[CXF-3970] Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.4.4
Fix Version/s: 2.4.5, 2.5.1
Component/s: WS-* Components
Labels:
- patch
- security
Environment:

CXF supported environments

Estimated Complexity:
Novice

Description

This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
InitiatorSignatureToken is already supported in patch ~~CXF-3960~~.
The following is an example that uses all four assertions

  <wsp:Policy
    wsu:Id="UsernameToken"
    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
      <wsp:All>
        <sp:AsymmetricBinding>
          <wsp:Policy>
            <sp:InitiatorSignatureToken>
              <wsp:Policy>
                <sp:X509Token
                  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                  <wsp:Policy>
                    <sp:RequireThumbprintReference />
                    <sp:WssX509V3Token10 />
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:InitiatorSignatureToken>
            <sp:InitiatorEncryptionToken>
              <wsp:Policy>
                <sp:X509Token
                  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                  <wsp:Policy>
                    <sp:RequireThumbprintReference />
                    <sp:WssX509V3Token10 />
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:InitiatorEncryptionToken>
            <sp:RecipientSignatureToken>
              <wsp:Policy>
                <sp:X509Token
                  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                  <wsp:Policy>
                    <sp:RequireThumbprintReference />
                    <sp:WssX509V3Token10 />
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:RecipientSignatureToken>
            <sp:RecipientEncryptionToken>
              <wsp:Policy>
                <sp:X509Token
                  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                  <wsp:Policy>
                    <sp:RequireThumbprintReference />
                    <sp:WssX509V3Token10 />
                  </wsp:Policy>
                </sp:X509Token>
              </wsp:Policy>
            </sp:RecipientEncryptionToken>
            <sp:AlgorithmSuite>
              <wsp:Policy>
                <sp:TripleDesRsa15 />
              </wsp:Policy>
            </sp:AlgorithmSuite>
            <sp:Layout>
              <wsp:Policy>
                <sp:Lax />
              </wsp:Policy>
            </sp:Layout>
            <sp:IncludeTimestamp />
            <sp:OnlySignEntireHeadersAndBody />
          </wsp:Policy>
        </sp:AsymmetricBinding>
        <sp1:SignedParts
          xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <sp:Body />
        </sp1:SignedParts>
        <sp1:EncryptedParts
          xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
          <sp:Body />
        </sp1:EncryptedParts>
      </wsp:All>
    </wsp:ExactlyOne>
  </wsp:Policy>

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

patch.txt
10/Dec/11 03:01
57 kB
Vinay Penmatsa
DoubleItX509Signature.wsdl
10/Dec/11 03:06
6 kB
Vinay Penmatsa

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Vinay Penmatsa

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 10/Dec/11 03:00

Updated:: 19/Dec/11 16:15

Resolved:: 12/Dec/11 13:48