This is an automated email from the ASF dual-hosted git repository.
billblough pushed a commit to branch RAMPART-426
in repository https://gitbox.apache.org/repos/asf/axis-axis2-java-rampart.git
commit 48a0422d73e8b5706d5c8798e64a3db1d16b9fac
Author: Andreas Veithen <veit...@apache.org>
AuthorDate: Sat Jan 14 14:24:52 2017 +0000
Apply the patch provided by Boris Dushanov for RAMPART-426.
---
.../java/org/apache/rampart/RampartEngine.java | 209 ++++++++++++---------
.../org/apache/rampart/RampartMessageData.java | 23 ++-
.../policy/builders/RampartConfigBuilder.java | 12 ++
.../apache/rampart/policy/model/RampartConfig.java | 60 ++++++
modules/rampart-integration/pom.xml | 27 +++
.../test/java/org/apache/rampart/RampartTest.java | 6 +-
.../src/test/resources/rampart/policy/36.xml | 70 +++++++
.../src/test/resources/rampart/policy/37.xml | 70 +++++++
.../src/test/resources/rampart/policy/38.xml | 71 +++++++
.../src/test/resources/rampart/policy/39.xml | 70 +++++++
.../src/test/resources/rampart/policy/40.xml | 70 +++++++
.../src/test/resources/rampart/policy/41.xml | 69 +++++++
.../src/test/resources/rampart/policy/42.xml | 69 +++++++
.../src/test/resources/rampart/services-36.xml | 87 +++++++++
.../src/test/resources/rampart/services-37.xml | 87 +++++++++
.../src/test/resources/rampart/services-38.xml | 89 +++++++++
.../src/test/resources/rampart/services-39.xml | 88 +++++++++
.../src/test/resources/rampart/services-40.xml | 88 +++++++++
.../src/test/resources/rampart/services-41.xml | 88 +++++++++
.../src/test/resources/rampart/services-42.xml | 88 +++++++++
.../rampart/AsymmetricBindingBuilderTest.java | 59 +++++-
.../org/apache/rampart/MessageBuilderTestBase.java | 2 +-
.../java/org/apache/rampart/RampartEngineTest.java | 80 ++++----
.../rampart/policy/model/RampartPolicyTest.java | 3 +
...part-asymm-binding-6-3des-r15-inbound-actor.xml | 75 ++++++++
...m-binding-6-3des-r15-inbound-outbound-actor.xml | 76 ++++++++
...art-asymm-binding-6-3des-r15-outbound-actor.xml | 75 ++++++++
.../test-resources/policy/rampart-policy-1.xml | 2 +
.../test-resources/policy/soapmessage12.xml | 57 ++++++
29 files changed, 1720 insertions(+), 150 deletions(-)
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
index dda31b0..8e73be1 100644
--- a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -16,6 +16,15 @@
package org.apache.rampart;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPFault;
import org.apache.axiom.soap.SOAPHeader;
@@ -27,19 +36,20 @@ import org.apache.commons.logging.LogFactory;
import org.apache.rahas.Token;
import org.apache.rahas.TokenStorage;
import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
import org.apache.rampart.saml.SAMLAssertionHandler;
import org.apache.rampart.saml.SAMLAssertionHandlerFactory;
import org.apache.rampart.util.Axis2Util;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.WSSPolicyException;
import org.apache.ws.secpolicy.model.UsernameToken;
-import org.apache.ws.security.*;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
-import javax.xml.namespace.QName;
-import java.security.cert.X509Certificate;
-import java.util.*;
-
public class RampartEngine {
private static Log log = LogFactory.getLog(RampartEngine.class);
@@ -131,8 +141,22 @@ public class RampartEngine {
}
}
- String actorValue = secHeader.getAttributeValue(new QName(rmd
- .getSoapConstants().getEnvelopeURI(), "actor"));
+ // get the configured 'actor' value and if it is NOT set
+ // then fallback to the one in the security header
+ String actorValue = null;
+ RampartConfig rampartConfig = rpd.getRampartConfig();
+ if(null != rampartConfig){
+ actorValue = rampartConfig.getInboundActor();
+ }
+
+ if(null == actorValue){
+ String actorAttribute = WSConstants.ATTR_ACTOR;
+ if
(WSConstants.URI_SOAP12_ENV.equals(rmd.getSoapConstants().getEnvelopeURI())) {
+ actorAttribute = WSConstants.ATTR_ROLE;
+ }
+
+ actorValue = secHeader.getAttributeValue(new
QName(rmd.getSoapConstants().getEnvelopeURI(), actorAttribute));
+ }
Crypto signatureCrypto =
RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
msgCtx.getAxisService().getClassLoader());
@@ -176,91 +200,94 @@ public class RampartEngine {
//get the sec context id from the req msg ctx
//Store username in MessageContext property
+
+ if(null != results){
+ for (int j = 0; j < results.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult)
results.get(j);
+ final Integer actInt =
+ (Integer)
wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (WSConstants.ST_UNSIGNED == actInt.intValue()) {
+
+ Object samlAssertion =
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+
+ SAMLAssertionHandler samlAssertionHandler
+ =
SAMLAssertionHandlerFactory.createAssertionHandler(samlAssertion);
+
+ if (samlAssertionHandler.isBearerAssertion()) {
+ break;
+ }
+ //Store the token
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if
(store.getToken(samlAssertionHandler.getAssertionId()) == null) {
+ Token token = new
Token(samlAssertionHandler.getAssertionId(),
+
samlAssertionHandler.getAssertionElement(),
+ samlAssertionHandler.getDateNotBefore(),
+
samlAssertionHandler.getDateNotOnOrAfter());
+
+ token.setSecret(samlAssertionHandler.
+
getAssertionKeyInfoSecret(signatureCrypto, tokenCallbackHandler));
+ store.add(token);
+ }
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
+ }
+ } else if (WSConstants.UT == actInt) {
+
+ WSUsernameTokenPrincipal userNameTokenPrincipal
= (WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+
+ String username = userNameTokenPrincipal.getName();
+ msgCtx.setProperty(RampartMessageData.USERNAME,
username);
+
+ if (userNameTokenPrincipal.getNonce() != null) {
+ // Check whether this is a replay attack. To verify
that we need to check whether nonce value
+ // is a repeating one
+ int nonceLifeTimeInSeconds = 0;
+
+ if (rpd.getRampartConfig() != null) {
+
+ String stringLifeTime =
rpd.getRampartConfig().getNonceLifeTime();
+
+ try {
+ nonceLifeTimeInSeconds =
Integer.parseInt(stringLifeTime);
+
+ } catch (NumberFormatException e) {
+ log.error("Invalid value for nonceLifeTime
in rampart configuration file.", e);
+ throw new RampartException(
+ "invalidNonceLifeTime", e);
+
+ }
+ }
+
+ String serviceEndpointName =
msgCtx.getAxisService().getEndpointName();
+
+ boolean valueRepeating =
serviceNonceCache.isNonceRepeatingForService(serviceEndpointName, username,
userNameTokenPrincipal.getNonce());
+
+ if (valueRepeating){
+ throw new
RampartException("repeatingNonceValue", new Object[]{
userNameTokenPrincipal.getNonce(), username} );
+ }
+
+
serviceNonceCache.addNonceForService(serviceEndpointName, username,
userNameTokenPrincipal.getNonce(), nonceLifeTimeInSeconds);
+ }
+ } else if (WSConstants.SIGN == actInt) {
+ X509Certificate cert = (X509Certificate)
wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+ if (rpd.isAsymmetricBinding() && cert == null &&
rpd.getInitiatorToken() != null
+ && !rpd.getInitiatorToken().isDerivedKeys()) {
+
+ // If symmetric binding is used, the certificate
should be null.
+ // If certificate is not null then probably
initiator and
+ // recipient are using 2 different bindings.
+ throw new RampartException("invalidSignatureAlgo");
+ }
+
+ msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
+ }
+
+ }
+ }
- for (int j = 0; j < results.size(); j++) {
- WSSecurityEngineResult wser = (WSSecurityEngineResult)
results.get(j);
- final Integer actInt =
- (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
- if (WSConstants.ST_UNSIGNED == actInt.intValue()) {
-
- Object samlAssertion =
wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
-
- SAMLAssertionHandler samlAssertionHandler
- =
SAMLAssertionHandlerFactory.createAssertionHandler(samlAssertion);
-
- if (samlAssertionHandler.isBearerAssertion()) {
- break;
- }
- //Store the token
- try {
- TokenStorage store = rmd.getTokenStorage();
- if (store.getToken(samlAssertionHandler.getAssertionId())
== null) {
- Token token = new
Token(samlAssertionHandler.getAssertionId(),
- samlAssertionHandler.getAssertionElement(),
- samlAssertionHandler.getDateNotBefore(),
- samlAssertionHandler.getDateNotOnOrAfter());
-
- token.setSecret(samlAssertionHandler.
- getAssertionKeyInfoSecret(signatureCrypto,
tokenCallbackHandler));
- store.add(token);
- }
- } catch (Exception e) {
- throw new RampartException(
- "errorInAddingTokenIntoStore", e);
- }
- } else if (WSConstants.UT == actInt) {
-
- WSUsernameTokenPrincipal userNameTokenPrincipal =
(WSUsernameTokenPrincipal)wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-
- String username = userNameTokenPrincipal.getName();
- msgCtx.setProperty(RampartMessageData.USERNAME, username);
-
- if (userNameTokenPrincipal.getNonce() != null) {
- // Check whether this is a replay attack. To verify that
we need to check whether nonce value
- // is a repeating one
- int nonceLifeTimeInSeconds = 0;
-
- if (rpd.getRampartConfig() != null) {
-
- String stringLifeTime =
rpd.getRampartConfig().getNonceLifeTime();
-
- try {
- nonceLifeTimeInSeconds =
Integer.parseInt(stringLifeTime);
-
- } catch (NumberFormatException e) {
- log.error("Invalid value for nonceLifeTime in
rampart configuration file.", e);
- throw new RampartException(
- "invalidNonceLifeTime", e);
-
- }
- }
-
- String serviceEndpointName =
msgCtx.getAxisService().getEndpointName();
-
- boolean valueRepeating =
serviceNonceCache.isNonceRepeatingForService(serviceEndpointName, username,
userNameTokenPrincipal.getNonce());
-
- if (valueRepeating){
- throw new RampartException("repeatingNonceValue", new
Object[]{ userNameTokenPrincipal.getNonce(), username} );
- }
-
- serviceNonceCache.addNonceForService(serviceEndpointName,
username, userNameTokenPrincipal.getNonce(), nonceLifeTimeInSeconds);
- }
- } else if (WSConstants.SIGN == actInt) {
- X509Certificate cert = (X509Certificate)
wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-
- if (rpd.isAsymmetricBinding() && cert == null &&
rpd.getInitiatorToken() != null
- && !rpd.getInitiatorToken().isDerivedKeys()) {
-
- // If symmetric binding is used, the certificate should be
null.
- // If certificate is not null then probably initiator and
- // recipient are using 2 different bindings.
- throw new RampartException("invalidSignatureAlgo");
- }
-
- msgCtx.setProperty(RampartMessageData.X509_CERT, cert);
- }
-
- }
SOAPEnvelope env =
Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
index b195b22..af4be4d 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -16,6 +16,10 @@
package org.apache.rampart;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.AxisFault;
@@ -60,10 +64,6 @@ import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
public class RampartMessageData {
/**
@@ -372,8 +372,19 @@ public class RampartMessageData {
this.customClassLoader = axisService.getClassLoader();
}
- if(this.sender && this.policyData != null) {
- this.secHeader = new WSSecHeader();
+ // set 'actor' of the WSSecHeader with the value from the rampart
config
+ if (this.sender && this.policyData != null) {
+
+ this.secHeader = new WSSecHeader();
+
+ RampartConfig rampartConfig =
this.policyData.getRampartConfig();
+ if(null != rampartConfig){
+ String actor = rampartConfig.getOutboundActor();
+ if(null != actor){
+ this.secHeader = new WSSecHeader(actor,true);
+ }
+ }
+
secHeader.insertSecurityHeader(this.document);
}
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
index d111fbd..2c7efb8 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -46,6 +46,18 @@ public class RampartConfigBuilder implements
AssertionBuilder<OMElement> {
if (childElement != null) {
rampartConfig.setUserCertAlias(childElement.getText().trim());
}
+
+ childElement = element.getFirstChildWithName(new
QName(RampartConfig.NS,
+ RampartConfig.INBOUND_ACTOR_LN));
+ if (childElement != null) {
+ rampartConfig.setInboundActor(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new
QName(RampartConfig.NS,
+ RampartConfig.OUTBOUND_ACTOR_LN));
+ if (childElement != null) {
+ rampartConfig.setOutboundActor(childElement.getText().trim());
+ }
childElement = element.getFirstChildWithName(new QName(
RampartConfig.NS, RampartConfig.ENCRYPTION_USER_LN));
diff --git
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
index 5bfba4f..a539641 100644
---
a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
+++
b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -40,6 +40,9 @@ import javax.xml.stream.XMLStreamWriter;
* <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
*
<ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
*
<ramp:nonceLifeTime>org.apache.rahas.StorageImpl</ramp:nonceLifeTime>
+ * <ramp:inboundActor>inboundActorURI</ramp:inboundActor>
+ * <ramp:outboundActor>outboundActorURI</ramp:outboundActor>
+
*
* <ramp:signatureCrypto>
* <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
@@ -78,6 +81,10 @@ public class RampartConfig implements Assertion {
public final static String USER_LN = "user";
+ public final static String INBOUND_ACTOR_LN = "inboundActor";
+
+ public final static String OUTBOUND_ACTOR_LN = "outboundActor";
+
public final static String USER_CERT_ALIAS_LN = "userCertAlias";
public final static String ENCRYPTION_USER_LN = "encryptionUser";
@@ -150,6 +157,9 @@ public class RampartConfig implements Assertion {
private String nonceLifeTime = Integer.toString(DEFAULT_NONCE_LIFE_TIME);
private SSLConfig sslConfig;
+
+ private String inboundActor;
+ private String outboundActor;
/*To set timeStampStrict in WSSConfig through rampartConfig - default
value is false*/
private boolean timeStampStrict = false;
@@ -299,6 +309,18 @@ public class RampartConfig implements Assertion {
writer.writeEndElement();
}
+ if (getInboundActor() != null) {
+ writer.writeStartElement(NS, INBOUND_ACTOR_LN);
+ writer.writeCharacters(getInboundActor());
+ writer.writeEndElement();
+ }
+
+ if (getOutboundActor() != null) {
+ writer.writeStartElement(NS, OUTBOUND_ACTOR_LN);
+ writer.writeCharacters(getOutboundActor());
+ writer.writeEndElement();
+ }
+
if (getUserCertAlias() != null) {
writer.writeStartElement(NS, USER_CERT_ALIAS_LN);
writer.writeCharacters(getUserCertAlias());
@@ -488,4 +510,42 @@ public class RampartConfig implements Assertion {
this.timeStampStrict = Boolean.valueOf(timeStampStrict);
}
+ /**
+ * @return the inbound actor's URI
+ *
+ */
+ public String getInboundActor() {
+ return inboundActor;
+ }
+
+ /**
+ * Sets the SOAP 1.1 actor or SOAP 1.2 role identifying the incoming
SOAP Security header to process.
+ * If set, Rampart will expect a SOAP security header with a matching
actor/role and fail if
+ * such is not available in the request. If not set
(<code>null</code>), Rampart will process the first
+ * SOAP security header found.
+ *
+ * @param the inbound actor URI to set
+ */
+ public void setInboundActor(String inboundActorUri) {
+ this.inboundActor = inboundActorUri;
+ }
+
+ /**
+ * @return the outbound actor's URI
+ *
+ */
+ public String getOutboundActor() {
+ return outboundActor;
+ }
+
+ /**
+ * Sets the SOAP 1.1 actor or SOAP 1.2 role to set in the outgoing SOAP
Security header.
+ * If not set (<code>null</code>), no SOAP actor/role attribute will be
set in the SOAP security header.
+
+ * @param the outbound actor URI to set
+ */
+ public void setOutboundActor(String outboundActorUri) {
+ this.outboundActor = outboundActorUri;
+ }
+
}
diff --git a/modules/rampart-integration/pom.xml
b/modules/rampart-integration/pom.xml
index 8fed00a..eb1689d 100644
--- a/modules/rampart-integration/pom.xml
+++ b/modules/rampart-integration/pom.xml
@@ -280,7 +280,34 @@
<!-- Service 35 -->
<copy overwrite="yes"
file="src/test/resources/rampart/services-35.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
<jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService35.aar"
basedir="target/temp-ramp" />
+
+ <!-- Service 36 -->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-36.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService36.aar"
basedir="target/temp-ramp" />
+
+ <!-- Service 37 -->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-37.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService37.aar"
basedir="target/temp-ramp" />
+ <!-- Service 38
-->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-38.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService38.aar"
basedir="target/temp-ramp" />
+
+ <!-- Service 39 -->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-39.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService39.aar"
basedir="target/temp-ramp" />
+
+ <!-- Service 40 -->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-40.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService40.aar"
basedir="target/temp-ramp" />
+
+ <!-- Service 41 -->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-41.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService41.aar"
basedir="target/temp-ramp" />
+
+ <!-- Service 42 -->
+ <copy overwrite="yes"
file="src/test/resources/rampart/services-42.xml"
tofile="target/temp-ramp/META-INF/services.xml" />
+ <jar
jarfile="target/test-resources/rampart_service_repo/services/SecureService42.aar"
basedir="target/temp-ramp" />
<!-- Service SC-1 -->
<copy overwrite="yes"
file="src/test/resources/rampart/issuer.properties"
tofile="target/temp-ramp/issuer.properties" />
diff --git
a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
index 622a627..923595a 100644
---
a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
+++
b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -135,7 +135,7 @@ public class RampartTest extends TestCase {
}
//for (int i = 34; i <= 34; i++) { //<-The number of tests we have
- for (int i = 1; i <= 35; i++) { //<-The number of tests we have
+ for (int i = 1; i <= 42; i++) { //<-The number of tests we have
if(!basic256Supported && (i == 3 || i == 4 || i == 5)) {
//Skip the Basic256 tests
continue;
@@ -179,7 +179,7 @@ public class RampartTest extends TestCase {
}
// Invoking the service in the TestCase-28 should fail. So
handling it differently..
- if (i == 28 || i == 34) {
+ if (i == 28 || i == 34 || i == 37 || i == 39 || i == 40 || i
== 41) {
try {
//Blocking invocation
@@ -203,6 +203,8 @@ public class RampartTest extends TestCase {
// Need to find the exact cause
//assertEquals(resources.getString("invalidSignatureAlgo"),
axisFault.getMessage());
System.out.println(axisFault.getMessage());
+ }else{
+ assertNotNull(axisFault);
}
}
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/36.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/36.xml
new file mode 100644
index 0000000..d1c239d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/36.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:outboundActor>outboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/37.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/37.xml
new file mode 100644
index 0000000..fe5ac5a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/37.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:inboundActor>inboundActor</ramp:inboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/38.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/38.xml
new file mode 100644
index 0000000..f0172db
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/38.xml
@@ -0,0 +1,71 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:inboundActor>inboundActor</ramp:inboundActor>
+
<ramp:outboundActor>outboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/39.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/39.xml
new file mode 100644
index 0000000..add04f7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/39.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:outboundActor>outboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/40.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/40.xml
new file mode 100644
index 0000000..134e262
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/40.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
<ramp:inboundActor>inboundActor</ramp:inboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/41.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/41.xml
new file mode 100644
index 0000000..5947c58
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/41.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/policy/42.xml
b/modules/rampart-integration/src/test/resources/rampart/policy/42.xml
new file mode 100644
index 0000000..5947c58
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/42.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-36.xml
b/modules/rampart-integration/src/test/resources/rampart/services-36.xml
new file mode 100644
index 0000000..2e810e9
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-36.xml
@@ -0,0 +1,87 @@
+<service name="SecureService36">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-37.xml
b/modules/rampart-integration/src/test/resources/rampart/services-37.xml
new file mode 100644
index 0000000..042758c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-37.xml
@@ -0,0 +1,87 @@
+<service name="SecureService37">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-38.xml
b/modules/rampart-integration/src/test/resources/rampart/services-38.xml
new file mode 100644
index 0000000..5262628
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-38.xml
@@ -0,0 +1,89 @@
+<service name="SecureService38">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:inboundActor>outboundActor</ramp:inboundActor>
+
<ramp:outboundActor>inboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-39.xml
b/modules/rampart-integration/src/test/resources/rampart/services-39.xml
new file mode 100644
index 0000000..16eb59a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-39.xml
@@ -0,0 +1,88 @@
+<service name="SecureService39">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:inboundActor>inboundActor</ramp:inboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-40.xml
b/modules/rampart-integration/src/test/resources/rampart/services-40.xml
new file mode 100644
index 0000000..039d902
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-40.xml
@@ -0,0 +1,88 @@
+<service name="SecureService40">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:outboundActor>outboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-41.xml
b/modules/rampart-integration/src/test/resources/rampart/services-41.xml
new file mode 100644
index 0000000..f1540db
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-41.xml
@@ -0,0 +1,88 @@
+<service name="SecureService41">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:inboundActor>inboundActor</ramp:inboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-integration/src/test/resources/rampart/services-42.xml
b/modules/rampart-integration/src/test/resources/rampart/services-42.xml
new file mode 100644
index 0000000..31d98ae
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-42.xml
@@ -0,0 +1,88 @@
+<service name="SecureService42">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <operation name="returnError">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:returnError</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly"
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ <ramp:outboundActor>outboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
+ </ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git
a/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
b/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
index 0d8a2a0..eb7b37c 100644
---
a/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
+++
b/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
@@ -16,15 +16,16 @@
package org.apache.rampart;
+import java.util.ArrayList;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
import org.apache.axis2.context.MessageContext;
import org.apache.neethi.Policy;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.conversation.ConversationConstants;
-import javax.xml.namespace.QName;
-
-import java.util.ArrayList;
-
public class AsymmetricBindingBuilderTest extends MessageBuilderTestBase {
public void testAsymmBinding() throws Exception {
@@ -178,6 +179,56 @@ public class AsymmetricBindingBuilderTest extends
MessageBuilderTestBase {
list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ //verify that no actor attribute is available
+ OMElement secHeader =
+ ctx.getEnvelope().getHeader().
+ getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ WSConstants.WSSE_LN));
+ String actor = secHeader.getAttributeValue(new
QName(ctx.getEnvelope().getNamespaceURI(), WSConstants.ATTR_ACTOR));
+ assertNull("It is expected that 'actor' attribute is not available in
case when no outboundActor is configured.", actor);
+ }
+
+ public void testAsymmBindingTripleDesRSA15WithOutboundActor() throws
Exception {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml =
"test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ OMElement secHeader =
+ ctx.getEnvelope().getHeader().
+ getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ WSConstants.WSSE_LN));
+
+ String actor = secHeader.getAttributeValue(new
QName(ctx.getEnvelope().getNamespaceURI(), WSConstants.ATTR_ACTOR));
+
+ assertEquals("myOutboundActor", actor);
+ }
+
+ public void testAsymmBindingTripleDesRSA15WithOutboundRole() throws
Exception {
+ MessageContext ctx = getMsgCtx12();
+
+ String policyXml =
"test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ OMElement secHeader =
+ ctx.getEnvelope().getHeader().
+ getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ WSConstants.WSSE_LN));
+
+ String actor = secHeader.getAttributeValue(new
QName(ctx.getEnvelope().getNamespaceURI(), WSConstants.ATTR_ROLE));
+
+ assertEquals("myOutboundActor", actor);
}
public void testAsymmBindingTripleDesRSA15DK() throws Exception {
diff --git
a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
index 5686c78..b93d320 100644
---
a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
+++
b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -74,7 +74,7 @@ public class MessageBuilderTestBase extends TestCase {
* @throws AxisFault
*/
protected MessageContext getMsgCtx12() throws Exception {
- return initMsgCtxFromMessage("test-resources/policy/soapmessage.xml");
+ return
initMsgCtxFromMessage("test-resources/policy/soapmessage12.xml");
}
/**
diff --git
a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
index 95a1e25..2dad0af 100644
---
a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
+++
b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
@@ -53,48 +53,44 @@ public class RampartEngineTest extends
MessageBuilderTestBase {
}
public void testValidSOAPMessage() throws Exception {
-
- MessageContext ctx = getMsgCtx();
-
- String policyXml =
"test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
- Policy policy = loadPolicy(policyXml);
-
- ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
-
- MessageBuilder builder = new MessageBuilder();
- builder.build(ctx);
-
- // Building the SOAP envelope from the OMElement
- buildSOAPEnvelope(ctx);
-
- RampartEngine engine = new RampartEngine();
- List<WSSecurityEngineResult> results = engine.process(ctx);
-
- /*
- The principle purpose of the test case is to verify that the above
processes
- without throwing an exception. However, perform a minimal amount of
validation on the
- results.
- */
- assertNotNull("RampartEngine returned null result", results);
- //verify cert was stored
- X509Certificate usedCert = null;
- for (WSSecurityEngineResult result : results) {
- Integer action = (Integer)
result.get(WSSecurityEngineResult.TAG_ACTION);
- if (action == WSConstants.SIGN) {
- //the result is for the signature, which contains the used
certificate
- usedCert = (X509Certificate)
result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
- break;
- }
- }
- assertNotNull("Result of processing did not include a certificate",
usedCert);
+ runValidRampartProcessing(getMsgCtx(),
"test-resources/policy/rampart-asymm-binding-6-3des-r15.xml");
}
public void testValidSOAP12Message() throws Exception {
+ runValidRampartProcessing(getMsgCtx12(),
"test-resources/policy/rampart-asymm-binding-6-3des-r15.xml");
+ }
+
+ public void testValidSOAPMessageWithActor() throws Exception {
+ runValidRampartProcessing(getMsgCtx(),
"test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml");
+ }
+
+ public void testValidSOAP12MessageWithRole() throws Exception {
+ runValidRampartProcessing(getMsgCtx12(),
"test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml");
+ }
+
+ public void testMissingSOAPInboundActor() throws Exception {
+ runValidRampartProcessing(getMsgCtx(),
"test-resources/policy/rampart-asymm-binding-6-3des-r15-outbound-actor.xml");
+ }
+
+ public void testMissingSOAPOutboundActor() throws Exception {
+ try{
+ runValidRampartProcessing(getMsgCtx(),
"test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-actor.xml");
+ fail("Failure is expected because no outbound actor is set.");
+ }catch(RampartException e){
+ assertNotNull(e);
+ }
+ }
- MessageContext ctx = getMsgCtx12();
-
- String policyXml =
"test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
- Policy policy = loadPolicy(policyXml);
+ private void buildSOAPEnvelope(MessageContext ctx) throws Exception {
+ SOAPBuilder soapBuilder = new SOAPBuilder();
+ SOAPEnvelope env = ctx.getEnvelope();
+ ByteArrayInputStream inStream = new
ByteArrayInputStream(env.toString().getBytes());
+ env = (SOAPEnvelope) soapBuilder.processDocument(inStream,
getContentTypeForEnvelope(env), ctx);
+ ctx.setEnvelope(env);
+ }
+
+ private void runValidRampartProcessing(MessageContext ctx, String
policyXmlPath) throws Exception{
+ Policy policy = loadPolicy(policyXmlPath);
ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
@@ -125,12 +121,4 @@ public class RampartEngineTest extends
MessageBuilderTestBase {
}
assertNotNull("Result of processing did not include a certificate",
usedCert);
}
-
- private void buildSOAPEnvelope(MessageContext ctx) throws Exception {
- SOAPBuilder soapBuilder = new SOAPBuilder();
- SOAPEnvelope env = ctx.getEnvelope();
- ByteArrayInputStream inStream = new
ByteArrayInputStream(env.toString().getBytes());
- env = (SOAPEnvelope) soapBuilder.processDocument(inStream,
getContentTypeForEnvelope(env), ctx);
- ctx.setEnvelope(env);
- }
}
diff --git
a/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
b/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
index da6b0de..eb0d5f6 100644
---
a/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
+++
b/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
@@ -77,6 +77,9 @@ public class RampartPolicyTest extends TestCase {
.getProperty("keystoreFile"));
assertEquals("Incorrect property value", "password", prop
.getProperty("keystorePassword"));
+
+ assertEquals("myInboundActor", config.getInboundActor());
+ assertEquals("myOutboundActor", config.getOutboundActor());
}
}
\ No newline at end of file
diff --git
a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-actor.xml
b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-actor.xml
new file mode 100644
index 0000000..424e170
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-actor.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+ <ramp:inboundActor>myInboundActor</ramp:inboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml
b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml
new file mode 100644
index 0000000..92102e2
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-inbound-outbound-actor.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+ <ramp:inboundActor>myOutboundActor</ramp:inboundActor>
+ <ramp:outboundActor>myOutboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git
a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-outbound-actor.xml
b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-outbound-actor.xml
new file mode 100644
index 0000000..5858be2
--- /dev/null
+++
b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15-outbound-actor.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+
<sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+ <ramp:outboundActor>myOutboundActor</ramp:outboundActor>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
b/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
index 5f1e907..c23ee2a 100644
--- a/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
+++ b/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
@@ -3,6 +3,8 @@
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+ <ramp:inboundActor>myInboundActor</ramp:inboundActor>
+ <ramp:outboundActor>myOutboundActor</ramp:outboundActor>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
diff --git a/modules/rampart-tests/test-resources/policy/soapmessage12.xml
b/modules/rampart-tests/test-resources/policy/soapmessage12.xml
new file mode 100644
index 0000000..c8e5d0b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/soapmessage12.xml
@@ -0,0 +1,57 @@
+<soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope";
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
+ xmlns:axis2="http://ws.apache.org/namespaces/axis2";>
+ <soapenv:Header xmlns:fabrikam="http://example.com/fabrikam";>
+ <wsa:MessageID soapenv:mustUnderstand="0">
+ uuid:920C5190-0B8F-11D9-8CED-F22EDEEBF7E5</wsa:MessageID>
+ <wsa:To
soapenv:mustUnderstand="0">http://localhost:8081/axis/services/BankPort</wsa:To>
+ <wsa:From axis2:AttrExt="123456789" soapenv:mustUnderstand="0" >
+ <wsa:Address>
+
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:From>
+ <wsa:Action>http://ws.apache.org/tests/action</wsa:Action>
+ <wsa:ReplyTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/acct</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:ReplyTo>
+
+ <wsa:FaultTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/fault</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:FaultTo>
+ <wsa:RelatesTo>http://some.previous.message</wsa:RelatesTo>
+ <wsa:RelatesTo
RelationshipType="axis2:some.custom.relationship">http://identifier.of.other.message/</wsa:RelatesTo>
+
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns1:getBalance
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";
+
xmlns:ns1="http://localhost:8081/axis/services/BankPort";>
+ <accountNo href="#id0"/>
+ </ns1:getBalance>
+ <multiRef id="id0" soapenc:root="0"
+
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/";
+ xsi:type="xsd:int"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";>
+ 1001</multiRef>
+ </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file
