Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3970

Patch: InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken support in WS Sec Policy

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.4.4
    • 2.4.5, 2.5.1
    • WS-* Components
    • CXF supported environments

    • Novice

    Description

      This patch adds support for InitiatorEncryptionToken, RecipientSignatureToken, RecipientEncryptionToken.
      InitiatorSignatureToken is already supported in patch CXF-3960.
      The following is an example that uses all four assertions

        <wsp:Policy
          wsu:Id="UsernameToken"
          xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
          xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
          xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <wsp:ExactlyOne>
            <wsp:All>
              <sp:AsymmetricBinding>
                <wsp:Policy>
                  <sp:InitiatorSignatureToken>
                    <wsp:Policy>
                      <sp:X509Token
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
                        <wsp:Policy>
                          <sp:RequireThumbprintReference />
                          <sp:WssX509V3Token10 />
                        </wsp:Policy>
                      </sp:X509Token>
                    </wsp:Policy>
                  </sp:InitiatorSignatureToken>
                  <sp:InitiatorEncryptionToken>
                    <wsp:Policy>
                      <sp:X509Token
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                        <wsp:Policy>
                          <sp:RequireThumbprintReference />
                          <sp:WssX509V3Token10 />
                        </wsp:Policy>
                      </sp:X509Token>
                    </wsp:Policy>
                  </sp:InitiatorEncryptionToken>
                  <sp:RecipientSignatureToken>
                    <wsp:Policy>
                      <sp:X509Token
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                        <wsp:Policy>
                          <sp:RequireThumbprintReference />
                          <sp:WssX509V3Token10 />
                        </wsp:Policy>
                      </sp:X509Token>
                    </wsp:Policy>
                  </sp:RecipientSignatureToken>
                  <sp:RecipientEncryptionToken>
                    <wsp:Policy>
                      <sp:X509Token
                        sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Always">
                        <wsp:Policy>
                          <sp:RequireThumbprintReference />
                          <sp:WssX509V3Token10 />
                        </wsp:Policy>
                      </sp:X509Token>
                    </wsp:Policy>
                  </sp:RecipientEncryptionToken>
                  <sp:AlgorithmSuite>
                    <wsp:Policy>
                      <sp:TripleDesRsa15 />
                    </wsp:Policy>
                  </sp:AlgorithmSuite>
                  <sp:Layout>
                    <wsp:Policy>
                      <sp:Lax />
                    </wsp:Policy>
                  </sp:Layout>
                  <sp:IncludeTimestamp />
                  <sp:OnlySignEntireHeadersAndBody />
                </wsp:Policy>
              </sp:AsymmetricBinding>
              <sp1:SignedParts
                xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <sp:Body />
              </sp1:SignedParts>
              <sp1:EncryptedParts
                xmlns:sp1="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                <sp:Body />
              </sp1:EncryptedParts>
            </wsp:All>
          </wsp:ExactlyOne>
        </wsp:Policy>
      

      Attachments

        1. patch.txt
          57 kB
          Vinay Penmatsa
        2. DoubleItX509Signature.wsdl
          6 kB
          Vinay Penmatsa

        Activity

          People

            coheigea Colm O hEigeartaigh
            vpenmatsa Vinay Penmatsa
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: