Jiri Ondrusek created CXF-8986:
----------------------------------
Summary: Ws-security-policy: if more policies is used in the same
JVM, their algorithm suites influences each other
Key: CXF-8986
URL: https://issues.apache.org/jira/browse/CXF-8986
Project: CXF
Issue Type: Bug
Components: WS-* Components
Affects Versions: 4.0.4
Reporter: Jiri Ondrusek
I'm fixing some tests in quarkus-cxf and I found a behavior which seems to be
not desired. On the other hand I might be missing some information and this
behavior is expected.
Reproducer:
# Clone and build
[https://github.com/JiriOndrusek/quarkus-cxf/tree/suite-influence-reprodocer]
# Run (with remote debug)
{code:java}
./mvnw clean test -f integration-tests/ws-security-policy
-Dtest="EncryptSignPolicyTest#helloEncryptSign" -Dmaven.surefire.debug{code}
Check value of effectivePolicy in this line
[https://github.com/apache/cxf/blob/main/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java#L98]
Look into
{code:java}
effectivePolicy->policy->policyComponents->exactlyOne->policyComponents->all->policyComponents->asymmetricBinding->alghoritnSuite->alghorithSuiteType{code}
Value is *Basic256*
# Run different test by this command
{code:java}
./mvnw clean test -f integration-tests/ws-security-policy
-Dtest="CustomEncryptSignPolicyTest#helloDefaultCustomValues"
-Dmaven.surefire.debug{code}
Debug the same place and you can see, that the alghoritmSuiteType is
*CustomAlgorithmSuite*
# Now run both tests together by
{code:java}
./mvnw clean test -f integration-tests/ws-security-policy
-Dtest="EncryptSignPolicyTest#helloEncryptSign,CustomEncryptSignPolicyTest#helloDefaultCustomValues"
-Dmaven.surefire.debug{code}
The first breakpoint is triggered by
{code:java}
CustomEncryptSignPolicyTest#helloDefaultCustomValues{code}
and you can see hat the alghoritmSuiteType is *CustomAlgorithmSuite*
The second breakpoint belongs to
{code:java}
EncryptSignPolicyTest#helloEncryptSign{code}
, but the value in the efectivePolicy->..->asymmetricBinding is
*CustomAlgorithmSuite*
This is wrong, the correct value should be *Basic256*
I changed test `CustomEncryptSignPolicyTest#helloDefaultCustomValues` to use
*Basic128Rsa15* (to verify that the culprit is not the customAlgorithmSuite)
and the result was wrong as with default values.
Single execution showed *Basic128Rsa15* or *Basic256* (depends on the test),
but execution of both tests showed *Basic128Rsa15* in both cases.
I think that the behavior is wrong. I have a test suite running on FIPS
machine. If tests are executed alone all works correctly (some tests asserts
success, some tests asserts failure). If I run tests together, the tests which
should fail, are successful.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
