramp:crypto> + </ramp:encryptionCypto> + + </ramp:RampartConfig> + </wsp:All> + </wsp:ExactlyOne> + </wsp:Policy> + + <parameter name="sct-issuer-config"> + <sct-issuer-config> + <cryptoProperties> + <crypto provider="org.apache.ws.security.components.crypto.Merlin"> + <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> + <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property> + <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property> + </crypto> + </cryptoProperties> + <addRequestedAttachedRef /> + <addRequestedUnattachedRef /> + + <!-- + Key computation mechanism + 1 - Use Request Entropy + 2 - Provide Entropy + 3 - Use Own Key + --> + <keyComputation>3</keyComputation> + + <!-- + proofKeyType element is valid only if the keyComputation is set to 3 + i.e. Use Own Key + + Valid values are: EncryptedKey & BinarySecret + --> + <proofKeyType>BinarySecret</proofKeyType> + </sct-issuer-config> + </parameter> + + <parameter name="token-canceler-config"> + <token-canceler-config> + <!--<proofToken>EncryptedKey</proofToken>--> + <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>--> + <!--<addRequestedAttachedRef />--> + </token-canceler-config> + </parameter> + + +</service> |