Google Git
Sign in
apache / ws-wss4j / 988a019d98eac36176d32c7358939ce3e07350ac / . / trunk / interop / org / apache / ws / axis / oasis / Client_deploy.wsdd
blob: a6f6fae7f7a281b76bbe3915890d652b15306e80 [file] [log] [blame]
<deployment xmlns="http://xml.apache.org/axis/wsdd/"
xmlns:java="http://xml.apache.org/axis/wsdd/providers/java">
<!--
Usage of cert/key identifiers (parameter: user / encryptionUser):
For the interop tests we have two different certificate/key pairs:
Server certificate:
contained in bob.pfx
identified with: bob
Client certificate:
contained in alice.pfx
identified with: alice
The Server uses it's certificate/private key to sign its request, the client
uses the server's certificate/pub key to encrypt requests
The client uses it's certificate/private key to sign its request, the server
uses the client's certificate/pub key to encrypt responses-
-->
<!-- define the service, using the WSDoAllSender security handler in request flow -->
<service name="Ping1">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="user" value="Chris"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="action" value="UsernameToken"/>
<parameter name="passwordType" value="PasswordText" />
</handler>
</requestFlow>
</service>
<service name="Ping2">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameToken Encrypt"/>
<parameter name="user" value="Chris"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="passwordType" value="PasswordText" />
<parameter name="addUTElements" value="Nonce Created" />
<parameter name="encryptionPropFile" value="wsstest.properties" />
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<!-- Use the Server's cert/key to encrypt the request -->
<parameter name="encryptionUser" value="bob" />
<parameter name="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />
</handler>
</requestFlow>
</service>
<service name="Ping2a">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameTokenSignature Encrypt Timestamp"/>
<parameter name="user" value="Chris"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="encryptionPropFile" value="wsstest.properties" />
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<!-- Use the Server's cert/key to encrypt the request -->
<parameter name="encryptionUser" value="bob" />
<parameter name="encryptionParts"
value="{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />
</handler>
</requestFlow>
</service>
<service name="Ping2b">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="UsernameTokenSignature Timestamp"/>
<parameter name="user" value="Chris"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="passwordType" value="PasswordDigest" />
<parameter name="signatureParts"
value="Body;{}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken" />
</handler>
</requestFlow>
</service>
<service name="Ping3">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt Timestamp"/>
<!-- Use the Client's cert/key to sign the request -->
<parameter name="user" value="alice"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signaturePropFile" value="wsstest.properties" />
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<parameter name="encryptionUser" value="bob" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="wsstest.properties" />
</handler>
</responseFlow>
</service>
<service name="Ping4">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt Timestamp"/>
<!-- Use the Client's cert/key to sign the request -->
<parameter name="user" value="alice"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signaturePropFile" value="wsstest.properties" />
<parameter name="encryptionKeyIdentifier" value="EmbeddedKeyName" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<parameter name="EmbeddedKeyCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1" />
<parameter name="EmbeddedKeyName" value="SessionKey" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="wsstest.properties" />
</handler>
</responseFlow>
</service>
<service name="Ping5">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature NoSerialization"/>
<!-- Use the Client's cert/key to sign the request -->
<parameter name="user" value="alice"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signaturePropFile" value="wsstest.properties" />
<parameter name="signatureParts" value="{}{http://xmlsoap.org/Ping}ticket" />
</handler>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Timestamp"/>
<!-- Use the Client's cert/key to sign the request -->
<parameter name="user" value="alice"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="signatureKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="signaturePropFile" value="wsstest.properties" />
</handler>
</requestFlow>
</service>
<service name="Ping6">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Encrypt Signature Timestamp"/>
<!-- Use the Client's cert/key to sign the request -->
<parameter name="user" value="alice"/>
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signaturePropFile" value="wsstest.properties" />
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<!-- Use the Server's cert/key to encrypt the request -->
<parameter name="encryptionUser" value="bob" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="action" value="Encrypt Signature Timestamp"/>
<parameter name="signaturePropFile" value="wsstest.properties" />
</handler>
</responseFlow>
</service>
<service name="Ping7">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="user" value="alice"/>
<parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="signatureParts"
value="{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform" />
<parameter name="signaturePropFile" value="wsstest.properties" />
<parameter name="encryptionKeyIdentifier" value="SKIKeyIdentifier" />
<parameter name="encryptionSymAlgorithm" value="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<parameter name="encryptionUser" value="bob" />
<parameter name="encryptionPropFile" value="wsstest.properties" />
</handler>
</requestFlow>
<responseFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllReceiver">
<parameter name="passwordCallbackClass"
value="org.apache.ws.axis.oasis.PWCallback1"/>
<parameter name="action" value="Signature Encrypt Timestamp"/>
<parameter name="signaturePropFile" value="wsstest.properties" />
<parameter name="decryptionPropFile" value="wsstest.properties" />
</handler>
</responseFlow>
</service>
<service name="STPing1">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp SAMLTokenUnsigned"/>
<parameter name="samlPropFile" value="saml.properties"/>
</handler>
</requestFlow>
</service>
<!--
The saml3.properties file defines a SAML token with "sender vouches"
option. Thus no further user specific data is required here. The
SAML issuer takes all the data from its data store (for the bare bone
SAML issuer included here: these data is in the saml properties file).
The SAML issuer uses its own certificate to sign, own certificate store,
etc.
The DoAllSender then gets the issuer's data (key name, key password)
and forwards it to the SignEnvelope. The SignEnvelope now signs the
SAML token _and_ at least one part of the message (SOAP Body if nothing
was specified, or the specified part).
-->
<service name="STPing3">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp SAMLTokenSigned"/>
<parameter name="samlPropFile" value="saml3.properties"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
</requestFlow>
</service>
<!--
The saml4.properties file defines a SAML token with "holder-of-key"
option. Because the DoAllSender handler acts as both, user and requestor,
we need the user specific data here. The handler gets this information,
forwards it to our (bare bone) SAML issuer. The SAML issuer creates
the SAML token and includes the user's certificate, and signs the
whole token with its certificate / Private Key.
DoAllSender forwards the user's information to SignEnvelope that uses
this to sign the message (SOAP Body if nothing was specified, or the
specified part). Because the issuer signed the SAML token the user's
certificate (contained in the token) can be trusted.
-->
<service name="STPing4">
<requestFlow>
<handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
<parameter name="action" value="Timestamp SAMLTokenSigned"/>
<parameter name="samlPropFile" value="saml4.properties"/>
<parameter name="signatureKeyIdentifier" value="DirectReference" />
<parameter name="user" value="16c73ab6-b892-458f-abf5-2f875f74882e"/>
<parameter name="passwordCallbackClass" value="org.apache.ws.axis.oasis.PWCallback"/>
<parameter name="signaturePropFile" value="crypto.properties" />
<parameter name="signatureKeyIdentifier" value="DirectReference" />
</handler>
</requestFlow>
</service>
<transport name="java" pivot="java:org.apache.axis.transport.java.JavaSender"/>
<transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"/>
<transport name="local" pivot="java:org.apache.axis.transport.local.LocalSender"/>
</deployment>