From c3a75c76cacb247f28490e52a7c0a3f06ff1c859 Mon Sep 17 00:00:00 2001 From: "Freeman(Yue) Fang" Date: Tue, 23 Jan 2024 23:28:16 +0000 Subject: [PATCH] fips support --- .../org/apache/cxf/helpers/JavaUtils.java | 7 + parent/pom.xml | 40 +- .../utils/DefaultSignatureConstants.java | 5 +- .../security/jose/common/JoseConstants.java | 5 +- .../cxf/rs/security/jose/jwe/JweUtils.java | 7 +- .../jose/jwe/RSAKeyDecryptionAlgorithm.java | 4 +- .../jwa/JwaDecryptRfcConformanceTest.java | 9 + .../jwa/JwaEncryptRfcConformanceTest.java | 8 + .../jose/jwe/JweCompactReaderWriterTest.java | 108 +- .../jose/jws/JwsCompactReaderWriterTest.java | 104 +- .../provider/OAuthServerJoseJwtProducer.java | 5 +- .../security/xml/AbstractXmlEncInHandler.java | 7 +- .../rs/security/xml/EncryptionProperties.java | 4 +- .../rs/security/xml/XmlEncOutInterceptor.java | 7 +- .../rs/security/xml/XmlSecOutInterceptor.java | 4 +- .../custom/DefaultAlgorithmSuiteLoader.java | 94 + .../wss4j/CryptoCoverageCheckerTest.java | 12 + .../wss4j/DOMToStaxRoundTripTest.java | 11 +- .../wss4j/PluggablePolicyValidatorTest.java | 4 + .../wss4j/PolicyBasedWss4JInOutTest.java | 21 + .../wss4j/StaxCryptoCoverageCheckerTest.java | 14 +- .../wss4j/StaxRoundTripActionTest.java | 25 +- .../ws/security/wss4j/StaxRoundTripTest.java | 25 +- .../StaxToDOMEncryptionIdentifierTest.java | 21 +- .../wss4j/StaxToDOMRoundTripTest.java | 43 +- .../ws/security/wss4j/WSS4JFaultCodeTest.java | 5 + .../cxf/ws/security/wss4j/WSS4JInOutTest.java | 12 +- .../wss4j/WSS4JInOutWithAttachmentsTest.java | 3 + .../cxf/sts/service/EncryptionProperties.java | 21 +- .../token/provider/jwt/JWTTokenProvider.java | 4 +- .../sts/operation/IssueEncryptedUnitTest.java | 43 +- .../cxf/sts/operation/IssueSCTUnitTest.java | 5 +- .../sts/operation/IssueSamlRealmUnitTest.java | 5 +- .../cxf/sts/operation/IssueSamlUnitTest.java | 16 +- .../provider/SAMLProviderKeyTypeTest.java | 13 +- .../sts-core/src/test/resources/x509-fips.p12 | Bin 0 -> 1600 bytes .../AsymmetricEncryptionTest.java | 9 +- .../BinarySecurityTokenTest.java | 17 +- .../cxf/systest/sts/caching/CachingTest.java | 17 +- .../sts/caching/ServerCachingTest.java | 21 +- .../secure_conv/SecureConversationTest.java | 17 +- .../SecurityContextTokenCancelTest.java | 5 +- .../SecurityContextTokenUnitTest.java | 9 +- .../STSSenderVouchesTest.java | 17 +- .../sts/asymmetric_encr/cxf-sts-fips.xml | 70 + .../sts/asymmetric_encr/stax-cxf-sts-fips.xml | 71 + .../binarysecuritytoken/DoubleIt-fips.wsdl | 146 + .../binarysecuritytoken/cxf-service-fips.xml | 70 + .../stax-cxf-service-fips.xml | 72 + .../systest/sts/caching/DoubleIt-fips.wsdl | 308 ++ .../sts/caching/cxf-caching-service-fips.xml | 110 + .../systest/sts/caching/cxf-service-fips.xml | 70 + .../sts/secure_conv/DoubleIt-fips.wsdl | 336 ++ .../sts/secure_conv/cxf-service-fips.xml | 112 + .../systest/sts/secure_conv/cxf-sts-fips.xml | 162 + .../sts/secure_conv/stax-cxf-sts-fips.xml | 169 + .../ws-trust-1.4-service-fips.wsdl | 354 ++ .../sts/sts_sender_vouches/DoubleIt-fips.wsdl | 171 + .../sts_sender_vouches/cxf-service-fips.xml | 37 + .../sts/sts_sender_vouches/cxf-sts-fips.xml | 68 + .../sts_sender_vouches/stax-cxf-sts-fips.xml | 69 + .../ws-trust-1.4-service-fips.wsdl | 248 ++ .../sts/asymmetric/AsymmetricBindingTest.java | 28 +- .../cxf/systest/sts/issuer/IssuerTest.java | 13 +- .../systest/sts/issueunit/IssueUnitTest.java | 6 +- .../sts/stsclient/AbstractSTSTokenTest.java | 9 +- .../sts/symmetric/SymmetricBindingTest.java | 36 +- .../sts/transport/TransportBindingTest.java | 49 +- .../UsernameActAsCachingTest.java | 24 +- .../sts/username_actas/UsernameActAsTest.java | 15 +- .../UsernameOnBehalfOfCachingTest.java | 24 +- .../UsernameOnBehalfOfTest.java | 15 +- .../sts/x509/X509AsymmetricBindingTest.java | 12 +- .../sts/x509/X509SymmetricBindingTest.java | 26 +- .../systest/sts/asymmetric/DoubleIt-fips.wsdl | 264 ++ .../sts/asymmetric/cxf-service-fips.xml | 59 + .../sts/asymmetric/cxf-stax-service-fips.xml | 63 + .../delegation/ws-trust-1.4-service-fips.wsdl | 348 ++ .../sts/deployment/cxf-transport-fips.xml | 56 + .../sts/deployment/cxf-ut-encrypted-fips.xml | 47 + .../systest/sts/deployment/cxf-ut-fips.xml | 36 + .../systest/sts/deployment/cxf-x509-fips.xml | 49 + .../deployment/stax-cxf-transport-fips.xml | 58 + .../deployment/stax-cxf-ut-encrypted-fips.xml | 48 + .../sts/deployment/stax-cxf-ut-fips.xml | 37 + .../sts/deployment/stax-cxf-x509-fips.xml | 50 + .../sts/deployment/sts/cxf-sts-fips.xml | 105 + .../deployment/ws-trust-1.4-service-fips.wsdl | 772 ++++ .../systest/sts/issuer/cxf-client-fips.xml | 81 + .../sts/issuer/sts-transport-policy-fips.xml | 69 + .../sts/issuer/ws-trust-1.4-service-fips.wsdl | 326 ++ .../systest/sts/symmetric/DoubleIt-fips.wsdl | 435 ++ .../sts/symmetric/cxf-service-fips.xml | 69 + .../sts/symmetric/cxf-stax-service-fips.xml | 74 + .../systest/sts/transport/DoubleIt-fips.wsdl | 605 +++ .../sts/transport/cxf-service-fips.xml | 89 + .../sts/transport/cxf-stax-service-fips.xml | 98 + .../sts/username_actas/DoubleIt-fips.wsdl | 245 ++ .../sts/username_actas/cxf-service-fips.xml | 90 + .../sts/username_actas/cxf-service2-fips.xml | 89 + .../username_onbehalfof/DoubleIt-fips.wsdl | 245 ++ .../username_onbehalfof/cxf-service-fips.xml | 90 + .../username_onbehalfof/cxf-service2-fips.xml | 89 + .../cxf/systest/sts/x509/DoubleIt-fips.wsdl | 430 ++ .../sts/x509/DoubleItAsymmetric-fips.wsdl | 159 + .../sts/x509/cxf-asymmetric-service-fips.xml | 61 + .../cxf/systest/sts/x509/cxf-service-fips.xml | 92 + .../sts/x509/cxf-stax-service-fips.xml | 96 + .../jaxrs/security/jose/BookStore.java | 9 +- .../jose/jwejws/BookServerAlgorithms.java | 5 +- .../jose/jwejws/BookServerHTTPHeaders.java | 5 +- .../jose/jwejws/BookServerJweJson.java | 5 +- .../jose/jwejws/BookServerJwsJson.java | 5 +- .../jose/jwejws/BookServerJwsMultipart.java | 5 +- .../security/jose/jwejws/BookServerJwt.java | 5 +- .../jose/jwejws/BookServerReference.java | 5 +- .../jose/jwejws/JAXRSJweJsonTest.java | 9 +- .../security/jose/jwejws/JAXRSJweJwsTest.java | 77 +- .../jose/jwejws/JAXRSJwsJsonTest.java | 9 +- .../jose/jwejws/JAXRSJwsMultipartTest.java | 5 +- .../jose/jwejws/JweJwsAlgorithmTest.java | 98 +- .../jose/jwejws/JweJwsReferenceTest.java | 35 +- .../jose/jwejws/JwsHTTPHeaderTest.java | 22 +- .../jose/jwt/BookServerJwtAlgorithms.java | 5 +- .../jose/jwt/BookServerJwtAuthnAuthz.java | 5 +- .../security/jose/jwt/JWTAlgorithmTest.java | 81 +- .../security/jose/jwt/JWTAuthnAuthzTest.java | 62 +- .../oauth2/filters/OAuth2JwtFiltersTest.java | 13 +- .../oauth2/grants/AuthorizationGrantTest.java | 5 +- .../oauth2/grants/PublicClientTest.java | 5 +- .../oauth2/tls/BookServerOAuth2Tls.java | 5 +- .../security/oidc/OIDCKeysServiceTest.java | 5 +- .../jaxrs/security/xml/BookServerXmlSec.java | 5 +- .../jaxrs/security/xml/JAXRSXmlSecTest.java | 18 +- .../security/xml/StaxBookServerXmlSec.java | 5 +- .../jaxrs/security/alice.jwk-fips.properties | 22 + .../jaxrs/security/alice.rs-fips.properties | 23 + .../jaxrs/security/bob.jwk-fips.properties | 24 + .../jaxrs/security/bob.rs-fips.properties | 25 + .../security/certs/jwkPrivateSet-fips.txt | 48 + .../security/certs/jwkPublicSet-fips.txt | 32 + .../jose/jwejws/algorithms-server-fips.xml | 139 + .../jose/jwejws/http-headers-server-fips.xml | 79 + .../jose/jwejws/reference-server-fips.xml | 105 + .../security/jose/jwejws/server-fips.xml | 304 ++ .../jose/jwejws/serverJweJson-fips.xml | 88 + .../jose/jwejws/serverJwsJson-fips.xml | 99 + .../jose/jwejws/serverMultipart-fips.xml | 136 + .../jose/jwt/algorithms-server-fips.xml | 179 + .../jose/jwt/authn-authz-server-fips.xml | 127 + .../jaxrs/security/jwe.direct-fips.properties | 21 + .../jaxrs/security/jwejson1-fips.properties | 22 + .../jaxrs/security/jwejson2-fips.properties | 22 + .../security/jws.ec.private-fips.properties | 20 + .../security/jws.ec.public-fips.properties | 20 + .../oauth2/filters/filters-serverJwt-fips.xml | 198 + .../oauth2/filters/oauth20-serverJwt-fips.xml | 136 + .../grants-server-jcache-session-fips.xml | 150 + .../grants-server-public-session-fips.xml | 175 + .../security/oauth2/tls/serverTls-fips.xml | 245 ++ .../security/oidc/oidc-keys-jcache-fips.xml | 178 + .../secret.aescbchmac-fips.properties | 20 + ...ecret.aescbchmac.inlinejwk-fips.properties | 20 + ...ecret.aescbchmac.inlineset-fips.properties | 20 + .../security/secret.jwk.hmac-fips.properties | 19 + .../jaxrs/security/xml/server-fips.xml | 251 ++ .../jaxrs/security/xml/stax-server-fips.xml | 278 ++ .../https/conduit/HTTPSClientTest.java | 13 +- .../cxf/systest/https/conduit/pkcs12-fips.xml | 76 + .../https/conduit/resource-key-spec-fips.xml | 74 + .../conduit/resource-key-spec-url-fips.xml | 79 + .../wssec/examples/saml/SamlTokenTest.java | 101 +- .../systest/wssec/examples/saml/Server.java | 5 +- .../wssec/examples/saml/StaxServer.java | 5 +- .../secconv/SecureConversationTest.java | 5 +- .../wssec/examples/secconv/Server.java | 5 +- .../wssec/examples/secconv/StaxServer.java | 5 +- .../systest/wssec/examples/sts/STSServer.java | 5 +- .../cxf/systest/wssec/examples/ut/Server.java | 5 +- .../systest/wssec/examples/ut/StaxServer.java | 5 +- .../wssec/examples/ut/UsernameTokenTest.java | 29 +- .../systest/wssec/examples/x509/Server.java | 5 +- .../wssec/examples/x509/StaxServer.java | 5 +- .../wssec/examples/x509/X509TokenTest.java | 17 +- .../examples/saml/DoubleItSaml-fips.wsdl | 714 +++ .../wssec/examples/saml/server-fips.xml | 130 + .../wssec/examples/saml/stax-server-fips.xml | 140 + .../secconv/DoubleItSecConv-fips.wsdl | 161 + .../wssec/examples/secconv/server-fips.xml | 49 + .../examples/secconv/stax-server-fips.xml | 50 + .../wssec/examples/sts/cxf-symmetric-fips.xml | 63 + .../sts/ws-trust-1.4-service-fips.wsdl | 248 ++ .../wssec/examples/ut/DoubleItUt-fips.wsdl | 431 ++ .../systest/wssec/examples/ut/server-fips.xml | 95 + .../wssec/examples/ut/stax-server-fips.xml | 102 + .../examples/x509/DoubleItX509-fips.wsdl | 321 ++ .../wssec/examples/x509/server-fips.xml | 76 + .../wssec/examples/x509/stax-server-fips.xml | 80 + systests/ws-security/pom.xml | 57 + .../cxf/systest/ws/action/ActionTest.java | 94 +- .../apache/cxf/systest/ws/action/Server.java | 5 +- .../ws/algsuite/AlgorithmSuiteTest.java | 25 +- .../cxf/systest/ws/algsuite/Server.java | 5 +- .../ws/algsuite/StaxAlgorithmSuiteTest.java | 5 +- .../cxf/systest/ws/algsuite/StaxServer.java | 5 +- .../ws/basicauth/BasicAuthJAASTest.java | 6 +- .../systest/ws/basicauth/BasicAuthTest.java | 13 +- .../cxf/systest/ws/basicauth/JAASServer.java | 5 +- .../cxf/systest/ws/basicauth/Server.java | 5 +- .../ws/bindings/BindingPropertiesTest.java | 45 +- .../cxf/systest/ws/bindings/Server.java | 5 +- .../cxf/systest/ws/bindings/StaxServer.java | 5 +- .../cxf/systest/ws/cache/CachingTest.java | 13 +- .../apache/cxf/systest/ws/cache/Server.java | 5 +- .../DoubleItPortTypeImplJavaFirstFips.java | 62 + .../cxf/systest/ws/fault/FaultTest.java | 54 +- .../ws/fault/ModifiedRequestServer.java | 6 +- .../systest/ws/fault/ModifiedRequestTest.java | 44 +- .../apache/cxf/systest/ws/fault/Server.java | 5 +- .../apache/cxf/systest/ws/gcm/GCMTest.java | 17 +- .../ws/gcm/MGF256AlgorithmSuiteLoader.java | 9 +- .../apache/cxf/systest/ws/gcm/MGFServer.java | 5 +- .../cxf/systest/ws/gcm/MGFStaxServer.java | 5 +- .../org/apache/cxf/systest/ws/gcm/Server.java | 5 +- .../apache/cxf/systest/ws/gcm/StaxServer.java | 5 +- .../cxf/systest/ws/httpget/HTTPGetTest.java | 9 +- .../apache/cxf/systest/ws/httpget/Server.java | 5 +- .../cxf/systest/ws/https/HttpsTokenTest.java | 17 +- .../apache/cxf/systest/ws/https/Server.java | 5 +- .../cxf/systest/ws/https/StaxServer.java | 6 +- .../cxf/systest/ws/mtom/MTOMSecurityTest.java | 41 +- .../apache/cxf/systest/ws/mtom/Server.java | 5 +- .../cxf/systest/ws/mtom/StaxServer.java | 5 +- .../cxf/systest/ws/parts/PartsTest.java | 45 +- .../apache/cxf/systest/ws/parts/Server.java | 5 +- .../cxf/systest/ws/parts/StaxServer.java | 5 +- .../ws/password/PasswordPropertiesTest.java | 13 +- .../cxf/systest/ws/password/Server.java | 5 +- .../ws/policy/JavaFirstPolicyServer.java | 6 +- .../ws/policy/PolicyAlternativeTest.java | 29 +- .../apache/cxf/systest/ws/policy/Server.java | 5 +- .../policy/operation/PolicyOperationTest.java | 9 +- .../systest/ws/policy/operation/Server.java | 5 +- .../cxf/systest/ws/saml/SamlTokenTest.java | 217 +- .../apache/cxf/systest/ws/saml/Server.java | 5 +- .../cxf/systest/ws/saml/StaxServer.java | 5 +- .../ws/security/SecurityPolicyTest.java | 104 +- .../cxf/systest/ws/security/Server.java | 6 +- .../cxf/systest/ws/security/StaxServer.java | 6 +- .../ws/security/WSSecurityClientTest.java | 5 +- .../cxf/systest/ws/swa/PolicyServer.java | 5 +- .../cxf/systest/ws/swa/SWAActionTest.java | 21 +- .../cxf/systest/ws/swa/SWAPolicyTest.java | 29 +- .../org/apache/cxf/systest/ws/swa/Server.java | 5 +- .../cxf/systest/ws/swa/StaxPolicyServer.java | 6 +- .../cxf/systest/ws/tokens/BSTServer.java | 5 +- .../ws/tokens/BinarySecurityTokenTest.java | 5 +- .../systest/ws/tokens/EndorsingServer.java | 5 +- .../tokens/EndorsingSupportingTokenTest.java | 9 +- .../apache/cxf/systest/ws/tokens/Server.java | 5 +- .../ws/tokens/StaxEndorsingServer.java | 5 +- .../cxf/systest/ws/tokens/StaxServer.java | 5 +- .../ws/tokens/SupportingTokenTest.java | 17 +- .../cxf/systest/ws/tokens/TLSServer.java | 5 +- .../cxf/systest/ws/tokens/TLSStaxServer.java | 5 +- .../cxf/systest/ws/ut/PolicyServer.java | 5 +- .../org/apache/cxf/systest/ws/ut/Server.java | 5 +- .../cxf/systest/ws/ut/ServerDerived.java | 5 +- .../cxf/systest/ws/ut/StaxPolicyServer.java | 5 +- .../apache/cxf/systest/ws/ut/StaxServer.java | 5 +- .../ws/ut/UsernameTokenDerivedTest.java | 29 +- .../ws/ut/UsernameTokenPolicyTest.java | 21 +- .../cxf/systest/ws/ut/UsernameTokenTest.java | 122 +- .../apache/cxf/systest/ws/wssc/Server.java | 272 +- .../cxf/systest/ws/wssc/StaxServer.java | 274 +- .../cxf/systest/ws/wssc/UnitServer.java | 5 +- .../cxf/systest/ws/wssc/WSSCUnitTest.java | 17 +- .../WSSecurity10CustomAlgorithmSuiteTest.java | 5 +- .../systest/ws/wssec10/WSSecurity10Test.java | 57 +- .../MutualCertificate10SignEncryptFips.java | 30 + ...ertificate10SignEncryptRestrictedFips.java | 30 + ...ficate10SignEncryptRsa15TripleDesFips.java | 30 + ...gnEncryptRsa15TripleDesRestrictedFips.java | 30 + .../cxf/systest/ws/wssec10/server/Server.java | 9 +- .../server/ServerCustomAlgorithmSuite.java | 5 +- .../systest/ws/wssec10/server/StaxServer.java | 9 +- .../StaxServerCustomAlgorithmSuite.java | 6 +- .../server/UserNameOverTransportFips.java | 30 + .../UserNameOverTransportRestrictedFips.java | 30 + .../systest/ws/wssec11/WSSecurity112Test.java | 101 +- .../ws/wssec11/server/AbstractServer.java | 210 +- .../server/AbstractServerRestricted.java | 202 +- .../ws/x509/DoubleItIntermediaryImpl.java | 5 +- .../cxf/systest/ws/x509/Intermediary.java | 5 +- .../systest/ws/x509/SHA512PolicyLoader.java | 100 +- .../apache/cxf/systest/ws/x509/Server.java | 5 +- .../cxf/systest/ws/x509/StaxServer.java | 5 +- .../cxf/systest/ws/x509/X509TokenTest.java | 422 +- .../apache/cxf/systest/ws/xkms/Server.java | 5 +- .../cxf/systest/ws/xkms/StaxServer.java | 5 +- .../apache/cxf/systest/ws/xkms/XKMSTest.java | 9 +- .../test/resources/alice-enc-fips.properties | 21 + .../test/resources/bob-enc-fips.properties | 21 + .../ws/action/DoubleItActionPolicy-fips.wsdl | 177 + .../cxf/systest/ws/action/client-fips.xml | 396 ++ .../cxf/systest/ws/action/server-fips.xml | 342 ++ .../cxf/systest/ws/algsuite/client-fips.xml | 361 ++ .../cxf/systest/ws/algsuite/server-fips.xml | 384 ++ .../systest/ws/algsuite/stax-server-fips.xml | 185 + .../ws/basicauth/DoubleItBasicAuth-fips.wsdl | 75 + .../ws/basicauth/server-continuation-fips.xml | 60 + .../cxf/systest/ws/basicauth/server-fips.xml | 65 + .../systest/ws/bindings/clean-policy-fips.xml | 40 + .../cxf/systest/ws/bindings/client-fips.xml | 350 ++ .../encrypt-before-signing-policy-fips.xml | 41 + .../ws/bindings/encrypt-sig-policy-fips.xml | 41 + .../include-timestamp-policy-fips.xml | 41 + .../ws/bindings/only-sign-policy-fips.xml | 41 + .../bindings/protect-tokens-policy-fips.xml | 41 + .../cxf/systest/ws/bindings/server-fips.xml | 315 ++ ...ig-conf-enc-before-signing-policy-fips.xml | 46 + .../ws/bindings/sig-conf-policy-fips.xml | 45 + .../sign-before-encrypting-policy-fips.xml | 41 + .../systest/ws/bindings/stax-server-fips.xml | 336 ++ .../ws/bindings/strict-policy-fips.xml | 41 + .../ws/bindings/ts-first-policy-fips.xml | 41 + .../ws/bindings/ts-last-policy-fips.xml | 41 + .../systest/ws/cache/DoubleItCache-fips.wsdl | 108 + .../cxf/systest/ws/cache/server-fips.xml | 56 + .../systest/ws/fault/DoubleItFault-fips.wsdl | 295 ++ .../ws/fault/SymmetricUTPolicy-fips.xml | 42 + .../cxf/systest/ws/fault/client-fips.xml | 182 + .../ws/fault/client-untrusted-fips.xml | 44 + .../systest/ws/fault/modified-server-fips.xml | 60 + .../cxf/systest/ws/fault/server-fips.xml | 123 + .../cxf/systest/ws/gcm/DoubleItGCM-fips.wsdl | 353 ++ .../cxf/systest/ws/gcm/mgf-server-fips.xml | 61 + .../systest/ws/gcm/mgf-stax-server-fips.xml | 64 + .../apache/cxf/systest/ws/gcm/server-fips.xml | 66 + .../cxf/systest/ws/gcm/stax-server-fips.xml | 69 + .../ws/httpget/DoubleItHTTPGet-fips.wsdl | 119 + .../cxf/systest/ws/httpget/server-fips.xml | 61 + .../ws/https/basic-auth-policy-fips.xml | 31 + .../systest/ws/https/clean-policy-fips.xml | 29 + .../cxf/systest/ws/https/client-fips.xml | 148 + .../ws/https/digest-auth-policy-fips.xml | 31 + .../systest/ws/https/nochild-policy-fips.xml | 27 + .../ws/https/req-client-cert-policy-fips.xml | 31 + .../cxf/systest/ws/https/server-fips.xml | 107 + .../cxf/systest/ws/https/stax-server-fips.xml | 128 + .../systest/ws/mtom/DoubleItMtom-fips.wsdl | 312 ++ .../cxf/systest/ws/mtom/server-fips.xml | 184 + .../cxf/systest/ws/mtom/stax-server-fips.xml | 69 + .../cxf/systest/ws/parts/addr-policy-fips.xml | 44 + .../ws/parts/bad-req-elements-policy-fips.xml | 47 + .../ws/parts/bad-req-parts-policy-fips.xml | 47 + .../cxf/systest/ws/parts/client-fips.xml | 355 ++ ...content-encrypted-elements-policy-fips.xml | 47 + .../ws/parts/encrypted-addr-policy-fips.xml | 47 + .../encrypted-attachments-policy-fips.xml | 48 + .../ws/parts/encrypted-body-policy-fips.xml | 47 + .../parts/encrypted-elements-policy-fips.xml | 47 + .../ws/parts/encrypted-parts-policy-fips.xml | 48 + ...ultiple-encrypted-elements-policy-fips.xml | 48 + .../ws/parts/req-elements-policy-fips.xml | 47 + .../ws/parts/req-parts-policy-fips.xml | 47 + .../cxf/systest/ws/parts/server-fips.xml | 344 ++ .../ws/parts/signed-addr-policy-fips.xml | 44 + .../parts/signed-attachments-policy-fips.xml | 45 + .../ws/parts/signed-body-policy-fips.xml | 44 + .../ws/parts/signed-elements-policy-fips.xml | 44 + .../ws/parts/signed-parts-policy-fips.xml | 45 + .../cxf/systest/ws/parts/stax-server-fips.xml | 349 ++ .../ws/password/DoubleItPassword-fips.wsdl | 194 + .../cxf/systest/ws/password/server-fips.xml | 75 + .../cxf/systest/ws/policy/client-bus-fips.xml | 95 + .../cxf/systest/ws/policy/client-fips.xml | 265 ++ .../ws/policy/javafirstserver-fips.xml | 235 + .../DoubleItPolicyOperation-fips.wsdl | 101 + .../ws/policy/operation/server-fips.xml | 45 + .../cxf/systest/ws/policy/server-fips.xml | 260 ++ .../systest/ws/saml/DoubleItSaml-fips.wsdl | 1210 ++++++ .../ws/saml/clean-asym-policy-fips.xml | 55 + .../systest/ws/saml/clean-tls-policy-fips.xml | 29 + .../cxf/systest/ws/saml/client-fips.xml | 242 ++ .../systest/ws/saml/saml1-tls-policy-fips.xml | 38 + .../ws/saml/saml2-asym-policy-fips.xml | 58 + .../cxf/systest/ws/saml/server-fips.xml | 310 ++ .../cxf/systest/ws/saml/stax-server-fips.xml | 338 ++ .../DoubleItSamlSubjectConf-fips.wsdl | 109 + .../ws/saml/subjectconf/server-fips.xml | 68 + .../ws/saml/subjectconf/stax-server-fips.xml | 70 + .../systest/ws/security/DoubleIt-fips.wsdl | 922 ++++ .../cxf/systest/ws/security/client-fips.xml | 78 + .../cxf/systest/ws/security/server-fips.xml | 114 + .../systest/ws/security/stax-server-fips.xml | 114 + .../cxf/systest/ws/swa/DoubleItSwa-fips.wsdl | 392 ++ .../cxf/systest/ws/swa/policy-server-fips.xml | 117 + .../apache/cxf/systest/ws/swa/server-fips.xml | 192 + .../ws/swa/stax-policy-server-fips.xml | 124 + .../cxf/systest/ws/tokens/bst-server-fips.xml | 44 + .../cxf/systest/ws/tokens/client-fips.xml | 184 + .../encrypted-supp-token-policy-fips.xml | 40 + .../ws/tokens/endorsing-client-fips.xml | 124 + .../ws/tokens/endorsing-server-fips.xml | 119 + .../endorsing-x509-supp-token-policy-fips.xml | 40 + .../cxf/systest/ws/tokens/server-fips.xml | 158 + ...igned-encrypted-supp-token-policy-fips.xml | 40 + ...-endorsing-x509-supp-token-policy-fips.xml | 40 + .../tokens/signed-supp-token-policy-fips.xml | 40 + .../signed-x509-supp-token-policy-fips.xml | 40 + .../ws/tokens/stax-endorsing-server-fips.xml | 125 + .../systest/ws/tokens/stax-server-fips.xml | 167 + .../ws/tokens/supp-token-policy-fips.xml | 40 + .../cxf/systest/ws/tokens/tls-client-fips.xml | 73 + .../cxf/systest/ws/tokens/tls-server-fips.xml | 80 + .../ws/tokens/tls-stax-server-fips.xml | 82 + .../ws/tokens/x509-supp-token-policy-fips.xml | 40 + .../cxf/systest/ws/ut/DoubleItUt-fips.wsdl | 579 +++ .../systest/ws/ut/DoubleItUtDerived-fips.wsdl | 462 ++ .../cxf/systest/ws/ut/clean-policy-fips.xml | 28 + .../apache/cxf/systest/ws/ut/client-fips.xml | 215 + .../cxf/systest/ws/ut/created-policy-fips.xml | 38 + .../systest/ws/ut/hash-pass-policy-fips.xml | 37 + .../cxf/systest/ws/ut/no-pass-policy-fips.xml | 37 + .../cxf/systest/ws/ut/nonce-policy-fips.xml | 38 + .../ws/ut/plaintext-pass-policy-fips.xml | 37 + .../plaintext-pass-timestamp-policy-fips.xml | 38 + .../cxf/systest/ws/ut/policy-client-fips.xml | 184 + .../cxf/systest/ws/ut/policy-server-fips.xml | 183 + .../cxf/systest/ws/ut/server-derived-fips.xml | 98 + .../apache/cxf/systest/ws/ut/server-fips.xml | 220 + .../systest/ws/ut/stax-policy-server-fips.xml | 196 + .../cxf/systest/ws/ut/stax-server-fips.xml | 233 + .../systest/ws/ut/supp-token-policy-fips.xml | 37 + .../systest/ws/wssc/DoubleItWSSC-fips.wsdl | 369 ++ .../cxf/systest/ws/wssc/unit-server-fips.xml | 68 + .../client_customAlgorithmSuite-fips.xml | 89 + .../cxf/systest/ws/wssec10/server-fips.xml | 95 + .../server_customAlgorithmSuite-fips.xml | 112 + .../ws/wssec10/server_restricted-fips.xml | 95 + .../systest/ws/wssec10/stax-server-fips.xml | 99 + .../stax-server_customAlgorithmSuite-fips.xml | 116 + .../wssec10/stax-server_restricted-fips.xml | 99 + .../ws/x509/DoubleItOperations-fips.wsdl | 116 + .../systest/ws/x509/DoubleItX509-fips.wsdl | 2099 +++++++++ .../ws/x509/DoubleItX509Addressing-fips.wsdl | 103 + .../ws/x509/DoubleItX509Signature-fips.wsdl | 388 ++ .../cxf/systest/ws/x509/clean-policy-fips.xml | 29 + .../cxf/systest/ws/x509/client-fips.xml | 471 ++ .../ws/x509/end-supp-token-policy-fips.xml | 36 + .../cxf/systest/ws/x509/intermediary-fips.xml | 53 + .../cxf/systest/ws/x509/jaxws-client-fips.xml | 48 + .../cxf/systest/ws/x509/server-fips.xml | 433 ++ .../cxf/systest/ws/x509/stax-server-fips.xml | 484 +++ .../ws/x509/supp-token-pki-policy-fips.xml | 38 + .../ws/x509/supp-token-policy-fips.xml | 36 + .../systest/ws/xkms/DoubleItXKMS-fips.wsdl | 187 + .../cxf/systest/ws/xkms/server-fips.xml | 55 + .../cxf/systest/ws/xkms/stax-server-fips.xml | 57 + .../wssc/WSSecureConversation-fips.wsdl | 127 + .../WSSecureConversation_policy-fips.wsdl | 3811 +++++++++++++++++ .../wssec10/WsSecurity10-fips.wsdl | 66 + ...ty10_12_policy_restricted_hashed-fips.wsdl | 79 + ...sSecurity10_12_restricted_hashed-fips.wsdl | 60 + .../wssec10/WsSecurity10_policy-fips.wsdl | 326 ++ .../WsSecurity10_policy_restricted-fips.wsdl | 325 ++ .../wssec10/WsSecurity10_restricted-fips.wsdl | 66 + .../wssec11/WsSecurity11-fips.wsdl | 139 + .../wssec11/WsSecurity11_policy-fips.wsdl | 2052 +++++++++ .../WsSecurity11_policy_restricted-fips.wsdl | 2052 +++++++++ .../wssec11/WsSecurity11_restricted-fips.wsdl | 139 + .../src/test/resources/keys/Bethal-fips.p12 | Bin 0 -> 5581 bytes .../src/test/resources/keys/Morpit-fips.p12 | Bin 0 -> 5581 bytes 474 files changed, 51678 insertions(+), 966 deletions(-) create mode 100644 services/sts/sts-core/src/test/resources/x509-fips.p12 create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/cxf-service-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-caching-service-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-service-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-service-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-sts-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service-fips.wsdl create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-service-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-sts-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/stax-cxf-sts-fips.xml create mode 100644 services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/ws-trust-1.4-service-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/ws-trust-1.4-service-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-encrypted-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-encrypted-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-x509-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/sts/cxf-sts-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/sts-transport-policy-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/ws-trust-1.4-service-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-stax-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service2-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service2-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleIt-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleItAsymmetric-fips.wsdl create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-asymmetric-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-service-fips.xml create mode 100644 services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-stax-service-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/alice.rs-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/bob.rs-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/algorithms-server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/http-headers-server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverMultipart-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/algorithms-server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-session-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-public-session-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-keys-jcache-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac-fips.properties create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server-fips.xml create mode 100644 systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server-fips.xml create mode 100644 systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12-fips.xml create mode 100644 systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-fips.xml create mode 100644 systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml-fips.wsdl create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv-fips.wsdl create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/stax-server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/cxf-symmetric-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service-fips.wsdl create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt-fips.wsdl create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509-fips.wsdl create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/server-fips.xml create mode 100644 systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTypeImplJavaFirstFips.java create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptFips.java create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRestrictedFips.java create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesFips.java create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesRestrictedFips.java create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportFips.java create mode 100644 systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportRestrictedFips.java create mode 100644 systests/ws-security/src/test/resources/alice-enc-fips.properties create mode 100644 systests/ws-security/src/test/resources/bob-enc-fips.properties create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItActionPolicy-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/DoubleItBasicAuth-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-continuation-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/only-sign-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/protect-tokens-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-enc-before-signing-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/strict-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/DoubleItCache-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/SymmetricUTPolicy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/DoubleItHTTPGet-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/basic-auth-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/clean-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/digest-auth-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/req-client-cert-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/addr-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-elements-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-parts-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-addr-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-body-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-elements-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-parts-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-elements-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-parts-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-addr-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-attachments-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-body-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-elements-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-parts-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-bus-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/javafirstserver-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/DoubleItPolicyOperation-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-tls-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml1-tls-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml2-asym-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/DoubleItSamlSubjectConf-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/encrypted-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-x509-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-encrypted-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-endorsing-x509-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-x509-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-endorsing-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/x509-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/clean-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/created-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/hash-pass-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/no-pass-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/nonce-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-policy-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_restricted-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Addressing-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/clean-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/end-supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/intermediary-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/jaxws-client-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-pki-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-policy-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/server-fips.xml create mode 100644 systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/stax-server-fips.xml create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation_policy-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_policy_restricted_hashed-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_restricted_hashed-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy_restricted-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy_restricted-fips.wsdl create mode 100644 systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl create mode 100644 testutils/src/test/resources/keys/Bethal-fips.p12 create mode 100644 testutils/src/test/resources/keys/Morpit-fips.p12 diff --git a/core/src/main/java/org/apache/cxf/helpers/JavaUtils.java b/core/src/main/java/org/apache/cxf/helpers/JavaUtils.java index 04462d0714e..6ec3b8a92b2 100644 --- a/core/src/main/java/org/apache/cxf/helpers/JavaUtils.java +++ b/core/src/main/java/org/apache/cxf/helpers/JavaUtils.java @@ -51,10 +51,13 @@ public final class JavaUtils { private static boolean isJava11Compatible; private static boolean isJava9Compatible; private static boolean isJava8Before161; + private static boolean isFIPSEnabled; private static Integer javaMajorVersion; + private static final String FIPS_ENABLED = "fips.enabled"; static { String version = SystemPropertyAction.getProperty("java.version"); + isFIPSEnabled = Boolean.valueOf(SystemPropertyAction.getProperty(FIPS_ENABLED)); try { isJava8Before161 = version.startsWith("1.8.0_") && Integer.parseInt(version.substring(6)) < 161; @@ -114,6 +117,10 @@ private static void setJava11Compatible(boolean java11Compatible) { public static boolean isJava8Before161() { return isJava8Before161; } + + public static boolean isFIPSEnabled() { + return isFIPSEnabled; + } public static void setJavaMajorVersion(Integer javaMajorVersion) { JavaUtils.javaMajorVersion = javaMajorVersion; diff --git a/parent/pom.xml b/parent/pom.xml index 2bf40ca6fa3..ed6b4b24ce8 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -236,7 +236,7 @@ 6.6.2 4.2.1 1.6.3 - 3.0.3 + 3.0.4-SNAPSHOT 2.3.1 3.8.14.Final 2.1 @@ -487,7 +487,7 @@ ${cxf.surefire.parallel.mode} ${cxf.surefire.rerun.count} - + ${basedir}/target true true @@ -501,7 +501,6 @@ ${cxf.server.launcher.vmargs} ASYNC_ONLY ${org.apache.cxf.transport.websocket.atmosphere.disabled} - SHA1PRNG @@ -2267,7 +2266,7 @@ - secp256r1,secp384r1,secp521r1,sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192 + secp256r1,secp384r1,secp521r1,sect283k1,sect283r1,sect409k1,sect409r1,sect571k1,sect571r1,secp256k1,ffdhe2048,ffdhe3072,ffdhe4096,ffdhe6144,ffdhe8192 @@ -2284,5 +2283,38 @@ -ea --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.net=ALL-UNNAMED --add-opens java.base/sun.net.www.protocol.https=ALL-UNNAMED + + fips + + + fips.enabled + + + + + + org.apache.maven.plugins + maven-surefire-plugin + + + PKCS11 + true + + + + **/SslContextTest.java + **/SslHostnameVerifierTest.java + **/SslMutualTest.java + **/SslTrustStoreTest.java + + **/JAXRSKerberosBookTest.java + **/KerberosTokenTest.java + **/SpnegoTokenTest.java + + + + + + diff --git a/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/utils/DefaultSignatureConstants.java b/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/utils/DefaultSignatureConstants.java index ac1bf39b3a6..44d84b59008 100644 --- a/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/utils/DefaultSignatureConstants.java +++ b/rt/rs/security/http-signature/src/main/java/org/apache/cxf/rs/security/httpsignature/utils/DefaultSignatureConstants.java @@ -18,10 +18,13 @@ */ package org.apache.cxf.rs.security.httpsignature.utils; +import org.apache.cxf.helpers.JavaUtils; + public final class DefaultSignatureConstants { public static final String SIGNING_ALGORITHM = "rsa-sha256"; public static final String DIGEST_ALGORITHM = "SHA-256"; - public static final String SECURITY_PROVIDER = "SunRsaSign"; + public static final String SECURITY_PROVIDER + = JavaUtils.isFIPSEnabled() ? "SunPKCS11-NSS-FIPS" : "SunRsaSign"; private DefaultSignatureConstants() { } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java index 092581d3fd0..42e375b4b21 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseConstants.java @@ -135,8 +135,9 @@ public final class JoseConstants extends RSSecurityConstants { public static final String RSSEC_ENCRYPTION_CONTENT_ALGORITHM = "rs.security.encryption.content.algorithm"; /** - * The encryption key algorithm to use. The default algorithm if not specified is 'RSA-OAEP' if the key is an - * RSA key, and 'A128GCMKW' if it is an octet sequence. + * The encryption key algorithm to use. The default algorithm if not specified is 'RSA-OAEP' + * (or RSA1_5 in FIPS mode) + * if the key is an RSA key, and 'A128GCMKW' if it is an octet sequence. */ public static final String RSSEC_ENCRYPTION_KEY_ALGORITHM = "rs.security.encryption.key.algorithm"; diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java index 67d6cb6af31..e4815ecd2dd 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweUtils.java @@ -43,6 +43,7 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.PhaseInterceptorChain; @@ -186,7 +187,7 @@ public static KeyEncryptionProvider getPublicKeyEncryptionProvider(PublicKey key } private static KeyAlgorithm getDefaultPublicKeyAlgorithm(PublicKey key) { if (key instanceof RSAPublicKey) { - return KeyAlgorithm.RSA_OAEP; + return JavaUtils.isFIPSEnabled() ? KeyAlgorithm.RSA1_5 : KeyAlgorithm.RSA_OAEP; } else if (key instanceof ECPublicKey) { return KeyAlgorithm.ECDH_ES_A128KW; } else { @@ -195,7 +196,7 @@ private static KeyAlgorithm getDefaultPublicKeyAlgorithm(PublicKey key) { } private static KeyAlgorithm getDefaultPrivateKeyAlgorithm(PrivateKey key) { if (key instanceof RSAPrivateKey) { - return KeyAlgorithm.RSA_OAEP; + return JavaUtils.isFIPSEnabled() ? KeyAlgorithm.RSA1_5 : KeyAlgorithm.RSA_OAEP; } else if (key instanceof ECPrivateKey) { return KeyAlgorithm.ECDH_ES_A128KW; } else { @@ -937,7 +938,7 @@ private static KeyAlgorithm getDefaultKeyAlgorithm(JsonWebKey jwk) { if (KeyType.OCTET == keyType) { return KeyAlgorithm.A128GCMKW; } else if (KeyType.RSA == keyType) { - return KeyAlgorithm.RSA_OAEP; + return JavaUtils.isFIPSEnabled() ? KeyAlgorithm.RSA1_5 : KeyAlgorithm.RSA_OAEP; } else { return KeyAlgorithm.ECDH_ES_A128KW; } diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java index db0bc6b29f2..b6bac174290 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/RSAKeyDecryptionAlgorithm.java @@ -20,12 +20,14 @@ import java.security.interfaces.RSAPrivateKey; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; public class RSAKeyDecryptionAlgorithm extends WrappedKeyDecryptionAlgorithm { public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey) { - this(privateKey, KeyAlgorithm.RSA_OAEP); + this(privateKey, JavaUtils.isFIPSEnabled() + ? KeyAlgorithm.RSA1_5 : KeyAlgorithm.RSA_OAEP); } public RSAKeyDecryptionAlgorithm(RSAPrivateKey privateKey, KeyAlgorithm supportedAlgo) { this(privateKey, supportedAlgo, true); diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java index 49a150a9d35..8bb9f930111 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaDecryptRfcConformanceTest.java @@ -18,6 +18,9 @@ */ package org.apache.cxf.rs.security.jose.jwa; +import org.apache.cxf.helpers.JavaUtils; + +import org.junit.Assume; import org.junit.Test; public abstract class JwaDecryptRfcConformanceTest extends AbstractDecryptTest { @@ -39,16 +42,22 @@ public void testOctA128GcmJweJson() throws Exception { @Test public void testRsaOaepA128GcmJweCompact() throws Exception { + //fips: no RSA-OAEP support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); test("/jwe/rsa.2048.rsa-oaep.a128gcm.compact.jwe"); } @Test public void testRsaOaepA128GcmJweJsonFlattened() throws Exception { + //fips: no RSA-OAEP support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); test("/jwe/rsa.2048.rsa-oaep.a128gcm.json.flattened.jwe"); } @Test public void testRsaOaepA128GcmJweJson() throws Exception { + //fips: no RSA-OAEP support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); test("/jwe/rsa.2048.rsa-oaep.a128gcm.json.jwe"); } diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java index 92f32199b73..8387ce1d5ef 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwa/JwaEncryptRfcConformanceTest.java @@ -18,8 +18,10 @@ */ package org.apache.cxf.rs.security.jose.jwa; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rs.security.jose.support.Serialization; +import org.junit.Assume; import org.junit.Test; public abstract class JwaEncryptRfcConformanceTest extends AbstractEncryptTest { @@ -41,16 +43,22 @@ public void testOctA128GcmJweJson() throws Exception { @Test public void testRsaOaepA128GcmJweCompact() throws Exception { + //fips: no RSA-OAEP support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); test("RSA", "RSA-OAEP", "A128GCM", Serialization.COMPACT); } @Test public void testRsaOaepA128GcmJweJsonFlattened() throws Exception { + //fips: no RSA-OAEP support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); test("RSA", "RSA-OAEP", "A128GCM", Serialization.FLATTENED); } @Test public void testRsaOaepA128GcmJweJson() throws Exception { + //fips: no RSA-OAEP support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); test("RSA", "RSA-OAEP", "A128GCM", Serialization.JSON); } diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java index 094af892d23..b2e8e15a284 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jwe/JweCompactReaderWriterTest.java @@ -28,6 +28,7 @@ import javax.crypto.SecretKey; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rs.security.jose.jwa.AlgorithmUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; @@ -36,6 +37,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsCompactReaderWriterTest; import org.apache.cxf.rt.security.crypto.CryptoUtils; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -48,12 +50,13 @@ public class JweCompactReaderWriterTest { 115, 63, (byte)180, 3, (byte)255, 107, (byte)154, (byte)212, (byte)246, (byte)138, 7, 110, 91, 112, 46, 34, 105, 47, (byte)130, (byte)203, 46, 122, (byte)234, 64, (byte)252}; + static final String RSA_MODULUS_ENCODED_A1 = "oahUIoWw0K0usKNuOR6H4wkf4oBUXHTxRvgb48E-BVvxkeDNjbC4he8rUW" - + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" - + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" - + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" - + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" - + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"; + + "cJoZmds2h7M70imEVhRU5djINXtqllXI4DFqcI1DgjT9LewND8MW2Krf3S" + + "psk_ZkoFnilakGygTwpZ3uesH-PFABNIUYpOiN15dsQRkgr0vEhxN92i2a" + + "sbOenSZeyaxziK72UwxrrKoExv6kc5twXTq4h-QChLOln0_mtUZwfsRaMS" + + "tPs6mS6XrgxnxbWhojf663tuEQueGC-FCMfra36C9knDFGzKsNa7LZK2dj" + + "YgyD3JR_MB_4NUJW_TqOQtwHYbxevoJArm-L5StowjzGy-_bq6Gw"; static final String RSA_PUBLIC_EXPONENT_ENCODED_A1 = "AQAB"; static final String RSA_PRIVATE_EXPONENT_ENCODED_A1 = "kLdtIj6GbDks_ApCSTYQtelcNttlKiOyPzMrXHeI-yk1F7-kpDxY4-WY5N" @@ -62,7 +65,43 @@ public class JweCompactReaderWriterTest { + "qDp0Vqj3kbSCz1XyfCs6_LehBwtxHIyh8Ripy40p24moOAbgxVw3rxT_vl" + "t3UVe4WO3JkJOzlpUf-KTVI2Ptgm-dARxTEtE-id-4OJr0h-K-VFs3VSnd" + "VTIznSxfyrj8ILL6MG_Uv8YAu7VILSB3lOW085-4qE3DzgrTjgyQ"; - + + static final String RSA_MODULUS_ENCODED_A1_FIPS = + "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtV" + + "T86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6" + + "4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_F" + + "DW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1" + + "n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPks" + + "INHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"; + static final String RSA_PUBLIC_EXPONENT_ENCODED_A1_FIPS = "AQAB"; + static final String RSA_PRIVATE_EXPONENT_ENCODED_A1_FIPS = + "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo" + + "7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij" + + "wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMw" + + "Fs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4s" + + "bg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2" + + "WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q"; + static final String RSA_PRIVATE_FIRST_PRIME_FACTOR_A1_FIPS = + "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD" + + "20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuV" + + "IYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs"; + static final String RSA_PRIVATE_SECOND_PRIME_FACTOR_A1_FIPS = + "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1" + + "dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkI" + + "drecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk"; + static final String RSA_PRIVATE_FIRST_PRIME_CRT_A1_FIPS = + "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2em" + + "TAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc" + + "3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0"; + static final String RSA_PRIVATE_SECOND_PRIME_CRT_A1_FIPS = + "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn" + + "8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4" + + "Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk"; + static final String RSA_PRIVATE_FIRST_CRT_COEFFICIENT_A1_FIPS = + "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEc" + + "OqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8" + + "O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU"; + static final byte[] INIT_VECTOR_A1 = {(byte)227, (byte)197, 117, (byte)252, 2, (byte)219, (byte)233, 68, (byte)180, (byte)225, 77, (byte)219}; @@ -186,8 +225,12 @@ public void testRejectInvalidCurve() throws Exception { public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception { final String specPlainText = "Live long and prosper."; - RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, - RSA_PUBLIC_EXPONENT_ENCODED_A1); + RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(JavaUtils.isFIPSEnabled() + ? RSA_MODULUS_ENCODED_A1_FIPS + : RSA_MODULUS_ENCODED_A1, + JavaUtils.isFIPSEnabled() + ? RSA_PUBLIC_EXPONENT_ENCODED_A1_FIPS + : RSA_PUBLIC_EXPONENT_ENCODED_A1); KeyEncryptionProvider keyEncryption = new RSAKeyEncryptionAlgorithm(publicKey, KeyAlgorithm.RSA1_5); @@ -198,8 +241,20 @@ public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception { keyEncryption); String jweContent = encryption.encrypt(specPlainText.getBytes(StandardCharsets.UTF_8), null); - RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, - RSA_PRIVATE_EXPONENT_ENCODED_A1); + RSAPrivateKey privateKey = null; + if (JavaUtils.isFIPSEnabled()) { + privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1_FIPS, + RSA_PUBLIC_EXPONENT_ENCODED_A1_FIPS, + RSA_PRIVATE_EXPONENT_ENCODED_A1_FIPS, + RSA_PRIVATE_FIRST_PRIME_FACTOR_A1_FIPS, + RSA_PRIVATE_SECOND_PRIME_FACTOR_A1_FIPS, + RSA_PRIVATE_FIRST_PRIME_CRT_A1_FIPS, + RSA_PRIVATE_SECOND_PRIME_CRT_A1_FIPS, + RSA_PRIVATE_FIRST_CRT_COEFFICIENT_A1_FIPS); + } else { + privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, + RSA_PRIVATE_EXPONENT_ENCODED_A1); + } KeyDecryptionProvider keyDecryption = new RSAKeyDecryptionAlgorithm(privateKey, KeyAlgorithm.RSA1_5); JweDecryptionProvider decryption = new AesCbcHmacJweDecryption(keyDecryption); @@ -208,6 +263,8 @@ public void testEncryptDecryptRSA15WrapA128CBCHS256() throws Exception { } @Test public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); // // This test fails with the IBM JDK // @@ -231,7 +288,7 @@ public void testEncryptDecryptAesGcmWrapA128CBCHS256() throws Exception { String decryptedText = decryption.decrypt(jweContent).getContentText(); assertEquals(specPlainText, decryptedText); } - + @Test public void testEncryptDecryptSpecExample() throws Exception { final String specPlainText = "The true sign of intelligence is not knowledge but imagination."; @@ -256,8 +313,13 @@ public void testEncryptDecryptJwsToken() throws Exception { } private String encryptContent(String content, boolean createIfException) throws Exception { - RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED_A1, - RSA_PUBLIC_EXPONENT_ENCODED_A1); + RSAPublicKey publicKey = CryptoUtils.getRSAPublicKey(JavaUtils.isFIPSEnabled() + ? RSA_MODULUS_ENCODED_A1_FIPS + : RSA_MODULUS_ENCODED_A1, + JavaUtils.isFIPSEnabled() + ? RSA_PUBLIC_EXPONENT_ENCODED_A1_FIPS + : RSA_PUBLIC_EXPONENT_ENCODED_A1); + SecretKey key = createSecretKey(createIfException); final String jwtKeyName; if (key == null) { @@ -267,7 +329,9 @@ private String encryptContent(String content, boolean createIfException) throws jwtKeyName = AlgorithmUtils.toJwaName(key.getAlgorithm(), key.getEncoded().length * 8); } KeyEncryptionProvider keyEncryptionAlgo = new RSAKeyEncryptionAlgorithm(publicKey, - KeyAlgorithm.RSA_OAEP); + JavaUtils.isFIPSEnabled() + ? KeyAlgorithm.RSA1_5 + : KeyAlgorithm.RSA_OAEP); ContentEncryptionProvider contentEncryptionAlgo = new AesGcmContentEncryptionAlgorithm(key == null ? null : key.getEncoded(), INIT_VECTOR_A1, ContentAlgorithm.getAlgorithm(jwtKeyName)); @@ -280,8 +344,20 @@ private String encryptContentDirect(SecretKey key, String content) throws Except return encryptor.encrypt(content.getBytes(StandardCharsets.UTF_8), null); } private void decrypt(String jweContent, String plainContent, boolean unwrap) throws Exception { - RSAPrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, - RSA_PRIVATE_EXPONENT_ENCODED_A1); + RSAPrivateKey privateKey = null; + if (JavaUtils.isFIPSEnabled()) { + privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1_FIPS, + RSA_PUBLIC_EXPONENT_ENCODED_A1_FIPS, + RSA_PRIVATE_EXPONENT_ENCODED_A1_FIPS, + RSA_PRIVATE_FIRST_PRIME_FACTOR_A1_FIPS, + RSA_PRIVATE_SECOND_PRIME_FACTOR_A1_FIPS, + RSA_PRIVATE_FIRST_PRIME_CRT_A1_FIPS, + RSA_PRIVATE_SECOND_PRIME_CRT_A1_FIPS, + RSA_PRIVATE_FIRST_CRT_COEFFICIENT_A1_FIPS); + } else { + privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_A1, + RSA_PRIVATE_EXPONENT_ENCODED_A1); + } ContentAlgorithm algo = Cipher.getMaxAllowedKeyLength("AES") > 128 ? ContentAlgorithm.A256GCM : ContentAlgorithm.A128GCM; JweDecryptionProvider decryptor = new JweDecryption(new RSAKeyDecryptionAlgorithm(privateKey), diff --git a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java index 6189e7dfb44..9be532c674d 100644 --- a/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java +++ b/rt/rs/security/jose-parent/jose/src/test/java/org/apache/cxf/rs/security/jose/jws/JwsCompactReaderWriterTest.java @@ -18,9 +18,10 @@ */ package org.apache.cxf.rs.security.jose.jws; -import java.security.PrivateKey; + import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.time.Clock; import java.util.Arrays; @@ -30,6 +31,7 @@ import java.util.Map; import java.util.concurrent.TimeUnit; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.json.basic.JsonMapObjectReaderWriter; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.common.JoseType; @@ -66,7 +68,7 @@ public class JwsCompactReaderWriterTest { + "zI1NiIsDQogImp3ayI6eyJrdHkiOiJvY3QiLA0KICJrZXlfb3BzIjpbDQogInNpZ24iLA0KICJ2ZXJpZnkiDQogXX19" + ".eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ" + ".8cFZqb15gEDYRZqSzUu23nQnKNynru1ADByRPvmmOq8"; - + private static final String RSA_MODULUS_ENCODED = "ofgWCuLjybRlzo0tZWJjNiuSfb4p4fAkd_wWJcyQoTbji9k0l8W26mPddx" + "HmfHQp-Vaw-4qPCJrcS2mJPMEzP1Pt0Bm4d4QlL-yRT-SFd2lZS-pCgNMs" + "D1W_YpRPEwOWvG6b32690r2jZ47soMZo9wGzjb_7OMg0LOL-bSf63kpaSH" @@ -94,6 +96,51 @@ public class JwsCompactReaderWriterTest { + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB" + "p0igcN_IoypGlUPQGe77Rw"; + private static final String RSA_MODULUS_ENCODED_FIPS = + "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtV" + + "T86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn6" + + "4tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_F" + + "DW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1" + + "n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPks" + + "INHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw"; + private static final String RSA_PUBLIC_EXPONENT_ENCODED_FIPS = "AQAB"; + private static final String RSA_PRIVATE_EXPONENT_ENCODED_FIPS = + "X4cTteJY_gn4FYPsXB8rdXix5vwsg1FLN5E3EaG6RJoVH-HLLKD9M7dx5oo" + + "7GURknchnrRweUkC7hT5fJLM0WbFAKNLWY2vv7B6NqXSzUvxT0_YSfqij" + + "wp3RTzlBaCxWp4doFk5N2o8Gy_nHNKroADIkJ46pRUohsXywbReAdYaMw" + + "Fs9tv8d_cPVY3i07a3t8MN6TNwm0dSawm9v47UiCl3Sk5ZiG7xojPLu4s" + + "bg1U2jx4IBTNBznbJSzFHK66jT8bgkuqsk0GjskDJk19Z4qwjwbsnn4j2" + + "WBii3RL-Us2lGVkY8fkFzme1z0HbIkfz0Y6mqnOYtqc0X4jfcKoAC8Q"; + private static final String RSA_PRIVATE_FIRST_PRIME_FACTOR_FIPS = + "83i-7IvMGXoMXCskv73TKr8637FiO7Z27zv8oj6pbWUQyLPQBQxtPVnwD" + + "20R-60eTDmD2ujnMt5PoqMrm8RfmNhVWDtjjMmCMjOpSXicFHj7XOuV" + + "IYQyqVWlWEh6dN36GVZYk93N8Bc9vY41xy8B9RzzOGVQzXvNEvn7O0nVbfs"; + private static final String RSA_PRIVATE_SECOND_PRIME_FACTOR_FIPS = + "3dfOR9cuYq-0S-mkFLzgItgMEfFzB2q3hWehMuG0oCuqnb3vobLyumqjVZQO1" + + "dIrdwgTnCdpYzBcOfW5r370AFXjiWft_NGEiovonizhKpo9VVS78TzFgxkI" + + "drecRezsZ-1kYd_s1qDbxtkDEgfAITAG9LUnADun4vIcb6yelxk"; + private static final String RSA_PRIVATE_FIRST_PRIME_CRT_FIPS = + "G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2em" + + "TAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc" + + "3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0"; + private static final String RSA_PRIVATE_SECOND_PRIME_CRT_FIPS = + "s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn" + + "8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4" + + "Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk"; + private static final String RSA_PRIVATE_FIRST_CRT_COEFFICIENT_FIPS = + "GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEc" + + "OqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8" + + "O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU"; + private static final String ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY_FIPS = + "eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkz" + + "ODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.DS0k" + + "cM3KbMwJWyxmJ2NWC21HGx93MXy9sSgsVygnx4U7XKayfNACjigqZL9jH-U" + + "L1MjIIXVUmaVc5ljgt84fjhlfcMdJ67Q2_tyyUdbOjPrVfcDnpwpxKQQ2tA" + + "9fpHFQL_JENgraWFJQ1O27WKDvYfsRmj-Z2xIJzYETdZykNKS4lcN-B-eus" + + "A2zw9iUnl3TdAdSIKr7QrTZrd3Osema_hCSCfD1faLWGUhRMHnx5eSxbDog" + + "V0-7P0OUHDP0IoxWGNcrAQ7vTBlEAg92LhGN8JGW2k-bludnJb5gBJrauMY" + + "xqi9d4ajKYka0GSaky4CpjMOpexkkGORk2VC8wiNMFg"; + private static final String EC_PRIVATE_KEY_ENCODED = "jpsQnnGQmL-YBIffH1136cspYG6-0iY7X1fCE9-E9LI"; private static final String EC_X_POINT_ENCODED = @@ -255,22 +302,56 @@ public void testWriteJwsSignedByPrivateKey() throws Exception { JwsHeaders headers = new JwsHeaders(); headers.setSignatureAlgorithm(SignatureAlgorithm.RS256); JwsCompactProducer jws = initSpecJwtTokenWriter(headers); - PrivateKey key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); + RSAPrivateKey key = null; + if (JavaUtils.isFIPSEnabled()) { + key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_FIPS, + RSA_PUBLIC_EXPONENT_ENCODED_FIPS, + RSA_PRIVATE_EXPONENT_ENCODED_FIPS, + RSA_PRIVATE_FIRST_PRIME_FACTOR_FIPS, + RSA_PRIVATE_SECOND_PRIME_FACTOR_FIPS, + RSA_PRIVATE_FIRST_PRIME_CRT_FIPS, + RSA_PRIVATE_SECOND_PRIME_CRT_FIPS, + RSA_PRIVATE_FIRST_CRT_COEFFICIENT_FIPS); + } else { + key = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, + RSA_PRIVATE_EXPONENT_ENCODED); + } jws.signWith(new PrivateKeyJwsSignatureProvider(key, SignatureAlgorithm.RS256)); - assertEquals(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); + + assertEquals(JavaUtils.isFIPSEnabled() + ? ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY_FIPS + : ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY, jws.getSignedEncodedJws()); } @Test public void testJwsPsSha() throws Exception { JwsHeaders outHeaders = new JwsHeaders(); outHeaders.setSignatureAlgorithm(SignatureAlgorithm.PS256); JwsCompactProducer producer = initSpecJwtTokenWriter(outHeaders); - PrivateKey privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, RSA_PRIVATE_EXPONENT_ENCODED); + RSAPrivateKey privateKey = null; + if (JavaUtils.isFIPSEnabled()) { + privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED_FIPS, + RSA_PUBLIC_EXPONENT_ENCODED_FIPS, + RSA_PRIVATE_EXPONENT_ENCODED_FIPS, + RSA_PRIVATE_FIRST_PRIME_FACTOR_FIPS, + RSA_PRIVATE_SECOND_PRIME_FACTOR_FIPS, + RSA_PRIVATE_FIRST_PRIME_CRT_FIPS, + RSA_PRIVATE_SECOND_PRIME_CRT_FIPS, + RSA_PRIVATE_FIRST_CRT_COEFFICIENT_FIPS); + } else { + privateKey = CryptoUtils.getRSAPrivateKey(RSA_MODULUS_ENCODED, + RSA_PRIVATE_EXPONENT_ENCODED); + } String signed = producer.signWith( new PrivateKeyJwsSignatureProvider(privateKey, SignatureAlgorithm.PS256)); JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(signed); - RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); + RSAPublicKey key = CryptoUtils.getRSAPublicKey(JavaUtils.isFIPSEnabled() + ? RSA_MODULUS_ENCODED_FIPS + : RSA_MODULUS_ENCODED, + JavaUtils.isFIPSEnabled() + ? RSA_PUBLIC_EXPONENT_ENCODED_FIPS + : RSA_PUBLIC_EXPONENT_ENCODED); assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.PS256))); JwtToken token = jws.getJwtToken(); JwsHeaders inHeaders = new JwsHeaders(token.getJwsHeaders()); @@ -303,8 +384,15 @@ public void testWriteReadJwsSignedByESPrivateKey() throws Exception { @Test public void testReadJwsSignedByPrivateKey() throws Exception { - JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY); - RSAPublicKey key = CryptoUtils.getRSAPublicKey(RSA_MODULUS_ENCODED, RSA_PUBLIC_EXPONENT_ENCODED); + JwsJwtCompactConsumer jws = new JwsJwtCompactConsumer(JavaUtils.isFIPSEnabled() + ? ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY_FIPS + : ENCODED_TOKEN_SIGNED_BY_PRIVATE_KEY); + RSAPublicKey key = CryptoUtils.getRSAPublicKey(JavaUtils.isFIPSEnabled() + ? RSA_MODULUS_ENCODED_FIPS + : RSA_MODULUS_ENCODED, + JavaUtils.isFIPSEnabled() + ? RSA_PUBLIC_EXPONENT_ENCODED_FIPS + : RSA_PUBLIC_EXPONENT_ENCODED); assertTrue(jws.verifySignatureWith(new PublicKeyJwsSignatureVerifier(key, SignatureAlgorithm.RS256))); JwtToken token = jws.getJwtToken(); JwsHeaders headers = new JwsHeaders(token.getJwsHeaders()); diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java index a0bfaf15e56..3d173d655f4 100644 --- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java +++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/provider/OAuthServerJoseJwtProducer.java @@ -20,6 +20,7 @@ import java.security.cert.X509Certificate; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; import org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider; @@ -44,7 +45,9 @@ protected JweEncryptionProvider getInitializedEncryptionProvider(Client c) { X509Certificate cert = (X509Certificate)CryptoUtils.decodeCertificate(c.getApplicationCertificates().get(0)); theEncryptionProvider = JweUtils.createJweEncryptionProvider(cert.getPublicKey(), - KeyAlgorithm.RSA_OAEP, + JavaUtils.isFIPSEnabled() + ? KeyAlgorithm.RSA1_5 + : KeyAlgorithm.RSA_OAEP, ContentAlgorithm.A128GCM, null); } diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java index 608b2cabbed..7fd16fe0a76 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java @@ -38,6 +38,7 @@ import org.apache.cxf.common.util.Base64Exception; import org.apache.cxf.common.util.Base64Utility; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.message.Message; import org.apache.cxf.rs.security.common.CryptoLoader; import org.apache.cxf.rs.security.common.RSSecurityUtils; @@ -145,8 +146,10 @@ protected byte[] getSymmetricKeyBytes(Message message, Element encDataElement) { && (digestAlgo == null || !encProps.getEncryptionDigestAlgo().equals(digestAlgo))) { throwFault("Digest Algorithm is not supported", null); } - } else if (!XMLCipher.RSA_OAEP.equals(keyEncAlgo)) { - // RSA OAEP is the required default Key Transport Algorithm + } else if ((JavaUtils.isFIPSEnabled() && !XMLCipher.RSA_v1dot5 .equals(keyEncAlgo)) + || (!JavaUtils.isFIPSEnabled() && !XMLCipher.RSA_OAEP .equals(keyEncAlgo))) { + // RSA OAEP (while it's RSA1_5 in FIPS mode) is the + // required default Key Transport Algorithm throwFault("Key Transport Algorithm is not supported", null); } diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java index 4de9e8e2a0e..92003f1791d 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/EncryptionProperties.java @@ -18,10 +18,12 @@ */ package org.apache.cxf.rs.security.xml; +import org.apache.cxf.helpers.JavaUtils; import org.apache.xml.security.encryption.XMLCipher; public class EncryptionProperties { - private String encryptionKeyTransportAlgo = XMLCipher.RSA_OAEP; + private String encryptionKeyTransportAlgo = + JavaUtils.isFIPSEnabled() ? XMLCipher.RSA_v1dot5 : XMLCipher.RSA_OAEP; private String encryptionSymmetricKeyAlgo; private String encryptionDigestAlgo; private String encryptionKeyIdType; diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java index 787ea36404e..7939729461a 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java @@ -37,6 +37,7 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.message.Message; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.rs.security.common.CryptoLoader; @@ -102,7 +103,8 @@ protected Document encryptDocument(Message message, Document payloadDoc) throws Exception { String symEncAlgo = encProps.getEncryptionSymmetricKeyAlgo() == null - ? XMLCipher.AES_256 : encProps.getEncryptionSymmetricKeyAlgo(); + ? JavaUtils.isFIPSEnabled() ? XMLCipher.AES_256_GCM : XMLCipher.AES_256 + : encProps.getEncryptionSymmetricKeyAlgo(); byte[] secretKey = getSymmetricKey(symEncAlgo); @@ -140,7 +142,8 @@ protected Document encryptDocument(Message message, Document payloadDoc) } String keyEncAlgo = encProps.getEncryptionKeyTransportAlgo() == null - ? XMLCipher.RSA_OAEP : encProps.getEncryptionKeyTransportAlgo(); + ? JavaUtils.isFIPSEnabled() ? XMLCipher.RSA_v1dot5 : XMLCipher.RSA_OAEP + : encProps.getEncryptionKeyTransportAlgo(); String digestAlgo = encProps.getEncryptionDigestAlgo(); byte[] encryptedSecretKey = encryptSymmetricKey(secretKey, receiverCert, diff --git a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java index f335e15380c..ad13c20f8ad 100644 --- a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java +++ b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSecOutInterceptor.java @@ -35,6 +35,7 @@ import jakarta.ws.rs.core.Response; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.AbstractOutDatabindingInterceptor; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.StaxOutInterceptor; @@ -152,7 +153,8 @@ public void handleMessage(Message message) throws Fault { private void configureEncryption(Message message, XMLSecurityProperties properties) throws Exception { String symEncAlgo = encryptionProperties.getEncryptionSymmetricKeyAlgo() == null - ? XMLCipher.AES_256 : encryptionProperties.getEncryptionSymmetricKeyAlgo(); + ? JavaUtils.isFIPSEnabled() ? XMLCipher.AES_256_GCM : XMLCipher.AES_256 + : encryptionProperties.getEncryptionSymmetricKeyAlgo(); properties.setEncryptionSymAlgorithm(symEncAlgo); properties.setEncryptionKey(getSymmetricKey(symEncAlgo)); if (encryptSymmetricKey) { diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java index 312d591e37c..11279a0978d 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java @@ -42,6 +42,7 @@ import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractSecurityAssertion; import org.apache.wss4j.policy.model.AlgorithmSuite; +import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType; /** * This class retrieves the default AlgorithmSuites plus the CXF specific GCM AlgorithmSuites. @@ -59,6 +60,18 @@ public AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, assertions.put(qName, new PrimitiveAssertion(qName)); qName = new QName(ns, "Basic256GCM"); assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic256GCMRsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic192GCMRsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic128GCMRsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic256GCMSha256Rsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic192GCMSha256Rsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic128GCMSha256Rsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); qName = new QName(ns, "CustomAlgorithmSuite"); assertions.put(qName, new PrimitiveAssertion(qName)); @@ -122,6 +135,69 @@ public static class GCMAlgorithmSuite extends AlgorithmSuite { ) ); + //fips compliant policies + + ALGORITHM_SUITE_TYPES.put("Basic256GCMRsa15", new AlgorithmSuiteType( + "Basic256GCMRsa15", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes256-gcm", + SPConstants.KW_AES256, + SPConstants.KW_RSA15, + SPConstants.P_SHA1_L256, + SPConstants.P_SHA1_L192, + 256, 192, 256, + 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic192GCMRsa15", new AlgorithmSuiteType( + "Basic192GCMRsa15", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes192-gcm", + SPConstants.KW_AES192, + SPConstants.KW_RSA15, + SPConstants.P_SHA1_L192, + SPConstants.P_SHA1_L192, + 192, 192, 192, + 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic128GCMRsa15", new AlgorithmSuiteType( + "Basic128GCMRsa15", + SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes128-gcm", + SPConstants.KW_AES128, + SPConstants.KW_RSA15, + SPConstants.P_SHA1_L128, + SPConstants.P_SHA1_L128, + 128, 128, 128, + 256, 1024, 4096)); + + ALGORITHM_SUITE_TYPES.put("Basic256GCMSha256Rsa15", new AlgorithmSuiteType( + "Basic256GCMSha256Rsa15", + SPConstants.SHA256, + "http://www.w3.org/2009/xmlenc11#aes256-gcm", + SPConstants.KW_AES256, + SPConstants.KW_RSA15, + SPConstants.P_SHA1_L256, + SPConstants.P_SHA1_L192, + 256, 192, 256, + 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic192GCMSha256Rsa15", new AlgorithmSuiteType( + "Basic192GCMSha256Rsa15", + SPConstants.SHA256, + "http://www.w3.org/2009/xmlenc11#aes192-gcm", + SPConstants.KW_AES192, + SPConstants.KW_RSA15, + SPConstants.P_SHA1_L192, + SPConstants.P_SHA1_L192, + 192, 192, 192, + 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic128GCMSha256Rsa15", new AlgorithmSuiteType( + "Basic128GCMSha256Rsa15", + SPConstants.SHA256, + "http://www.w3.org/2009/xmlenc11#aes128-gcm", + SPConstants.KW_AES128, + SPConstants.KW_RSA15, + SPConstants.P_SHA1_L128, + SPConstants.P_SHA1_L128, + 128, 128, 128, + 256, 1024, 4096)); ALGORITHM_SUITE_TYPES.put( "CustomAlgorithmSuite", @@ -164,6 +240,24 @@ protected void parseCustomAssertion(Assertion assertion) { } else if ("Basic256GCM".equals(assertionName)) { setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic256GCM")); getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic256GCMRsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic256GCMRsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic192GCMRsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic192GCMRsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic128GCMRsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic128GCMRsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic256GCMSha256Rsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic256GCMSha256Rsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic192GCMSha256Rsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic192GCMSha256Rsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic128GCMSha256Rsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic128GCMSha256Rsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); } else if ("CustomAlgorithmSuite".equals(assertionName)) { setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("CustomAlgorithmSuite")); getAlgorithmSuiteType().setNamespace(assertionNamespace); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java index d045a02ac23..8e2d6df63fc 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageCheckerTest.java @@ -32,6 +32,7 @@ import org.apache.cxf.binding.soap.SoapMessage; import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.interceptor.Interceptor; import org.apache.cxf.message.Message; @@ -43,6 +44,8 @@ import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType; import org.apache.wss4j.common.ConfigurationConstants; + +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertTrue; @@ -111,6 +114,8 @@ public void testSignedWithCompleteCoverage() throws Exception { @Test public void testEncryptedWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInterceptorAndValidate( "encrypted_missing_enc_header.xml", this.getPrefixes(), @@ -135,6 +140,8 @@ public void testEncryptedWithIncompleteCoverage() throws Exception { @Test public void testEncryptedWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInterceptorAndValidate( "encrypted_body_content.xml", this.getPrefixes(), @@ -159,6 +166,8 @@ public void testEncryptedWithCompleteCoverage() throws Exception { @Test public void testEncryptedSignedWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInterceptorAndValidate( "encrypted_body_content_signed_missing_signed_header.xml", this.getPrefixes(), @@ -169,6 +178,8 @@ public void testEncryptedSignedWithIncompleteCoverage() throws Exception { @Test public void testEncryptedSignedWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInterceptorAndValidate( "encrypted_body_content_signed.xml", this.getPrefixes(), @@ -250,5 +261,6 @@ private PhaseInterceptor getWss4jInInterceptor() { inHandler.setProperty(ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "true"); return inHandler; + } } diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java index 5f2b01f5a45..35a30391667 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.service.Service; @@ -205,14 +206,18 @@ public void testEncryptionAlgorithms() throws Exception { properties.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); properties.put(ConfigurationConstants.USER, "myalias"); properties.put(ConfigurationConstants.ENC_KEY_TRANSPORT, WSS4JConstants.KEYTRANSPORT_RSA15); - properties.put(ConfigurationConstants.ENC_SYM_ALGO, WSS4JConstants.TRIPLE_DES); - + if (JavaUtils.isFIPSEnabled()) { + properties.put(ConfigurationConstants.ENC_SYM_ALGO, WSS4JConstants.AES_128_GCM); + inProperties.setAllowRSA15KeyTransportAlgorithm(false); + } else { + properties.put(ConfigurationConstants.ENC_SYM_ALGO, WSS4JConstants.TRIPLE_DES); + } WSS4JOutInterceptor ohandler = new WSS4JOutInterceptor(properties); client.getOutInterceptors().add(ohandler); try { echo.echo("test"); - fail("Failure expected as RSA v1.5 is not allowed by default"); + fail("Failure expected as RSA v1.5 is not allowed by configuration"); } catch (jakarta.xml.ws.soap.SOAPFaultException ex) { // expected } diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java index 77733e40a8a..783d2227a2e 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PluggablePolicyValidatorTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.binding.soap.SoapHeader; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.ws.policy.AssertionInfo; import org.apache.cxf.ws.policy.AssertionInfoMap; import org.apache.cxf.ws.policy.PolicyException; @@ -42,6 +43,7 @@ import org.apache.wss4j.dom.util.WSSecurityUtil; import org.apache.wss4j.policy.SP12Constants; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertNotNull; @@ -54,6 +56,8 @@ public class PluggablePolicyValidatorTest extends AbstractPolicySecurityTest { @Test public void testEncryptedElementsPolicyValidator() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); // This should work (body content is encrypted) this.runInInterceptorAndValidate( "encrypted_body_content.xml", diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java index 81dedb4b463..1b05f793f11 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType; import org.apache.wss4j.policy.SP12Constants; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.fail; @@ -181,6 +182,8 @@ public void testSignedPartsPolicyWithCompleteCoverage() throws Exception { @Test public void testEncryptedElementsPolicyWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_missing_enc_header.xml", "encrypted_elements_policy.xml", @@ -198,6 +201,8 @@ public void testEncryptedElementsPolicyWithIncompleteCoverage() throws Exception @Test public void testEncryptedElementsPolicyWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_elements_policy.xml", @@ -244,6 +249,8 @@ public void testEncryptedElementsPolicyWithCompleteCoverage() throws Exception { @Test public void testContentEncryptedElementsPolicyWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_body_element.xml", "content_encrypted_elements_policy.xml", @@ -254,6 +261,8 @@ public void testContentEncryptedElementsPolicyWithIncompleteCoverage() throws Ex @Test public void testContentEncryptedElementsPolicyWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "content_encrypted_elements_policy.xml", @@ -273,6 +282,8 @@ public void testContentEncryptedElementsPolicyWithCompleteCoverage() throws Exce @Test public void testEncryptedPartsPolicyWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_missing_enc_body.xml", "encrypted_parts_policy_body.xml", @@ -304,6 +315,8 @@ public void testEncryptedPartsPolicyWithIncompleteCoverage() throws Exception { @Test public void testEncryptedPartsPolicyWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_body_content.xml", "encrypted_parts_policy_body.xml", @@ -371,6 +384,8 @@ public void testEncryptedPartsPolicyWithCompleteCoverage() throws Exception { @Test public void testSignedEncryptedPartsWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "signed_x509_issuer_serial_encrypted_missing_enc_header.xml", "signed_parts_policy_header_and_body_encrypted.xml", @@ -382,6 +397,8 @@ public void testSignedEncryptedPartsWithIncompleteCoverage() throws Exception { @Test public void testSignedEncryptedPartsWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); if (!TestUtilities.checkUnrestrictedPoliciesInstalled()) { return; } @@ -408,6 +425,8 @@ public void testSignedEncryptedPartsWithCompleteCoverage() throws Exception { @Test public void testEncryptedSignedPartsWithIncompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_body_content_signed_missing_signed_header.xml", "encrypted_parts_policy_header_and_body_signed.xml", @@ -418,6 +437,8 @@ public void testEncryptedSignedPartsWithIncompleteCoverage() throws Exception { @Test public void testEncryptedSignedPartsWithCompleteCoverage() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); this.runInInterceptorAndValidate( "encrypted_body_content_signed.xml", "encrypted_parts_policy_header_and_body_signed.xml", diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java index 37434dbae44..b7b73eaf0a1 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.service.Service; @@ -77,7 +78,10 @@ public void testEncryptedBody() throws Exception { actions.add(XMLSecurityConstants.ENCRYPTION); properties.setActions(actions); properties.setEncryptionUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm( + JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -178,7 +182,9 @@ public void testEncryptUsernameToken() throws Exception { ); properties.setEncryptionUser("myalias"); properties.setTokenUser("username"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -424,7 +430,9 @@ public void testEncryptSignature() throws Exception { properties.setActions(actions); properties.setEncryptionUser("myalias"); properties.setSignatureUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java index ab10d697013..7daa6d4e07f 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.service.Service; @@ -185,7 +186,9 @@ public void testEncrypt() throws Exception { actions.add(XMLSecurityConstants.ENCRYPTION); properties.setActions(actions); properties.setEncryptionUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -235,7 +238,9 @@ public void testEncryptConfig() throws Exception { outConfig.put(ConfigurationConstants.ENCRYPTION_USER, "myalias"); outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); @@ -293,7 +298,9 @@ public void testEncryptUsernameToken() throws Exception { ); properties.setEncryptionUser("myalias"); properties.setTokenUser("username"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -341,7 +348,9 @@ public void testEncryptUsernameTokenConfig() throws Exception { outConfig.put(ConfigurationConstants.ENCRYPTION_USER, "myalias"); outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); @@ -635,7 +644,9 @@ public void testEncryptSignature() throws Exception { properties.setActions(actions); properties.setEncryptionUser("myalias"); properties.setSignatureUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -682,7 +693,9 @@ public void testEncryptSignatureConfig() throws Exception { outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "outsecurity.properties"); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java index a7464875b5c..e516133bc12 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java @@ -35,6 +35,7 @@ import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.service.Service; @@ -445,7 +446,9 @@ public void testEncrypt() throws Exception { List actions = new ArrayList<>(); actions.add(XMLSecurityConstants.ENCRYPTION); properties.setActions(actions); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); properties.setEncryptionUser("myalias"); Properties outCryptoProperties = @@ -479,7 +482,9 @@ public void testEncryptConfig() throws Exception { Map outConfig = new HashMap<>(); outConfig.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION); outConfig.put(ConfigurationConstants.ENCRYPTION_USER, "myalias"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); @@ -519,7 +524,9 @@ public void testEncryptUsernameToken() throws Exception { ); properties.setEncryptionUser("myalias"); properties.setTokenUser("username"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -562,7 +569,9 @@ public void testEncryptUsernameTokenConfig() throws Exception { outConfig.put(ConfigurationConstants.ENCRYPTION_USER, "myalias"); outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); @@ -973,7 +982,9 @@ public void testEncryptSignature() throws Exception { properties.setActions(actions); properties.setEncryptionUser("myalias"); properties.setSignatureUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties outCryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -1015,7 +1026,9 @@ public void testEncryptSignatureConfig() throws Exception { outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "outsecurity.properties"); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMEncryptionIdentifierTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMEncryptionIdentifierTest.java index 960d268f134..be0b013cfc9 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMEncryptionIdentifierTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMEncryptionIdentifierTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.service.Service; @@ -77,7 +78,9 @@ public void testEncryptDirectReference() throws Exception { properties.setEncryptionKeyIdentifier( WSSecurityTokenConstants.KEYIDENTIFIER_SECURITY_TOKEN_DIRECT_REFERENCE ); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -116,7 +119,9 @@ public void testEncryptIssuerSerial() throws Exception { properties.setEncryptionKeyIdentifier( WSSecurityTokenConstants.KeyIdentifier_IssuerSerial ); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -155,7 +160,9 @@ public void testEncryptThumbprint() throws Exception { properties.setEncryptionKeyIdentifier( WSSecurityTokenConstants.KEYIDENTIFIER_THUMBPRINT_IDENTIFIER ); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -195,7 +202,9 @@ public void testEncryptX509() throws Exception { properties.setEncryptionKeyIdentifier( WSSecurityTokenConstants.KeyIdentifier_X509KeyIdentifier ); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -234,7 +243,9 @@ public void testEncryptEncryptedKeySHA1() throws Exception { properties.setEncryptionKeyIdentifier( WSSecurityTokenConstants.KEYIDENTIFIER_ENCRYPTED_KEY_SHA1_IDENTIFIER ); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java index 4091869cd1b..534ef914458 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.service.Service; @@ -275,7 +276,9 @@ public void testEncrypt() throws Exception { actions.add(XMLSecurityConstants.ENCRYPTION); properties.setActions(actions); properties.setEncryptionUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -311,7 +314,9 @@ public void testEncryptConfig() throws Exception { outConfig.put(ConfigurationConstants.ENCRYPTION_USER, "myalias"); outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); @@ -349,13 +354,18 @@ public void testEncryptionAlgorithms() throws Exception { properties.setEncryptionCryptoProperties(cryptoProperties); properties.setCallbackHandler(new TestPwdCallback()); properties.setEncryptionKeyTransportAlgorithm("http://www.w3.org/2001/04/xmlenc#rsa-1_5"); - properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); + if (JavaUtils.isFIPSEnabled()) { + properties.setEncryptionSymAlgorithm("http://www.w3.org/2009/xmlenc11#aes256-gcm"); + inProperties.put(ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "false"); + } else { + properties.setEncryptionSymAlgorithm("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"); + } WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties); client.getOutInterceptors().add(ohandler); try { echo.echo("test"); - fail("Failure expected as RSA v1.5 is not allowed by default"); + fail("Failure expected as RSA v1.5 is not allowed by configuration"); } catch (jakarta.xml.ws.soap.SOAPFaultException ex) { // expected } @@ -391,15 +401,20 @@ public void testEncryptionAlgorithmsConfig() throws Exception { ConfigurationConstants.ENC_KEY_TRANSPORT, "http://www.w3.org/2001/04/xmlenc#rsa-1_5" ); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); + if (JavaUtils.isFIPSEnabled()) { + inProperties.put(ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, "false"); + } WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); try { echo.echo("test"); - fail("Failure expected as RSA v1.5 is not allowed by default"); + fail("Failure expected as RSA v1.5 is not allowed by configuration"); } catch (jakarta.xml.ws.soap.SOAPFaultException ex) { // expected } @@ -440,7 +455,9 @@ public void testEncryptUsernameToken() throws Exception { ); properties.setEncryptionUser("myalias"); properties.setTokenUser("username"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -487,7 +504,9 @@ public void testEncryptUsernameTokenConfig() throws Exception { outConfig.put(ConfigurationConstants.ENCRYPTION_USER, "myalias"); outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); @@ -979,7 +998,9 @@ public void testEncryptSignature() throws Exception { properties.setActions(actions); properties.setEncryptionUser("myalias"); properties.setSignatureUser("myalias"); - properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128); + properties.setEncryptionSymAlgorithm(JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader()); @@ -1025,7 +1046,9 @@ public void testEncryptSignatureConfig() throws Exception { outConfig.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); outConfig.put(ConfigurationConstants.SIG_PROP_FILE, "outsecurity.properties"); outConfig.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); - outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, XMLSecurityConstants.NS_XENC_AES128); + outConfig.put(ConfigurationConstants.ENC_SYM_ALGO, JavaUtils.isFIPSEnabled() + ? XMLSecurityConstants.NS_XENC11_AES128_GCM + : XMLSecurityConstants.NS_XENC_AES128); WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(outConfig); client.getOutInterceptors().add(ohandler); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java index 885c3524bf8..9601b160c4d 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JFaultCodeTest.java @@ -28,6 +28,7 @@ import jakarta.xml.soap.SOAPMessage; import org.apache.cxf.binding.soap.SoapFault; import org.apache.cxf.binding.soap.SoapMessage; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.ExchangeImpl; import org.apache.cxf.message.MessageImpl; @@ -37,6 +38,7 @@ import org.apache.wss4j.common.ConfigurationConstants; import org.apache.wss4j.common.WSS4JConstants; +import org.junit.Assume; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -190,6 +192,8 @@ public void testActionMismatch() throws Exception { // See CXF-6900. @Test public void testSignedEncryptedSOAP12Fault() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); Document doc = readDocument("wsse-response-fault.xml"); SoapMessage msg = getSoapMessageForDom(doc, SOAPConstants.SOAP_1_2_PROTOCOL); @@ -211,6 +215,7 @@ public void testSignedEncryptedSOAP12Fault() throws Exception { inHandler.setProperty(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties"); inHandler.setProperty(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties"); inHandler.setProperty(ConfigurationConstants.PW_CALLBACK_CLASS, TestPwdCallback.class.getName()); + inHandler.setProperty( ConfigurationConstants.PW_CALLBACK_CLASS, "org.apache.cxf.ws.security.wss4j.TestPwdCallback" diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java index 9404bfd78fb..9cfbcab99c2 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java @@ -37,6 +37,7 @@ import org.apache.cxf.binding.soap.interceptor.MustUnderstandInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; import org.apache.cxf.helpers.CastUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.Interceptor; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.ExchangeImpl; @@ -156,12 +157,12 @@ public void testEncryption() throws Exception { outProperties.put(ConfigurationConstants.ENC_PROP_FILE, "outsecurity.properties"); outProperties.put(ConfigurationConstants.USER, "myalias"); outProperties.put("password", "myAliasPassword"); - + Map inProperties = new HashMap<>(); inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION); inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties"); inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); - + List xpaths = new ArrayList<>(); xpaths.add("//wsse:Security"); xpaths.add("//s:Body/xenc:EncryptedData"); @@ -199,12 +200,16 @@ public void testEncryption() throws Exception { @Test public void testEncryptionWithAgreementMethodsX448() throws Exception { + //X448 isn't compliant in FIPS mode + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); Assume.assumeTrue(getJDKVersion() >= 16); testEncryptionWithAgreementMethod("x448", "//dsig11:DEREncodedKeyValue"); } @Test public void testEncryptionWithAgreementMethodsX25519() throws Exception { + //X25519 isn't compliant in FIPS mode + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); Assume.assumeTrue(getJDKVersion() >= 16); testEncryptionWithAgreementMethod("x25519", "//dsig11:DEREncodedKeyValue"); } @@ -292,7 +297,7 @@ public void testEncryptedUsernameToken() throws Exception { ConfigurationConstants.ENCRYPTION_PARTS, "{Content}{" + WSS4JConstants.WSSE_NS + "}UsernameToken" ); - + Map inProperties = new HashMap<>(); inProperties.put( ConfigurationConstants.ACTION, @@ -300,6 +305,7 @@ public void testEncryptedUsernameToken() throws Exception { ); inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties"); inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback()); + List xpaths = new ArrayList<>(); xpaths.add("//wsse:Security"); diff --git a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutWithAttachmentsTest.java b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutWithAttachmentsTest.java index 5511dfc2950..895f3c122aa 100644 --- a/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutWithAttachmentsTest.java +++ b/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutWithAttachmentsTest.java @@ -42,6 +42,7 @@ import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor; import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor; import org.apache.cxf.bus.managers.PhaseManagerImpl; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.AttachmentInInterceptor; import org.apache.cxf.interceptor.AttachmentOutInterceptor; import org.apache.cxf.interceptor.Interceptor; @@ -88,6 +89,8 @@ public WSS4JInOutWithAttachmentsTest() { @Test public void testEncryptWithAgreementMethodWithXECAndEDKeys() throws Exception { Assume.assumeTrue(getJDKVersion() >= 16); + //ed25519 isn't compliant in FIPS mode + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); testEncryptWithAgreementMethod("ed25519", "x25519"); } diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java index b6e106c8b3d..106fd13eb0c 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/service/EncryptionProperties.java @@ -21,6 +21,7 @@ import java.util.ArrayList; import java.util.List; +import org.apache.cxf.helpers.JavaUtils; import org.apache.wss4j.common.WSS4JConstants; import org.apache.wss4j.dom.WSConstants; @@ -30,8 +31,10 @@ * certificate from a KeyStore) - everything else is optional. */ public class EncryptionProperties { - private String encryptionAlgorithm = WSConstants.AES_256; - private String keyWrapAlgorithm = WSConstants.KEYTRANSPORT_RSAOAEP; + private String encryptionAlgorithm = + JavaUtils.isFIPSEnabled() ? WSConstants.AES_256_GCM : WSConstants.AES_256; + private String keyWrapAlgorithm = + JavaUtils.isFIPSEnabled() ? WSConstants.KEYTRANSPORT_RSA15 : WSConstants.KEYTRANSPORT_RSAOAEP; private int keyIdentifierType = WSConstants.ISSUER_SERIAL; private List acceptedEncryptionAlgorithms = new ArrayList<>(); private List acceptedKeyWrapAlgorithms = new ArrayList<>(); @@ -39,17 +42,21 @@ public class EncryptionProperties { public EncryptionProperties() { // Default symmetric encryption algorithms - acceptedEncryptionAlgorithms.add(WSS4JConstants.TRIPLE_DES); - acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_128); - acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_192); - acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_256); + if (!JavaUtils.isFIPSEnabled()) { + acceptedEncryptionAlgorithms.add(WSS4JConstants.TRIPLE_DES); + acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_128); + acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_192); + acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_256); + } acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_128_GCM); acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_192_GCM); acceptedEncryptionAlgorithms.add(WSS4JConstants.AES_256_GCM); // Default key wrap algorithms acceptedKeyWrapAlgorithms.add(WSS4JConstants.KEYTRANSPORT_RSA15); - acceptedKeyWrapAlgorithms.add(WSS4JConstants.KEYTRANSPORT_RSAOAEP); + if (!JavaUtils.isFIPSEnabled()) { + acceptedKeyWrapAlgorithms.add(WSS4JConstants.KEYTRANSPORT_RSAOAEP); + } } /** diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java index cc9ade1616a..8306d7a2dc9 100644 --- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java +++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/jwt/JWTTokenProvider.java @@ -32,6 +32,7 @@ import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.StringUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.jwa.ContentAlgorithm; import org.apache.cxf.rs.security.jose.jwa.KeyAlgorithm; @@ -303,7 +304,8 @@ private String encryptToken( try { KeyAlgorithm.getAlgorithm(keyWrapAlgorithm); } catch (IllegalArgumentException ex) { - keyWrapAlgorithm = KeyAlgorithm.RSA_OAEP.name(); + keyWrapAlgorithm = JavaUtils.isFIPSEnabled() + ? KeyAlgorithm.RSA1_5.name() : KeyAlgorithm.RSA_OAEP.name(); } encProperties.put(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, keyWrapAlgorithm); diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueEncryptedUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueEncryptedUnitTest.java index db80b7add68..235e42f083d 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueEncryptedUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueEncryptedUnitTest.java @@ -27,6 +27,7 @@ import jakarta.xml.bind.JAXBElement; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; import org.apache.cxf.sts.QNameConstants; @@ -77,7 +78,10 @@ public void testIssueEncryptedToken() throws Exception { service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm( + JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); @@ -128,7 +132,9 @@ public void testEncryptionName() throws Exception { service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); @@ -187,7 +193,9 @@ public void testConfiguredEncryptionAlgorithm() throws Exception { service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); @@ -219,6 +227,7 @@ public void testConfiguredEncryptionAlgorithm() throws Exception { assertFalse(securityTokenResponse.isEmpty()); encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.KEYTRANSPORT_RSA15); + try { issueOperation.issue(request, null, msgCtx); fail("Failure expected on a bad encryption algorithm"); @@ -264,7 +273,9 @@ public void testReceivedEncryptionAlgorithm() throws Exception { request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); JAXBElement encryptionAlgorithmType = new JAXBElement( - QNameConstants.ENCRYPTION_ALGORITHM, String.class, WSS4JConstants.AES_128 + QNameConstants.ENCRYPTION_ALGORITHM, String.class, JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128 ); request.getAny().add(encryptionAlgorithmType); @@ -323,9 +334,13 @@ public void testConfiguredKeyWrapAlgorithm() throws Exception { EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); } - encryptionProperties.setKeyWrapAlgorithm(WSS4JConstants.KEYTRANSPORT_RSAOAEP); + encryptionProperties.setKeyWrapAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.KEYTRANSPORT_RSA15 + : WSS4JConstants.KEYTRANSPORT_RSAOAEP); service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); @@ -356,7 +371,9 @@ public void testConfiguredKeyWrapAlgorithm() throws Exception { response.getRequestSecurityTokenResponse(); assertFalse(securityTokenResponse.isEmpty()); - encryptionProperties.setKeyWrapAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setKeyWrapAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); try { issueOperation.issue(request, null, msgCtx); fail("Failure expected on a bad key-wrap algorithm"); @@ -391,7 +408,9 @@ public void testSpecifiedKeyWrapAlgorithm() throws Exception { EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); @@ -413,7 +432,9 @@ public void testSpecifiedKeyWrapAlgorithm() throws Exception { request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); JAXBElement encryptionAlgorithmType = new JAXBElement( - QNameConstants.KEYWRAP_ALGORITHM, String.class, WSS4JConstants.KEYTRANSPORT_RSAOAEP + QNameConstants.KEYWRAP_ALGORITHM, String.class, JavaUtils.isFIPSEnabled() + ? WSS4JConstants.KEYTRANSPORT_RSA15 + : WSS4JConstants.KEYTRANSPORT_RSAOAEP ); request.getAny().add(encryptionAlgorithmType); @@ -464,7 +485,9 @@ public void testConfiguredKeyIdentifiers() throws Exception { EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); } encryptionProperties.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); service.setEncryptionProperties(encryptionProperties); diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSCTUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSCTUnitTest.java index 4f7565dc280..2f1a069c521 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSCTUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSCTUnitTest.java @@ -30,6 +30,7 @@ import jakarta.xml.bind.JAXBElement; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; import org.apache.cxf.security.SecurityContext; @@ -177,7 +178,9 @@ public void testIssueEncryptedSCT() throws Exception { service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java index e63da9afc5f..df3402169f8 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlRealmUnitTest.java @@ -32,6 +32,7 @@ import jakarta.xml.bind.JAXBElement; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; import org.apache.cxf.security.SecurityContext; @@ -538,7 +539,9 @@ private Properties getEncryptionPropertiesPKCS12() { "org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin" ); properties.put("org.apache.wss4j.crypto.merlin.keystore.password", "security"); - properties.put("org.apache.wss4j.crypto.merlin.keystore.file", "x509.p12"); + properties.put("org.apache.wss4j.crypto.merlin.keystore.file", JavaUtils.isFIPSEnabled() + ? "x509-fips.p12" + : "x509.p12"); properties.put("org.apache.wss4j.crypto.merlin.keystore.type", "pkcs12"); properties.put("org.apache.wss4j.crypto.merlin.keystore.private.password", "security"); diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java index b10fefa1258..86462f11c52 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueSamlUnitTest.java @@ -32,6 +32,7 @@ import jakarta.xml.bind.JAXBElement; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; import org.apache.cxf.security.SecurityContext; @@ -432,7 +433,9 @@ public void testIssueEncryptedSaml2Token() throws Exception { service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); if (!unrestrictedPoliciesInstalled) { - encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128); + encryptionProperties.setEncryptionAlgorithm( + JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM : WSS4JConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); @@ -833,9 +836,14 @@ public void testIssueSaml2SymmetricKeyTokenEncryptedKey() throws Exception { WSSecEncryptedKey builder = new WSSecEncryptedKey(doc); builder.setUserInfo("mystskey"); builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL); - builder.setKeyEncAlgo(WSS4JConstants.KEYTRANSPORT_RSAOAEP); - - KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128); + builder.setKeyEncAlgo( + JavaUtils.isFIPSEnabled() + ? WSS4JConstants.KEYTRANSPORT_RSA15 + : WSS4JConstants.KEYTRANSPORT_RSAOAEP); + + KeyGenerator keyGen = KeyUtils.getKeyGenerator( + JavaUtils.isFIPSEnabled() + ? WSConstants.AES_128_GCM : WSConstants.AES_128); SecretKey symmetricKey = keyGen.generateKey(); builder.prepare(stsProperties.getSignatureCrypto(), symmetricKey); diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java index 95938a8e9d8..2cecbfbd721 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SAMLProviderKeyTypeTest.java @@ -25,6 +25,7 @@ import org.w3c.dom.Element; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; import org.apache.cxf.sts.STSConstants; @@ -602,14 +603,18 @@ public void testDefaultSaml2EncryptWith() throws Exception { createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE); KeyRequirements keyRequirements = providerParameters.getKeyRequirements(); - keyRequirements.setEncryptWith(WSS4JConstants.AES_128); + keyRequirements.setEncryptWith(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_128_GCM + : WSS4JConstants.AES_128); keyRequirements.setKeySize(92); TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters); assertNotNull(providerResponse); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); keyRequirements.setKeySize(128); - keyRequirements.setEncryptWith(WSS4JConstants.AES_256); + keyRequirements.setEncryptWith(JavaUtils.isFIPSEnabled() + ? WSS4JConstants.AES_256_GCM + : WSS4JConstants.AES_256); providerResponse = samlTokenProvider.createToken(providerParameters); assertNotNull(providerResponse); assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null); @@ -706,7 +711,9 @@ private Properties getEncryptionPropertiesPKCS12() { "org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin" ); properties.put("org.apache.wss4j.crypto.merlin.keystore.password", "security"); - properties.put("org.apache.wss4j.crypto.merlin.keystore.file", "x509.p12"); + properties.put("org.apache.wss4j.crypto.merlin.keystore.file", JavaUtils.isFIPSEnabled() + ? "x509-fips.p12" + : "x509.p12"); properties.put("org.apache.wss4j.crypto.merlin.keystore.type", "pkcs12"); properties.put("org.apache.wss4j.crypto.merlin.keystore.private.password", "security"); diff --git a/services/sts/sts-core/src/test/resources/x509-fips.p12 b/services/sts/sts-core/src/test/resources/x509-fips.p12 new file mode 100644 index 0000000000000000000000000000000000000000..737cf5f2e722e39fd8a1c4fead4c7bc37d40ee17 GIT binary patch literal 1600 zcmaizX*iT?9LC>wW(>+$vhQ2A!Ss$XcBzIi6hnoOEhCOHh?;UTUW~5LsBDpALfRB* zC`Fb-wvZ@8l2XP_DV#W*>AKF9FXy_>hv)zN?)(0Kd!8GD(N+i$3BhOtS{Tc8U@l`o zL68j#ETUk6c?cGmhG1mUW`t(L$QZsAi2woq6}FjxkmD~QfPt(a#Z4&!iK2v7Lh`r1 z_9WwfwA(*X=dqChN4JmY3ppN*hKMz`eOf%9(JnG6^y-rA8&Zr+;^H4t-1 z+x^@ibC`=gP|>(9&L|-|adSU6bH^(P9#Imhj zpDf*p(JmKN*ubpj- zQgeiuF56njNd@LU{M}wT{XR)hM&vB#`yNYI*K4d+M@E>Bk+=(RVe%Dk8}(}Qh1y4n zu#P?!uTypNzDtJDyHg2>J8iJ_Ye}14QntfucIaIcLTKiMiGF?4e8NITu*z@oA@Z?j zJl}GXvF7As@8{MqSW=01;!E3!HtJ}|^DhpJ2ObTy#-6hDRsFQwASb821dW5MyQF4x z#b!It`VsZk<*US0nH|bfPDiM3Oh}}f_maj4w)V-s2%7M%nYdRo@v9!k+Y2r|6(hF< zBu`rm6ODrkMk1PJyMhQFi{aoj``zl zD3N<4JMerY($P*-F=_*^)6FUykgZ$$aIZ2Ce3*iIPaB*&V=0$qP9c$x7CaCRRQ^QG zQ7GI-XC0o6GkaltT=ssX$*#c|vl9f*Qm1mIx{|c_HS&0d(i1I)^W9Kco(V^Z@k9Gv& zQf5&w=nvS;H>#WnsqEapFBEhh|o~YdrW3G;>uy% zfrRHw5Y*|YRMEgba-gd6)E($Im1?IWKsS( zkMMEye#E2Y&2}o$}au_<&XM|`+XpBi_;ZlvuO}9k z#>=3j#*1vSXC{+tYL1%QSp>Uf1FFGZkjLhd6rQZ&0N?==AP6u82tWW3$Y(?TGy}{5 zBR&}eL_Smb^fROKl_B4!@;y^NQ~A@F&t`lt7{Wv9kT6<6UlfT@5CBk8;YV<)*XwmC d+R~V-0qwp^Da>LGlu)`s_tGi%%8sAE<{#_prC0y} literal 0 HcmV?d00001 diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java index dfe8cd86cc1..6f9d52ce923 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/asymmetric_encr/AsymmetricEncryptionTest.java @@ -22,6 +22,7 @@ import java.util.Map; import org.apache.cxf.Bus; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.TestParam; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.systest.sts.deployment.StaxSTSServer; @@ -56,8 +57,12 @@ public AsymmetricEncryptionTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new STSServer( - AsymmetricEncryptionTest.class.getResource("cxf-sts.xml"), - AsymmetricEncryptionTest.class.getResource("stax-cxf-sts.xml")))); + AsymmetricEncryptionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-sts-fips.xml" + : "cxf-sts.xml"), + AsymmetricEncryptionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-cxf-sts-fips.xml" + : "stax-cxf-sts.xml")))); } @Parameters(name = "{0}") diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java index b6b24480cb5..dc38115e5dc 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/binarysecuritytoken/BinarySecurityTokenTest.java @@ -23,6 +23,7 @@ import javax.xml.namespace.QName; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; import org.apache.cxf.systest.sts.deployment.DoubleItServer; @@ -66,8 +67,12 @@ public BinarySecurityTokenTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - BinarySecurityTokenTest.class.getResource("cxf-service.xml"), - BinarySecurityTokenTest.class.getResource("stax-cxf-service.xml") + BinarySecurityTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml"), + BinarySecurityTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-cxf-service-fips.xml" + : "stax-cxf-service.xml") ))); assertTrue(launchServer(new StaxSTSServer())); } @@ -85,7 +90,9 @@ public static TestParam[] data() { public void testBinarySecurityToken() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = BinarySecurityTokenTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = BinarySecurityTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBSTPort"); DoubleItPortType asymmetricBSTPort = @@ -105,7 +112,9 @@ public void testBinarySecurityToken() throws Exception { public void testBadBinarySecurityToken() throws Exception { createBus(getClass().getResource("cxf-bad-client.xml").toString()); - URL wsdl = BinarySecurityTokenTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = BinarySecurityTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBSTPort"); DoubleItPortType asymmetricBSTPort = diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java index e22910ae7ff..0b3ee176484 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/CachingTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.endpoint.Client; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -61,7 +62,9 @@ public class CachingTest extends AbstractBusClientServerTestBase { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - ServerCachingTest.class.getResource("cxf-service.xml") + ServerCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml") ))); assertTrue(launchServer(new STSServer())); } @@ -70,7 +73,9 @@ public static void startServers() throws Exception { public void testSTSClientCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = CachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = CachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port"); DoubleItPortType port = @@ -108,7 +113,9 @@ public void testSTSClientCaching() throws Exception { public void testDisableProxyCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = CachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = CachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port2"); DoubleItPortType port = @@ -143,7 +150,9 @@ public void testDisableProxyCaching() throws Exception { public void testImminentExpiry() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = CachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = CachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port"); DoubleItPortType port = diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/ServerCachingTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/ServerCachingTest.java index bd5161e73cb..0ea92f82913 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/ServerCachingTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/caching/ServerCachingTest.java @@ -32,6 +32,7 @@ import org.apache.cxf.endpoint.Client; import org.apache.cxf.endpoint.Endpoint; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -72,10 +73,14 @@ public class ServerCachingTest extends AbstractBusClientServerTestBase { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - ServerCachingTest.class.getResource("cxf-service.xml") + ServerCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml") ))); assertTrue(launchServer(new DoubleItServer( - ServerCachingTest.class.getResource("cxf-caching-service.xml") + ServerCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-caching-service-fips.xml" + : "cxf-caching-service.xml") ))); assertTrue(launchServer(new STSServer())); @@ -85,7 +90,9 @@ public static void startServers() throws Exception { public void testServerSideSAMLTokenCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = ServerCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = ServerCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1AlternativePort"); DoubleItPortType port = @@ -130,7 +137,9 @@ public void testServerSideSAMLTokenCaching() throws Exception { public void testServerSideUsernameTokenCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = ServerCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = ServerCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportUTPort"); DoubleItPortType transportUTPort = @@ -162,7 +171,9 @@ public void testServerSideUsernameTokenCaching() throws Exception { public void testServerSideBinarySecurityTokenCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = ServerCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = ServerCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBSTPort"); DoubleItPortType bstPort = diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java index 13bc973ee6a..9d6d10a4e31 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecureConversationTest.java @@ -23,6 +23,7 @@ import javax.xml.namespace.QName; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -50,17 +51,23 @@ public class SecureConversationTest extends AbstractBusClientServerTestBase { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - SecureConversationTest.class.getResource("cxf-service.xml") + SecureConversationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml") ))); assertTrue(launchServer(new STSServer( - SecureConversationTest.class.getResource("cxf-sts.xml")))); + SecureConversationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-sts-fips.xml" + : "cxf-sts.xml")))); } @org.junit.Test public void testSecureConversation() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SecureConversationTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecureConversationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSecureConvPort"); DoubleItPortType transportPort = @@ -74,7 +81,9 @@ public void testSecureConversation() throws Exception { public void testSecureConversationSymmetric() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SecureConversationTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecureConversationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSecureConvPort"); DoubleItPortType symmetricPort = diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java index 5e58be64a38..c7b1eb70db0 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenCancelTest.java @@ -22,6 +22,7 @@ import java.util.Map; import org.apache.cxf.Bus; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.SecurityConstants; @@ -46,7 +47,9 @@ public class SecurityContextTokenCancelTest extends AbstractBusClientServerTestB @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new STSServer( - SecurityContextTokenCancelTest.class.getResource("cxf-sts.xml")))); + SecurityContextTokenCancelTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-sts-fips.xml" + : "cxf-sts.xml")))); } @org.junit.Test diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java index a89402a023f..7ca0a1737f4 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/secure_conv/SecurityContextTokenUnitTest.java @@ -22,6 +22,7 @@ import java.util.Map; import org.apache.cxf.Bus; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.TestParam; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.systest.sts.deployment.StaxSTSServer; @@ -54,8 +55,12 @@ public SecurityContextTokenUnitTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new StaxSTSServer( - SecurityContextTokenUnitTest.class.getResource("cxf-sts.xml"), - SecurityContextTokenUnitTest.class.getResource("stax-cxf-sts.xml")))); + SecurityContextTokenUnitTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-sts-fips.xml" + : "cxf-sts.xml"), + SecurityContextTokenUnitTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-cxf-sts-fips.xml" + : "stax-cxf-sts.xml")))); } @Parameters(name = "{0}") diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/sts_sender_vouches/STSSenderVouchesTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/sts_sender_vouches/STSSenderVouchesTest.java index ecdda2893bd..b6eb631a920 100644 --- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/sts_sender_vouches/STSSenderVouchesTest.java +++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/sts_sender_vouches/STSSenderVouchesTest.java @@ -24,6 +24,7 @@ import jakarta.xml.ws.BindingProvider; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; import org.apache.cxf.systest.sts.deployment.DoubleItServer; @@ -62,11 +63,17 @@ public STSSenderVouchesTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - STSSenderVouchesTest.class.getResource("cxf-service.xml") + STSSenderVouchesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml") ))); assertTrue(launchServer(new StaxSTSServer( - STSSenderVouchesTest.class.getResource("cxf-sts.xml"), - STSSenderVouchesTest.class.getResource("stax-cxf-sts.xml") + STSSenderVouchesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-sts-fips.xml" + : "cxf-sts.xml"), + STSSenderVouchesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-cxf-sts-fips.xml" + : "stax-cxf-sts.xml") ))); } @@ -81,7 +88,9 @@ public static TestParam[] data() { public void testSAML2SenderVouches() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = STSSenderVouchesTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = STSSenderVouchesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2Port"); DoubleItPortType port = diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts-fips.xml new file mode 100644 index 00000000000..ec4753083d2 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/cxf-sts-fips.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + https://localhost:(\d)*/doubleit/services/doubleittransport.* + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts-fips.xml new file mode 100644 index 00000000000..5366b549dd9 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/asymmetric_encr/stax-cxf-sts-fips.xml @@ -0,0 +1,71 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + https://localhost:(\d)*/doubleit/services/doubleittransport.* + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/DoubleIt-fips.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..7969877a22c --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/DoubleIt-fips.wsdl @@ -0,0 +1,146 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/cxf-service-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/cxf-service-fips.xml new file mode 100644 index 00000000000..a9e1c12ee4d --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/cxf-service-fips.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service-fips.xml new file mode 100644 index 00000000000..df9ab6c15bc --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/binarysecuritytoken/stax-cxf-service-fips.xml @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/DoubleIt-fips.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..761297e7d3d --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/DoubleIt-fips.wsdl @@ -0,0 +1,308 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-caching-service-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-caching-service-fips.xml new file mode 100644 index 00000000000..87ee6c184ee --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-caching-service-fips.xml @@ -0,0 +1,110 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-service-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-service-fips.xml new file mode 100644 index 00000000000..bb5856966b1 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/caching/cxf-service-fips.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/DoubleIt-fips.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..74d35a5d8cf --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/DoubleIt-fips.wsdl @@ -0,0 +1,336 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-service-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-service-fips.xml new file mode 100644 index 00000000000..9cbeb10186f --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-service-fips.xml @@ -0,0 +1,112 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-sts-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-sts-fips.xml new file mode 100644 index 00000000000..946efd34e13 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/cxf-sts-fips.xml @@ -0,0 +1,162 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + https://localhost:(\d)*/doubleit/services/doubleittransport.* + + http://localhost:(\d)*/doubleit/services/doubleitsymmetric.* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts-fips.xml new file mode 100644 index 00000000000..9a5a4b1258b --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/stax-cxf-sts-fips.xml @@ -0,0 +1,169 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + https://localhost:(\d)*/doubleit/services/doubleittransport.* + + http://localhost:(\d)*/doubleit/services/doubleitsymmetric.* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service-fips.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service-fips.wsdl new file mode 100644 index 00000000000..28c58808ea2 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/secure_conv/ws-trust-1.4-service-fips.wsdl @@ -0,0 +1,354 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/DoubleIt-fips.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..065aeac5215 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/DoubleIt-fips.wsdl @@ -0,0 +1,171 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/SecurityTokenService/ + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-service-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-service-fips.xml new file mode 100644 index 00000000000..bd758343ba1 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-service-fips.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-sts-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-sts-fips.xml new file mode 100644 index 00000000000..9220dc487a8 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/cxf-sts-fips.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + http://localhost:(\d)*/(doubleit|metrowsp)/services/doubleit(UT|.*symmetric.*|.*) + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/stax-cxf-sts-fips.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/stax-cxf-sts-fips.xml new file mode 100644 index 00000000000..8281036b851 --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/stax-cxf-sts-fips.xml @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + http://localhost:(\d)*/(doubleit|metrowsp)/services/doubleit(UT|.*symmetric.*|.*) + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/ws-trust-1.4-service-fips.wsdl b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/ws-trust-1.4-service-fips.wsdl new file mode 100644 index 00000000000..f35ea0658da --- /dev/null +++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/sts_sender_vouches/ws-trust-1.4-service-fips.wsdl @@ -0,0 +1,248 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java index 06a0ee865de..c3b557ae28d 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java @@ -25,6 +25,7 @@ import jakarta.xml.ws.BindingProvider; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; import org.apache.cxf.systest.sts.common.TokenTestUtils; @@ -75,16 +76,19 @@ public AsymmetricBindingTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - AsymmetricBindingTest.class.getResource("cxf-service.xml"), - AsymmetricBindingTest.class.getResource("cxf-stax-service.xml"))) + AsymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-service-fips.xml" : "cxf-service.xml"), + AsymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-stax-service-fips.xml" : "cxf-stax-service.xml"))) ); assertTrue(launchServer(new STSServer( - "cxf-ut.xml", - "stax-cxf-ut.xml"))); + JavaUtils.isFIPSEnabled() ? "cxf-ut-fips.xml" : "cxf-ut.xml", + JavaUtils.isFIPSEnabled() ? "stax-cxf-ut-fips.xml" : "stax-cxf-ut.xml"))); assertTrue(launchServer(new STSServer( - "cxf-ut-encrypted.xml", - "stax-cxf-ut-encrypted.xml"))); + JavaUtils.isFIPSEnabled() ? "cxf-ut-encrypted-fips.xml" : "cxf-ut-encrypted.xml", + JavaUtils.isFIPSEnabled() ? "stax-cxf-ut-encrypted-fips.xml" : "stax-cxf-ut-encrypted.xml"))); + } @Parameters(name = "{0}") @@ -105,7 +109,8 @@ public static TestParam[] data() { public void testUsernameTokenSAML1() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = AsymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1Port"); DoubleItPortType asymmetricSaml1Port = @@ -127,7 +132,8 @@ public void testUsernameTokenSAML1() throws Exception { public void testUsernameTokenSAML2() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = AsymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2Port"); DoubleItPortType asymmetricSaml2Port = @@ -150,7 +156,8 @@ public void testUsernameTokenSAML2() throws Exception { public void testUsernameTokenSAML2KeyValue() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = AsymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2KeyValuePort"); DoubleItPortType asymmetricSaml2Port = @@ -173,7 +180,8 @@ public void testUsernameTokenSAML2KeyValue() throws Exception { public void testUsernameTokenSAML1Encrypted() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = AsymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = AsymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML1EncryptedPort"); DoubleItPortType asymmetricSaml1EncryptedPort = diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java index 9c0faf3720b..d320c205e87 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issuer/IssuerTest.java @@ -29,6 +29,7 @@ import javax.xml.namespace.QName; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItPortType; @@ -78,7 +79,9 @@ public static void startServers() throws Exception { // Policy. Useful if you want a simple way to avoid hardcoding the STS host/port in the client. @org.junit.Test public void testSAML1Issuer() throws Exception { - createBus(getClass().getResource("cxf-client.xml").toString()); + createBus(getClass().getResource(JavaUtils.isFIPSEnabled() + ? "cxf-client-fips.xml" + : "cxf-client.xml").toString()); URL wsdl = IssuerTest.class.getResource(WSDL_FILTERED); Service service = Service.create(wsdl, SERVICE_QNAME); @@ -95,7 +98,9 @@ public void testSAML1Issuer() throws Exception { // Test getting the STS details via WS-MEX @org.junit.Test public void testSAML2MEX() throws Exception { - createBus(getClass().getResource("cxf-client.xml").toString()); + createBus(getClass().getResource(JavaUtils.isFIPSEnabled() + ? "cxf-client-fips.xml" + : "cxf-client.xml").toString()); URL wsdl = IssuerTest.class.getResource(WSDL_FILTERED); Service service = Service.create(wsdl, SERVICE_QNAME); @@ -112,7 +117,9 @@ public void testSAML2MEX() throws Exception { // Test getting the STS details via WS-MEX + SOAP 1.2 @org.junit.Test public void testSAML2MEXSoap12() throws Exception { - createBus(getClass().getResource("cxf-client.xml").toString()); + createBus(getClass().getResource(JavaUtils.isFIPSEnabled() + ? "cxf-client-fips.xml" + : "cxf-client.xml").toString()); URL wsdl = IssuerTest.class.getResource(WSDL_FILTERED); Service service = Service.create(wsdl, SERVICE_QNAME); diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java index 0540a109f5e..d3dc051fe18 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/issueunit/IssueUnitTest.java @@ -32,6 +32,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.binding.soap.SoapBindingConstants; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; @@ -97,7 +98,10 @@ public class IssueUnitTest extends AbstractBusClientServerTestBase { @BeforeClass public static void startServers() throws Exception { - assertTrue(launchServer(new STSServer("cxf-transport.xml"))); + assertTrue(launchServer(new STSServer( + JavaUtils.isFIPSEnabled() + ? "cxf-transport-fips.xml" + : "cxf-transport.xml"))); } @org.junit.Test diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/AbstractSTSTokenTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/AbstractSTSTokenTest.java index fe7be5863cd..4424a513010 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/AbstractSTSTokenTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/AbstractSTSTokenTest.java @@ -34,6 +34,7 @@ import org.apache.cxf.endpoint.EndpointImpl; import org.apache.cxf.ext.logging.LoggingInInterceptor; import org.apache.cxf.ext.logging.LoggingOutInterceptor; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.message.Exchange; import org.apache.cxf.message.ExchangeImpl; import org.apache.cxf.message.Message; @@ -80,10 +81,10 @@ public abstract class AbstractSTSTokenTest extends AbstractClientServerTestBase @BeforeClass public static void startServers() throws Exception { - assertTrue(launchServer(new STSServer( - "cxf-transport.xml", - "cxf-x509.xml" - ))); + assertTrue(launchServer(new STSServer(JavaUtils.isFIPSEnabled() + ? "cxf-transport-fips.xml" : "cxf-transport.xml", + JavaUtils.isFIPSEnabled() + ? "cxf-x509-fips.xml" : "cxf-x509.xml"))); } static STSClient initStsClientAsymmeticBinding(Bus bus) { diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java index 61aa6d21cb3..8dc445eeacc 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/symmetric/SymmetricBindingTest.java @@ -37,6 +37,7 @@ import jakarta.xml.ws.soap.AddressingFeature; import org.apache.cxf.Bus; import org.apache.cxf.endpoint.Client; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.DispatchImpl; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; @@ -87,16 +88,18 @@ public SymmetricBindingTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - SymmetricBindingTest.class.getResource("cxf-service.xml"), - SymmetricBindingTest.class.getResource("cxf-stax-service.xml"))) + SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-service-fips.xml" : "cxf-service.xml"), + SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-stax-service-fips.xml" : "cxf-stax-service.xml"))) ); assertTrue(launchServer(new STSServer( - "cxf-ut.xml", - "stax-cxf-ut.xml"))); + JavaUtils.isFIPSEnabled() ? "cxf-ut-fips.xml" : "cxf-ut.xml", + JavaUtils.isFIPSEnabled() ? "stax-cxf-ut-fips.xml" : "stax-cxf-ut.xml"))); assertTrue(launchServer(new STSServer( - "cxf-ut-encrypted.xml", - "stax-cxf-ut-encrypted.xml"))); + JavaUtils.isFIPSEnabled() ? "cxf-ut-encrypted-fips.xml" : "cxf-ut-encrypted.xml", + JavaUtils.isFIPSEnabled() ? "stax-cxf-ut-encrypted-fips.xml" : "stax-cxf-ut-encrypted.xml"))); } @Parameters(name = "{0}") @@ -117,7 +120,8 @@ public static TestParam[] data() { public void testUsernameTokenSAML1() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML1Port"); DoubleItPortType symmetricSaml1Port = @@ -140,7 +144,8 @@ public void testUsernameTokenSAML1() throws Exception { public void testUsernameTokenSAML2() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2Port"); DoubleItPortType symmetricSaml2Port = @@ -168,7 +173,8 @@ public void testUsernameTokenSAML2ProtectTokens() throws Exception { } createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2ProtectTokensPort"); DoubleItPortType symmetricSaml2Port = @@ -191,7 +197,8 @@ public void testUsernameTokenSAML2ProtectTokens() throws Exception { public void testUsernameTokenSAML1Encrypted() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML1EncryptedPort"); DoubleItPortType symmetricSaml1Port = @@ -213,7 +220,8 @@ public void testUsernameTokenSAML1Encrypted() throws Exception { public void testUsernameTokenSAML2SecureConversation() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2SecureConversationPort"); DoubleItPortType symmetricSaml2Port = @@ -235,7 +243,8 @@ public void testUsernameTokenSAML2SecureConversation() throws Exception { public void testUsernameTokenSAML2Dispatch() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2Port"); @@ -268,7 +277,8 @@ public void testUsernameTokenSAML2Dispatch() throws Exception { public void testUsernameTokenSAML1Dispatch() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML1Port"); diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java index 26c89f20489..6a6d2db71a3 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/transport/TransportBindingTest.java @@ -39,6 +39,7 @@ import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.DispatchImpl; import org.apache.cxf.systest.sts.TLSClientParametersUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; @@ -91,12 +92,14 @@ public TransportBindingTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - TransportBindingTest.class.getResource("cxf-service.xml"), - TransportBindingTest.class.getResource("cxf-stax-service.xml"))) + TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-service-fips.xml" : "cxf-service.xml"), + TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-stax-service-fips.xml" : "cxf-stax-service.xml"))) ); assertTrue(launchServer(new STSServer( - "cxf-transport.xml", - "stax-cxf-transport.xml" + JavaUtils.isFIPSEnabled() ? "cxf-transport-fips.xml" : "cxf-transport.xml", + JavaUtils.isFIPSEnabled() ? "stax-cxf-transport-fips.xml" : "stax-cxf-transport.xml" ))); } @@ -118,7 +121,8 @@ public static TestParam[] data() { public void testSAML1() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port"); DoubleItPortType transportSaml1Port = @@ -140,7 +144,8 @@ public void testSAML1() throws Exception { public void testSAML2() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); DoubleItPortType transportSaml2Port = @@ -161,7 +166,8 @@ public void testSAML2() throws Exception { @org.junit.Test public void testSAML2ViaCode() throws Exception { - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); DoubleItPortType transportSaml2Port = @@ -222,7 +228,8 @@ public void testSAML2ViaCode() throws Exception { public void testUnknownClient() throws Exception { createBus(getClass().getResource("cxf-bad-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1Port"); DoubleItPortType transportSaml1Port = @@ -249,7 +256,8 @@ public void testUnknownClient() throws Exception { public void testSAML1Endorsing() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1EndorsingPort"); DoubleItPortType transportSaml1Port = @@ -276,7 +284,8 @@ public void testSAML1Endorsing() throws Exception { public void testUnknownAddress() throws Exception { createBus(getClass().getResource("cxf-bad-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML1EndorsingPort"); DoubleItPortType transportSaml1Port = @@ -304,7 +313,8 @@ public void testSAML2Dispatch() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); @@ -339,7 +349,8 @@ public void testSAML2DispatchLocation() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2Port"); @@ -351,7 +362,10 @@ public void testSAML2DispatchLocation() throws Exception { STSClient stsClient = createDispatchSTSClient(bus); String location = "https://localhost:" + test.getStsPort() + "/SecurityTokenService/Transport"; stsClient.setLocation(location); - stsClient.setPolicy("classpath:/org/apache/cxf/systest/sts/issuer/sts-transport-policy.xml"); + + stsClient.setPolicy(JavaUtils.isFIPSEnabled() + ? "classpath:/org/apache/cxf/systest/sts/issuer/sts-transport-policy-fips.xml" + : "classpath:/org/apache/cxf/systest/sts/issuer/sts-transport-policy.xml"); // Creating a DOMSource Object for the request DOMSource request = createDOMRequest(); @@ -380,7 +394,8 @@ public void testSAML2X509Endorsing() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2X509EndorsingPort"); DoubleItPortType transportSaml1Port = @@ -402,7 +417,8 @@ public void testSAML2X509Endorsing() throws Exception { public void testSAML2SymmetricEndorsing() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2SymmetricEndorsingPort"); DoubleItPortType transportSaml1Port = @@ -430,7 +446,8 @@ public void testSAML2SymmetricEndorsingDerived() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = TransportBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = TransportBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSAML2SymmetricEndorsingDerivedPort"); DoubleItPortType transportSaml1Port = diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsCachingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsCachingTest.java index 11f1ccc85c0..8f7904d55ba 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsCachingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsCachingTest.java @@ -26,6 +26,7 @@ import jakarta.xml.ws.Service; import org.apache.cxf.BusException; import org.apache.cxf.endpoint.EndpointException; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.TokenTestUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.systest.sts.deployment.STSServer; @@ -63,9 +64,12 @@ public class UsernameActAsCachingTest extends AbstractBusClientServerTestBase { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - UsernameActAsCachingTest.class.getResource("cxf-service.xml") + UsernameActAsCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml") ))); - assertTrue(launchServer(new STSServer("cxf-x509.xml"))); + assertTrue(launchServer(new STSServer(JavaUtils.isFIPSEnabled() + ? "cxf-x509-fips.xml" : "cxf-x509.xml"))); } /** @@ -75,7 +79,9 @@ public static void startServers() throws Exception { public void testUsernameActAsCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameActAsCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort2"); @@ -154,7 +160,9 @@ public void testUsernameActAsCaching() throws Exception { public void testDifferentUsersCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameActAsCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort3"); @@ -237,7 +245,9 @@ public void testDifferentUsersCaching() throws Exception { public void testAppliesToCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameActAsCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort4"); @@ -321,7 +331,9 @@ public void testAppliesToCaching() throws Exception { public void testNoAppliesToCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameActAsCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameActAsCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort5"); diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsTest.java index f895f35e256..0c0eaf1b2b8 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_actas/UsernameActAsTest.java @@ -24,6 +24,7 @@ import jakarta.xml.ws.BindingProvider; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rt.security.SecurityConstants; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; @@ -71,11 +72,15 @@ public UsernameActAsTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - UsernameActAsTest.class.getResource("cxf-service2.xml") + UsernameActAsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service2-fips.xml" + : "cxf-service2.xml") ))); assertTrue(launchServer(new STSServer( - "cxf-x509.xml", - "stax-cxf-x509.xml" + JavaUtils.isFIPSEnabled() + ? "cxf-x509-fips.xml" : "cxf-x509.xml", + JavaUtils.isFIPSEnabled() + ? "stax-cxf-x509-fips.xml" : "stax-cxf-x509.xml" ))); } @@ -92,7 +97,9 @@ public static TestParam[] data() { public void testUsernameActAs() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameActAsTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameActAsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2BearerPort"); DoubleItPortType port = diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfCachingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfCachingTest.java index 0cd4db1e712..31e49cf8fd9 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfCachingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfCachingTest.java @@ -26,6 +26,7 @@ import jakarta.xml.ws.Service; import org.apache.cxf.BusException; import org.apache.cxf.endpoint.EndpointException; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.TokenTestUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.systest.sts.deployment.STSServer; @@ -62,10 +63,13 @@ public class UsernameOnBehalfOfCachingTest extends AbstractBusClientServerTestBa @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - UsernameOnBehalfOfCachingTest.class.getResource("cxf-service.xml") + UsernameOnBehalfOfCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service-fips.xml" + : "cxf-service.xml") ))); assertTrue(launchServer(new STSServer( - "cxf-x509.xml" + JavaUtils.isFIPSEnabled() + ? "cxf-x509-fips.xml" : "cxf-x509.xml" ))); } @@ -76,7 +80,9 @@ public static void startServers() throws Exception { public void testUsernameOnBehalfOfCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort2"); @@ -156,7 +162,9 @@ public void testUsernameOnBehalfOfCaching() throws Exception { public void testDifferentUsersCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort3"); @@ -239,7 +247,9 @@ public void testDifferentUsersCaching() throws Exception { public void testAppliesToCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort4"); @@ -323,7 +333,9 @@ public void testAppliesToCaching() throws Exception { public void testNoAppliesToCaching() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameOnBehalfOfCachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort5"); diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfTest.java index 19f32a018fc..b277a0c3319 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/username_onbehalfof/UsernameOnBehalfOfTest.java @@ -24,6 +24,7 @@ import jakarta.xml.ws.BindingProvider; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rt.security.SecurityConstants; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; @@ -70,11 +71,15 @@ public UsernameOnBehalfOfTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - UsernameOnBehalfOfTest.class.getResource("cxf-service2.xml") + UsernameOnBehalfOfTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-service2-fips.xml" + : "cxf-service2.xml") ))); assertTrue(launchServer(new STSServer( - "cxf-x509.xml", - "stax-cxf-x509.xml" + JavaUtils.isFIPSEnabled() + ? "cxf-x509-fips.xml" : "cxf-x509.xml", + JavaUtils.isFIPSEnabled() + ? "stax-cxf-x509-fips.xml" : "stax-cxf-x509.xml" ))); } @@ -92,7 +97,9 @@ public static TestParam[] data() { public void testUsernameOnBehalfOf() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = UsernameOnBehalfOfTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = UsernameOnBehalfOfTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItOBOAsymmetricSAML2BearerPort"); DoubleItPortType port = diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509AsymmetricBindingTest.java index 8a0f5fef3cb..7352765b51a 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509AsymmetricBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509AsymmetricBindingTest.java @@ -24,6 +24,7 @@ import jakarta.xml.ws.BindingProvider; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.TokenTestUtils; import org.apache.cxf.systest.sts.deployment.DoubleItServer; import org.apache.cxf.systest.sts.deployment.STSServer; @@ -54,10 +55,13 @@ public class X509AsymmetricBindingTest extends AbstractBusClientServerTestBase { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - X509AsymmetricBindingTest.class.getResource("cxf-asymmetric-service.xml") + X509AsymmetricBindingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-asymmetric-service-fips.xml" + : "cxf-asymmetric-service.xml") ))); assertTrue(launchServer(new STSServer( - "cxf-x509.xml" + JavaUtils.isFIPSEnabled() + ? "cxf-x509-fips.xml" : "cxf-x509.xml" ))); } @@ -65,7 +69,9 @@ public static void startServers() throws Exception { public void testX509SAML2() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = X509AsymmetricBindingTest.class.getResource("DoubleItAsymmetric.wsdl"); + URL wsdl = X509AsymmetricBindingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItAsymmetric-fips.wsdl" + : "DoubleItAsymmetric.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSAML2Port"); DoubleItPortType port = diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509SymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509SymmetricBindingTest.java index 1c5db024222..69e0583584d 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509SymmetricBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/x509/X509SymmetricBindingTest.java @@ -24,6 +24,7 @@ import jakarta.xml.ws.BindingProvider; import jakarta.xml.ws.Service; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.common.TestParam; import org.apache.cxf.systest.sts.common.TokenTestUtils; @@ -69,12 +70,14 @@ public X509SymmetricBindingTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { assertTrue(launchServer(new DoubleItServer( - X509SymmetricBindingTest.class.getResource("cxf-service.xml"), - X509SymmetricBindingTest.class.getResource("cxf-stax-service.xml") + X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-service-fips.xml" : "cxf-service.xml"), + X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "cxf-stax-service-fips.xml" : "cxf-stax-service.xml") ))); assertTrue(launchServer(new STSServer( - "cxf-x509.xml", - "stax-cxf-x509.xml" + JavaUtils.isFIPSEnabled() ? "cxf-x509-fips.xml" : "cxf-x509.xml", + JavaUtils.isFIPSEnabled() ? "stax-cxf-x509-fips.xml" : "stax-cxf-x509.xml" ))); } @@ -96,7 +99,8 @@ public static TestParam[] data() { public void testX509SAML1() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = X509SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML1Port"); DoubleItPortType symmetricSaml1Port = @@ -118,7 +122,8 @@ public void testX509SAML1() throws Exception { public void testX509SAML2() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = X509SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2Port"); DoubleItPortType symmetricSaml2Port = @@ -141,7 +146,8 @@ public void testX509SAML2() throws Exception { public void testX509SAML2Endorsing() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = X509SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2EndorsingPort"); DoubleItPortType symmetricSaml2Port = @@ -166,7 +172,8 @@ public void testX509SAML2Endorsing() throws Exception { public void testX509SAML2Supporting() throws Exception { createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = X509SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2SupportingPort"); DoubleItPortType symmetricSaml2Port = @@ -196,7 +203,8 @@ public void testX509SAML2SupportingDirectReferenceToAssertion() throws Exception createBus(getClass().getResource("cxf-client.xml").toString()); - URL wsdl = X509SymmetricBindingTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = X509SymmetricBindingTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "DoubleIt-fips.wsdl" : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSAML2SupportingPort"); DoubleItPortType symmetricSaml2Port = diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..32f8147684d --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/DoubleIt-fips.wsdl @@ -0,0 +1,264 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/SecurityTokenService/ + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/SecurityTokenService/ + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service-fips.xml new file mode 100644 index 00000000000..a7e93c64a4f --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-service-fips.xml @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service-fips.xml new file mode 100644 index 00000000000..e667aa3480b --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/asymmetric/cxf-stax-service-fips.xml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/ws-trust-1.4-service-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/ws-trust-1.4-service-fips.wsdl new file mode 100644 index 00000000000..31ec3da9162 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/delegation/ws-trust-1.4-service-fips.wsdl @@ -0,0 +1,348 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport-fips.xml new file mode 100644 index 00000000000..29d2f5aec09 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-transport-fips.xml @@ -0,0 +1,56 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-encrypted-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-encrypted-fips.xml new file mode 100644 index 00000000000..bfe0d9d90d0 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-encrypted-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-fips.xml new file mode 100644 index 00000000000..fd8ce62d12c --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-ut-fips.xml @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509-fips.xml new file mode 100644 index 00000000000..cb99906248c --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/cxf-x509-fips.xml @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport-fips.xml new file mode 100644 index 00000000000..752153ad1b3 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-transport-fips.xml @@ -0,0 +1,58 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-encrypted-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-encrypted-fips.xml new file mode 100644 index 00000000000..417ec3a512c --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-encrypted-fips.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-fips.xml new file mode 100644 index 00000000000..7160083d5e0 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-ut-fips.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-x509-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-x509-fips.xml new file mode 100644 index 00000000000..8e8f0ee73ed --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/stax-cxf-x509-fips.xml @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/sts/cxf-sts-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/sts/cxf-sts-fips.xml new file mode 100644 index 00000000000..ff1eb6b730b --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/sts/cxf-sts-fips.xml @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http(s)?://localhost:(\d)*/doubleit/services/doubleit.* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service-fips.wsdl new file mode 100644 index 00000000000..5565e92406c --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/deployment/ws-trust-1.4-service-fips.wsdl @@ -0,0 +1,772 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client-fips.xml new file mode 100644 index 00000000000..079dcd1711e --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/cxf-client-fips.xml @@ -0,0 +1,81 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/sts-transport-policy-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/sts-transport-policy-fips.xml new file mode 100644 index 00000000000..95fa9ba896a --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/sts-transport-policy-fips.xml @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/ws-trust-1.4-service-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/ws-trust-1.4-service-fips.wsdl new file mode 100644 index 00000000000..99d6703c801 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/issuer/ws-trust-1.4-service-fips.wsdl @@ -0,0 +1,326 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..809c5f06de6 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/DoubleIt-fips.wsdl @@ -0,0 +1,435 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-service-fips.xml new file mode 100644 index 00000000000..dd1bdc7116c --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-service-fips.xml @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-stax-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-stax-service-fips.xml new file mode 100644 index 00000000000..02d8ffd86cd --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/symmetric/cxf-stax-service-fips.xml @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..8b9830ba355 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/DoubleIt-fips.wsdl @@ -0,0 +1,605 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/STS/STSUT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/STS/STSUT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey + + + + + + http://localhost:8080/STS/STSUT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + + + + + + http://localhost:8080/STS/STSUT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + + + + + + + http://localhost:8080/STS/STSUT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service-fips.xml new file mode 100644 index 00000000000..51451e5d0da --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-service-fips.xml @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service-fips.xml new file mode 100644 index 00000000000..1b8eb05332e --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/transport/cxf-stax-service-fips.xml @@ -0,0 +1,98 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/DoubleIt-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..ce047b178a0 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/DoubleIt-fips.wsdl @@ -0,0 +1,245 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer + + + + + + http://localhost:8080/SecurityTokenService/ + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service-fips.xml new file mode 100644 index 00000000000..49b0cec946b --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service-fips.xml @@ -0,0 +1,90 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service2-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service2-fips.xml new file mode 100644 index 00000000000..1b511d20ca9 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_actas/cxf-service2-fips.xml @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/DoubleIt-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..6aa05929593 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/DoubleIt-fips.wsdl @@ -0,0 +1,245 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer + + + + + + http://localhost:8080/SecurityTokenService/ + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service-fips.xml new file mode 100644 index 00000000000..1454da464a3 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service-fips.xml @@ -0,0 +1,90 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service2-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service2-fips.xml new file mode 100644 index 00000000000..2a91d692e91 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/username_onbehalfof/cxf-service2-fips.xml @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleIt-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..cedf722bc24 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleIt-fips.wsdl @@ -0,0 +1,430 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer + + + + + + http://localhost:8080/SecurityTokenService/UT + + + + + + http://localhost:8080/SecurityTokenService/UT/mex + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleItAsymmetric-fips.wsdl b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleItAsymmetric-fips.wsdl new file mode 100644 index 00000000000..f68bdae8819 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/DoubleItAsymmetric-fips.wsdl @@ -0,0 +1,159 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-asymmetric-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-asymmetric-service-fips.xml new file mode 100644 index 00000000000..7a5d53562ab --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-asymmetric-service-fips.xml @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-service-fips.xml new file mode 100644 index 00000000000..28109a73f9d --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-service-fips.xml @@ -0,0 +1,92 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-stax-service-fips.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-stax-service-fips.xml new file mode 100644 index 00000000000..39752698167 --- /dev/null +++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/x509/cxf-stax-service-fips.xml @@ -0,0 +1,96 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java index 8ae6d0b36b2..34af5a4d447 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/BookStore.java @@ -29,6 +29,7 @@ import jakarta.ws.rs.POST; import jakarta.ws.rs.Path; import jakarta.ws.rs.Produces; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.ext.multipart.Multipart; import org.apache.cxf.jaxrs.utils.JAXRSUtils; import org.apache.cxf.message.Message; @@ -105,12 +106,16 @@ public String echoTextJweJsonIn(String jweJson) { JweJsonConsumer consumer = new JweJsonConsumer(jweJson); // Recipient 1 - final String recipient1PropLoc = "org/apache/cxf/systest/jaxrs/security/jwejson1.properties"; + final String recipient1PropLoc = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/jwejson1-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/jwejson1.properties"; final String recipient1Kid = "AesWrapKey"; String recipient1DecryptedText = getRecipientText(consumer, recipient1PropLoc, recipient1Kid); // Recipient 2 - final String recipient2PropLoc = "org/apache/cxf/systest/jaxrs/security/jwejson2.properties"; + final String recipient2PropLoc = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/jwejson2-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/jwejson2.properties"; final String recipient2Kid = "AesWrapKey2"; String recipient2DecryptedText = getRecipientText(consumer, recipient2PropLoc, recipient2Kid); return recipient1DecryptedText + recipient2DecryptedText; diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java index 51d64d01f3c..d11d684e467 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerAlgorithms.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerAlgorithms extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-algorithms"); private static final URL SERVER_CONFIG_FILE = - BookServerAlgorithms.class.getResource("algorithms-server.xml"); + BookServerAlgorithms.class.getResource(JavaUtils.isFIPSEnabled() + ? "algorithms-server-fips.xml" + : "algorithms-server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerHTTPHeaders.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerHTTPHeaders.java index 02462e4899a..b28ce7e38e0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerHTTPHeaders.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerHTTPHeaders.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerHTTPHeaders extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jose-httpheaders"); private static final URL SERVER_CONFIG_FILE = - BookServerHTTPHeaders.class.getResource("http-headers-server.xml"); + BookServerHTTPHeaders.class.getResource(JavaUtils.isFIPSEnabled() + ? "http-headers-server-fips.xml" + : "http-headers-server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java index f86c7ed9102..e244e306513 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJweJson.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerJweJson extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jwe-json"); private static final URL SERVER_CONFIG_FILE = - BookServerJweJson.class.getResource("serverJweJson.xml"); + BookServerJweJson.class.getResource(JavaUtils.isFIPSEnabled() + ? "serverJweJson-fips.xml" + : "serverJweJson.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java index cb4a0daaf70..6ce5679b049 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsJson.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerJwsJson extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jws-json"); private static final URL SERVER_CONFIG_FILE = - BookServerJwsJson.class.getResource("serverJwsJson.xml"); + BookServerJwsJson.class.getResource(JavaUtils.isFIPSEnabled() + ? "serverJwsJson-fips.xml" + : "serverJwsJson.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsMultipart.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsMultipart.java index ceef39b564b..cae668ad696 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsMultipart.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwsMultipart.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerJwsMultipart extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jws-multipart"); private static final URL SERVER_CONFIG_FILE = - BookServerJwsMultipart.class.getResource("serverMultipart.xml"); + BookServerJwsMultipart.class.getResource(JavaUtils.isFIPSEnabled() + ? "serverMultipart-fips.xml" + : "serverMultipart.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java index 1e6feaf8ce9..44bd48ababd 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerJwt.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerJwt extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jwt"); private static final URL SERVER_CONFIG_FILE = - BookServerJwt.class.getResource("server.xml"); + BookServerJwt.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java index ba5adfd8daa..c0862b7b56c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/BookServerReference.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerReference extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jwejws-reference"); private static final URL SERVER_CONFIG_FILE = - BookServerReference.class.getResource("reference-server.xml"); + BookServerReference.class.getResource(JavaUtils.isFIPSEnabled() + ? "reference-server-fips.xml" + : "reference-server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java index 9401d7128dd..c56f7b8b6db 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJsonTest.java @@ -26,6 +26,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.jaxrs.JweJsonClientResponseFilter; @@ -103,8 +104,12 @@ private BookStore createBookStoreTwoRecipients(String address) throws Exception bean.setProvider(new JweJsonWriterInterceptor()); List properties = new ArrayList<>(); - properties.add("org/apache/cxf/systest/jaxrs/security/jwejson1.properties"); - properties.add("org/apache/cxf/systest/jaxrs/security/jwejson2.properties"); + properties.add(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/jwejson1-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/jwejson1.properties"); + properties.add(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/jwejson2-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/jwejson2.properties"); bean.getProperties(true).put(JoseConstants.RSSEC_ENCRYPTION_PROPS, properties); return bean.create(BookStore.class); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java index 9b3cf2891d0..b2ce9c48beb 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJweJwsTest.java @@ -31,6 +31,7 @@ import jakarta.ws.rs.BadRequestException; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter; @@ -52,6 +53,7 @@ import org.apache.cxf.systest.jaxrs.security.jose.BookStore; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.junit.Assume; import org.junit.BeforeClass; import org.junit.Test; @@ -62,9 +64,13 @@ public class JAXRSJweJwsTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerJwt.PORT; private static final String CLIENT_JWEJWS_PROPERTIES = - "org/apache/cxf/systest/jaxrs/security/bob.rs.properties"; + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.rs-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.rs.properties"; private static final String SERVER_JWEJWS_PROPERTIES = - "org/apache/cxf/systest/jaxrs/security/alice.rs.properties"; + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.rs-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.rs.properties"; private static final String ENCODED_MAC_KEY = "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75" + "aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow"; @BeforeClass @@ -102,7 +108,9 @@ private BookStore createJweBookStore(String address, bean.setAddress(address); List providers = new LinkedList<>(); JweWriterInterceptor jweWriter = new JweWriterInterceptor(); - jweWriter.setUseJweOutputStream(true); + if (!JavaUtils.isFIPSEnabled()) { + jweWriter.setUseJweOutputStream(true); + } providers.add(jweWriter); providers.add(new JweClientResponseFilter()); if (mbProviders != null) { @@ -110,9 +118,13 @@ private BookStore createJweBookStore(String address, } bean.setProviders(providers); bean.getProperties(true).put("rs.security.encryption.out.properties", - "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); bean.getProperties(true).put("rs.security.encryption.in.properties", - "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); return bean.create(BookStore.class); } @@ -141,11 +153,15 @@ public void testJweJwkAesWrap() throws Exception { } @Test public void testJweJwkAesCbcHMacInlineSet() throws Exception { - doTestJweJwkAesCbcHMac("org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties"); + doTestJweJwkAesCbcHMac(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset.properties"); } @Test public void testJweJwkAesCbcHMacInlineSingleKey() throws Exception { - doTestJweJwkAesCbcHMac("org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties"); + doTestJweJwkAesCbcHMac(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk.properties"); } private void doTestJweJwkAesCbcHMac(String propFile) throws Exception { String address = "https://localhost:" + PORT + "/jwejwkaescbchmac"; @@ -191,7 +207,9 @@ public void testJweRsaJwsRsaEncryptThenSign() throws Exception { bean.setAddress(address); List providers = new LinkedList<>(); JweWriterInterceptor jweWriter = new EncrSignJweWriterInterceptor(); - jweWriter.setUseJweOutputStream(true); + if (!JavaUtils.isFIPSEnabled()) { + jweWriter.setUseJweOutputStream(true); + } providers.add(jweWriter); JwsWriterInterceptor jwsWriter = new EncrSignJwsWriterInterceptor(); jwsWriter.setUseJwsOutputStream(true); @@ -219,22 +237,32 @@ public void testJweRsaJwsRsaCert() throws Exception { bean.setAddress(address); List providers = new LinkedList<>(); JweWriterInterceptor jweWriter = new JweWriterInterceptor(); - jweWriter.setUseJweOutputStream(true); + if (!JavaUtils.isFIPSEnabled()) { + jweWriter.setUseJweOutputStream(true); + } providers.add(jweWriter); providers.add(new JweClientResponseFilter()); JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); - jwsWriter.setUseJwsOutputStream(true); + if (!JavaUtils.isFIPSEnabled()) { + jwsWriter.setUseJwsOutputStream(true); + } providers.add(jwsWriter); providers.add(new JwsClientResponseFilter()); bean.setProviders(providers); bean.getProperties(true).put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); bean.getProperties(true).put("rs.security.signature.out.properties", CLIENT_JWEJWS_PROPERTIES); bean.getProperties(true).put("rs.security.encryption.in.properties", CLIENT_JWEJWS_PROPERTIES); PrivateKeyPasswordProvider provider = new PrivateKeyPasswordProviderImpl(); bean.getProperties(true).put("rs.security.signature.key.password.provider", provider); bean.getProperties(true).put("rs.security.decryption.key.password.provider", provider); + if (JavaUtils.isFIPSEnabled()) { + bean.getProperties(true).put("rs.security.encryption.content.algorithm", "A128GCM"); + bean.getProperties(true).put("rs.security.encryption.key.algorithm", "RSA1_5"); + } BookStore bs = bean.create(BookStore.class); WebClient.getConfig(bs).getRequestContext().put("rs.security.keystore.alias.jwe.out", "AliceCert"); @@ -242,6 +270,7 @@ public void testJweRsaJwsRsaCert() throws Exception { String text = bs.echoText("book"); assertEquals("book", text); } + @Test public void testJweRsaJwsRsaCertInHeaders() throws Exception { String address = "https://localhost:" + PORT + "/jwejwsrsaCertInHeaders"; @@ -356,9 +385,13 @@ public void testJwsJwkEC() throws Exception { providers.add(new JwsClientResponseFilter()); bean.setProviders(providers); bean.getProperties(true).put("rs.security.signature.out.properties", - "org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/jws.ec.private-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/jws.ec.private.properties"); bean.getProperties(true).put("rs.security.signature.in.properties", - "org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/jws.ec.public-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/jws.ec.public.properties"); BookStore bs = bean.create(BookStore.class); String text = bs.echoText("book"); assertEquals("book", text); @@ -392,9 +425,13 @@ private void doTestJwsJwkRSA(String address, providers.add(new JwsClientResponseFilter()); bean.setProviders(providers); bean.getProperties(true).put("rs.security.signature.out.properties", - "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); bean.getProperties(true).put("rs.security.signature.in.properties", - "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); if (includePublicKey) { bean.getProperties(true).put("rs.security.signature.include.public.key", true); } @@ -417,14 +454,18 @@ private BookStore createJweJwsBookStore(String address, bean.setAddress(address); List providers = new LinkedList<>(); JweWriterInterceptor jweWriter = new JweWriterInterceptor(); - jweWriter.setUseJweOutputStream(true); + if (!JavaUtils.isFIPSEnabled()) { + jweWriter.setUseJweOutputStream(true); + } providers.add(jweWriter); providers.add(new JweClientResponseFilter()); JwsWriterInterceptor jwsWriter = new JwsWriterInterceptor(); if (jwsSigProvider != null) { jwsWriter.setSignatureProvider(jwsSigProvider); } - jwsWriter.setUseJwsOutputStream(true); + if (!JavaUtils.isFIPSEnabled()) { + jwsWriter.setUseJwsOutputStream(true); + } providers.add(jwsWriter); providers.add(new JwsClientResponseFilter()); if (mbProviders != null) { @@ -472,6 +513,8 @@ public void testJweAesGcmDirect() throws Exception { @Test public void testJweAesCbcHmac() throws Exception { + //fips: CBC mode not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); String address = "https://localhost:" + PORT + "/jweaescbchmac"; JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean(); SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java index 215f2c27b90..1723c528632 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsJsonTest.java @@ -33,6 +33,7 @@ import jakarta.ws.rs.BadRequestException; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.rs.security.jose.common.JoseConstants; import org.apache.cxf.rs.security.jose.jaxrs.JweClientResponseFilter; @@ -118,11 +119,15 @@ public void testJwsJsonBookDoubleHmacManyProps() throws Exception { String address = "https://localhost:" + PORT + "/jwsjsonhmac2"; List properties = new ArrayList<>(); properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.properties"); - properties.add("org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"); + properties.add(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"); Map map = new HashMap<>(); map.put(JoseConstants.RSSEC_SIGNATURE_OUT_PROPS, properties); map.put(JoseConstants.RSSEC_SIGNATURE_IN_PROPS, - "org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac.properties"); BookStore bs = createBookStore(address, map, null); Book book = bs.echoBook(new Book("book", 123L)); assertEquals("book", book.getName()); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsMultipartTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsMultipartTest.java index f4415f1731f..ff79e24d776 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsMultipartTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JAXRSJwsMultipartTest.java @@ -26,6 +26,7 @@ import jakarta.ws.rs.BadRequestException; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.JAXRSClientFactory; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.rs.security.jose.jaxrs.JwsDetachedSignatureProvider; @@ -131,7 +132,9 @@ private BookStore createJwsBookStoreHMac(String address, private BookStore createJwsBookStoreRSA(String address) throws Exception { JAXRSClientFactoryBean bean = createJAXRSClientFactoryBean(address, false, false); bean.getProperties(true).put("rs.security.signature.properties", - "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); return bean.create(BookStore.class); } private JAXRSClientFactoryBean createJAXRSClientFactoryBean(String address, diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java index fd5255d7138..e4713af9ba6 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsAlgorithmTest.java @@ -28,6 +28,7 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider; import jakarta.ws.rs.core.Response; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor; import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor; @@ -36,6 +37,7 @@ import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.junit.Assume; import org.junit.BeforeClass; import static org.junit.Assert.assertEquals; @@ -75,7 +77,9 @@ public void testEncryptionProperties() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.encryption.properties", - "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -103,9 +107,15 @@ public void testEncryptionDynamic() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -118,7 +128,8 @@ public void testEncryptionDynamic() throws Exception { @org.junit.Test public void testWrongKeyEncryptionAlgorithm() throws Exception { - + //fips : OAEP not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml"); List providers = new ArrayList<>(); @@ -136,6 +147,7 @@ public void testWrongKeyEncryptionAlgorithm() throws Exception { properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -144,7 +156,8 @@ public void testWrongKeyEncryptionAlgorithm() throws Exception { @org.junit.Test public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception { - + //fips : OAEP not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml"); List providers = new ArrayList<>(); @@ -162,6 +175,7 @@ public void testWrongKeyEncryptionAlgorithmKeyIncluded() throws Exception { properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + properties.put("rs.security.encryption.include.public.key", "true"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -189,9 +203,15 @@ public void testWrongContentEncryptionAlgorithm() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A192GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -215,9 +235,15 @@ public void testBadEncryptingKey() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "AliceCert"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -245,7 +271,11 @@ public void testSmallEncryptionKeySize() throws Exception { properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/smallkeysize.jks"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -254,7 +284,8 @@ public void testSmallEncryptionKeySize() throws Exception { @org.junit.Test public void testManualEncryption() throws Exception { - + //fips : OAEP not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); URL busFile = JweJwsAlgorithmTest.class.getResource("client.xml"); List providers = new ArrayList<>(); @@ -267,7 +298,9 @@ public void testManualEncryption() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.encryption.properties", - "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); WebClient.getConfig(client).getRequestContext().putAll(properties); String header = "eyJhbGciOiJSU0EtT0FFUCIsImVuYyI6IkExMjhHQ00iLCJjdHkiOiJqc29uIn0"; @@ -384,7 +417,9 @@ public void testSignatureProperties() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.signature.properties", - "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); WebClient.getConfig(client).getRequestContext().putAll(properties); Response response = client.post(new Book("book", 123L)); @@ -413,7 +448,9 @@ public void testSignatureDynamic() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -443,7 +480,9 @@ public void testWrongSignatureAlgorithm() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "PS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -469,7 +508,9 @@ public void testWrongSignatureAlgorithmKeyIncluded() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "PS256"); properties.put("rs.security.signature.include.public.key", true); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -523,7 +564,9 @@ public void testSignatureEllipticCurve() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "ECKey"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "ES256"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -553,10 +596,19 @@ public void testManualSignature() throws Exception { String header = "eyJhbGciOiJSUzI1NiIsImN0eSI6Impzb24ifQ"; String payload = "eyJCb29rIjp7ImlkIjoxMjMsIm5hbWUiOiJib29rIn19"; - String sig = "mZJVPy83atFNxQMeJqkVbR8t1srr9LgKBGT0hgiymjNepRgqedvFG5B8E8UPAzfzNLsos91gGdneUEKrWauU4GoDPTzngX" - + "798aDP6lsn5bUoTMKLfaWp9uzHDIzLMjGkabn92nrIpdK4JKDYNjdSUJIT2L97jggg0aoLhJQHVw2LdF1fpYdM-HCyccNW" - + "HQbAR7bDZdITZFnDi8b22QfHCqeLV7m4mBvNDtNX337wtoUKyjPYBMoWc12hHDCwQyu_gfW6zFioF5TGx-Ifg8hrFlnyUr" - + "vnSdP-FUtXiGeWBIvE_L6gD7DfM4u9hkK757vTjjMR_pF2CW3pfSH-Ha8v0A"; + String sig = JavaUtils.isFIPSEnabled() + ? "Oj-AycEOibcu7Nrd5IY0hffVpfj_evt_nu8JAiDiqHvVYPS-b" + + "3XdO8NV33r9j5libpjMY7O4ANo8F7ypuwlNvHPO8K2MeJI41zUtRVSBl" + + "3BOctWaZHb_TPZAxQQ0drThkwYoEy1Di2Mzp1qCENe8zL4SUsH26Zmef" + + "kxLPmTolfSeeSIBEPDM4ZKafoeAAaZ4IsY7lUWB10rBKfn3l5VS0OXOt" + + "lN2cyr-sTVK43c9etpKY8wqoKrHK9Tr9vO2NDzUFxY5SzNtQMBcqXpgo" + + "RP4v77ERdWQO4GDTQx6m_36rjNHEuh7CQWPbr0EnoyDaM7mdPUyjjLp5" + + "fYJ2wc_Z2bXPQ" + : "mZJVPy83atFNxQMeJqkVbR8t1srr9LgKBGT0hgiymjNepRgqedvFG5B8E8UPAzfzNLsos91gGdneUEKrWauU4GoDPTzngX" + + "798aDP6lsn5bUoTMKLfaWp9uzHDIzLMjGkabn92nrIpdK4JKDYNjdSUJIT2L97jggg0aoLhJQHVw2LdF1fpYdM-HCyccNW" + + "HQbAR7bDZdITZFnDi8b22QfHCqeLV7m4mBvNDtNX337wtoUKyjPYBMoWc12hHDCwQyu_gfW6zFioF5TGx-Ifg8hrFlnyUr" + + "vnSdP-FUtXiGeWBIvE_L6gD7DfM4u9hkK757vTjjMR_pF2CW3pfSH-Ha8v0A"; + // Successful test Response response = client.post(header + "." + payload + "." + sig); @@ -630,7 +682,9 @@ public void testUnsignedTokenFailure() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "none"); WebClient.getConfig(client).getRequestContext().putAll(properties); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java index 405742d8ae9..d4b24bc31c1 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JweJwsReferenceTest.java @@ -28,6 +28,7 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider; import jakarta.ws.rs.core.Response; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jaxrs.JweWriterInterceptor; import org.apache.cxf.rs.security.jose.jaxrs.JwsWriterInterceptor; @@ -75,9 +76,15 @@ public void testEncryptionIncludePublicKey() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } properties.put("rs.security.encryption.include.public.key", "true"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -106,7 +113,11 @@ public void testEncryptionIncludeCert() throws Exception { properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.file", "keys/bob.jks"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } WebClient.getConfig(client).getRequestContext().putAll(properties); // First test that it fails without adding a cert (reference). This is because @@ -143,7 +154,11 @@ public void testEncryptionIncludeCertNegativeTest() throws Exception { properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.file", "keys/alice.jks"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } properties.put("rs.security.encryption.include.cert", "true"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -173,7 +188,11 @@ public void testEncryptionIncludeCertSha1() throws Exception { properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.file", "keys/bob.jks"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } WebClient.getConfig(client).getRequestContext().putAll(properties); // First test that it fails without adding a cert (reference). This is because @@ -210,7 +229,11 @@ public void testEncryptionIncludeCertSha1NegativeTest() throws Exception { properties.put("rs.security.key.password", "password"); properties.put("rs.security.keystore.file", "keys/alice.jks"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } properties.put("rs.security.encryption.include.cert.sha1", "true"); WebClient.getConfig(client).getRequestContext().putAll(properties); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JwsHTTPHeaderTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JwsHTTPHeaderTest.java index 9c4d536b76a..6f30c88281c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JwsHTTPHeaderTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwejws/JwsHTTPHeaderTest.java @@ -32,6 +32,7 @@ import jakarta.ws.rs.core.HttpHeaders; import jakarta.ws.rs.core.Response; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.message.Message; @@ -50,6 +51,7 @@ /** * Some signature tests for signing HTTP Headers */ + public class JwsHTTPHeaderTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerHTTPHeaders.PORT; @@ -78,7 +80,9 @@ public void testSignHTTPHeaders() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -114,7 +118,9 @@ public void testSpecifyHeadersToSign() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -152,7 +158,9 @@ public void testSignAdditionalCustomHeader() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); WebClient.getConfig(client).getOutInterceptors().add(new CustomHeaderInterceptor(Phase.PRE_STREAM)); @@ -182,7 +190,9 @@ public void testSignCustomHeaderRequired() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); WebClient.getConfig(client).getOutInterceptors().add(new CustomHeaderInterceptor(Phase.PRE_STREAM)); @@ -227,7 +237,9 @@ public void testSignEmptyCustomHeader() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); WebClient.getConfig(client).getRequestContext().putAll(properties); CustomHeaderInterceptor customHeaderInterceptor = new CustomHeaderInterceptor(Phase.PRE_STREAM); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAlgorithms.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAlgorithms.java index 1d02241d0ca..10ce5a9e725 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAlgorithms.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAlgorithms.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerJwtAlgorithms extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jwt-algorithms"); private static final URL SERVER_CONFIG_FILE = - BookServerJwtAlgorithms.class.getResource("algorithms-server.xml"); + BookServerJwtAlgorithms.class.getResource(JavaUtils.isFIPSEnabled() + ? "algorithms-server-fips.xml" + : "algorithms-server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAuthnAuthz.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAuthnAuthz.java index ffb2b18d68f..df286b130e5 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAuthnAuthz.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/BookServerJwtAuthnAuthz.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerJwtAuthnAuthz extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-jwt-authn-authz"); private static final URL SERVER_CONFIG_FILE = - BookServerJwtAuthnAuthz.class.getResource("authn-authz-server.xml"); + BookServerJwtAuthnAuthz.class.getResource(JavaUtils.isFIPSEnabled() + ? "authn-authz-server-fips.xml" + : "authn-authz-server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java index 168cfabe2ce..3fc21097b6b 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAlgorithmTest.java @@ -30,6 +30,7 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider; import jakarta.ws.rs.core.Response; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; @@ -39,6 +40,7 @@ import org.apache.cxf.systest.jaxrs.security.SecurityTestUtil; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.junit.Assume; import org.junit.BeforeClass; import static org.junit.Assert.assertEquals; @@ -88,7 +90,9 @@ public void testEncryptionProperties() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.encryption.properties", - "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -129,9 +133,15 @@ public void testEncryptionDynamic() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -145,7 +155,8 @@ public void testEncryptionDynamic() throws Exception { @org.junit.Test public void testWrongKeyEncryptionAlgorithm() throws Exception { - + //fips : OAEP not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); URL busFile = JWTAlgorithmTest.class.getResource("client.xml"); List providers = new ArrayList<>(); @@ -172,9 +183,15 @@ public void testWrongKeyEncryptionAlgorithm() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -214,10 +231,16 @@ public void testWrongContentEncryptionAlgorithm() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); properties.put("rs.security.encryption.content.algorithm", "A192GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -257,9 +280,15 @@ public void testBadEncryptingKey() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "AliceCert"); - properties.put("rs.security.keystore.file", "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); + properties.put("rs.security.keystore.file", JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet.txt"); properties.put("rs.security.encryption.content.algorithm", "A128GCM"); - properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + if (JavaUtils.isFIPSEnabled()) { + properties.put("rs.security.encryption.key.algorithm", "RSA1_5"); + } else { + properties.put("rs.security.encryption.key.algorithm", "RSA-OAEP"); + } properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -296,7 +325,9 @@ public void testSignatureProperties() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.signature.properties", - "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -335,7 +366,9 @@ public void testSignatureDynamic() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -375,7 +408,9 @@ public void testWrongSignatureAlgorithm() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "PS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -448,7 +483,9 @@ public void testSignatureEllipticCurve() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "ECKey"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "ES256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -596,9 +633,13 @@ public void testSignatureEncryptionProperties() throws Exception { Map properties = new HashMap<>(); properties.put("rs.security.signature.properties", - "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.jwk.properties"); properties.put("rs.security.encryption.properties", - "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/bob.jwk-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/bob.jwk.properties"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -719,7 +760,9 @@ public void testHMACSignature() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "HMAC512Key"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -758,7 +801,9 @@ public void testBadHMACSignature() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "HMACKey"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java index 523060c705b..2d8f814d669 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/jose/jwt/JWTAuthnAuthzTest.java @@ -31,6 +31,7 @@ import com.fasterxml.jackson.jakarta.rs.json.JacksonJsonProvider; import jakarta.ws.rs.core.Response; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jaxrs.JwtAuthenticationClientFilter; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; @@ -48,6 +49,7 @@ /** * Some tests for authentication and authorization using JWT tokens. */ + public class JWTAuthnAuthzTest extends AbstractBusClientServerTestBase { public static final String PORT = BookServerJwtAuthnAuthz.PORT; @@ -84,7 +86,9 @@ public void testAuthentication() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -163,7 +167,9 @@ public void testAuthorization() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -205,7 +211,9 @@ public void testAuthorizationWithTwoRolesAsList() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -247,7 +255,9 @@ public void testAuthorizationWithTwoRolesAsString() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -287,7 +297,9 @@ public void testAuthorizationNoRole() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -324,7 +336,9 @@ public void testAuthorizationWrongRole() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -362,7 +376,9 @@ public void testAuthorizationRolesAllowedAnnotation() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -404,7 +420,9 @@ public void testAuthorizationRolesAllowedAnnotationGET() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -446,7 +464,9 @@ public void testAuthorizationRolesAllowedAnnotationHEAD() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -484,7 +504,9 @@ public void testAuthorizationWrongRolesAllowedAnnotation() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -522,7 +544,9 @@ public void testAuthorizationWrongRolesAllowedAnnotationGET() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -560,7 +584,9 @@ public void testAuthorizationWrongRolesAllowedAnnotationHEAD() throws Exception properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -600,7 +626,9 @@ public void testClaimsAuthorization() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -643,7 +671,9 @@ public void testClaimsAuthorizationWeakClaims() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); @@ -681,7 +711,9 @@ public void testClaimsAuthorizationNoClaims() throws Exception { properties.put("rs.security.keystore.type", "jwk"); properties.put("rs.security.keystore.alias", "2011-04-29"); properties.put("rs.security.keystore.file", - "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt" + : "org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet.txt"); properties.put("rs.security.signature.algorithm", "RS256"); properties.put(JwtConstants.JWT_TOKEN, token); WebClient.getConfig(client).getRequestContext().putAll(properties); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java index a372aeca98c..9c2a26a1a69 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/filters/OAuth2JwtFiltersTest.java @@ -25,6 +25,7 @@ import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; @@ -130,7 +131,9 @@ private void doTestServiceWithJwtTokenAndScope(String oauthService, String rsAdd JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(accessToken.getTokenKey()); JwsSignatureVerifier verifier = JwsUtils.loadSignatureVerifier( - "org/apache/cxf/systest/jaxrs/security/alice.rs.properties", null); + JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/jaxrs/security/alice.rs-fips.properties" + : "org/apache/cxf/systest/jaxrs/security/alice.rs.properties", null); assertTrue(jwtConsumer.verifySignatureWith(verifier)); JwtClaims claims = jwtConsumer.getJwtClaims(); assertEquals("consumer-id", claims.getStringProperty(OAuthConstants.CLIENT_ID)); @@ -161,13 +164,17 @@ public void testServiceLocalValidationWithNoToken() throws Exception { public static class BookServerOAuth2FiltersJwt extends AbstractBusTestServerBase { @Override protected void run() { - setBus(new SpringBusFactory().createBus(getClass().getResource("filters-serverJwt.xml"))); + setBus(new SpringBusFactory().createBus(getClass().getResource(JavaUtils.isFIPSEnabled() + ? "filters-serverJwt-fips.xml" + : "filters-serverJwt.xml"))); } } public static class BookServerOAuth2ServiceJwt extends AbstractBusTestServerBase { protected void run() { - setBus(new SpringBusFactory().createBus(getClass().getResource("oauth20-serverJwt.xml"))); + setBus(new SpringBusFactory().createBus(getClass().getResource(JavaUtils.isFIPSEnabled() + ? "oauth20-serverJwt-fips.xml" + : "oauth20-serverJwt.xml"))); } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java index 89f96c6e223..30faa1ba16d 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java @@ -30,6 +30,7 @@ import jakarta.ws.rs.core.Form; import jakarta.ws.rs.core.Response; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; @@ -80,7 +81,9 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase { TestUtil.getPortNumber("grants-server-jcache-jwt-non-persist.2"); private static final SpringBusTestServer JCACHE_SERVER_SESSION = - new SpringBusTestServer("grants-server-jcache-session") { }; + new SpringBusTestServer(JavaUtils.isFIPSEnabled() + ? "grants-server-jcache-session-fips" + : "grants-server-jcache-session") { }; private static final String JCACHE_PORT3 = TestUtil.getPortNumber("grants-server-jcache-session.2"); private static final String ISSUER = "OIDC IdP"; diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java index b65ef72e259..c1d4d1dfbf0 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/PublicClientTest.java @@ -23,6 +23,7 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.common.util.Base64UrlUtility; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken; import org.apache.cxf.rs.security.oauth2.grants.code.CodeVerifierTransformer; @@ -253,7 +254,9 @@ protected void run() { public static class BookServerOAuth2GrantsJCacheSession extends AbstractBusTestServerBase { protected void run() { - setBus(new SpringBusFactory().createBus(getClass().getResource("grants-server-public-session.xml"))); + setBus(new SpringBusFactory().createBus(getClass().getResource(JavaUtils.isFIPSEnabled() + ? "grants-server-public-session-fips.xml" + : "grants-server-public-session.xml"))); } } diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/BookServerOAuth2Tls.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/BookServerOAuth2Tls.java index f95758c44b5..aac8ecb9afc 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/BookServerOAuth2Tls.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/tls/BookServerOAuth2Tls.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerOAuth2Tls extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-oauth2-tls"); private static final URL SERVER_CONFIG_FILE = - BookServerOAuth2Tls.class.getResource("serverTls.xml"); + BookServerOAuth2Tls.class.getResource(JavaUtils.isFIPSEnabled() + ? "serverTls-fips.xml" + : "serverTls.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCKeysServiceTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCKeysServiceTest.java index 878358f5842..10ad4ac3a00 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCKeysServiceTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oidc/OIDCKeysServiceTest.java @@ -21,6 +21,7 @@ import java.net.URL; import jakarta.ws.rs.core.Response; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.jose.jwk.JsonWebKey; import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys; @@ -40,7 +41,9 @@ */ public class OIDCKeysServiceTest extends AbstractBusClientServerTestBase { - private static final SpringBusTestServer JCACHE_SERVER = new SpringBusTestServer("oidc-keys-jcache"); + private static final SpringBusTestServer JCACHE_SERVER = new SpringBusTestServer(JavaUtils.isFIPSEnabled() + ? "oidc-keys-jcache-fips" + : "oidc-keys-jcache"); @BeforeClass diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java index ddaa0e101f5..c1d561761d1 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/BookServerXmlSec.java @@ -24,13 +24,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.testutil.common.TestUtil; public class BookServerXmlSec extends AbstractBusTestServerBase { public static final String PORT = TestUtil.getPortNumber("jaxrs-xmlsec"); private static final URL SERVER_CONFIG_FILE = - BookServerXmlSec.class.getResource("server.xml"); + BookServerXmlSec.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); protected void run() { SpringBusFactory bf = new SpringBusFactory(); diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java index b706d040cf6..c7726eceb3c 100644 --- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java +++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/xml/JAXRSXmlSecTest.java @@ -30,6 +30,7 @@ import jakarta.ws.rs.WebApplicationException; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.rs.security.common.RSSecurityUtils; @@ -533,7 +534,10 @@ public void testPostEncryptedBookSHA256() throws Exception { "org/apache/cxf/systest/jaxrs/security/bob.properties"); EncryptionProperties encryptionProperties = new EncryptionProperties(); - encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128); + encryptionProperties.setEncryptionSymmetricKeyAlgo( + JavaUtils.isFIPSEnabled() + ? XMLCipher.AES_128_GCM + : XMLCipher.AES_128); encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_CERT); encryptionProperties.setEncryptionDigestAlgo(XMLCipher.SHA256); @@ -553,7 +557,9 @@ public void testPostEncryptedBookIssuerSerial() throws Exception { "org/apache/cxf/systest/jaxrs/security/bob.properties"); EncryptionProperties encryptionProperties = new EncryptionProperties(); - encryptionProperties.setEncryptionSymmetricKeyAlgo(XMLCipher.AES_128); + encryptionProperties.setEncryptionSymmetricKeyAlgo(JavaUtils.isFIPSEnabled() + ? XMLCipher.AES_128_GCM + : XMLCipher.AES_128); encryptionProperties.setEncryptionKeyIdType(RSSecurityUtils.X509_ISSUER_SERIAL); doTestPostEncryptedBook( @@ -622,7 +628,9 @@ public void doTestPostEncryptedBook(String address, boolean sign, Map + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 123456789123456789 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/http-headers-server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/http-headers-server-fips.xml new file mode 100644 index 00000000000..4a4c2b5fcbd --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/http-headers-server-fips.xml @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Content-Type + Accept + customheader + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server-fips.xml new file mode 100644 index 00000000000..0590580d6b9 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/reference-server-fips.xml @@ -0,0 +1,105 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server-fips.xml new file mode 100644 index 00000000000..5af23a2331c --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/server-fips.xml @@ -0,0 +1,304 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson-fips.xml new file mode 100644 index 00000000000..b548ef6659a --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJweJson-fips.xml @@ -0,0 +1,88 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson-fips.xml new file mode 100644 index 00000000000..b613e0a52a2 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverJwsJson-fips.xml @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverMultipart-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverMultipart-fips.xml new file mode 100644 index 00000000000..df998fc9b7d --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwejws/serverMultipart-fips.xml @@ -0,0 +1,136 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/algorithms-server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/algorithms-server-fips.xml new file mode 100644 index 00000000000..0baa6877da6 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/algorithms-server-fips.xml @@ -0,0 +1,179 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server-fips.xml new file mode 100644 index 00000000000..271fe9aa3d6 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jose/jwt/authn-authz-server-fips.xml @@ -0,0 +1,127 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct-fips.properties new file mode 100644 index 00000000000..560fa3dc982 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwe.direct-fips.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias.jwe=AesGcmKey +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt +rs.security.encryption.content.algorithm=A128GCM +rs.security.encryption.key.algorithm=dir diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1-fips.properties new file mode 100644 index 00000000000..2090a267dd0 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson1-fips.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt +rs.security.encryption.include.key.id=true + +rs.security.keystore.alias.jwe=AesWrapKey +rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2-fips.properties new file mode 100644 index 00000000000..4a14c778b99 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jwejson2-fips.properties @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt +rs.security.encryption.include.key.id=true + +rs.security.keystore.alias.jwe=AesWrapKey2 +rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private-fips.properties new file mode 100644 index 00000000000..4d4aac94e58 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.private-fips.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=ECKey +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt +rs.security.signature.algorithm=ES256 \ No newline at end of file diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public-fips.properties new file mode 100644 index 00000000000..6d52c96a5a4 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/jws.ec.public-fips.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias=ECKey +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPublicSet-fips.txt +rs.security.signature.algorithm=ES256 \ No newline at end of file diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt-fips.xml new file mode 100644 index 00000000000..33bea05431d --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/filters-serverJwt-fips.xml @@ -0,0 +1,198 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + service + service-pass + Basic + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt-fips.xml new file mode 100644 index 00000000000..92e3566cded --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/filters/oauth20-serverJwt-fips.xml @@ -0,0 +1,136 @@ + + + + + + + + + + + + + + + + + true + + + + + ${testutil.ports.jaxrs-oauth2-filtersJwt} + + + + + + + + + + + + + + + + + ${testutil.ports.jaxrs-oauth2-filtersJwt} + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-session-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-session-fips.xml new file mode 100644 index 00000000000..ba66fd3412f --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-jcache-session-fips.xml @@ -0,0 +1,150 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + true + + + + + ${testutil.ports.grants-server-jcache-session.2} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-public-session-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-public-session-fips.xml new file mode 100644 index 00000000000..32c9d677bb3 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server-public-session-fips.xml @@ -0,0 +1,175 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + true + + + + + ${testutil.ports.jaxrs-oauth2-grants2-jcache-public-session} + null + false + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls-fips.xml new file mode 100644 index 00000000000..38ae1ed366b --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/tls/serverTls-fips.xml @@ -0,0 +1,245 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-keys-jcache-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-keys-jcache-fips.xml new file mode 100644 index 00000000000..7afb739e7b1 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oidc/oidc-keys-jcache-fips.xml @@ -0,0 +1,178 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac-fips.properties new file mode 100644 index 00000000000..996c8fd51e8 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac-fips.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias.jwe=AesWrapKey +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/encryptedJwkPrivateSet.txt +rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk-fips.properties new file mode 100644 index 00000000000..eeba2b2181e --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlinejwk-fips.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.jwkkey=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiaXVHOExqSkNrN3FtcnVGRUdyMHVuUSIsInAyYyI6NDA5Nn0.TuUE2NnCsl3ZWJY7sl0uqEWxFV2ZHw5tw-0ri8Qyst5Gn6YzuPGKJw.aaesJ4e-rLFYIdxA6gMdMw.lnncuqaZ2o3lPRX9bfFh4huW5llDWXC0Gg5987pNSte0SyY7gJcg4EFPHrPdO1YSAZJmPC3hEEmcwqh42w8g2rWiyUqcJ8Z4PqEj7HkNUdE.NccysFtj5AoMMSEk2Sa6oQ +rs.security.keystore.alias.jwe=AesWrapKey +rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset-fips.properties new file mode 100644 index 00000000000..deecd37bf4a --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.aescbchmac.inlineset-fips.properties @@ -0,0 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.jwkset=eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwicDJzIjoiTWJlR0VTekk2MURJaHFncnc4ZG9TZyIsInAyYyI6NDA5Nn0.MVJlK1vV0lWLt2ySU2WB_nphsWZqf6jhVfb2mGuf05mXnxqistGBng.x6itAzrmrAn9KetfUl1ZPg.2if8qkLqADwsF0li0BzhPX8Q9LLYrUE_uHfv-qo23BwOryGm_cOSj01_TVZnO58N30wYBMJZ_mgYIQTYGL_6VUJJv8_qzP_wmBUkV99VPWOrEYLf75VWvJSMwyFjGljzpYoWONvrp6QwfrKjdum8_xEOs1dgurq8Spct-y1Ueqk9YCO_6fvklAzLPxgyyPXw5HwSIw1f4wtDN9XVHfmphvuNLNXrzxI-b1Xi4t1FIZBgX6LephgwL3LpJeP0MrKQlPpe4RI3fXfoe6yo432gH72kGCui6WgoIAZUrX2ShaS_ephxIrB3s24-QcG4pcfRcaHuIc1VhnsFSgC1IvNh1QnDnlxQ7PCVhBifXaf_7Vy9LZQYhRJ8Wj_NClPJT8NNYQOZTcXEjzLYRMxCUI8C-KZBUaZd14oZhWgTVi9xre6EyUq5lQbMl55x_f_5FXzO-dJB9EG3MtRLm1CSmPaH4slUKhk45fKTzowqYgD0ueVcqvT8JtnlxRSj2NPC0vPy4r_3H3HzKvvtICQeaR6ZP5g_UMyvLju08tZMYSqeFzYxDKuExzC8l00tc8GlFM_K15A-J7TGQXGGDZtcn8raNOMgCzq4ijr5z6hyniNzu1j8sjKZH9FX3okfINRy6kW6W168r4GSvRAFf01sCNBvcSi3gsC0djTZdeyzbcEq_oqYHdBS3Ur4bXFw_5fLVKi4oaYG4AdWgAYiPp7uATO1k3VPoxIjJyRaUt4ZG-RX3eMULUF31OAV2owfthhyFzdOhg2RBPHhpiH5lbldTHRuP3PtQKtM6J0wbOoKwHdNSQUuRFJ3Ypqol2kxFl7e6NCTlvJrPX93b4JLYMpGeK43IXqnGzdUKCUEwsqz5m_x-eawlp34VHugxrAyW23hWXivbM_2p0nBYURd-DhdEErpzv6abGo89HQ_cOocI9JNIrfJejdMvVF1SxWPfwV9xvGqYcOvECUAJ_DRs3BxHEE83gLVEvs16JvLb-UVbNul7M-2R6McfH1tLc3GXOxtIIimpz0pu0PIEf_ptwSpsXPuhUo-GzJSqN_XOqS1FAn7ELOAuxTzw4P8fQpMB3IChwEJQDo4fApstbg9hsQrW8oOO1puFFYscuNYKgFGu_fVroZtgxPveoEYsB8JvPXgAGeiblaCYcUZiuOfj14B6GAsoqzCETxmNDe5ouHWjJ10QxdPWRjQUmlS0Pe_sjXWfYuian-WodiNDpVtDhBdWI7klifiJpRUL2xyOvMODJRSLVQck5ifHXAjb05Us6JTdDJU4MjNhPsNnnuy92I0JWW6MIV-DFfkSgt8J1kxaltyhyPdNBDSgTTSEZQjRmvbt93opbejkRT8yTL96Q59Cw32SK3cKwiaDJsVctcgpsHcHK7ImcoqvzcPFwwb3v32o14oqC4KS0WZw7wW-FlYhUjkh-orlka90_rw1687nKx0D5EV8wtMpQ69n8vTSme3hjoDIBxIxUrI0k3sv6UvjfH7qQLey0eIckPtRGDzR0ydFBVfKcj2BJQPCeTj08aOzU1f26dovhO9XKbOAYvtkOYO5Q2Sp4TvcC8fezQGYqRNX-k.BIKOj0XbCIfOv_qePGSEcg +rs.security.keystore.alias.jwe=AesWrapKey +rs.security.encryption.content.algorithm=A128GCM diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac-fips.properties b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac-fips.properties new file mode 100644 index 00000000000..159031d2cb4 --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/secret.jwk.hmac-fips.properties @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +rs.security.keystore.type=jwk +rs.security.keystore.alias.jws=HMAC512Key +rs.security.keystore.file=org/apache/cxf/systest/jaxrs/security/certs/jwkPrivateSet-fips.txt diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server-fips.xml new file mode 100644 index 00000000000..0f4f8d53e9d --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/server-fips.xml @@ -0,0 +1,251 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + .*CN=bob.* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server-fips.xml b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server-fips.xml new file mode 100644 index 00000000000..4c4eb58879f --- /dev/null +++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/xml/stax-server-fips.xml @@ -0,0 +1,278 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + .*CN=bob.* + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java index 187d7c7778e..9e72402eae6 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/HTTPSClientTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.configuration.security.KeyManagersType; import org.apache.cxf.configuration.security.KeyStoreType; import org.apache.cxf.configuration.security.TrustManagersType; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory; import org.apache.cxf.systest.https.BusServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -168,18 +169,24 @@ public final void testJaxwsTLSRefsEndpoint() throws Exception { } @Test public final void testPKCS12Endpoint() throws Exception { - testSuccessfulCall("pkcs12.xml", + testSuccessfulCall(JavaUtils.isFIPSEnabled() + ? "pkcs12-fips.xml" + : "pkcs12.xml", "https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort"); } @Test public final void testResourceKeySpecEndpoint() throws Exception { - testSuccessfulCall("resource-key-spec.xml", + testSuccessfulCall(JavaUtils.isFIPSEnabled() + ? "resource-key-spec-fips.xml" + : "resource-key-spec.xml", "https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort"); } @Test public final void testResourceKeySpecEndpointURL() throws Exception { - testSuccessfulCall("resource-key-spec-url.xml", + testSuccessfulCall(JavaUtils.isFIPSEnabled() + ? "resource-key-spec-url-fips.xml" + : "resource-key-spec-url.xml", "https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort", new URL("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort?wsdl"), true); diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12-fips.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12-fips.xml new file mode 100644 index 00000000000..dedb19e27dc --- /dev/null +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12-fips.xml @@ -0,0 +1,76 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-fips.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-fips.xml new file mode 100644 index 00000000000..a0ebbf10154 --- /dev/null +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-fips.xml @@ -0,0 +1,74 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url-fips.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url-fips.xml new file mode 100644 index 00000000000..8deed4acd1b --- /dev/null +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url-fips.xml @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java index deeb80ee855..0e19f2b8ac4 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/SamlTokenTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.wssec.examples.common.SecurityTestUtil; import org.apache.cxf.systest.wssec.examples.common.TestParam; import org.apache.cxf.systest.wssec.examples.sts.STSServer; @@ -44,8 +45,8 @@ import static org.junit.Assert.assertTrue; /** - * A set of tests for SAML Tokens using policies defined in the OASIS spec: - * "WS-SecurityPolicy Examples Version 1.0". + * A set of tests for SAML Tokens using policies defined in the OASIS spec: "WS-SecurityPolicy Examples + * Version 1.0". */ @RunWith(value = org.junit.runners.Parameterized.class) public class SamlTokenTest extends AbstractBusClientServerTestBase { @@ -66,33 +67,26 @@ public SamlTokenTest(TestParam type) { @BeforeClass public static void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(Server.class, true) - ); - assertTrue( - "Server failed to launch", + assertTrue("Server failed to launch", // run the server in the same process // set this to false to fork - launchServer(StaxServer.class, true) - ); - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(STSServer.class, true) - ); + launchServer(Server.class, true)); + assertTrue("Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(StaxServer.class, true)); + assertTrue("Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(STSServer.class, true)); } @Parameters(name = "{0}") public static Collection data() { - return Arrays.asList(new TestParam[] {new TestParam(PORT, false), - new TestParam(PORT, true), - new TestParam(STAX_PORT, false), - new TestParam(STAX_PORT, true), + return Arrays.asList(new TestParam[] { + new TestParam(PORT, false), new TestParam(PORT, true), + new TestParam(STAX_PORT, false), new TestParam(STAX_PORT, true), }); } @@ -114,11 +108,11 @@ public void testBearer() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBearerPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, test.getPort()); if (test.isStreaming()) { @@ -144,11 +138,11 @@ public void testTLSSenderVouches() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); String portNumber = PORT2; if (STAX_PORT.equals(test.getPort())) { portNumber = STAX_PORT2; @@ -178,11 +172,11 @@ public void testTLSHOKSignedEndorsing() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); String portNumber = PORT2; if (STAX_PORT.equals(test.getPort())) { portNumber = STAX_PORT2; @@ -212,11 +206,11 @@ public void testAsymmetricSigned() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignedPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, test.getPort()); samlPort.doubleIt(25); @@ -238,11 +232,11 @@ public void testAsymmetricInitiator() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricInitiatorPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, test.getPort()); if (test.isStreaming()) { @@ -255,7 +249,6 @@ public void testAsymmetricInitiator() throws Exception { bus.shutdown(true); } - /** * 2.3.2.1 (WSS1.1) SAML 2.0 Bearer */ @@ -269,11 +262,11 @@ public void testAsymmetricSaml2Bearer() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSaml2BearerPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, test.getPort()); if (test.isStreaming()) { @@ -299,11 +292,11 @@ public void testTLSSenderVouchesSaml2() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSSenderVouchesSaml2Port"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); String portNumber = PORT2; if (STAX_PORT.equals(test.getPort())) { portNumber = STAX_PORT2; @@ -333,11 +326,11 @@ public void testTLSHOKSignedEndorsingSaml2() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSHOKSignedEndorsingSaml2Port"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); String portNumber = PORT2; if (STAX_PORT.equals(test.getPort())) { portNumber = STAX_PORT2; @@ -367,11 +360,11 @@ public void testSymmetricSV() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSVPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, test.getPort()); if (test.isStreaming()) { @@ -400,11 +393,11 @@ public void testSymmetricIssuedToken() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class + .getResource(JavaUtils.isFIPSEnabled() ? "DoubleItSaml-fips.wsdl" : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricIssuedTokenPort"); - DoubleItPortType samlPort = - service.getPort(portQName, DoubleItPortType.class); + DoubleItPortType samlPort = service.getPort(portQName, DoubleItPortType.class); updateAddressPort(samlPort, test.getPort()); updateSTSPort((BindingProvider)samlPort, STS_PORT); @@ -423,7 +416,7 @@ public void testSymmetricIssuedToken() throws Exception { private static void updateSTSPort(BindingProvider p, String port) { STSClient stsClient = (STSClient)p.getRequestContext() - .get(org.apache.cxf.rt.security.SecurityConstants.STS_CLIENT); + .get(org.apache.cxf.rt.security.SecurityConstants.STS_CLIENT); if (stsClient != null) { String location = stsClient.getWsdlLocation(); if (location.contains("8080")) { diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/Server.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/Server.java index 904f6cdcf93..9cb11c103b1 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/Server.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource( + JavaUtils.isFIPSEnabled() + ? "server-fips.xml" : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java index c24d0d46235..804aece5b17 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/saml/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource( + JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java index a2a5d7d1603..aeba937e10b 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/SecureConversationTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.wssec.examples.common.SecurityTestUtil; import org.apache.cxf.systest.wssec.examples.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -103,7 +104,9 @@ public void testSecureConversation() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecureConversationTest.class.getResource("DoubleItSecConv.wsdl"); + URL wsdl = SecureConversationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSecConv-fips.wsdl" + : "DoubleItSecConv.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSecureConversationPort"); DoubleItPortType samlPort = diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/Server.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/Server.java index 00a6634a18c..4a3ff1adc29 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/Server.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/StaxServer.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/StaxServer.java index cb3dd61aafb..a19ef846082 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/StaxServer.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/secconv/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/sts/STSServer.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/sts/STSServer.java index 98da54c3817..83d9771cbf7 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/sts/STSServer.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/sts/STSServer.java @@ -23,6 +23,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class STSServer extends AbstractBusTestServerBase { @@ -32,7 +33,9 @@ public STSServer() { } protected void run() { - URL busFile = STSServer.class.getResource("cxf-symmetric.xml"); + URL busFile = STSServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "cxf-symmetric-fips.xml" + : "cxf-symmetric.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/Server.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/Server.java index 21b9855b2f5..2be2c49a0c6 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/Server.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/StaxServer.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/StaxServer.java index 7841793e2de..3f8887dcf29 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/StaxServer.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java index eb45d795394..838dc938e0f 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/ut/UsernameTokenTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.wssec.examples.common.SecurityTestUtil; import org.apache.cxf.systest.wssec.examples.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -104,7 +105,9 @@ public void testPlaintext() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort"); DoubleItPortType utPort = @@ -134,7 +137,9 @@ public void testPlaintextNoPassword() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextNoPasswordPort"); DoubleItPortType utPort = @@ -164,7 +169,9 @@ public void testDigest() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItDigestPort"); DoubleItPortType utPort = @@ -194,7 +201,9 @@ public void testTLSSupporting() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTLSSupportingPort"); DoubleItPortType utPort = @@ -228,7 +237,9 @@ public void testAsymmetricSESupporting() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSESupportingPort"); DoubleItPortType utPort = @@ -258,7 +269,9 @@ public void testAsymmetricEncrSupporting() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncrSupportingPort"); DoubleItPortType utPort = @@ -288,7 +301,9 @@ public void testSymmetricSESupporting() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSESupportingPort"); DoubleItPortType utPort = diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/Server.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/Server.java index 6403468febe..35581ade490 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/Server.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/StaxServer.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/StaxServer.java index 1f8f21fcf61..ee6be2d80f1 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/StaxServer.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java index 56585874a26..2bbec17b375 100644 --- a/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java +++ b/systests/ws-security-examples/src/test/java/org/apache/cxf/systest/wssec/examples/x509/X509TokenTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.wssec.examples.common.SecurityTestUtil; import org.apache.cxf.systest.wssec.examples.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -102,7 +103,9 @@ public void testAsymmetricSignEncrypt() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignEncryptPort"); DoubleItPortType x509Port = @@ -132,7 +135,9 @@ public void testAsymmetricProtectTokens() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricProtectTokensPort"); DoubleItPortType x509Port = @@ -162,7 +167,9 @@ public void testSymmetricSignEncrypt() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSignEncryptPort"); DoubleItPortType x509Port = @@ -192,7 +199,9 @@ public void testSymmetricEndorsing() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricEndorsingPort"); DoubleItPortType x509Port = diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml-fips.wsdl b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml-fips.wsdl new file mode 100644 index 00000000000..d9444c540de --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/DoubleItSaml-fips.wsdl @@ -0,0 +1,714 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + http://example.com/STS + + + http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 + http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey + 128 + http://www.w3.org/2001/10/xml-exc-c14n# + http://www.w3.org/2001/04/xmlenc#aes128-cbc + http://www.w3.org/2001/04/xmlenc#aes128-cbc + http://www.w3.org/2000/09/xmldsig#hmac-sha1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server-fips.xml new file mode 100644 index 00000000000..71bd9d1dc58 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/server-fips.xml @@ -0,0 +1,130 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server-fips.xml new file mode 100644 index 00000000000..648e750f54a --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/saml/stax-server-fips.xml @@ -0,0 +1,140 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv-fips.wsdl b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv-fips.wsdl new file mode 100644 index 00000000000..aa3d39cd303 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/DoubleItSecConv-fips.wsdl @@ -0,0 +1,161 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server-fips.xml new file mode 100644 index 00000000000..02a2567409f --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/server-fips.xml @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/stax-server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/stax-server-fips.xml new file mode 100644 index 00000000000..3b40b80157a --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/secconv/stax-server-fips.xml @@ -0,0 +1,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/cxf-symmetric-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/cxf-symmetric-fips.xml new file mode 100644 index 00000000000..664d397d8f3 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/cxf-symmetric-fips.xml @@ -0,0 +1,63 @@ + + + + + + + + + + + + + + + + + + + + + + + + http://localhost:(\d)*/DoubleItSamlSymmetricIssuedToken + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service-fips.wsdl b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service-fips.wsdl new file mode 100644 index 00000000000..736687b6956 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/sts/ws-trust-1.4-service-fips.wsdl @@ -0,0 +1,248 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt-fips.wsdl b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt-fips.wsdl new file mode 100644 index 00000000000..8898754f6de --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/DoubleItUt-fips.wsdl @@ -0,0 +1,431 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server-fips.xml new file mode 100644 index 00000000000..afeee5a9ee4 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/server-fips.xml @@ -0,0 +1,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server-fips.xml new file mode 100644 index 00000000000..bb760acbc44 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/ut/stax-server-fips.xml @@ -0,0 +1,102 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509-fips.wsdl b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509-fips.wsdl new file mode 100644 index 00000000000..a0f88f95f0c --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/DoubleItX509-fips.wsdl @@ -0,0 +1,321 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/server-fips.xml new file mode 100644 index 00000000000..6da144ef506 --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/server-fips.xml @@ -0,0 +1,76 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/stax-server-fips.xml b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/stax-server-fips.xml new file mode 100644 index 00000000000..b93dde6b8fe --- /dev/null +++ b/systests/ws-security-examples/src/test/resources/org/apache/cxf/systest/wssec/examples/x509/stax-server-fips.xml @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/pom.xml b/systests/ws-security/pom.xml index e68f4a05572..b3e8cd802f3 100644 --- a/systests/ws-security/pom.xml +++ b/systests/ws-security/pom.xml @@ -251,5 +251,62 @@ + + fips + + + fips.enabled + + + + + + org.apache.cxf + cxf-codegen-plugin + ${project.version} + + + org.apache.cxf.xjcplugins + cxf-xjc-dv + ${cxf.xjc-utils.version} + + + + + generate-sources + + ${cxf.codegenplugin.forkmode} + ${basedir}/target/generated-sources + + + -Xdv + + true + 1 + + + + ${basedir}/src/test/resources/DoubleItLogical.wsdl + + + ${basedir}/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl + + + ${basedir}/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl + + + ${basedir}/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl + + + + + wsdl2java + + + + + + + diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java index 655bda7da5c..aec64872e1b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/ActionTest.java @@ -39,6 +39,7 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.DispatchImpl; import org.apache.cxf.jaxws.JaxWsServerFactoryBean; import org.apache.cxf.staxutils.StaxUtils; @@ -62,6 +63,7 @@ import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants; import org.example.contract.doubleit.DoubleItPortType; +import org.junit.Assume; import org.junit.BeforeClass; import static org.junit.Assert.assertEquals; @@ -105,9 +107,12 @@ public static void cleanup() throws Exception { @org.junit.Test public void test3DESEncryptionGivenKey() throws Exception { - + //fips: no 3DES support + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -129,7 +134,9 @@ public void test3DESEncryptionGivenKey() throws Exception { public void testUsernameToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -173,7 +180,9 @@ public void testUsernameToken() throws Exception { public void testUsernameTokenReplay() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -208,7 +217,9 @@ public void testUsernameTokenReplay() throws Exception { public void testUsernameTokenNoValidation() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -236,7 +247,9 @@ public void testEncryptedPassword() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -258,7 +271,9 @@ public void testEncryptedPassword() throws Exception { public void testSignedTimestampReplay() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -294,7 +309,10 @@ public void testSignedTimestampReplay() throws Exception { public void testAsymmetricActionToPolicy() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); + Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -320,7 +338,9 @@ public void testAsymmetricActionToPolicy() throws Exception { public void testAsymmetricActionToPolicyServerFactory() throws Exception { JaxWsServerFactoryBean svrFactory = new JaxWsServerFactoryBean(); - URL serviceWSDL = ActionTest.class.getResource("DoubleItActionPolicy.wsdl"); + URL serviceWSDL = JavaUtils.isFIPSEnabled() + ? ActionTest.class.getResource("DoubleItActionPolicy-fips.wsdl") + : ActionTest.class.getResource("DoubleItActionPolicy.wsdl"); svrFactory.setWsdlLocation(serviceWSDL.toString()); String address = "http://localhost:" + PORT2 + "/DoubleItAsymmetric"; svrFactory.setAddress(address); @@ -340,7 +360,9 @@ public void testAsymmetricActionToPolicyServerFactory() throws Exception { org.apache.cxf.endpoint.Server server = svrFactory.create(); SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -365,7 +387,9 @@ public void testAsymmetricActionToPolicyServerFactory() throws Exception { public void testAsymmetricEncryptBeforeSigningActionToPolicy() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -389,7 +413,9 @@ public void testAsymmetricEncryptBeforeSigningActionToPolicy() throws Exception public void testEncryption() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -413,7 +439,9 @@ public void testEncryption() throws Exception { public void testSignatureNegativeClient() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -441,7 +469,9 @@ public void testSignatureNegativeClient() throws Exception { public void testSignatureNegativeClientStreaming() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -469,7 +499,9 @@ public void testSignatureNegativeClientStreaming() throws Exception { public void testSignatureNegativeServer() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -497,7 +529,9 @@ public void testSignatureNegativeServer() throws Exception { public void testSignatureNegativeServerStreaming() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -525,7 +559,9 @@ public void testSignatureNegativeServerStreaming() throws Exception { public void testSignedSAML() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -547,7 +583,9 @@ public void testSignedSAML() throws Exception { public void testSignatureProgrammatic() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -582,7 +620,9 @@ public void testSignatureProgrammatic() throws Exception { public void testSignatureProgrammaticStAX() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -620,7 +660,9 @@ public void testSignatureProgrammaticStAX() throws Exception { public void testSignatureProgrammaticMultipleActors() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -666,7 +708,9 @@ public void testSignatureProgrammaticMultipleActors() throws Exception { public void testSignatureDispatchPayload() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -708,7 +752,9 @@ public void testSignatureDispatchPayload() throws Exception { public void testSignatureDispatchMessage() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -753,7 +799,9 @@ public void testSignatureDispatchMessage() throws Exception { public void testSignatureHandlerActions() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ActionTest.class.getResource("client.xml"); + URL busFile = ActionTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/Server.java index 9a0561af2a9..24e4b481559 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/action/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource( + JavaUtils.isFIPSEnabled() + ? "server-fips.xml" : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java index bbfe26311a8..25e71bbb5ac 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/AlgorithmSuiteTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.test.TestUtilities; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -68,7 +69,9 @@ public static void cleanup() throws Exception { public void testSecurityPolicy() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = AlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -149,7 +152,9 @@ public void testCombinedPolicy() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = AlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -178,7 +183,9 @@ public void testCombinedPolicy() throws Exception { public void testManualConfigurationEncryption() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = AlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -228,7 +235,9 @@ public void testManualConfigurationEncryption() throws Exception { public void testManualConfigurationSignature() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = AlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -266,7 +275,9 @@ public void testManualConfigurationSignature() throws Exception { public void testInclusiveC14NPolicy() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = AlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -322,7 +333,9 @@ public void testMultipleAlgorithmSuitesPolicy() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = AlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/Server.java index b4b36fadb3d..db1d237941f 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource( + JavaUtils.isFIPSEnabled() ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java index aa5e06090fb..ee188589fa1 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxAlgorithmSuiteTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.test.TestUtilities; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -68,7 +69,9 @@ public static void cleanup() throws Exception { public void testSecurityPolicy() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = StaxAlgorithmSuiteTest.class.getResource("client.xml"); + URL busFile = AlgorithmSuiteTest.class.getResource( + JavaUtils.isFIPSEnabled() ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxServer.java index 546093a8e6f..19fe8737c5b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/algsuite/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource( + JavaUtils.isFIPSEnabled() ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthJAASTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthJAASTest.java index bbce3a2bb2b..53e534a6586 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthJAASTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthJAASTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItPortType; @@ -71,7 +72,10 @@ public void testBasicAuth() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = BasicAuthJAASTest.class.getResource("DoubleItBasicAuth.wsdl"); + URL wsdl = BasicAuthJAASTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "DoubleItBasicAuth-fips.wsdl" + : "DoubleItBasicAuth.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort"); DoubleItPortType utPort = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthTest.java index 12e53abec8e..24abcd4e602 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/BasicAuthTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.configuration.security.AuthorizationPolicy; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.transport.http.HTTPConduit; import org.example.contract.doubleit.DoubleItPortType; @@ -76,7 +77,9 @@ public void testBasicAuth() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = BasicAuthTest.class.getResource("DoubleItBasicAuth.wsdl"); + URL wsdl = BasicAuthTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItBasicAuth-fips.wsdl" + : "DoubleItBasicAuth.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort"); DoubleItPortType utPort = @@ -99,7 +102,9 @@ public void testBasicAuthViaAuthorizationPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = BasicAuthTest.class.getResource("DoubleItBasicAuth.wsdl"); + URL wsdl = BasicAuthTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItBasicAuth-fips.wsdl" + : "DoubleItBasicAuth.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2"); DoubleItPortType utPort = @@ -130,7 +135,9 @@ public void testNoBasicAuthCredentials() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = BasicAuthTest.class.getResource("DoubleItBasicAuth.wsdl"); + URL wsdl = BasicAuthTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItBasicAuth-fips.wsdl" + : "DoubleItBasicAuth.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItBasicAuthPort2"); DoubleItPortType utPort = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/JAASServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/JAASServer.java index 3a3d6caf9d6..6a73aecaed8 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/JAASServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/JAASServer.java @@ -31,6 +31,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.security.JAASLoginInterceptor; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; @@ -41,7 +42,9 @@ public JAASServer() { } protected void run() { - URL busFile = JAASServer.class.getResource("server-continuation.xml"); + URL busFile = JAASServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-continuation-fips.xml" + : "server-continuation.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); busLocal.getInInterceptors().add(this.createTestJaasLoginInterceptor()); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/Server.java index eb0053fb85d..6f465e0bfff 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/basicauth/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java index 595c3b7d206..b66bae591fb 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/BindingPropertiesTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -95,7 +96,9 @@ public static void cleanup() throws Exception { public void testOnlySignEntireHeadersAndBody() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -140,7 +143,9 @@ public void testOnlySignEntireHeadersAndBody() throws Exception { public void testEncryptSignature() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -186,7 +191,9 @@ public void testEncryptSignature() throws Exception { public void testIncludeTimestamp() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -232,7 +239,9 @@ public void testIncludeTimestamp() throws Exception { public void testEncryptBeforeSigning() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -278,7 +287,9 @@ public void testEncryptBeforeSigning() throws Exception { public void testSignBeforeEncrypting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -325,7 +336,9 @@ public void testSignBeforeEncrypting() throws Exception { public void testTimestampFirst() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -376,7 +389,9 @@ public void testTimestampFirst() throws Exception { public void testTimestampLast() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -427,7 +442,9 @@ public void testTimestampLast() throws Exception { public void testStrict() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -478,7 +495,9 @@ public void testStrict() throws Exception { public void testTokenProtection() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -530,7 +549,9 @@ public void testTokenProtection() throws Exception { public void testSignatureConfirmation() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -574,7 +595,9 @@ public void testSignatureConfirmation() throws Exception { public void testSignatureConfirmationEncBeforeSigning() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BindingPropertiesTest.class.getResource("client.xml"); + URL busFile = BindingPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/Server.java index 4aaa7b1e190..c48ced439ca 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxServer.java index 78238b70d1a..d3bb9aab3b5 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/bindings/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/CachingTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/CachingTest.java index e15fa649acb..16fb24f8ef4 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/CachingTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/CachingTest.java @@ -34,6 +34,7 @@ import org.apache.cxf.common.classloader.ClassLoaderUtils; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -100,7 +101,9 @@ public void testSymmetric() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = CachingTest.class.getResource("DoubleItCache.wsdl"); + URL wsdl = CachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItCache-fips.wsdl" + : "DoubleItCache.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItCacheSymmetricPort"); @@ -163,7 +166,9 @@ public void testSymmetricSharedCache() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = CachingTest.class.getResource("DoubleItCache.wsdl"); + URL wsdl = CachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItCache-fips.wsdl" + : "DoubleItCache.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItCacheSymmetricPort"); @@ -228,7 +233,9 @@ public void testSymmetricCustom() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = CachingTest.class.getResource("DoubleItCache.wsdl"); + URL wsdl = CachingTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItCache-fips.wsdl" + : "DoubleItCache.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItCachePerProxySymmetricPort"); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/Server.java index 07ce94c8e2c..29e8bad75e9 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/cache/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTypeImplJavaFirstFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTypeImplJavaFirstFips.java new file mode 100644 index 00000000000..77ffc2c24ee --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/DoubleItPortTypeImplJavaFirstFips.java @@ -0,0 +1,62 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.fault; + +import java.security.Principal; + +import jakarta.annotation.Resource; +import jakarta.jws.WebService; +import jakarta.xml.ws.WebServiceContext; +import org.apache.cxf.annotations.Policies; +import org.apache.cxf.annotations.Policy; +import org.apache.cxf.annotations.Policy.Placement; +import org.apache.cxf.feature.Features; +import org.example.contract.doubleit.DoubleItFault; +import org.example.contract.doubleit.DoubleItPortType; + +@WebService(targetNamespace = "http://www.example.org/contract/DoubleIt", + serviceName = "DoubleItService", + portName = "DoubleItSoap11NoPolicyBinding", + name = "DoubleItSoap11NoPolicyBinding", + endpointInterface = "org.example.contract.doubleit.DoubleItPortType") +@Features(features = "org.apache.cxf.feature.LoggingFeature") +public class DoubleItPortTypeImplJavaFirstFips implements DoubleItPortType { + @Resource + WebServiceContext wsContext; + + @Policies({ + @Policy(uri = "classpath:/org/apache/cxf/systest/ws/fault/SymmetricUTPolicy-fips.xml"), + @Policy(uri = "classpath:/org/apache/cxf/systest/ws/fault/SignedEncryptedPolicy.xml", + placement = Placement.BINDING_OPERATION_OUTPUT) + }) + public int doubleIt(int numberToDouble) throws DoubleItFault { + + Principal pr = wsContext.getUserPrincipal(); + if ("alice".equals(pr.getName())) { + return numberToDouble * 2; + } + + org.example.schema.doubleit.DoubleItFault internalFault = + new org.example.schema.doubleit.DoubleItFault(); + internalFault.setMajor((short)124); + internalFault.setMinor((short)1256); + throw new DoubleItFault("This is a fault", internalFault); + } + +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java index 66316a5f5e9..b778258ee48 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/FaultTest.java @@ -36,6 +36,7 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.DispatchImpl; import org.apache.cxf.rt.security.SecurityConstants; import org.apache.cxf.systest.ws.common.SecurityTestUtil; @@ -78,13 +79,16 @@ public static void cleanup() throws Exception { public void testSoap11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap11Port"); DoubleItPortType utPort = @@ -129,13 +133,16 @@ public void testSoap11() throws Exception { @org.junit.Test public void testSoap12() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap12Port"); DoubleItPortType utPort = @@ -162,13 +169,16 @@ public void testSoap12() throws Exception { @org.junit.Test public void testSoap12Mtom() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap12MtomPort"); DoubleItPortType utPort = @@ -196,7 +206,9 @@ public void testSoap12Mtom() throws Exception { public void testSoap12Dispatch() throws Exception { createBus(); BusFactory.setDefaultBus(getBus()); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap12DispatchPort"); @@ -252,13 +264,16 @@ public void testSoap12Dispatch() throws Exception { public void testSoap11PolicyWithParts() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap11PolicyWithPartsPort"); DoubleItPortType utPort = @@ -288,13 +303,16 @@ public void testSoap11PolicyWithParts() throws Exception { public void testJavaFirst() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItJavaFirstPort"); DoubleItPortType utPort = @@ -323,13 +341,16 @@ public void testJavaFirst() throws Exception { public void testUnsecuredSoap11Action() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap11UnsecuredPort"); DoubleItPortType utPort = @@ -351,13 +372,16 @@ public void testUnsecuredSoap11Action() throws Exception { public void testUnsecuredSoap11ActionStAX() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = FaultTest.class.getResource("client.xml"); + URL busFile = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = FaultTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = FaultTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSoap11UnsecuredPort2"); DoubleItPortType utPort = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java index ab2009b11be..902a96e75dc 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class ModifiedRequestServer extends AbstractBusTestServerBase { @@ -33,7 +34,10 @@ public ModifiedRequestServer() { } protected void run() { - URL busFile = ModifiedRequestServer.class.getResource("modified-server.xml"); + URL busFile = ModifiedRequestServer.class.getResource( + JavaUtils.isFIPSEnabled() + ? "modified-server-fips.xml" + : "modified-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java index 8eb1d215159..4a0833b2808 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/ModifiedRequestTest.java @@ -36,6 +36,7 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.test.TestUtilities; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.wss4j.common.WSS4JConstants; @@ -88,13 +89,18 @@ public void testModifiedSignedTimestamp() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ModifiedRequestTest.class.getResource("client.xml"); + URL busFile = ModifiedRequestTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = ModifiedRequestTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = @@ -130,13 +136,17 @@ public void testModifiedSignature() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ModifiedRequestTest.class.getResource("client.xml"); + URL busFile = ModifiedRequestTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = ModifiedRequestTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = @@ -172,13 +182,17 @@ public void testUntrustedSignature() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ModifiedRequestTest.class.getResource("client-untrusted.xml"); + URL busFile = ModifiedRequestTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-untrusted-fips.xml" : "client-untrusted.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = ModifiedRequestTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = @@ -205,13 +219,18 @@ public void testModifiedEncryptedKey() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ModifiedRequestTest.class.getResource("client.xml"); + + URL busFile = ModifiedRequestTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = ModifiedRequestTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = @@ -247,13 +266,18 @@ public void testModifiedEncryptedSOAPBody() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ModifiedRequestTest.class.getResource("client.xml"); + URL busFile = ModifiedRequestTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" : "client.xml"); + Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = ModifiedRequestTest.class.getResource("DoubleItFault.wsdl"); + URL wsdl = ModifiedRequestTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItFault-fips.wsdl" + : "DoubleItFault.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/Server.java index 07010fe1e99..b161663c1c6 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/fault/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java index 84c676031ac..d22232edc63 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/GCMTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.test.TestUtilities; @@ -117,7 +118,9 @@ public void testAESGCM128() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = GCMTest.class.getResource("DoubleItGCM.wsdl"); + URL wsdl = GCMTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItGCM-fips.wsdl" + : "DoubleItGCM.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItGCM128Port"); DoubleItPortType gcmPort = @@ -147,7 +150,9 @@ public void testAESGCM192() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = GCMTest.class.getResource("DoubleItGCM.wsdl"); + URL wsdl = GCMTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItGCM-fips.wsdl" + : "DoubleItGCM.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItGCM192Port"); DoubleItPortType gcmPort = @@ -178,7 +183,9 @@ public void testAESGCM256() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = GCMTest.class.getResource("DoubleItGCM.wsdl"); + URL wsdl = GCMTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItGCM-fips.wsdl" + : "DoubleItGCM.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItGCM256Port"); DoubleItPortType gcmPort = @@ -244,7 +251,9 @@ public void testAESGCM256MGFSHA256Digest() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = GCMTest.class.getResource("DoubleItGCM.wsdl"); + URL wsdl = GCMTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItGCM-fips.wsdl" + : "DoubleItGCM.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItGCM256MGFSHA256DigestPort"); DoubleItPortType gcmPort = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java index 8ca020d11c3..253f59311d3 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGF256AlgorithmSuiteLoader.java @@ -26,6 +26,7 @@ import org.w3c.dom.Element; import org.apache.cxf.Bus; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.ws.policy.AssertionBuilderRegistry; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertionBuilder; @@ -81,7 +82,9 @@ public static class GCMAlgorithmSuite extends AlgorithmSuite { SPConstants.SHA1, "http://www.w3.org/2009/xmlenc11#aes256-gcm", SPConstants.KW_AES256, - WSS4JConstants.KEYTRANSPORT_RSAOAEP_XENC11, + JavaUtils.isFIPSEnabled() + ? WSS4JConstants.KEYTRANSPORT_RSA15 + : WSS4JConstants.KEYTRANSPORT_RSAOAEP_XENC11, SPConstants.P_SHA1_L256, SPConstants.P_SHA1_L192, 256, 192, 256, 256, 1024, 4096 @@ -94,7 +97,9 @@ public static class GCMAlgorithmSuite extends AlgorithmSuite { SPConstants.SHA256, "http://www.w3.org/2009/xmlenc11#aes256-gcm", SPConstants.KW_AES256, - WSS4JConstants.KEYTRANSPORT_RSAOAEP_XENC11, + JavaUtils.isFIPSEnabled() + ? WSS4JConstants.KEYTRANSPORT_RSA15 + : WSS4JConstants.KEYTRANSPORT_RSAOAEP_XENC11, SPConstants.P_SHA1_L256, SPConstants.P_SHA1_L192, 256, 192, 256, 256, 1024, 4096 diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java index 9cb7c7d5d00..fb8724efd59 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class MGFServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public MGFServer() { } protected void run() { - URL busFile = MGFServer.class.getResource("mgf-server.xml"); + URL busFile = MGFServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "mgf-server-fips.xml" + : "mgf-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java index 6c32798187b..a5ec1f494b2 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/MGFStaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class MGFStaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public MGFStaxServer() { } protected void run() { - URL busFile = MGFStaxServer.class.getResource("mgf-stax-server.xml"); + URL busFile = MGFStaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "mgf-stax-server-fips.xml" + : "mgf-stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/Server.java index f8f9c46528d..a51b744e749 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/StaxServer.java index 666fce1dc60..fb46b424868 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/gcm/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/HTTPGetTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/HTTPGetTest.java index 456a6bf6c62..8a5679343ac 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/HTTPGetTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/HTTPGetTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.jaxrs.ext.xml.XMLSource; import org.apache.cxf.test.TestUtilities; @@ -80,7 +81,9 @@ public void testSOAPClientSecurityPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = HTTPGetTest.class.getResource("DoubleItHTTPGet.wsdl"); + URL wsdl = HTTPGetTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItHTTPGet-fips.wsdl" + : "DoubleItHTTPGet.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort"); DoubleItPortType x509Port = @@ -132,7 +135,9 @@ public void testSignedBodyTimestamp() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = HTTPGetTest.class.getResource("DoubleItHTTPGet.wsdl"); + URL wsdl = HTTPGetTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItHTTPGet-fips.wsdl" + : "DoubleItHTTPGet.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSignBodyPort"); DoubleItPortType port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/Server.java index 4c83c3abb20..eb946836e91 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/httpget/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java index b1d6ac8cdfe..e63405ceae1 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/HttpsTokenTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -94,7 +95,9 @@ public static void cleanup() throws Exception { public void testRequireClientCert() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = HttpsTokenTest.class.getResource("client.xml"); + URL busFile = HttpsTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -140,7 +143,9 @@ public void testRequireClientCert() throws Exception { public void testNoClientCertRequirement() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = HttpsTokenTest.class.getResource("client.xml"); + URL busFile = HttpsTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -184,7 +189,9 @@ public void testNoClientCertRequirement() throws Exception { public void testBasicAuth() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = HttpsTokenTest.class.getResource("client.xml"); + URL busFile = HttpsTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -230,7 +237,9 @@ public void testBasicAuth() throws Exception { public void testNoChildPolicy() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = HttpsTokenTest.class.getResource("client.xml"); + URL busFile = HttpsTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/Server.java index ca2b5b8b0c4..61e897dd50b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxServer.java index eed164fbd62..1166eefb522 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/https/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,10 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource( + JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java index d125c398cd0..f262a70a1b1 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/MTOMSecurityTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItMtomPortType; import org.example.contract.doubleit.DoubleItPortType; @@ -83,7 +84,9 @@ public void testSignedMTOMInline() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSignedMTOMInlinePort"); DoubleItMtomPortType port = @@ -111,7 +114,9 @@ public void testSignedMTOMAction() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSignedMTOMActionPort"); DoubleItMtomPortType port = @@ -139,7 +144,9 @@ public void testAsymmetricBytesInAttachment() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = @@ -163,7 +170,9 @@ public void testSymmetricBytesInAttachment() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricPort"); DoubleItPortType port = @@ -187,7 +196,9 @@ public void testActionBytesInAttachment() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItActionPort"); DoubleItPortType port = @@ -213,7 +224,9 @@ public void testAsymmetricBinaryBytesInAttachment() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBinaryPort"); DoubleItMtomPortType port = @@ -239,7 +252,9 @@ public void testAsymmetricBinaryBytesInAttachmentStAX() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBinaryPort"); DoubleItMtomPortType port = @@ -265,7 +280,9 @@ public void testAsymmetricBinaryEncryptBeforeSigningBytesInAttachment() throws E BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricBinaryEncryptBeforeSigningPort"); DoubleItMtomPortType port = @@ -291,7 +308,9 @@ public void testSymmetricBinaryBytesInAttachment() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricBinaryPort"); DoubleItMtomPortType port = @@ -317,7 +336,9 @@ public void testSymmetricBinaryBytesInAttachmentStAX() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = MTOMSecurityTest.class.getResource("DoubleItMtom.wsdl"); + URL wsdl = MTOMSecurityTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItMtom-fips.wsdl" + : "DoubleItMtom.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricBinaryPort"); DoubleItMtomPortType port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/Server.java index b041bb57c3e..0fff39c47d4 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/StaxServer.java index 83c6dfb6e5e..6e80cf60027 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/mtom/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java index b8ad1ddc3b4..17d53074d88 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/PartsTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -98,7 +99,9 @@ public static void cleanup() throws Exception { public void testSOAPFaultError() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -133,7 +136,9 @@ public void testSOAPFaultError() throws Exception { public void testRequiredParts() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -178,7 +183,9 @@ public void testRequiredParts() throws Exception { public void testRequiredElements() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -224,7 +231,9 @@ public void testRequiredElements() throws Exception { public void testSignedParts() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -288,7 +297,9 @@ public void testSignedParts() throws Exception { public void testSignedElements() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -334,7 +345,9 @@ public void testSignedElements() throws Exception { public void testEncryptedParts() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -398,7 +411,9 @@ public void testEncryptedParts() throws Exception { public void testEncryptedElements() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -448,7 +463,9 @@ public void testMultipleEncryptedElements() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -494,7 +511,9 @@ public void testMultipleEncryptedElements() throws Exception { public void testContentEncryptedElements() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -540,7 +559,9 @@ public void testContentEncryptedElements() throws Exception { public void testSignedAttachments() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -589,7 +610,9 @@ public void testSignedAttachments() throws Exception { public void testEncryptedAttachments() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PartsTest.class.getResource("client.xml"); + URL busFile = PartsTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/Server.java index 9fd6be15691..879dcf9c800 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/StaxServer.java index 773da0acc5f..589cf217edf 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/parts/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java index c4e5c8f4a28..b37875e7544 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/PasswordPropertiesTest.java @@ -31,6 +31,7 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -92,7 +93,9 @@ public void testUsernameToken() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = PasswordPropertiesTest.class.getResource("DoubleItPassword.wsdl"); + URL wsdl = PasswordPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItPassword-fips.wsdl" + : "DoubleItPassword.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItUTPort"); @@ -123,7 +126,9 @@ public void testSignedUsernameToken() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = PasswordPropertiesTest.class.getResource("DoubleItPassword.wsdl"); + URL wsdl = PasswordPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItPassword-fips.wsdl" + : "DoubleItPassword.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItUTSignedPort"); @@ -156,7 +161,9 @@ public void testAsymmetricBinding() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = PasswordPropertiesTest.class.getResource("DoubleItPassword.wsdl"); + URL wsdl = PasswordPropertiesTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItPassword-fips.wsdl" + : "DoubleItPassword.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java index a403de16866..c3ea83ead8f 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/password/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServer.java index d6073b29f4f..ace68aa65fb 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/JavaFirstPolicyServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.junit.Assert; @@ -34,7 +35,10 @@ public class JavaFirstPolicyServer extends AbstractBusTestServerBase { public static final String PORT3 = allocatePort(JavaFirstPolicyServer.class, 3); protected void run() { - URL busFile = JavaFirstPolicyServer.class.getResource("javafirstserver.xml"); + URL busFile = JavaFirstPolicyServer.class.getResource( + JavaUtils.isFIPSEnabled() + ? "javafirstserver-fips.xml" + : "javafirstserver.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); Assert.assertNotNull(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java index 4cecca20676..8bee9d72dc5 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/PolicyAlternativeTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -90,7 +91,9 @@ public static void cleanup() throws Exception { public void testAsymmetric() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -121,7 +124,9 @@ public void testAsymmetric() throws Exception { public void testNoSecurity() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -156,7 +161,9 @@ public void testNoSecurity() throws Exception { public void testUsernameToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -188,7 +195,9 @@ public void testUsernameToken() throws Exception { @org.junit.Test public void testRequireClientCertToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -226,7 +235,9 @@ public void testRequireClientCertToken() throws Exception { public void testTransportSupportingSigned() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -263,7 +274,9 @@ public void testTransportSupportingSigned() throws Exception { public void testTransportUTSupportingSigned() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -298,7 +311,9 @@ public void testTransportUTSupportingSigned() throws Exception { public void testAsymmetricBusLevel() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = PolicyAlternativeTest.class.getResource("client-bus.xml"); + URL busFile = PolicyAlternativeTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-bus-fips.xml" + : "client-bus.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/Server.java index 2c94e47b342..f0a2c641e21 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/PolicyOperationTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/PolicyOperationTest.java index c7c112a3fcc..d8cec501cb5 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/PolicyOperationTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/PolicyOperationTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItPortType2; @@ -71,7 +72,9 @@ public void testSecuredRequest() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = PolicyOperationTest.class.getResource("DoubleItPolicyOperation.wsdl"); + URL wsdl = PolicyOperationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItPolicyOperation-fips.wsdl" + : "DoubleItPolicyOperation.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPort"); DoubleItPortType2 port = @@ -94,7 +97,9 @@ public void testUnsecuredRequest() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = PolicyOperationTest.class.getResource("DoubleItPolicyOperation.wsdl"); + URL wsdl = PolicyOperationTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItPolicyOperation-fips.wsdl" + : "DoubleItPolicyOperation.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPort"); DoubleItPortType2 port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/Server.java index ff61ef6ef78..4737a30135a 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/policy/operation/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java index 7a96347c968..d7bb3144777 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/SamlTokenTest.java @@ -35,6 +35,7 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.systest.ws.saml.client.SamlCallbackHandler; @@ -113,13 +114,17 @@ public static void cleanup() throws Exception { public void testSaml1OverTransport() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort"); DoubleItPortType saml1Port = @@ -183,13 +188,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false) public void testSaml1Supporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SupportingPort"); DoubleItPortType saml1Port = @@ -222,13 +231,17 @@ public void testSaml1Supporting() throws Exception { public void testSaml1SupportingSelfSigned() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SupportingPort"); DoubleItPortType saml1Port = @@ -271,13 +284,17 @@ public void testSaml1SupportingSelfSigned() throws Exception { public void testSaml1ElementOverTransport() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1TransportPort"); DoubleItPortType saml1Port = @@ -313,13 +330,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlElementCallbackHandler(false) public void testSaml2OverSymmetric() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricPort"); DoubleItPortType saml2Port = @@ -366,13 +387,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false) public void testSaml2OverSymmetricSoap12() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSoap12Port"); DoubleItPortType saml2Port = @@ -420,13 +445,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false) public void testSaml2OverSymmetricSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSupportingPort"); DoubleItPortType saml2Port = @@ -457,13 +486,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler() public void testSaml2OverAsymmetric() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricPort"); DoubleItPortType saml2Port = @@ -523,13 +556,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler() public void testSaml1SelfSignedOverTransport() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportPort"); DoubleItPortType saml1Port = @@ -558,13 +595,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false, true) public void testSaml1SelfSignedOverTransportSP11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml1SelfSignedTransportSP11Port"); DoubleItPortType saml1Port = @@ -593,13 +634,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler(false, true) public void testAsymmetricSamlInitiator() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSamlInitiatorPort"); DoubleItPortType saml2Port = @@ -631,13 +676,17 @@ public void testAsymmetricSamlInitiatorProtectTokens() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSamlInitiatorProtectTokensPort"); DoubleItPortType saml2Port = @@ -664,13 +713,17 @@ public void testAsymmetricSamlInitiatorProtectTokens() throws Exception { public void testSaml2OverSymmetricSignedElements() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2SymmetricSignedElementsPort"); DoubleItPortType saml2Port = @@ -699,13 +752,17 @@ public void testSaml2OverSymmetricSignedElements() throws Exception { public void testSaml2EndorsingOverTransport() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"); DoubleItPortType saml2Port = @@ -737,13 +794,17 @@ public void testSaml2EndorsingOverTransport() throws Exception { public void testSaml2EndorsingPKOverTransport() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"); DoubleItPortType saml2Port = @@ -776,13 +837,17 @@ public void testSaml2EndorsingPKOverTransport() throws Exception { public void testSaml2EndorsingOverTransportSP11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportSP11Port"); DoubleItPortType saml2Port = @@ -814,13 +879,17 @@ public void testSaml2EndorsingOverTransportSP11() throws Exception { public void testSaml2OverAsymmetricSignedEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedPort"); DoubleItPortType saml2Port = @@ -845,13 +914,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler() public void testSaml2OverAsymmetricSignedEncryptedEncryptBeforeSigning() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricSignedEncryptedEncryptBeforeSigningPort"); @@ -880,13 +953,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler() public void testSaml2OverAsymmetricEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2AsymmetricEncryptedPort"); DoubleItPortType saml2Port = @@ -913,13 +990,17 @@ public void testSaml2OverAsymmetricEncrypted() throws Exception { public void testSaml2EndorsingEncryptedOverTransport() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingEncryptedTransportPort"); DoubleItPortType saml2Port = @@ -951,13 +1032,17 @@ public void testSaml2EndorsingEncryptedOverTransport() throws Exception { public void testNoSamlToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort"); DoubleItPortType saml2Port = @@ -991,13 +1076,17 @@ public void testNoSamlToken() throws Exception { public void testSaml2PEP() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2PEPPort"); DoubleItPortType saml2Port = @@ -1039,13 +1128,17 @@ public void testSaml2PEP() throws Exception { public void testSaml2Replay() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort"); DoubleItPortType saml2Port = @@ -1104,13 +1197,17 @@ SecurityConstants.SAML_CALLBACK_HANDLER, new SamlCallbackHandler() public void testAudienceRestriction() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2"); DoubleItPortType saml2Port = @@ -1159,13 +1256,17 @@ public void testAudienceRestriction() throws Exception { public void testAudienceRestrictionServiceName() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2"); DoubleItPortType saml2Port = @@ -1198,13 +1299,17 @@ public void testAudienceRestrictionServiceName() throws Exception { public void testDisableAudienceRestrictionValidation() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2TransportPort2"); DoubleItPortType saml2Port = @@ -1263,13 +1368,17 @@ public void testDisableAudienceRestrictionValidation() throws Exception { public void testSaml2DifferentAlgorithms() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SamlTokenTest.class.getResource("client.xml"); + URL busFile = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SamlTokenTest.class.getResource("DoubleItSaml.wsdl"); + URL wsdl = SamlTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSaml-fips.wsdl" + : "DoubleItSaml.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSaml2EndorsingTransportPort"); DoubleItPortType saml2Port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Server.java index 888e32773c6..4d1bd1c97d7 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxServer.java index 09459d4eb7b..56d5be28c0d 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/saml/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java index aa2bfd6314e..0b2fad5d64d 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java @@ -51,6 +51,7 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.ext.logging.LoggingOutInterceptor; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.helpers.XPathUtils; import org.apache.cxf.jaxws.EndpointImpl; import org.apache.cxf.message.Message; @@ -67,6 +68,7 @@ import org.example.contract.doubleit.DoubleItPortTypeHeader; import org.example.schema.doubleit.DoubleIt; +import org.junit.Assume; import org.junit.BeforeClass; import org.junit.Test; @@ -116,7 +118,10 @@ public void handle(Callback[] callbacks) throws IOException, @BeforeClass public static void init() throws Exception { - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); createStaticBus(SecurityPolicyTest.class.getResource("https_config.xml").toString()) .getExtension(PolicyEngine.class).setEnabled(true); @@ -170,13 +175,17 @@ public static void init() throws Exception { setCryptoProperties(ei, "alice.properties", "bob.properties"); ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_PROVIDER_ADDRESS, - new DoubleItProvider()); + JavaUtils.isFIPSEnabled() + ? new DoubleItProviderFips() + : new DoubleItProvider()); ei = ep.getServer().getEndpoint().getEndpointInfo(); setCryptoProperties(ei, "bob.properties", "alice.properties"); ep = (EndpointImpl)Endpoint.publish(POLICY_FAULT_SIGNENC_PROVIDER_ADDRESS, - new DoubleItFaultProvider()); + JavaUtils.isFIPSEnabled() + ? new DoubleItFaultProviderFips() + : new DoubleItFaultProvider()); ei = ep.getServer().getEndpoint().getEndpointInfo(); setCryptoProperties(ei, "bob.properties", "alice.properties"); @@ -228,6 +237,8 @@ private static void setCryptoProperties(EndpointInfo ei, String sigProps, String @Test public void testPolicy() throws Exception { + //fips : TripleDes not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); SpringBusFactory bf = new SpringBusFactory(); URL busFile = SecurityPolicyTest.class.getResource("https_config_client.xml"); @@ -359,7 +370,9 @@ public void testSignedOnlyWithUnsignedMessage() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); DoubleItPortType pt; @@ -414,6 +427,8 @@ public void testSignedOnlyWithUnsignedMessage() throws Exception { @Test public void testDispatchClient() throws Exception { + //fips : TripleDes not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); SpringBusFactory bf = new SpringBusFactory(); Bus bus = bf.createBus(); @@ -505,6 +520,61 @@ public SOAPMessage invoke(SOAPMessage request) { } } + + @WebServiceProvider(targetNamespace = "http://www.example.org/contract/DoubleIt", + portName = "DoubleItPortSignThenEncrypt", + serviceName = "DoubleItService", + wsdlLocation = "classpath:/org/apache/cxf/systest/ws/security/DoubleIt-fips.wsdl") + @ServiceMode(value = Mode.PAYLOAD) + public static class DoubleItProviderFips implements Provider { + + public Source invoke(Source obj) { + //CHECK the incoming + + Node el; + try { + el = StaxUtils.read(obj); + } catch (Exception e) { + throw new RuntimeException(e); + } + if (el instanceof Document) { + el = ((Document)el).getDocumentElement(); + } + Map ns = new HashMap<>(); + ns.put("ns2", "http://www.example.org/schema/DoubleIt"); + XPathUtils xp = new XPathUtils(ns); + String o = (String)xp.getValue("//ns2:DoubleIt/numberToDouble", el, XPathConstants.STRING); + int i = Integer.parseInt(o); + + String req = "" + + "" + Integer.toString(i * 2) + + ""; + return new StreamSource(new StringReader(req)); + } + + } + + @WebServiceProvider(targetNamespace = "http://www.example.org/contract/DoubleIt", + portName = "DoubleItFaultPortSignThenEncrypt", + serviceName = "DoubleItService", + wsdlLocation = "classpath:/org/apache/cxf/systest/ws/security/DoubleIt-fips.wsdl") + @ServiceMode(value = Mode.MESSAGE) + public static class DoubleItFaultProviderFips implements Provider { + + public SOAPMessage invoke(SOAPMessage request) { + try { + MessageFactory messageFactory = MessageFactory.newInstance(); + SOAPMessage msg = messageFactory.createMessage(); + msg.getSOAPBody().addFault(new QName("http://schemas.xmlsoap.org/soap/envelope/", "Server"), + "Foo"); + return msg; + } catch (Exception e) { + e.printStackTrace(); + } + return null; + } + + } @Test public void testCXF3041() throws Exception { @@ -514,7 +584,9 @@ public void testCXF3041() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); DoubleItPortType pt; @@ -549,7 +621,9 @@ public void testCXF3042() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); DoubleItPortType pt; @@ -584,7 +658,9 @@ public void testCXF3452() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); DoubleItPortTypeHeader pt; @@ -616,7 +692,9 @@ public void testCXF4119() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); DoubleItPortTypeHeader pt; @@ -651,7 +729,9 @@ public void testCXF4119() throws Exception { public void testCXF4122() throws Exception { Bus epBus = BusFactory.newInstance().createBus(); BusFactory.setDefaultBus(epBus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); DoubleItPortTypeImpl implementor = new DoubleItPortTypeImpl(); implementor.setEnforcePrincipal(false); EndpointImpl ep = (EndpointImpl)Endpoint.create(implementor); @@ -709,6 +789,8 @@ public void testCXF4122() throws Exception { @Test public void testFault() throws Exception { + //fips : TripleDes not supported + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); SpringBusFactory bf = new SpringBusFactory(); URL busFile = SecurityPolicyTest.class.getResource("https_config_client.xml"); @@ -716,7 +798,9 @@ public void testFault() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SecurityPolicyTest.class.getResource("DoubleIt.wsdl"); + URL wsdl = SecurityPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleIt-fips.wsdl" + : "DoubleIt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItFaultPortSignThenEncrypt"); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/Server.java index dae642e3ba6..8df8c56d04b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/Server.java @@ -22,6 +22,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -29,8 +30,9 @@ public class Server extends AbstractBusTestServerBase { protected void run() { SpringBusFactory factory = new SpringBusFactory(); - Bus bus = factory.createBus( - "org/apache/cxf/systest/ws/security/server.xml" + Bus bus = factory.createBus(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/security/server-fips.xml" + : "org/apache/cxf/systest/ws/security/server.xml" ); BusFactory.setDefaultBus(bus); setBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/StaxServer.java index 7365e77e8ec..79dc04d73ea 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/StaxServer.java @@ -22,6 +22,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -29,8 +30,9 @@ public class StaxServer extends AbstractBusTestServerBase { protected void run() { SpringBusFactory factory = new SpringBusFactory(); - Bus bus = factory.createBus( - "org/apache/cxf/systest/ws/security/stax-server.xml" + Bus bus = factory.createBus(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/security/stax-server-fips.xml" + : "org/apache/cxf/systest/ws/security/stax-server.xml" ); BusFactory.setDefaultBus(bus); setBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java index 016b798b8d7..43213089d8d 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/WSSecurityClientTest.java @@ -49,6 +49,7 @@ import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.DispatchImpl; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -253,7 +254,9 @@ public void testUsernameTokenStreaming() throws Exception { @Test public void testTimestampSignEncrypt() throws Exception { Bus b = new SpringBusFactory() - .createBus("org/apache/cxf/systest/ws/security/client.xml"); + .createBus(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/security/client-fips.xml" + : "org/apache/cxf/systest/ws/security/client.xml"); BusFactory.setDefaultBus(b); final jakarta.xml.ws.Service svc = jakarta.xml.ws.Service.create( WSDL_LOC, diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/PolicyServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/PolicyServer.java index d17f578fc13..8a2bccdf1d3 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/PolicyServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/PolicyServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class PolicyServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public PolicyServer() { } protected void run() { - URL busFile = PolicyServer.class.getResource("policy-server.xml"); + URL busFile = PolicyServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-server-fips.xml" + : "policy-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAActionTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAActionTest.java index 3acef473fa1..839fd2679b2 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAActionTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAActionTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItSwaPortType; import org.example.schema.doubleit.DoubleIt3; @@ -71,7 +72,9 @@ public void testSWASignatureContentAction() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAActionTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAActionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWASignatureContentActionPort"); DoubleItSwaPortType port = @@ -97,7 +100,9 @@ public void testSWASignatureCompleteAction() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAActionTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAActionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWASignatureCompleteActionPort"); DoubleItSwaPortType port = @@ -123,7 +128,9 @@ public void testSWAEncryptionContentAction() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAActionTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAActionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWAEncryptionContentActionPort"); DoubleItSwaPortType port = @@ -149,7 +156,9 @@ public void testSWAEncryptionCompleteAction() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAActionTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAActionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWAEncryptionCompleteActionPort"); DoubleItSwaPortType port = @@ -175,7 +184,9 @@ public void testSWASignatureEncryptionContentAction() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAActionTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAActionTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWASignatureEncryptionContentActionPort"); DoubleItSwaPortType port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java index b5d2d0abcad..b56472541cd 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/SWAPolicyTest.java @@ -30,6 +30,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.SecurityConstants; @@ -102,7 +103,9 @@ public void testSWASignatureContentPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWASignatureContentPolicyPort"); DoubleItSwaPortType port = @@ -132,7 +135,9 @@ public void testSWASignatureCompletePolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWASignatureCompletePolicyPort"); DoubleItSwaPortType port = @@ -162,7 +167,9 @@ public void testSWAEncryptionPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWAEncryptionPolicyPort"); DoubleItSwaPortType port = @@ -192,7 +199,9 @@ public void testSWAEncryptionContentPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWAEncryptionContentPolicyPort"); DoubleItSwaPortType port = @@ -222,7 +231,9 @@ public void testSWACombinedPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWACombinedPolicyPort"); DoubleItSwaPortType port = @@ -252,7 +263,9 @@ public void testSWACombinedDerivedPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWACombinedDerivedPolicyPort"); DoubleItSwaPortType port = @@ -282,7 +295,9 @@ public void testSWACombinedAsymmetricPolicy() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = SWAPolicyTest.class.getResource("DoubleItSwa.wsdl"); + URL wsdl = SWAPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItSwa-fips.wsdl" + : "DoubleItSwa.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSWACombinedAsymmetricPolicyPort"); DoubleItSwaPortType port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/Server.java index e5da4bd6388..060b3069f91 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/StaxPolicyServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/StaxPolicyServer.java index a70ea304786..327bf00888e 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/StaxPolicyServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/swa/StaxPolicyServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxPolicyServer extends AbstractBusTestServerBase { @@ -33,7 +34,10 @@ public StaxPolicyServer() { } protected void run() { - URL busFile = StaxPolicyServer.class.getResource("stax-policy-server.xml"); + URL busFile = StaxPolicyServer.class.getResource( + JavaUtils.isFIPSEnabled() + ? "stax-policy-server-fips.xml" + : "stax-policy-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java index 166e59b7940..7720d258520 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BSTServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class BSTServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public BSTServer() { } protected void run() { - URL busFile = BSTServer.class.getResource("bst-server.xml"); + URL busFile = BSTServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "bst-server-fips.xml" + : "bst-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java index c29c68dc458..6e65e5ff1b9 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/BinarySecurityTokenTest.java @@ -32,6 +32,7 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.tokenstore.SecurityToken; @@ -72,7 +73,9 @@ public static void cleanup() throws Exception { public void testBinarySecurityToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = BinarySecurityTokenTest.class.getResource("client.xml"); + URL busFile = BinarySecurityTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingServer.java index 3d75fbcf875..da92c41ff8b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class EndorsingServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public EndorsingServer() { } protected void run() { - URL busFile = EndorsingServer.class.getResource("endorsing-server.xml"); + URL busFile = EndorsingServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "endorsing-server-fips.xml" + : "endorsing-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingSupportingTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingSupportingTokenTest.java index fa3b63f4dd8..f2e90e65a76 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingSupportingTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/EndorsingSupportingTokenTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItPortType; @@ -92,7 +93,9 @@ public static void cleanup() throws Exception { public void testEndorsingSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = EndorsingSupportingTokenTest.class.getResource("endorsing-client.xml"); + URL busFile = EndorsingSupportingTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "endorsing-client-fips.xml" + : "endorsing-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -146,7 +149,9 @@ public void testEndorsingSupporting() throws Exception { public void testSignedEndorsingSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = EndorsingSupportingTokenTest.class.getResource("endorsing-client.xml"); + URL busFile = EndorsingSupportingTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "endorsing-client-fips.xml" + : "endorsing-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/Server.java index 47930af1871..5b2d0fd13b3 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxEndorsingServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxEndorsingServer.java index d53254c33ef..e894808debf 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxEndorsingServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxEndorsingServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxEndorsingServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxEndorsingServer() { } protected void run() { - URL busFile = StaxEndorsingServer.class.getResource("stax-endorsing-server.xml"); + URL busFile = StaxEndorsingServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-endorsing-server-fips.xml" + : "stax-endorsing-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxServer.java index 3c96b2b94b0..617c21fbf21 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/SupportingTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/SupportingTokenTest.java index 595014350da..23ac0f6da5f 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/SupportingTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/SupportingTokenTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -109,7 +110,9 @@ public static void cleanup() throws Exception { public void testSignedSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SupportingTokenTest.class.getResource("client.xml"); + URL busFile = SupportingTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -173,7 +176,9 @@ public void testSignedSupporting() throws Exception { public void testEncryptedSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SupportingTokenTest.class.getResource("client.xml"); + URL busFile = SupportingTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -237,7 +242,9 @@ public void testEncryptedSupporting() throws Exception { public void testEncryptedSupportingOverTLS() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SupportingTokenTest.class.getResource("tls-client.xml"); + URL busFile = SupportingTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "tls-client-fips.xml" + : "tls-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -293,7 +300,9 @@ public void testEncryptedSupportingOverTLS() throws Exception { public void testSignedEncryptedSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SupportingTokenTest.class.getResource("client.xml"); + URL busFile = SupportingTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSServer.java index 9630477a1c3..cf287387e5d 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class TLSServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public TLSServer() { } protected void run() { - URL busFile = TLSServer.class.getResource("tls-server.xml"); + URL busFile = TLSServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "tls-server-fips.xml" + : "tls-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSStaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSStaxServer.java index 2cd30180d69..125a9fadae4 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSStaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/tokens/TLSStaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class TLSStaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public TLSStaxServer() { } protected void run() { - URL busFile = TLSStaxServer.class.getResource("tls-stax-server.xml"); + URL busFile = TLSStaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "tls-stax-server-fips.xml" + : "tls-stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/PolicyServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/PolicyServer.java index 749403b6a04..74ec731708f 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/PolicyServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/PolicyServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class PolicyServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public PolicyServer() { } protected void run() { - URL busFile = PolicyServer.class.getResource("policy-server.xml"); + URL busFile = PolicyServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-server-fips.xml" + : "policy-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/Server.java index 2b4ccc7b085..a7ae512fb4b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/ServerDerived.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/ServerDerived.java index 8b5f08e78e3..400ec859892 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/ServerDerived.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/ServerDerived.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class ServerDerived extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public ServerDerived() { } protected void run() { - URL busFile = ServerDerived.class.getResource("server-derived.xml"); + URL busFile = ServerDerived.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-derived-fips.xml" + : "server-derived.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxPolicyServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxPolicyServer.java index 12726d93be2..f2714f05555 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxPolicyServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxPolicyServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxPolicyServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxPolicyServer() { } protected void run() { - URL busFile = StaxPolicyServer.class.getResource("stax-policy-server.xml"); + URL busFile = StaxPolicyServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-policy-server-fips.xml" + : "stax-policy-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxServer.java index 83e7e2a26af..2ab3ce397d9 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenDerivedTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenDerivedTest.java index c3c8d7476eb..49e2868a096 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenDerivedTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenDerivedTest.java @@ -27,6 +27,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.example.contract.doubleit.DoubleItPortType; @@ -75,7 +76,9 @@ public void testSymmetricProtectionSignatureToken() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricProtectionSigPort"); DoubleItPortType utPort = @@ -102,7 +105,9 @@ public void testSymmetricProtectionSignatureDKToken() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricProtectionSigDKPort"); DoubleItPortType utPort = @@ -129,7 +134,9 @@ public void testSymmetricProtectionEncryptionToken() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricProtectionEncPort"); DoubleItPortType utPort = @@ -156,7 +163,9 @@ public void testTransportEndorsing() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingPort"); DoubleItPortType utPort = @@ -183,7 +192,9 @@ public void testSymmetricSignedEndorsing() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSignedEndorsingPort"); DoubleItPortType utPort = @@ -210,7 +221,9 @@ public void testSymmetricEndorsingEncrypted() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricEndorsingEncryptedPort"); DoubleItPortType utPort = @@ -237,7 +250,9 @@ public void testSymmetricSignedEndorsingEncrypted() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenDerivedTest.class.getResource("DoubleItUtDerived.wsdl"); + URL wsdl = UsernameTokenDerivedTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUtDerived-fips.wsdl" + : "DoubleItUtDerived.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSignedEndorsingEncryptedPort"); DoubleItPortType utPort = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenPolicyTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenPolicyTest.java index f990946bcd7..2c53d6aae13 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenPolicyTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenPolicyTest.java @@ -36,6 +36,7 @@ import org.apache.cxf.endpoint.Client; import org.apache.cxf.ext.logging.LoggingOutInterceptor; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.interceptor.Fault; import org.apache.cxf.message.MessageUtils; import org.apache.cxf.phase.Phase; @@ -150,7 +151,9 @@ public void testSupportingToken() throws Exception { public void testPlaintextPassword() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenPolicyTest.class.getResource("policy-client.xml"); + URL busFile = UsernameTokenPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-client-fips.xml" + : "policy-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -211,7 +214,9 @@ public void testPlaintextPassword() throws Exception { public void testOnlyHasUsernameTokenWithoutMustUnderstand() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenPolicyTest.class.getResource("policy-client.xml"); + URL busFile = UsernameTokenPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-client-fips.xml" + : "policy-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -238,7 +243,9 @@ public void testOnlyHasUsernameTokenWithoutMustUnderstand() throws Exception { public void testHashPassword() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenPolicyTest.class.getResource("policy-client.xml"); + URL busFile = UsernameTokenPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-client-fips.xml" + : "policy-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -299,7 +306,9 @@ public void testHashPassword() throws Exception { public void testCreated() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenPolicyTest.class.getResource("policy-client.xml"); + URL busFile = UsernameTokenPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-client-fips.xml" + : "policy-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); @@ -344,7 +353,9 @@ public void testCreated() throws Exception { public void testNonce() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenPolicyTest.class.getResource("policy-client.xml"); + URL busFile = UsernameTokenPolicyTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "policy-client-fips.xml" + : "policy-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java index fce54c88221..29bcba599ea 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/ut/UsernameTokenTest.java @@ -40,6 +40,7 @@ import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.staxutils.StaxUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; @@ -111,7 +112,9 @@ public static void cleanup() throws Exception { @org.junit.Test public void testPlaintextTLSConfigViaCode() throws Exception { - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); // URL wsdl = new URL("https://localhost:" + PORT + "/DoubleItUTPlaintext?wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort"); @@ -159,7 +162,10 @@ public void testPlaintextCodeFirst() throws Exception { WSPolicyFeature policyFeature = new WSPolicyFeature(); Element policyElement = - StaxUtils.read(getClass().getResourceAsStream("plaintext-pass-timestamp-policy.xml")).getDocumentElement(); + StaxUtils.read(getClass().getResourceAsStream( + JavaUtils.isFIPSEnabled() + ? "plaintext-pass-timestamp-policy-fips.xml" + : "plaintext-pass-timestamp-policy.xml")).getDocumentElement(); policyFeature.setPolicyElements(Collections.singletonList(policyElement)); JaxWsProxyFactoryBean clientFactoryBean = new JaxWsProxyFactoryBean(); @@ -206,13 +212,17 @@ public void testPlaintextCodeFirst() throws Exception { public void testPlaintext() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPort"); DoubleItPortType utPort = @@ -314,13 +324,17 @@ public void configure(String name, String address, HTTPConduit c) { public void testPlaintextCreated() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextCreatedPort"); DoubleItPortType utPort = @@ -341,13 +355,17 @@ public void testPlaintextCreated() throws Exception { public void testPlaintextSupporting() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextSupportingPort"); DoubleItPortType utPort = @@ -368,13 +386,17 @@ public void testPlaintextSupporting() throws Exception { public void testPlaintextSupportingSP11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextSupportingSP11Port"); DoubleItPortType utPort = @@ -395,13 +417,17 @@ public void testPlaintextSupportingSP11() throws Exception { public void testPasswordHashed() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItHashedPort"); DoubleItPortType utPort = @@ -422,13 +448,17 @@ public void testPasswordHashed() throws Exception { public void testNoPassword() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItNoPasswordPort"); DoubleItPortType utPort = @@ -449,13 +479,17 @@ public void testNoPassword() throws Exception { public void testSignedEndorsing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSignedEndorsingPort"); DoubleItPortType utPort = @@ -476,13 +510,17 @@ public void testSignedEndorsing() throws Exception { public void testSignedEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSignedEncryptedPort"); DoubleItPortType utPort = @@ -503,13 +541,17 @@ public void testSignedEncrypted() throws Exception { public void testEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItEncryptedPort"); DoubleItPortType utPort = @@ -530,13 +572,17 @@ public void testEncrypted() throws Exception { public void testNoUsernameToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItInlinePolicyPort"); DoubleItPortType utPort = @@ -564,13 +610,17 @@ public void testNoUsernameToken() throws Exception { public void testPasswordHashedReplay() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItHashedPort"); @@ -604,13 +654,17 @@ public void testPasswordHashedReplay() throws Exception { public void testPasswordHashedNoBindingReplay() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItDigestNoBindingPort"); @@ -642,13 +696,17 @@ public void testPasswordHashedNoBindingReplay() throws Exception { public void testPlaintextPrincipal() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort"); DoubleItPortType utPort = @@ -683,13 +741,17 @@ public void testPlaintextPrincipal2() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = UsernameTokenTest.class.getResource("client.xml"); + URL busFile = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = UsernameTokenTest.class.getResource("DoubleItUt.wsdl"); + URL wsdl = UsernameTokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItUt-fips.wsdl" + : "DoubleItUt.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItPlaintextPrincipalPort2"); DoubleItPortType utPort = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/Server.java index 1dbdbabe5ef..f6a4636785d 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.KeystorePasswordCallback; import org.apache.cxf.systest.ws.common.UTPasswordCallback; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; @@ -42,34 +43,82 @@ protected Server(String baseUrl) throws Exception { doPublish(baseUrl.replace(PORT, PORT2).replace("http", "https") + "SecureConversation_UserNameOverTransport_IPingService", - new SCTLSPingService()); + JavaUtils.isFIPSEnabled() + ? new SCTLSPingServiceFips() + : new SCTLSPingService()); doPublish(baseUrl + "SecureConversation_MutualCertificate10SignEncrypt_IPingService", - new SCMCSEIPingService()); + JavaUtils.isFIPSEnabled() + ? new SCMCSEIPingServiceFips() + : new SCMCSEIPingService()); - doPublish(baseUrl + "AC_IPingService", new ACIPingService()); - doPublish(baseUrl + "ADC_IPingService", new ADCIPingService()); - doPublish(baseUrl + "ADC-ES_IPingService", new ADCESIPingService()); - doPublish(baseUrl + "_A_IPingService", new AIPingService()); - doPublish(baseUrl + "_AD_IPingService", new ADIPingService()); - doPublish(baseUrl + "_AD-ES_IPingService", new ADESIPingService()); + doPublish(baseUrl + "AC_IPingService", JavaUtils.isFIPSEnabled() + ? new ACIPingServiceFips() + : new ACIPingService()); + doPublish(baseUrl + "ADC_IPingService", JavaUtils.isFIPSEnabled() + ? new ADCIPingServiceFips() + : new ADCIPingService()); + doPublish(baseUrl + "ADC-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new ADCESIPingServiceFips() + : new ADCESIPingService()); + doPublish(baseUrl + "_A_IPingService", JavaUtils.isFIPSEnabled() + ? new AIPingServiceFips() + : new AIPingService()); + doPublish(baseUrl + "_AD_IPingService", JavaUtils.isFIPSEnabled() + ? new ADIPingServiceFips() + : new ADIPingService()); + doPublish(baseUrl + "_AD-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new ADESIPingServiceFips() + : new ADESIPingService()); - doPublish(baseUrl + "UXC_IPingService", new UXCIPingService()); - doPublish(baseUrl + "UXDC_IPingService", new UXDCIPingService()); - doPublish(baseUrl + "UXDC-SEES_IPingService", new UXDCSEESIPingService()); - doPublish(baseUrl + "_UX_IPingService", new UXIPingService()); - doPublish(baseUrl + "_UXD_IPingService", new UXDIPingService()); - doPublish(baseUrl + "_UXD-SEES_IPingService", new UXDSEESIPingService()); + doPublish(baseUrl + "UXC_IPingService", JavaUtils.isFIPSEnabled() + ? new UXCIPingServiceFips() + : new UXCIPingService()); + doPublish(baseUrl + "UXDC_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDCIPingServiceFips() + : new UXDCIPingService()); + doPublish(baseUrl + "UXDC-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDCSEESIPingServiceFips() + : new UXDCSEESIPingService()); + doPublish(baseUrl + "_UX_IPingService", JavaUtils.isFIPSEnabled() + ? new UXIPingServiceFips() + : new UXIPingService()); + doPublish(baseUrl + "_UXD_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDIPingServiceFips() + : new UXDIPingService()); + doPublish(baseUrl + "_UXD-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDSEESIPingServiceFips() + : new UXDSEESIPingService()); - doPublish(baseUrl + "XC_IPingService", new XCIPingService()); - doPublish(baseUrl + "XDC_IPingService", new XDCIPingService()); - doPublish(baseUrl + "XDC_IPingService1", new XDC1IPingService()); - doPublish(baseUrl + "XDC-ES_IPingService", new XDCESIPingService()); - doPublish(baseUrl + "XDC-SEES_IPingService", new XDCSEESIPingService()); - doPublish(baseUrl + "_X_IPingService", new XIPingService()); - doPublish(baseUrl + "_X10_IPingService", new X10IPingService()); - doPublish(baseUrl + "_XD_IPingService", new XDIPingService()); - doPublish(baseUrl + "_XD-SEES_IPingService", new XDSEESIPingService()); - doPublish(baseUrl + "_XD-ES_IPingService", new XDESIPingService()); + doPublish(baseUrl + "XC_IPingService", JavaUtils.isFIPSEnabled() + ? new XCIPingServiceFips() + : new XCIPingService()); + doPublish(baseUrl + "XDC_IPingService", JavaUtils.isFIPSEnabled() + ? new XDCIPingServiceFips() + : new XDCIPingService()); + doPublish(baseUrl + "XDC_IPingService1", JavaUtils.isFIPSEnabled() + ? new XDC1IPingServiceFips() + : new XDC1IPingService()); + doPublish(baseUrl + "XDC-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDCESIPingServiceFips() + : new XDCESIPingService()); + doPublish(baseUrl + "XDC-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDCSEESIPingServiceFips() + : new XDCSEESIPingService()); + doPublish(baseUrl + "_X_IPingService", JavaUtils.isFIPSEnabled() + ? new XIPingServiceFips() + : new XIPingService()); + doPublish(baseUrl + "_X10_IPingService", JavaUtils.isFIPSEnabled() + ? new X10IPingServiceFips() + : new X10IPingService()); + doPublish(baseUrl + "_XD_IPingService", JavaUtils.isFIPSEnabled() + ? new XDIPingServiceFips() + : new XDIPingService()); + doPublish(baseUrl + "_XD-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDSEESIPingServiceFips() + : new XDSEESIPingService()); + doPublish(baseUrl + "_XD-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDESIPingServiceFips() + : new XDESIPingService()); //Kerberos token - not sure where the token comes from or how these work @@ -294,4 +343,179 @@ public static class XDSEESIPingService extends PingServiceImpl { wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation.wsdl") public static class XDESIPingService extends PingServiceImpl { } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "SecureConversation_UserNameOverTransport_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class SCTLSPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "SecureConversation_MutualCertificate10SignEncrypt_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class SCMCSEIPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "AC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ACIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "ADC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "ADC-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADCESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_A_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class AIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_AD_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_AD-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADESIPingServiceFips extends PingServiceImpl { + } + + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "UXC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "UXDC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "UXDC-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDCSEESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_UX_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_UXD_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_UXD-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDSEESIPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC_IPingService1", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDC1IPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDCESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDCSEESIPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_X_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_X10_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class X10IPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_XD_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_XD-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDSEESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_XD-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDESIPingServiceFips extends PingServiceImpl { + } } diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/StaxServer.java index 2a2b689c774..30652afd569 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.KeystorePasswordCallback; import org.apache.cxf.systest.ws.common.UTPasswordCallback; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; @@ -42,34 +43,82 @@ protected StaxServer(String baseUrl) throws Exception { doPublish(baseUrl.replace(PORT, PORT2).replace("http", "https") + "SecureConversation_UserNameOverTransport_IPingService", - new SCTLSPingService()); + JavaUtils.isFIPSEnabled() + ? new SCTLSPingServiceFips() + : new SCTLSPingService()); doPublish(baseUrl + "SecureConversation_MutualCertificate10SignEncrypt_IPingService", - new SCMCSEIPingService()); + JavaUtils.isFIPSEnabled() + ? new SCMCSEIPingServiceFips() + : new SCMCSEIPingService()); - doPublish(baseUrl + "AC_IPingService", new ACIPingService()); - doPublish(baseUrl + "ADC_IPingService", new ADCIPingService()); - doPublish(baseUrl + "ADC-ES_IPingService", new ADCESIPingService()); - doPublish(baseUrl + "_A_IPingService", new AIPingService()); - doPublish(baseUrl + "_AD_IPingService", new ADIPingService()); - doPublish(baseUrl + "_AD-ES_IPingService", new ADESIPingService()); + doPublish(baseUrl + "AC_IPingService", JavaUtils.isFIPSEnabled() + ? new ACIPingServiceFips() + : new ACIPingService()); + doPublish(baseUrl + "ADC_IPingService", JavaUtils.isFIPSEnabled() + ? new ADCIPingServiceFips() + : new ADCIPingService()); + doPublish(baseUrl + "ADC-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new ADCESIPingServiceFips() + : new ADCESIPingService()); + doPublish(baseUrl + "_A_IPingService", JavaUtils.isFIPSEnabled() + ? new AIPingServiceFips() + : new AIPingService()); + doPublish(baseUrl + "_AD_IPingService", JavaUtils.isFIPSEnabled() + ? new ADIPingServiceFips() + : new ADIPingService()); + doPublish(baseUrl + "_AD-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new ADESIPingServiceFips() + : new ADESIPingService()); - doPublish(baseUrl + "UXC_IPingService", new UXCIPingService()); - doPublish(baseUrl + "UXDC_IPingService", new UXDCIPingService()); - doPublish(baseUrl + "UXDC-SEES_IPingService", new UXDCSEESIPingService()); - doPublish(baseUrl + "_UX_IPingService", new UXIPingService()); - doPublish(baseUrl + "_UXD_IPingService", new UXDIPingService()); - doPublish(baseUrl + "_UXD-SEES_IPingService", new UXDSEESIPingService()); + doPublish(baseUrl + "UXC_IPingService", JavaUtils.isFIPSEnabled() + ? new UXCIPingServiceFips() + : new UXCIPingService()); + doPublish(baseUrl + "UXDC_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDCIPingServiceFips() + : new UXDCIPingService()); + doPublish(baseUrl + "UXDC-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDCSEESIPingServiceFips() + : new UXDCSEESIPingService()); + doPublish(baseUrl + "_UX_IPingService", JavaUtils.isFIPSEnabled() + ? new UXIPingServiceFips() + : new UXIPingService()); + doPublish(baseUrl + "_UXD_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDIPingServiceFips() + : new UXDIPingService()); + doPublish(baseUrl + "_UXD-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new UXDSEESIPingServiceFips() + : new UXDSEESIPingService()); - doPublish(baseUrl + "XC_IPingService", new XCIPingService()); - doPublish(baseUrl + "XDC_IPingService", new XDCIPingService()); - doPublish(baseUrl + "XDC_IPingService1", new XDC1IPingService()); - doPublish(baseUrl + "XDC-ES_IPingService", new XDCESIPingService()); - doPublish(baseUrl + "XDC-SEES_IPingService", new XDCSEESIPingService()); - doPublish(baseUrl + "_X_IPingService", new XIPingService()); - doPublish(baseUrl + "_X10_IPingService", new X10IPingService()); - doPublish(baseUrl + "_XD_IPingService", new XDIPingService()); - doPublish(baseUrl + "_XD-SEES_IPingService", new XDSEESIPingService()); - doPublish(baseUrl + "_XD-ES_IPingService", new XDESIPingService()); + doPublish(baseUrl + "XC_IPingService", JavaUtils.isFIPSEnabled() + ? new XCIPingServiceFips() + : new XCIPingService()); + doPublish(baseUrl + "XDC_IPingService", JavaUtils.isFIPSEnabled() + ? new XDCIPingServiceFips() + : new XDCIPingService()); + doPublish(baseUrl + "XDC_IPingService1", JavaUtils.isFIPSEnabled() + ? new XDC1IPingServiceFips() + : new XDC1IPingService()); + doPublish(baseUrl + "XDC-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDCESIPingServiceFips() + : new XDCESIPingService()); + doPublish(baseUrl + "XDC-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDCSEESIPingServiceFips() + : new XDCSEESIPingService()); + doPublish(baseUrl + "_X_IPingService", JavaUtils.isFIPSEnabled() + ? new XIPingServiceFips() + : new XIPingService()); + doPublish(baseUrl + "_X10_IPingService", JavaUtils.isFIPSEnabled() + ? new X10IPingServiceFips() + : new X10IPingService()); + doPublish(baseUrl + "_XD_IPingService", JavaUtils.isFIPSEnabled() + ? new XDIPingServiceFips() + : new XDIPingService()); + doPublish(baseUrl + "_XD-SEES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDSEESIPingServiceFips() + : new XDSEESIPingService()); + doPublish(baseUrl + "_XD-ES_IPingService", JavaUtils.isFIPSEnabled() + ? new XDESIPingServiceFips() + : new XDESIPingService()); //Kerberos token - not sure where the token comes from or how these work @@ -295,4 +344,181 @@ public static class XDSEESIPingService extends PingServiceImpl { wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation.wsdl") public static class XDESIPingService extends PingServiceImpl { } + + + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "SecureConversation_UserNameOverTransport_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class SCTLSPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "SecureConversation_MutualCertificate10SignEncrypt_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class SCMCSEIPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "AC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ACIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "ADC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "ADC-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADCESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_A_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class AIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_AD_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_AD-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class ADESIPingServiceFips extends PingServiceImpl { + } + + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "UXC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "UXDC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "UXDC-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDCSEESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_UX_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_UXD_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_UXD-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class UXDSEESIPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDCIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC_IPingService1", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDC1IPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDCESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "XDC-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDCSEESIPingServiceFips extends PingServiceImpl { + } + + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_X_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_X10_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class X10IPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_XD_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_XD-SEES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDSEESIPingServiceFips extends PingServiceImpl { + } + @WebService(targetNamespace = "http://WSSec/wssc", + serviceName = "PingService", + portName = "_XD-ES_IPingService", + endpointInterface = "wssec.wssc.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl") + public static class XDESIPingServiceFips extends PingServiceImpl { + } } diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/UnitServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/UnitServer.java index ebb9dc3a648..9ff9e9ad49c 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/UnitServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/UnitServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; @@ -34,7 +35,9 @@ public UnitServer() { } protected void run() { - URL busFile = UnitServer.class.getResource("unit-server.xml"); + URL busFile = UnitServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "unit-server-fips.xml" + : "unit-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java index afd0f85f2e1..56ed590cf5c 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssc/WSSCUnitTest.java @@ -45,6 +45,7 @@ import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.rt.security.SecurityConstants; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; @@ -127,7 +128,9 @@ public void testEndorsingSecureConveration() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = WSSCUnitTest.class.getResource("DoubleItWSSC.wsdl"); + URL wsdl = WSSCUnitTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItWSSC-fips.wsdl" + : "DoubleItWSSC.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportPort"); DoubleItPortType port = @@ -146,7 +149,9 @@ public void testEndorsingSecureConveration() throws Exception { @Test public void testEndorsingSecureConverationViaCode() throws Exception { - URL wsdl = WSSCUnitTest.class.getResource("DoubleItWSSC.wsdl"); + URL wsdl = WSSCUnitTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItWSSC-fips.wsdl" + : "DoubleItWSSC.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportPort"); DoubleItPortType port = @@ -197,7 +202,9 @@ public void testEndorsingSecureConverationSP12() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = WSSCUnitTest.class.getResource("DoubleItWSSC.wsdl"); + URL wsdl = WSSCUnitTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItWSSC-fips.wsdl" + : "DoubleItWSSC.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSP12Port"); DoubleItPortType port = @@ -350,7 +357,9 @@ private Policy createSymmetricBindingPolicy() { algSuitePolicy.addPolicyComponent(algSuitePolicyEa); All algSuitePolicyAll = new All(); algSuitePolicyAll.addAssertion( - new PrimitiveAssertion(new QName(SP12Constants.SP_NS, SPConstants.ALGO_SUITE_BASIC128))); + new PrimitiveAssertion(new QName(SP12Constants.SP_NS, JavaUtils.isFIPSEnabled() + ? "Basic128GCMRsa15" + : "Basic128"))); algSuitePolicyEa.addPolicyComponent(algSuitePolicyAll); AlgorithmSuite algorithmSuite = new AlgorithmSuite(SPConstants.SPVersion.SP12, algSuitePolicy); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10CustomAlgorithmSuiteTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10CustomAlgorithmSuiteTest.java index 06d6a24caa5..9b3b4775baa 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10CustomAlgorithmSuiteTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10CustomAlgorithmSuiteTest.java @@ -29,6 +29,7 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.wssec10.server.Server; import org.apache.cxf.systest.ws.wssec10.server.ServerCustomAlgorithmSuite; import org.apache.cxf.systest.ws.wssec10.server.StaxServer; @@ -124,7 +125,9 @@ public static void startServers() throws Exception { launchServer(StaxServerCustomAlgorithmSuite.class, true) ); - createStaticBus("org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite.xml"); + createStaticBus(JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite.xml"); } @org.junit.AfterClass diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java index 8a47f65da32..767b973fb7b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10Test.java @@ -31,6 +31,7 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.wssec10.server.Server; import org.apache.cxf.systest.ws.wssec10.server.StaxServer; import org.apache.cxf.test.TestUtilities; @@ -88,25 +89,43 @@ public String toString() { @Parameters(name = "{0}") public static Collection data() { - - return Arrays.asList(new TestParam[] { - new TestParam("UserName", PORT, false), - new TestParam("UserNameOverTransport", SSL_PORT, false), - new TestParam("MutualCertificate10SignEncrypt", PORT, false), - new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", PORT, false), - new TestParam("UserName", PORT, true), - new TestParam("UserNameOverTransport", SSL_PORT, true), - new TestParam("MutualCertificate10SignEncrypt", PORT, true), - new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", PORT, true), - new TestParam("UserName", STAX_PORT, false), - new TestParam("UserNameOverTransport", STAX_SSL_PORT, false), - new TestParam("MutualCertificate10SignEncrypt", STAX_PORT, false), - new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", STAX_PORT, false), - new TestParam("UserName", STAX_PORT, true), - new TestParam("UserNameOverTransport", STAX_SSL_PORT, true), - new TestParam("MutualCertificate10SignEncrypt", STAX_PORT, true), - new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", STAX_PORT, true) - }); + if (JavaUtils.isFIPSEnabled()) { + //TripleDes not allowed in FIPS mode + return Arrays.asList(new TestParam[] { + new TestParam("UserName", PORT, false), + new TestParam("UserNameOverTransport", SSL_PORT, false), + new TestParam("MutualCertificate10SignEncrypt", PORT, false), + new TestParam("UserName", PORT, true), + new TestParam("UserNameOverTransport", SSL_PORT, true), + new TestParam("MutualCertificate10SignEncrypt", PORT, true), + new TestParam("UserName", STAX_PORT, false), + new TestParam("UserNameOverTransport", STAX_SSL_PORT, false), + new TestParam("MutualCertificate10SignEncrypt", STAX_PORT, false), + new TestParam("UserName", STAX_PORT, true), + new TestParam("UserNameOverTransport", STAX_SSL_PORT, true), + new TestParam("MutualCertificate10SignEncrypt", STAX_PORT, true), + + }); + } else { + return Arrays.asList(new TestParam[] { + new TestParam("UserName", PORT, false), + new TestParam("UserNameOverTransport", SSL_PORT, false), + new TestParam("MutualCertificate10SignEncrypt", PORT, false), + new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", PORT, false), + new TestParam("UserName", PORT, true), + new TestParam("UserNameOverTransport", SSL_PORT, true), + new TestParam("MutualCertificate10SignEncrypt", PORT, true), + new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", PORT, true), + new TestParam("UserName", STAX_PORT, false), + new TestParam("UserNameOverTransport", STAX_SSL_PORT, false), + new TestParam("MutualCertificate10SignEncrypt", STAX_PORT, false), + new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", STAX_PORT, false), + new TestParam("UserName", STAX_PORT, true), + new TestParam("UserNameOverTransport", STAX_SSL_PORT, true), + new TestParam("MutualCertificate10SignEncrypt", STAX_PORT, true), + new TestParam("MutualCertificate10SignEncryptRsa15TripleDes", STAX_PORT, true) + }); + } } @BeforeClass diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptFips.java new file mode 100644 index 00000000000..07d3411a564 --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptFips.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.wssec10.server; + +@jakarta.jws.WebService( + targetNamespace = "http://WSSec/wssec10", + serviceName = "PingService", + portName = "MutualCertificate10SignEncrypt_IPingService", + endpointInterface = "wssec.wssec10.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl" +) +public class MutualCertificate10SignEncryptFips extends PingServiceBase { + // complete +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRestrictedFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRestrictedFips.java new file mode 100644 index 00000000000..934e2aa2fce --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRestrictedFips.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.wssec10.server; + +@jakarta.jws.WebService( + targetNamespace = "http://WSSec/wssec10", + serviceName = "PingService", + portName = "MutualCertificate10SignEncrypt_IPingService", + endpointInterface = "wssec.wssec10.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl" +) +public class MutualCertificate10SignEncryptRestrictedFips extends PingServiceBase { + // complete +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesFips.java new file mode 100644 index 00000000000..3d405d2584e --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesFips.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.wssec10.server; + +@jakarta.jws.WebService( + targetNamespace = "http://WSSec/wssec10", + serviceName = "PingService", + portName = "MutualCertificate10SignEncryptRsa15TripleDes_IPingService", + endpointInterface = "wssec.wssec10.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl" +) +public class MutualCertificate10SignEncryptRsa15TripleDesFips extends PingServiceBase { + // complete +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesRestrictedFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesRestrictedFips.java new file mode 100644 index 00000000000..01d6ef314c9 --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/MutualCertificate10SignEncryptRsa15TripleDesRestrictedFips.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.wssec10.server; + +@jakarta.jws.WebService( + targetNamespace = "http://WSSec/wssec10", + serviceName = "PingService", + portName = "MutualCertificate10SignEncryptRsa15TripleDes_IPingService", + endpointInterface = "wssec.wssec10.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl" +) +public class MutualCertificate10SignEncryptRsa15TripleDesRestrictedFips extends PingServiceBase { + // complete +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/Server.java index cbf153eb0fd..7094538fcbc 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/Server.java @@ -21,6 +21,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.test.TestUtilities; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; @@ -34,9 +35,13 @@ public class Server extends AbstractBusTestServerBase { static { unrestrictedPoliciesInstalled = TestUtilities.checkUnrestrictedPoliciesInstalled(); if (unrestrictedPoliciesInstalled) { - configFileName = "org/apache/cxf/systest/ws/wssec10/server.xml"; + configFileName = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/server-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/server.xml"; } else { - configFileName = "org/apache/cxf/systest/ws/wssec10/server_restricted.xml"; + configFileName = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/server_restricted-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/server_restricted.xml"; } }; diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/ServerCustomAlgorithmSuite.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/ServerCustomAlgorithmSuite.java index 7c2bb024b4d..8d901848d28 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/ServerCustomAlgorithmSuite.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/ServerCustomAlgorithmSuite.java @@ -21,13 +21,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class ServerCustomAlgorithmSuite extends AbstractBusTestServerBase { static final String PORT = allocatePort(Server.class); static final String SSL_PORT = allocatePort(Server.class, 1); - private static String configFileName = "org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite.xml"; + private static String configFileName = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite.xml"; protected void run() { Bus busLocal = new SpringBusFactory().createBus(configFileName); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java index d84afc92a30..71cc292360b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServer.java @@ -21,6 +21,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.test.TestUtilities; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; @@ -34,9 +35,13 @@ public class StaxServer extends AbstractBusTestServerBase { static { unrestrictedPoliciesInstalled = TestUtilities.checkUnrestrictedPoliciesInstalled(); if (unrestrictedPoliciesInstalled) { - configFileName = "org/apache/cxf/systest/ws/wssec10/stax-server.xml"; + configFileName = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/stax-server-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/stax-server.xml"; } else { - configFileName = "org/apache/cxf/systest/ws/wssec10/stax-server_restricted.xml"; + configFileName = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/stax-server_restricted-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/stax-server_restricted.xml"; } }; diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServerCustomAlgorithmSuite.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServerCustomAlgorithmSuite.java index f80929f2f10..f3941580fe1 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServerCustomAlgorithmSuite.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/StaxServerCustomAlgorithmSuite.java @@ -21,14 +21,16 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServerCustomAlgorithmSuite extends AbstractBusTestServerBase { static final String PORT = allocatePort(Server.class); static final String SSL_PORT = allocatePort(Server.class, 1); - private static String configFileName = - "org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite.xml"; + private static String configFileName = JavaUtils.isFIPSEnabled() + ? "org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite-fips.xml" + : "org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite.xml"; protected void run() { Bus busLocal = new SpringBusFactory().createBus(configFileName); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportFips.java new file mode 100644 index 00000000000..af72f6974ed --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportFips.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.wssec10.server; + +@jakarta.jws.WebService( + targetNamespace = "http://WSSec/wssec10", + serviceName = "PingService", + portName = "UserNameOverTransportLocal_IPingService", + endpointInterface = "wssec.wssec10.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl" +) +public class UserNameOverTransportFips extends PingServiceBase { + // complete +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportRestrictedFips.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportRestrictedFips.java new file mode 100644 index 00000000000..c335082ca8c --- /dev/null +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UserNameOverTransportRestrictedFips.java @@ -0,0 +1,30 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.ws.wssec10.server; + +@jakarta.jws.WebService( + targetNamespace = "http://WSSec/wssec10", + serviceName = "PingService", + portName = "UserNameOverTransportLocal_IPingService", + endpointInterface = "wssec.wssec10.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl" +) +public class UserNameOverTransportRestrictedFips extends PingServiceBase { + // complete +} diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity112Test.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity112Test.java index ab2fb48eded..b3e48de0f2a 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity112Test.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/WSSecurity112Test.java @@ -24,6 +24,7 @@ import java.util.Arrays; import java.util.Collection; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.wssec11.server.Server12; import org.apache.cxf.systest.ws.wssec11.server.Server12Restricted; import org.apache.cxf.systest.ws.wssec11.server.StaxServer12; @@ -103,40 +104,78 @@ public static void startServers() throws Exception { @Parameters(name = "{0}") public static Collection data() { - if (unrestrictedPoliciesInstalled) { + if (JavaUtils.isFIPSEnabled()) { + //TripleDES isn't allowed in FIPS mode + if (unrestrictedPoliciesInstalled) { + return Arrays.asList(new TestParam[] { + new TestParam("X", Server12.PORT, false), + new TestParam("X-NoTimestamp", Server12.PORT, false), + new TestParam("X-AES128", Server12.PORT, false), + new TestParam("X-AES256", Server12.PORT, false), + new TestParam("XD", Server12.PORT, false), + new TestParam("XD-ES", Server12.PORT, false), + new TestParam("XD-SEES", Server12.PORT, false), + + new TestParam("X", StaxServer12.PORT, false), + new TestParam("X-NoTimestamp", StaxServer12.PORT, false), + new TestParam("X-AES128", StaxServer12.PORT, false), + new TestParam("X-AES256", StaxServer12.PORT, false), + + new TestParam("XD", StaxServer12.PORT, false), + new TestParam("XD-ES", StaxServer12.PORT, false), + new TestParam("XD-SEES", StaxServer12.PORT, false), + }); + } + return Arrays.asList(new TestParam[] { + new TestParam("X", Server12Restricted.PORT, false), + new TestParam("X-NoTimestamp", Server12Restricted.PORT, false), + new TestParam("XD", Server12Restricted.PORT, false), + new TestParam("XD-ES", Server12Restricted.PORT, false), + new TestParam("XD-SEES", Server12Restricted.PORT, false), + + new TestParam("X", StaxServer12Restricted.PORT, false), + new TestParam("X-NoTimestamp", StaxServer12Restricted.PORT, false), + new TestParam("XD", StaxServer12Restricted.PORT, false), + new TestParam("XD-ES", StaxServer12Restricted.PORT, false), + new TestParam("XD-SEES", StaxServer12Restricted.PORT, false), + }); + } else { + if (unrestrictedPoliciesInstalled) { + return Arrays.asList(new TestParam[] { + new TestParam("X", Server12.PORT, false), + new TestParam("X-NoTimestamp", Server12.PORT, false), + new TestParam("X-AES128", Server12.PORT, false), + new TestParam("X-AES256", Server12.PORT, false), + new TestParam("X-TripleDES", Server12.PORT, false), + new TestParam("XD", Server12.PORT, false), + new TestParam("XD-ES", Server12.PORT, false), + new TestParam("XD-SEES", Server12.PORT, false), + + new TestParam("X", StaxServer12.PORT, false), + new TestParam("X-NoTimestamp", StaxServer12.PORT, false), + new TestParam("X-AES128", StaxServer12.PORT, false), + new TestParam("X-AES256", StaxServer12.PORT, false), + new TestParam("X-TripleDES", StaxServer12.PORT, false), + new TestParam("XD", StaxServer12.PORT, false), + new TestParam("XD-ES", StaxServer12.PORT, false), + new TestParam("XD-SEES", StaxServer12.PORT, false), + }); + } return Arrays.asList(new TestParam[] { - new TestParam("X", Server12.PORT, false), - new TestParam("X-NoTimestamp", Server12.PORT, false), - new TestParam("X-AES128", Server12.PORT, false), - new TestParam("X-AES256", Server12.PORT, false), - new TestParam("X-TripleDES", Server12.PORT, false), - new TestParam("XD", Server12.PORT, false), - new TestParam("XD-ES", Server12.PORT, false), - new TestParam("XD-SEES", Server12.PORT, false), - - new TestParam("X", StaxServer12.PORT, false), - new TestParam("X-NoTimestamp", StaxServer12.PORT, false), - new TestParam("X-AES128", StaxServer12.PORT, false), - new TestParam("X-AES256", StaxServer12.PORT, false), - new TestParam("X-TripleDES", StaxServer12.PORT, false), - new TestParam("XD", StaxServer12.PORT, false), - new TestParam("XD-ES", StaxServer12.PORT, false), - new TestParam("XD-SEES", StaxServer12.PORT, false), + new TestParam("X", Server12Restricted.PORT, false), + new TestParam("X-NoTimestamp", Server12Restricted.PORT, false), + new TestParam("XD", Server12Restricted.PORT, false), + new TestParam("XD-ES", Server12Restricted.PORT, false), + new TestParam("XD-SEES", Server12Restricted.PORT, false), + + new TestParam("X", StaxServer12Restricted.PORT, false), + new TestParam("X-NoTimestamp", StaxServer12Restricted.PORT, false), + new TestParam("XD", StaxServer12Restricted.PORT, false), + new TestParam("XD-ES", StaxServer12Restricted.PORT, false), + new TestParam("XD-SEES", StaxServer12Restricted.PORT, false), }); } - return Arrays.asList(new TestParam[] { - new TestParam("X", Server12Restricted.PORT, false), - new TestParam("X-NoTimestamp", Server12Restricted.PORT, false), - new TestParam("XD", Server12Restricted.PORT, false), - new TestParam("XD-ES", Server12Restricted.PORT, false), - new TestParam("XD-SEES", Server12Restricted.PORT, false), - - new TestParam("X", StaxServer12Restricted.PORT, false), - new TestParam("X-NoTimestamp", StaxServer12Restricted.PORT, false), - new TestParam("XD", StaxServer12Restricted.PORT, false), - new TestParam("XD-ES", StaxServer12Restricted.PORT, false), - new TestParam("XD-SEES", StaxServer12Restricted.PORT, false), - }); + } @org.junit.AfterClass diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServer.java index 12a09eaee4b..c7f45a51403 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServer.java @@ -20,6 +20,7 @@ import jakarta.jws.WebService; import jakarta.xml.ws.Endpoint; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.KeystorePasswordCallback; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.ws.security.SecurityConstants; @@ -38,24 +39,60 @@ protected AbstractServer(String baseUrl, boolean streaming) throws Exception { } protected void run() { - doPublish(baseUrl + "/APingService", new APingService()); - doPublish(baseUrl + "/A-NoTimestampPingService", new ANoTimestampPingService()); - doPublish(baseUrl + "/ADPingService", new ADPingService()); - doPublish(baseUrl + "/A-ESPingService", new AESPingService()); - doPublish(baseUrl + "/AD-ESPingService", new ADESPingService()); - doPublish(baseUrl + "/UXPingService", new UXPingService()); - doPublish(baseUrl + "/UX-NoTimestampPingService", new UXNoTimestampPingService()); - doPublish(baseUrl + "/UXDPingService", new UXDPingService()); - doPublish(baseUrl + "/UX-SEESPingService", new UXSEESPingService()); - doPublish(baseUrl + "/UXD-SEESPingService", new UXDSEESPingService()); - doPublish(baseUrl + "/XPingService", new XPingService()); - doPublish(baseUrl + "/X-NoTimestampPingService", new XNoTimestampPingService()); - doPublish(baseUrl + "/X-AES128PingService", new XAES128PingService()); - doPublish(baseUrl + "/X-AES256PingService", new XAES256PingService()); - doPublish(baseUrl + "/X-TripleDESPingService", new XTripleDESPingService()); - doPublish(baseUrl + "/XDPingService", new XDPingService()); - doPublish(baseUrl + "/XD-ESPingService", new XDESPingService()); - doPublish(baseUrl + "/XD-SEESPingService", new XDSEESPingService()); + doPublish(baseUrl + "/APingService", JavaUtils.isFIPSEnabled() + ? new APingServiceFips() + : new APingService()); + doPublish(baseUrl + "/A-NoTimestampPingService", JavaUtils.isFIPSEnabled() + ? new ANoTimestampPingServiceFips() + : new ANoTimestampPingService()); + doPublish(baseUrl + "/ADPingService", JavaUtils.isFIPSEnabled() + ? new ADPingServiceFips() + : new ADPingService()); + doPublish(baseUrl + "/A-ESPingService", JavaUtils.isFIPSEnabled() + ? new AESPingServiceFips() + : new AESPingService()); + doPublish(baseUrl + "/AD-ESPingService", JavaUtils.isFIPSEnabled() + ? new ADESPingServiceFips() + : new ADESPingService()); + doPublish(baseUrl + "/UXPingService", JavaUtils.isFIPSEnabled() + ? new UXPingServiceFips() + : new UXPingService()); + doPublish(baseUrl + "/UX-NoTimestampPingService", JavaUtils.isFIPSEnabled() + ? new UXNoTimestampPingServiceFips() + : new UXNoTimestampPingService()); + doPublish(baseUrl + "/UXDPingService", JavaUtils.isFIPSEnabled() + ? new UXDPingServiceFips() + : new UXDPingService()); + doPublish(baseUrl + "/UX-SEESPingService", JavaUtils.isFIPSEnabled() + ? new UXSEESPingServiceFips() + : new UXSEESPingService()); + doPublish(baseUrl + "/UXD-SEESPingService", JavaUtils.isFIPSEnabled() + ? new UXDSEESPingServiceFips() + : new UXDSEESPingService()); + doPublish(baseUrl + "/XPingService", JavaUtils.isFIPSEnabled() + ? new XPingServiceFips() + : new XPingService()); + doPublish(baseUrl + "/X-NoTimestampPingService", JavaUtils.isFIPSEnabled() + ? new XNoTimestampPingServiceFips() + : new XNoTimestampPingService()); + doPublish(baseUrl + "/X-AES128PingService", JavaUtils.isFIPSEnabled() + ? new XAES128PingServiceFips() + : new XAES128PingService()); + doPublish(baseUrl + "/X-AES256PingService", JavaUtils.isFIPSEnabled() + ? new XAES256PingServiceFips() + : new XAES256PingService()); + doPublish(baseUrl + "/X-TripleDESPingService", JavaUtils.isFIPSEnabled() + ? new XTripleDESPingServiceFips() + : new XTripleDESPingService()); + doPublish(baseUrl + "/XDPingService", JavaUtils.isFIPSEnabled() + ? new XDPingServiceFips() + : new XDPingService()); + doPublish(baseUrl + "/XD-ESPingService", JavaUtils.isFIPSEnabled() + ? new XDESPingServiceFips() + : new XDESPingService()); + doPublish(baseUrl + "/XD-SEESPingService", JavaUtils.isFIPSEnabled() + ? new XDSEESPingServiceFips() + : new XDSEESPingService()); } private void doPublish(String url, Object obj) { Endpoint ep = Endpoint.create(obj); @@ -204,5 +241,142 @@ public static class XAES256PingService extends PingService { wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11.wsdl") public static class XTripleDESPingService extends PingService { } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "A_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class APingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "A-NoTimestamp_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class ANoTimestampPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "AD_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class ADPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "A-ES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class AESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "AD-ES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class ADESPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UX_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class UXPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UX-NoTimestamp_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class UXNoTimestampPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UXD_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class UXDPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UX-SEES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class UXSEESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UXD-SEES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class UXDSEESPingServiceFips extends PingService { + } + + + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-NoTimestamp_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XNoTimestampPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "XD_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XDPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "XD-ES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XDESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "XD-SEES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XDSEESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-AES128_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XAES128PingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-AES256_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XAES256PingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-TripleDES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl") + public static class XTripleDESPingServiceFips extends PingService { + } } diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServerRestricted.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServerRestricted.java index 42d52c62c30..622bba29bef 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServerRestricted.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec11/server/AbstractServerRestricted.java @@ -20,6 +20,7 @@ import jakarta.jws.WebService; import jakarta.xml.ws.Endpoint; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.KeystorePasswordCallback; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; import org.apache.cxf.ws.security.SecurityConstants; @@ -38,24 +39,52 @@ protected AbstractServerRestricted(String baseUrl, boolean streaming) throws Exc } protected void run() { - doPublish(baseUrl + "/APingService", new APingService()); - doPublish(baseUrl + "/A-NoTimestampPingService", new ANoTimestampPingService()); - doPublish(baseUrl + "/ADPingService", new ADPingService()); - doPublish(baseUrl + "/A-ESPingService", new AESPingService()); - doPublish(baseUrl + "/AD-ESPingService", new ADESPingService()); - doPublish(baseUrl + "/UXPingService", new UXPingService()); - doPublish(baseUrl + "/UX-NoTimestampPingService", new UXNoTimestampPingService()); - doPublish(baseUrl + "/UXDPingService", new UXDPingService()); - doPublish(baseUrl + "/UX-SEESPingService", new UXSEESPingService()); - doPublish(baseUrl + "/UXD-SEESPingService", new UXDSEESPingService()); - doPublish(baseUrl + "/XPingService", new XPingService()); - doPublish(baseUrl + "/X-NoTimestampPingService", new XNoTimestampPingService()); -// doPublish(baseUrl + "/X-AES128PingService", new XAES128PingService()); -// doPublish(baseUrl + "/X-AES256PingService", new XAES256PingService()); -// doPublish(baseUrl + "/X-TripleDESPingService", new XTripleDESPingService()); - doPublish(baseUrl + "/XDPingService", new XDPingService()); - doPublish(baseUrl + "/XD-ESPingService", new XDESPingService()); - doPublish(baseUrl + "/XD-SEESPingService", new XDSEESPingService()); + doPublish(baseUrl + "/APingService", JavaUtils.isFIPSEnabled() + ? new APingServiceFips() + : new APingService()); + doPublish(baseUrl + "/A-NoTimestampPingService", JavaUtils.isFIPSEnabled() + ? new ANoTimestampPingServiceFips() + : new ANoTimestampPingService()); + doPublish(baseUrl + "/ADPingService", JavaUtils.isFIPSEnabled() + ? new ADPingServiceFips() + : new ADPingService()); + doPublish(baseUrl + "/A-ESPingService", JavaUtils.isFIPSEnabled() + ? new AESPingServiceFips() + : new AESPingService()); + doPublish(baseUrl + "/AD-ESPingService", JavaUtils.isFIPSEnabled() + ? new ADESPingServiceFips() + : new ADESPingService()); + doPublish(baseUrl + "/UXPingService", JavaUtils.isFIPSEnabled() + ? new UXPingServiceFips() + : new UXPingService()); + doPublish(baseUrl + "/UX-NoTimestampPingService", JavaUtils.isFIPSEnabled() + ? new UXPingServiceFips() + : new UXNoTimestampPingService()); + doPublish(baseUrl + "/UXDPingService", JavaUtils.isFIPSEnabled() + ? new UXDPingServiceFips() + : new UXDPingService()); + doPublish(baseUrl + "/UX-SEESPingService", JavaUtils.isFIPSEnabled() + ? new UXSEESPingServiceFips() + : new UXSEESPingService()); + doPublish(baseUrl + "/UXD-SEESPingService", JavaUtils.isFIPSEnabled() + ? new UXDSEESPingServiceFips() + : new UXDSEESPingService()); + doPublish(baseUrl + "/XPingService", JavaUtils.isFIPSEnabled() + ? new XPingServiceFips() + : new XPingService()); + doPublish(baseUrl + "/X-NoTimestampPingService", JavaUtils.isFIPSEnabled() + ? new XNoTimestampPingServiceFips() + : new XNoTimestampPingService()); + doPublish(baseUrl + "/XDPingService", JavaUtils.isFIPSEnabled() + ? new XDPingServiceFips() + : new XDPingService()); + doPublish(baseUrl + "/XD-ESPingService", JavaUtils.isFIPSEnabled() + ? new XDESPingServiceFips() + : new XDESPingService()); + doPublish(baseUrl + "/XD-SEESPingService", JavaUtils.isFIPSEnabled() + ? new XDSEESPingServiceFips() + : new XDSEESPingService()); + } private void doPublish(String url, Object obj) { Endpoint ep = Endpoint.create(obj); @@ -220,4 +249,141 @@ public static class XAES256PingService extends PingService { public static class XTripleDESPingService extends PingService { } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "A_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class APingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "A-NoTimestamp_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class ANoTimestampPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "AD_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class ADPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "A-ES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class AESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "AD-ES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class ADESPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UX_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class UXPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UX-NoTimestamp_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class UXNoTimestampPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UXD_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class UXDPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UX-SEES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class UXSEESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "UXD-SEES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class UXDSEESPingServiceFips extends PingService { + } + + + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-NoTimestamp_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XNoTimestampPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "XD_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XDPingServiceFips extends PingService { + } + + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "XD-ES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XDESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "XD-SEES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XDSEESPingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-AES128_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XAES128PingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-AES256_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XAES256PingServiceFips extends PingService { + } + @WebService(targetNamespace = "http://WSSec/wssec11", + serviceName = "PingService11", + portName = "X-TripleDES_IPingService", + endpointInterface = "wssec.wssec11.IPingService", + wsdlLocation = "target/test-classes/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl") + public static class XTripleDESPingServiceFips extends PingService { + } + } diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/DoubleItIntermediaryImpl.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/DoubleItIntermediaryImpl.java index d7bc7c4498d..a4402eadc4d 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/DoubleItIntermediaryImpl.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/DoubleItIntermediaryImpl.java @@ -28,6 +28,7 @@ import jakarta.xml.ws.Service; import jakarta.xml.ws.WebServiceContext; import org.apache.cxf.feature.Features; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; import org.apache.cxf.ws.security.SecurityConstants; import org.example.contract.doubleit.DoubleItFault; @@ -47,7 +48,9 @@ public class DoubleItIntermediaryImpl extends AbstractBusClientServerTestBase im public int doubleIt(int numberToDouble) throws DoubleItFault { - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort"); DoubleItPortType x509Port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Intermediary.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Intermediary.java index 132c7600fbc..e2e6b03f1e6 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Intermediary.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Intermediary.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Intermediary extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Intermediary() { } protected void run() { - URL busFile = Intermediary.class.getResource("intermediary.xml"); + URL busFile = Intermediary.class.getResource(JavaUtils.isFIPSEnabled() + ? "intermediary-fips.xml" + : "intermediary.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java index c99c9f898a9..6b0ee03c732 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/SHA512PolicyLoader.java @@ -26,6 +26,7 @@ import org.w3c.dom.Element; import org.apache.cxf.Bus; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.ws.policy.AssertionBuilderRegistry; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion; import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertionBuilder; @@ -38,6 +39,7 @@ import org.apache.wss4j.policy.SPConstants; import org.apache.wss4j.policy.model.AbstractSecurityAssertion; import org.apache.wss4j.policy.model.AlgorithmSuite; +import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType; /** * This class retrieves the default AlgorithmSuites plus a custom AlgorithmSuite with the RSA SHA-512 @@ -56,7 +58,18 @@ public AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, final Map assertions = new HashMap<>(); QName qName = new QName(ns, "Basic128RsaSha512"); assertions.put(qName, new PrimitiveAssertion(qName)); - + qName = new QName(ns, "Basic256GCMRsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic192GCMRsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic128GCMRsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic256GCMSha256Rsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic192GCMSha256Rsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); + qName = new QName(ns, "Basic128GCMSha256Rsa15"); + assertions.put(qName, new PrimitiveAssertion(qName)); reg.registerBuilder(new PrimitiveAssertionBuilder(assertions.keySet()) { public Assertion build(Element element, AssertionBuilderFactory fact) { if (XMLPrimitiveAssertionBuilder.isOptional(element) @@ -74,24 +87,62 @@ public Assertion build(Element element, AssertionBuilderFactory fact) { public static class SHA512AlgorithmSuite extends AlgorithmSuite { static { - ALGORITHM_SUITE_TYPES.put( - "Basic128RsaSha512", - new AlgorithmSuiteType( - "Basic128RsaSha512", - "http://www.w3.org/2001/04/xmlenc#sha512", - WSS4JConstants.AES_128, - SPConstants.KW_AES128, - SPConstants.KW_RSA_OAEP, - SPConstants.P_SHA1_L128, - SPConstants.P_SHA1_L128, - 128, 128, 128, 512, 1024, 4096 - ) - ); + ALGORITHM_SUITE_TYPES + .put("Basic128RsaSha512", + new AlgorithmSuiteType("Basic128RsaSha512", "http://www.w3.org/2001/04/xmlenc#sha512", + JavaUtils.isFIPSEnabled() + ? "http://www.w3.org/2009/xmlenc11#aes128-gcm" + : WSS4JConstants.AES_128, + SPConstants.KW_AES128, + JavaUtils.isFIPSEnabled() + ? SPConstants.KW_RSA15 + : SPConstants.KW_RSA_OAEP, + SPConstants.P_SHA1_L128, SPConstants.P_SHA1_L128, 128, 128, 128, + 512, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic256GCMRsa15", + new AlgorithmSuiteType("Basic256GCMRsa15", SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes256-gcm", + SPConstants.KW_AES256, SPConstants.KW_RSA15, + SPConstants.P_SHA1_L256, SPConstants.P_SHA1_L192, + 256, 192, 256, 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic192GCMRsa15", + new AlgorithmSuiteType("Basic192GCMRsa15", SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes192-gcm", + SPConstants.KW_AES192, SPConstants.KW_RSA15, + SPConstants.P_SHA1_L192, SPConstants.P_SHA1_L192, + 192, 192, 192, 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic128GCMRsa15", + new AlgorithmSuiteType("Basic128GCMRsa15", SPConstants.SHA1, + "http://www.w3.org/2009/xmlenc11#aes128-gcm", + SPConstants.KW_AES128, SPConstants.KW_RSA15, + SPConstants.P_SHA1_L128, SPConstants.P_SHA1_L128, + 128, 128, 128, 256, 1024, 4096)); + + ALGORITHM_SUITE_TYPES.put("Basic256GCMSha256Rsa15", + new AlgorithmSuiteType("Basic256GCMSha256Rsa15", SPConstants.SHA256, + "http://www.w3.org/2009/xmlenc11#aes256-gcm", + SPConstants.KW_AES256, SPConstants.KW_RSA15, + SPConstants.P_SHA1_L256, SPConstants.P_SHA1_L192, + 256, 192, 256, 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic192GCMSha256Rsa15", + new AlgorithmSuiteType("Basic192GCMSha256Rsa15", SPConstants.SHA256, + "http://www.w3.org/2009/xmlenc11#aes192-gcm", + SPConstants.KW_AES192, SPConstants.KW_RSA15, + SPConstants.P_SHA1_L192, SPConstants.P_SHA1_L192, + 192, 192, 192, 256, 1024, 4096)); + ALGORITHM_SUITE_TYPES.put("Basic128GCMSha256Rsa15", + new AlgorithmSuiteType("Basic128GCMSha256Rsa15", SPConstants.SHA256, + "http://www.w3.org/2009/xmlenc11#aes128-gcm", + SPConstants.KW_AES128, SPConstants.KW_RSA15, + SPConstants.P_SHA1_L128, SPConstants.P_SHA1_L128, + 128, 128, 128, 256, 1024, 4096)); + } SHA512AlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) { super(version, nestedPolicy); - getAlgorithmSuiteType().setAsymmetricSignature("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"); + getAlgorithmSuiteType() + .setAsymmetricSignature("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"); } @Override @@ -110,9 +161,26 @@ protected void parseCustomAssertion(Assertion assertion) { if ("Basic128RsaSha512".equals(assertionName)) { setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic128RsaSha512")); getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic256GCMRsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic256GCMRsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic192GCMRsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic192GCMRsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic128GCMRsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic128GCMRsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic256GCMSha256Rsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic256GCMSha256Rsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic192GCMSha256Rsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic192GCMSha256Rsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); + } else if ("Basic128GCMSha256Rsa15".equals(assertionName)) { + setAlgorithmSuiteType(ALGORITHM_SUITE_TYPES.get("Basic128GCMSha256Rsa15")); + getAlgorithmSuiteType().setNamespace(assertionNamespace); } } } - } diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Server.java index 69b95b956e0..c0ba101d125 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource( + JavaUtils.isFIPSEnabled() + ? "server-fips.xml" : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxServer.java index 01a69931380..c44fc40c0b0 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = Server.class.getResource( + JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java index b34738db558..6d09cc1771b 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/x509/X509TokenTest.java @@ -51,6 +51,7 @@ import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.headers.Header; import org.apache.cxf.helpers.DOMUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.helpers.XPathUtils; import org.apache.cxf.jaxb.JAXBDataBinding; import org.apache.cxf.staxutils.StaxUtils; @@ -65,6 +66,7 @@ import org.example.contract.doubleit.DoubleItPortType; import org.example.contract.doubleit.DoubleItPortType2; +import org.junit.Assume; import org.junit.BeforeClass; import org.junit.runner.RunWith; import org.junit.runners.Parameterized.Parameters; @@ -137,13 +139,17 @@ public static void cleanup() throws Exception { public void testSymmetricErrorMessage() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricErrorMessagePort"); DoubleItPortType x509Port = @@ -173,13 +179,17 @@ public void testSymmetricErrorMessage() throws Exception { public void testKeyIdentifier() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort"); DoubleItPortType x509Port = @@ -200,13 +210,17 @@ public void testKeyIdentifier() throws Exception { public void testKeyIdentifierDerived() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierDerivedPort"); DoubleItPortType x509Port = @@ -227,13 +241,17 @@ public void testKeyIdentifierDerived() throws Exception { public void testKeyIdentifierEncryptBeforeSigning() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierEncryptBeforeSigningPort"); DoubleItPortType x509Port = @@ -254,13 +272,17 @@ public void testKeyIdentifierEncryptBeforeSigning() throws Exception { public void testKeyIdentifierEncryptBeforeSigningDerived() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierEncryptBeforeSigningDerivedPort"); DoubleItPortType x509Port = @@ -281,13 +303,17 @@ public void testKeyIdentifierEncryptBeforeSigningDerived() throws Exception { public void testKeyIdentifierJaxwsClient() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("jaxws-client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "jaxws-client-fips.xml" + : "jaxws-client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort"); DoubleItPortType x509Port = @@ -312,13 +338,17 @@ public void testKeyIdentifierJaxwsClient() throws Exception { public void testKeyIdentifierInclusivePrefixes() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort"); DoubleItPortType x509Port = @@ -368,13 +398,17 @@ public void testIntermediary() throws Exception { public void testIssuerSerial() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItIssuerSerialPort"); DoubleItPortType x509Port = @@ -395,13 +429,17 @@ public void testIssuerSerial() throws Exception { public void testThumbprint() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItThumbprintPort"); DoubleItPortType x509Port = @@ -422,13 +460,17 @@ public void testThumbprint() throws Exception { public void testSymmetricThumbprintEndorsing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricThumbprintEndorsingPort"); DoubleItPortType x509Port = @@ -447,13 +489,17 @@ public void testSymmetricThumbprintEndorsing() throws Exception { public void testSymmetricEndorsingEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricEndorsingEncryptedPort"); DoubleItPortType x509Port = @@ -472,13 +518,17 @@ public void testSymmetricEndorsingEncrypted() throws Exception { public void testContentEncryptedElements() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItContentEncryptedElementsPort"); DoubleItPortType x509Port = @@ -499,13 +549,17 @@ public void testContentEncryptedElements() throws Exception { public void testSymmetric256() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetric256Port"); DoubleItPortType x509Port = @@ -524,13 +578,17 @@ public void testSymmetric256() throws Exception { public void testAsymmetricIssuerSerial() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricIssuerSerialPort"); DoubleItPortType x509Port = @@ -551,13 +609,17 @@ public void testAsymmetricIssuerSerial() throws Exception { public void testAsymmetricIssuerSerialDispatch() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricIssuerSerialOperationPort"); @@ -593,13 +655,17 @@ public void testAsymmetricIssuerSerialDispatch() throws Exception { public void testAsymmetricIssuerSerialDispatchMessage() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricIssuerSerialOperationPort"); @@ -651,13 +717,17 @@ public void testAsymmetricIssuerSerialDispatchMessage() throws Exception { public void testAsymmetricSHA512() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSHA512Port"); DoubleItPortType x509Port = @@ -678,13 +748,17 @@ public void testAsymmetricSHA512() throws Exception { public void testAsymmetricOldConfig() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricOldConfigPort"); DoubleItPortType x509Port = @@ -706,13 +780,17 @@ public void testAsymmetricOldConfig() throws Exception { public void testAsymmetricNoInitiatorTokenReference() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricNoInitiatorReferencePort"); DoubleItPortType x509Port = @@ -733,13 +811,17 @@ public void testAsymmetricNoInitiatorTokenReference() throws Exception { public void testAsymmetricSP11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSP11Port"); DoubleItPortType x509Port = @@ -764,13 +846,18 @@ public void testAsymmetricEncryptedPassword() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource( + JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptedPasswordPort"); DoubleItPortType x509Port = @@ -791,13 +878,17 @@ public void testAsymmetricEncryptedPassword() throws Exception { public void testAsymmetricSHA256() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSHA256Port"); DoubleItPortType x509Port = @@ -818,13 +909,17 @@ public void testAsymmetricSHA256() throws Exception { public void testAsymmetricThumbprint() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricThumbprintPort"); DoubleItPortType x509Port = @@ -845,13 +940,17 @@ public void testAsymmetricThumbprint() throws Exception { public void testAsymmetricPKIPath() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPKIPathPort"); DoubleItPortType x509Port = @@ -872,13 +971,17 @@ public void testAsymmetricPKIPath() throws Exception { public void testAsymmetricEncryptBeforeSigning() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptBeforeSigningPort"); DoubleItPortType x509Port = @@ -899,13 +1002,17 @@ public void testAsymmetricEncryptBeforeSigning() throws Exception { public void testAsymmetricEncryptBeforeSigningNoEnc() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptBeforeSigningNoEncPort"); DoubleItPortType x509Port = @@ -926,13 +1033,17 @@ public void testAsymmetricEncryptBeforeSigningNoEnc() throws Exception { public void testAsymmetricEncryptSignature() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptSignaturePort"); DoubleItPortType x509Port = @@ -953,13 +1064,17 @@ public void testAsymmetricEncryptSignature() throws Exception { public void testAsymmetricProtectTokens() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricProtectTokensPort"); DoubleItPortType x509Port = @@ -980,13 +1095,17 @@ public void testAsymmetricProtectTokens() throws Exception { public void testAsymmetricUsernameToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricUsernameTokenPort"); DoubleItPortType x509Port = @@ -1007,13 +1126,17 @@ public void testAsymmetricUsernameToken() throws Exception { public void testAsymmetricEndorsing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEndorsingPort"); DoubleItPortType x509Port = @@ -1036,13 +1159,17 @@ public void testAsymmetricEndorsing() throws Exception { public void testSymmetricUsernameToken() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricUsernameTokenPort"); DoubleItPortType x509Port = @@ -1063,13 +1190,17 @@ public void testSymmetricUsernameToken() throws Exception { public void testSymmetricProtectTokens() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricProtectTokensPort"); DoubleItPortType x509Port = @@ -1093,13 +1224,17 @@ public void testSymmetricProtectTokens() throws Exception { public void testTransportEndorsing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingPort"); DoubleItPortType x509Port = @@ -1124,13 +1259,17 @@ public void testTransportEndorsing() throws Exception { public void testTransportEndorsingSP11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingSP11Port"); DoubleItPortType x509Port = @@ -1155,13 +1294,17 @@ public void testTransportEndorsingSP11() throws Exception { public void testTransportSignedEndorsing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSignedEndorsingPort"); DoubleItPortType x509Port = @@ -1186,13 +1329,17 @@ public void testTransportSignedEndorsing() throws Exception { public void testTransportEndorsingEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportEndorsingEncryptedPort"); DoubleItPortType x509Port = @@ -1217,13 +1364,17 @@ public void testTransportEndorsingEncrypted() throws Exception { public void testTransportSignedEndorsingEncrypted() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSignedEndorsingEncryptedPort"); DoubleItPortType x509Port = @@ -1248,13 +1399,17 @@ public void testTransportSignedEndorsingEncrypted() throws Exception { public void testAsymmetricSignature() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Signature-fips.wsdl" + : "DoubleItX509Signature.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignaturePort"); DoubleItPortType x509Port = @@ -1275,13 +1430,17 @@ public void testAsymmetricSignature() throws Exception { public void testAsymmetricSignatureSP11() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Signature-fips.wsdl" + : "DoubleItX509Signature.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignatureSP11Port"); DoubleItPortType x509Port = @@ -1302,13 +1461,17 @@ public void testAsymmetricSignatureSP11() throws Exception { public void testAsymmetricEncryption() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Signature-fips.wsdl" + : "DoubleItX509Signature.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricEncryptionPort"); DoubleItPortType x509Port = @@ -1329,13 +1492,17 @@ public void testAsymmetricEncryption() throws Exception { public void testAsymmetricSignatureEncryption() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Signature-fips.wsdl" + : "DoubleItX509Signature.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignatureEncryptionPort"); DoubleItPortType x509Port = @@ -1359,13 +1526,17 @@ public void testAsymmetricSignatureReplay() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Signature-fips.wsdl" + : "DoubleItX509Signature.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricSignaturePort"); DoubleItPortType x509Port = @@ -1394,13 +1565,17 @@ public void testAsymmetricSignatureReplay() throws Exception { public void testTransportSupportingSigned() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSupportingSignedPort"); DoubleItPortType x509Port = @@ -1425,13 +1600,17 @@ public void testTransportSupportingSigned() throws Exception { public void testTransportSupportingSignedCertConstraints() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportSupportingSignedCertConstraintsPort"); DoubleItPortType x509Port = @@ -1474,13 +1653,17 @@ public void testTransportSupportingSignedCertConstraints() throws Exception { public void testTransportKVT() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItTransportKVTPort"); DoubleItPortType x509Port = @@ -1509,13 +1692,17 @@ public void testKeyIdentifier2() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItOperations.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItOperations-fips.wsdl" + : "DoubleItOperations.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItKeyIdentifierPort2"); DoubleItPortType2 x509Port = @@ -1546,13 +1733,17 @@ public void testSupportingToken() throws Exception { } SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); // Successful invocation @@ -1596,13 +1787,17 @@ public void testSupportingToken() throws Exception { public void testNegativeEndorsing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); // Successful invocation @@ -1646,13 +1841,17 @@ public void testNegativeEndorsing() throws Exception { public void testSymmetricSignature() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Signature.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Signature-fips.wsdl" + : "DoubleItX509Signature.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricSignaturePort"); DoubleItPortType x509Port = @@ -1673,13 +1872,17 @@ public void testSymmetricSignature() throws Exception { public void testAsymmetricProperties() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPropertiesPort"); DoubleItPortType x509Port = @@ -1700,13 +1903,17 @@ public void testAsymmetricProperties() throws Exception { public void testSymmetricWithOptionalAddressing() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509Addressing.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509Addressing-fips.wsdl" + : "DoubleItX509Addressing.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricAddressingPort"); DoubleItPortType x509Port = @@ -1725,15 +1932,20 @@ public void testSymmetricWithOptionalAddressing() throws Exception { @org.junit.Test public void testSymmetricAddressingOneWay() throws Exception { - + //fips: not work + Assume.assumeFalse(JavaUtils.isFIPSEnabled()); SpringBusFactory bf = new SpringBusFactory(); - URL busFile = X509TokenTest.class.getResource("client.xml"); + URL busFile = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "client-fips.xml" + : "client.xml"); Bus bus = bf.createBus(busFile.toString()); BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = X509TokenTest.class.getResource("DoubleItX509.wsdl"); + URL wsdl = X509TokenTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItX509-fips.wsdl" + : "DoubleItX509.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricAddressingOneWayPort"); DoubleItOneWayPortType port = diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/Server.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/Server.java index df1e4707227..839974c2aa2 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/Server.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/Server.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class Server extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public Server() { } protected void run() { - URL busFile = Server.class.getResource("server.xml"); + URL busFile = Server.class.getResource(JavaUtils.isFIPSEnabled() + ? "server-fips.xml" + : "server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/StaxServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/StaxServer.java index cc0f0c9cc7b..acc04c7dc76 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/StaxServer.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/StaxServer.java @@ -24,6 +24,7 @@ import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.testutil.common.AbstractBusTestServerBase; public class StaxServer extends AbstractBusTestServerBase { @@ -33,7 +34,9 @@ public StaxServer() { } protected void run() { - URL busFile = StaxServer.class.getResource("stax-server.xml"); + URL busFile = StaxServer.class.getResource(JavaUtils.isFIPSEnabled() + ? "stax-server-fips.xml" + : "stax-server.xml"); Bus busLocal = new SpringBusFactory().createBus(busFile); BusFactory.setDefaultBus(busLocal); setBus(busLocal); diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java index a1e17afa33b..3125dcd3182 100644 --- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java +++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/xkms/XKMSTest.java @@ -37,6 +37,7 @@ import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.helpers.JavaUtils; import org.apache.cxf.systest.ws.common.SecurityTestUtil; import org.apache.cxf.systest.ws.common.TestParam; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -197,7 +198,9 @@ public void testSymmetricBinding() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = XKMSTest.class.getResource("DoubleItXKMS.wsdl"); + URL wsdl = XKMSTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItXKMS-fips.wsdl" + : "DoubleItXKMS.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItSymmetricPort"); DoubleItPortType port = @@ -227,7 +230,9 @@ public void testAsymmetricBinding() throws Exception { BusFactory.setDefaultBus(bus); BusFactory.setThreadDefaultBus(bus); - URL wsdl = XKMSTest.class.getResource("DoubleItXKMS.wsdl"); + URL wsdl = XKMSTest.class.getResource(JavaUtils.isFIPSEnabled() + ? "DoubleItXKMS-fips.wsdl" + : "DoubleItXKMS.wsdl"); Service service = Service.create(wsdl, SERVICE_QNAME); QName portQName = new QName(NAMESPACE, "DoubleItAsymmetricPort"); DoubleItPortType port = diff --git a/systests/ws-security/src/test/resources/alice-enc-fips.properties b/systests/ws-security/src/test/resources/alice-enc-fips.properties new file mode 100644 index 00000000000..8f7315cc133 --- /dev/null +++ b/systests/ws-security/src/test/resources/alice-enc-fips.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin +org.apache.wss4j.crypto.merlin.keystore.type=jks +org.apache.wss4j.crypto.merlin.keystore.password=ENC(UIsOQV2auCM0dN8wrGFMZYO3qG2potOqtoPK/dgsSAXmrypjJa2O+KQJ5pMsX/De) +org.apache.wss4j.crypto.merlin.keystore.alias=alice +org.apache.wss4j.crypto.merlin.keystore.file=keys/alice.jks diff --git a/systests/ws-security/src/test/resources/bob-enc-fips.properties b/systests/ws-security/src/test/resources/bob-enc-fips.properties new file mode 100644 index 00000000000..321e81dfca3 --- /dev/null +++ b/systests/ws-security/src/test/resources/bob-enc-fips.properties @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +org.apache.wss4j.crypto.provider=org.apache.wss4j.common.crypto.Merlin +org.apache.wss4j.crypto.merlin.keystore.type=jks +org.apache.wss4j.crypto.merlin.keystore.password=ENC(iscGNavGRwWY3QXjuwTxeCCJ2GScOwb0G9wEi7O9mTwwbf3SLb0ZNkNwPdoltzb3) +org.apache.wss4j.crypto.merlin.keystore.alias=bob +org.apache.wss4j.crypto.merlin.keystore.file=keys/bob.jks diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItActionPolicy-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItActionPolicy-fips.wsdl new file mode 100644 index 00000000000..2f96a8f35d2 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/DoubleItActionPolicy-fips.wsdl @@ -0,0 +1,177 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client-fips.xml new file mode 100644 index 00000000000..cdff583650c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/client-fips.xml @@ -0,0 +1,396 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server-fips.xml new file mode 100644 index 00000000000..4864e6f2bc9 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/action/server-fips.xml @@ -0,0 +1,342 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client-fips.xml new file mode 100644 index 00000000000..af48ac3a40a --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/client-fips.xml @@ -0,0 +1,361 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server-fips.xml new file mode 100644 index 00000000000..fc7c2092666 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/server-fips.xml @@ -0,0 +1,384 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server-fips.xml new file mode 100644 index 00000000000..affe81254fd --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/algsuite/stax-server-fips.xml @@ -0,0 +1,185 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/DoubleItBasicAuth-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/DoubleItBasicAuth-fips.wsdl new file mode 100644 index 00000000000..996c1027ae4 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/DoubleItBasicAuth-fips.wsdl @@ -0,0 +1,75 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-continuation-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-continuation-fips.xml new file mode 100644 index 00000000000..fa5d0412cf9 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-continuation-fips.xml @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-fips.xml new file mode 100644 index 00000000000..ba1a1ba4516 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/basicauth/server-fips.xml @@ -0,0 +1,65 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy-fips.xml new file mode 100644 index 00000000000..c68e337c5d5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/clean-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client-fips.xml new file mode 100644 index 00000000000..5e4b382a784 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/client-fips.xml @@ -0,0 +1,350 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy-fips.xml new file mode 100644 index 00000000000..d0e92c6e147 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-before-signing-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy-fips.xml new file mode 100644 index 00000000000..9b90eb59720 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/encrypt-sig-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy-fips.xml new file mode 100644 index 00000000000..779390dbf10 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/include-timestamp-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/only-sign-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/only-sign-policy-fips.xml new file mode 100644 index 00000000000..e776561712f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/only-sign-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/protect-tokens-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/protect-tokens-policy-fips.xml new file mode 100644 index 00000000000..64373136a63 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/protect-tokens-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server-fips.xml new file mode 100644 index 00000000000..0f3222b5746 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/server-fips.xml @@ -0,0 +1,315 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-enc-before-signing-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-enc-before-signing-policy-fips.xml new file mode 100644 index 00000000000..9b198c54089 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-enc-before-signing-policy-fips.xml @@ -0,0 +1,46 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy-fips.xml new file mode 100644 index 00000000000..44047816e29 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sig-conf-policy-fips.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy-fips.xml new file mode 100644 index 00000000000..baf4185bfb5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/sign-before-encrypting-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/stax-server-fips.xml new file mode 100644 index 00000000000..4e9d9aa1240 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/stax-server-fips.xml @@ -0,0 +1,336 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/strict-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/strict-policy-fips.xml new file mode 100644 index 00000000000..dc34e061ea0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/strict-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy-fips.xml new file mode 100644 index 00000000000..4086d30934b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-first-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy-fips.xml new file mode 100644 index 00000000000..c67a4410ed0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/bindings/ts-last-policy-fips.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/DoubleItCache-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/DoubleItCache-fips.wsdl new file mode 100644 index 00000000000..e98f57dea6b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/DoubleItCache-fips.wsdl @@ -0,0 +1,108 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/server-fips.xml new file mode 100644 index 00000000000..814b69ca17c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/cache/server-fips.xml @@ -0,0 +1,56 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault-fips.wsdl new file mode 100644 index 00000000000..d083e5d991c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/DoubleItFault-fips.wsdl @@ -0,0 +1,295 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/SymmetricUTPolicy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/SymmetricUTPolicy-fips.xml new file mode 100644 index 00000000000..c042a0d0566 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/SymmetricUTPolicy-fips.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-fips.xml new file mode 100644 index 00000000000..31ba1e6e27d --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-fips.xml @@ -0,0 +1,182 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted-fips.xml new file mode 100644 index 00000000000..42b9cc0c36d --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/client-untrusted-fips.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server-fips.xml new file mode 100644 index 00000000000..889a0998b8f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/modified-server-fips.xml @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server-fips.xml new file mode 100644 index 00000000000..72177f8b62c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/fault/server-fips.xml @@ -0,0 +1,123 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM-fips.wsdl new file mode 100644 index 00000000000..13509f5d3e0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/DoubleItGCM-fips.wsdl @@ -0,0 +1,353 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server-fips.xml new file mode 100644 index 00000000000..9877f4edbcb --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-server-fips.xml @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server-fips.xml new file mode 100644 index 00000000000..9f634928fb0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/mgf-stax-server-fips.xml @@ -0,0 +1,64 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server-fips.xml new file mode 100644 index 00000000000..181bc747eb2 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/server-fips.xml @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/stax-server-fips.xml new file mode 100644 index 00000000000..68b10ce9fa5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/gcm/stax-server-fips.xml @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/DoubleItHTTPGet-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/DoubleItHTTPGet-fips.wsdl new file mode 100644 index 00000000000..71f248eac2b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/DoubleItHTTPGet-fips.wsdl @@ -0,0 +1,119 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/server-fips.xml new file mode 100644 index 00000000000..707790300d0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/httpget/server-fips.xml @@ -0,0 +1,61 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/basic-auth-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/basic-auth-policy-fips.xml new file mode 100644 index 00000000000..756a712abd6 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/basic-auth-policy-fips.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/clean-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/clean-policy-fips.xml new file mode 100644 index 00000000000..48c584b2cdc --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/clean-policy-fips.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client-fips.xml new file mode 100644 index 00000000000..154b50660fd --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/client-fips.xml @@ -0,0 +1,148 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + alice + password + Basic + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/digest-auth-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/digest-auth-policy-fips.xml new file mode 100644 index 00000000000..9ed53dfd6e5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/digest-auth-policy-fips.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy-fips.xml new file mode 100644 index 00000000000..7100c1c99cd --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/nochild-policy-fips.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/req-client-cert-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/req-client-cert-policy-fips.xml new file mode 100644 index 00000000000..a6a2e606b25 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/req-client-cert-policy-fips.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server-fips.xml new file mode 100644 index 00000000000..79d1516f134 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/server-fips.xml @@ -0,0 +1,107 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server-fips.xml new file mode 100644 index 00000000000..68ce11dbf21 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/https/stax-server-fips.xml @@ -0,0 +1,128 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom-fips.wsdl new file mode 100644 index 00000000000..00680710b9b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/DoubleItMtom-fips.wsdl @@ -0,0 +1,312 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server-fips.xml new file mode 100644 index 00000000000..79fce226b68 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/server-fips.xml @@ -0,0 +1,184 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/stax-server-fips.xml new file mode 100644 index 00000000000..8a1e7c0f168 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/mtom/stax-server-fips.xml @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/addr-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/addr-policy-fips.xml new file mode 100644 index 00000000000..684482fba5c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/addr-policy-fips.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-elements-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-elements-policy-fips.xml new file mode 100644 index 00000000000..e2583c0d01b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-elements-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsa:ToTo + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-parts-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-parts-policy-fips.xml new file mode 100644 index 00000000000..ed3f6191048 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/bad-req-parts-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client-fips.xml new file mode 100644 index 00000000000..1c2b1ffcf6f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/client-fips.xml @@ -0,0 +1,355 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy-fips.xml new file mode 100644 index 00000000000..a99bae40ffa --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/content-encrypted-elements-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsa:To + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-addr-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-addr-policy-fips.xml new file mode 100644 index 00000000000..b8c2a064d67 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-addr-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy-fips.xml new file mode 100644 index 00000000000..0e11cf540a7 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-attachments-policy-fips.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-body-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-body-policy-fips.xml new file mode 100644 index 00000000000..208930d3c05 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-body-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-elements-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-elements-policy-fips.xml new file mode 100644 index 00000000000..f6890708260 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-elements-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsa:To + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-parts-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-parts-policy-fips.xml new file mode 100644 index 00000000000..01fde06aa9f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/encrypted-parts-policy-fips.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy-fips.xml new file mode 100644 index 00000000000..4cbb029e1f0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/multiple-encrypted-elements-policy-fips.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsa:To + //example1:DoubleIt + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-elements-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-elements-policy-fips.xml new file mode 100644 index 00000000000..1a7fc4b9752 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-elements-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsa:To + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-parts-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-parts-policy-fips.xml new file mode 100644 index 00000000000..c00cc24867a --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/req-parts-policy-fips.xml @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server-fips.xml new file mode 100644 index 00000000000..8e711ef9013 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/server-fips.xml @@ -0,0 +1,344 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-addr-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-addr-policy-fips.xml new file mode 100644 index 00000000000..f2b8f9cb79d --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-addr-policy-fips.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-attachments-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-attachments-policy-fips.xml new file mode 100644 index 00000000000..c1a65a94fa4 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-attachments-policy-fips.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-body-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-body-policy-fips.xml new file mode 100644 index 00000000000..684482fba5c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-body-policy-fips.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-elements-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-elements-policy-fips.xml new file mode 100644 index 00000000000..705b08c9abe --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-elements-policy-fips.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsa:To + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-parts-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-parts-policy-fips.xml new file mode 100644 index 00000000000..6e2e0e7a99f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/signed-parts-policy-fips.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/stax-server-fips.xml new file mode 100644 index 00000000000..2de178ddf29 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/parts/stax-server-fips.xml @@ -0,0 +1,349 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword-fips.wsdl new file mode 100644 index 00000000000..7fe7447dafe --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/DoubleItPassword-fips.wsdl @@ -0,0 +1,194 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server-fips.xml new file mode 100644 index 00000000000..77eaa68174e --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/password/server-fips.xml @@ -0,0 +1,75 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-bus-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-bus-fips.xml new file mode 100644 index 00000000000..d05930b3823 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-bus-fips.xml @@ -0,0 +1,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-fips.xml new file mode 100644 index 00000000000..dc5029179fd --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/client-fips.xml @@ -0,0 +1,265 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/javafirstserver-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/javafirstserver-fips.xml new file mode 100644 index 00000000000..6ed50686cd5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/javafirstserver-fips.xml @@ -0,0 +1,235 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/DoubleItPolicyOperation-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/DoubleItPolicyOperation-fips.wsdl new file mode 100644 index 00000000000..da9056d1d68 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/DoubleItPolicyOperation-fips.wsdl @@ -0,0 +1,101 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/server-fips.xml new file mode 100644 index 00000000000..2879b3d51d1 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/operation/server-fips.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server-fips.xml new file mode 100644 index 00000000000..0e2d68f0727 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/policy/server-fips.xml @@ -0,0 +1,260 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml-fips.wsdl new file mode 100644 index 00000000000..ee66eb64b62 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/DoubleItSaml-fips.wsdl @@ -0,0 +1,1210 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsse:Security/saml1:Assertion + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsse:Security/saml2:Assertion + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy-fips.xml new file mode 100644 index 00000000000..658378b8460 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-asym-policy-fips.xml @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-tls-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-tls-policy-fips.xml new file mode 100644 index 00000000000..10351b5d264 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/clean-tls-policy-fips.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client-fips.xml new file mode 100644 index 00000000000..4f01194a681 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/client-fips.xml @@ -0,0 +1,242 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml1-tls-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml1-tls-policy-fips.xml new file mode 100644 index 00000000000..d37aadada3c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml1-tls-policy-fips.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml2-asym-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml2-asym-policy-fips.xml new file mode 100644 index 00000000000..e54e7390df6 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/saml2-asym-policy-fips.xml @@ -0,0 +1,58 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server-fips.xml new file mode 100644 index 00000000000..8f0200b353e --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/server-fips.xml @@ -0,0 +1,310 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server-fips.xml new file mode 100644 index 00000000000..0b22f5a9861 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/stax-server-fips.xml @@ -0,0 +1,338 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/DoubleItSamlSubjectConf-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/DoubleItSamlSubjectConf-fips.wsdl new file mode 100644 index 00000000000..6a1e21cce06 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/DoubleItSamlSubjectConf-fips.wsdl @@ -0,0 +1,109 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/server-fips.xml new file mode 100644 index 00000000000..eb3f9652141 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/server-fips.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server-fips.xml new file mode 100644 index 00000000000..5f8fe820be7 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/saml/subjectconf/stax-server-fips.xml @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt-fips.wsdl new file mode 100644 index 00000000000..a741de82325 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/DoubleIt-fips.wsdl @@ -0,0 +1,922 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + //example1:DoubleIt/numberToDouble + + + //example1:DoubleIt/numberToDouble + + + wsse:Security + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/client-fips.xml new file mode 100644 index 00000000000..9dc4916156a --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/client-fips.xml @@ -0,0 +1,78 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/server-fips.xml new file mode 100644 index 00000000000..efade96886e --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/server-fips.xml @@ -0,0 +1,114 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/stax-server-fips.xml new file mode 100644 index 00000000000..df3713abe12 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/stax-server-fips.xml @@ -0,0 +1,114 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa-fips.wsdl new file mode 100644 index 00000000000..d77f674d59d --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/DoubleItSwa-fips.wsdl @@ -0,0 +1,392 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server-fips.xml new file mode 100644 index 00000000000..05c5d617cff --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/policy-server-fips.xml @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/server-fips.xml new file mode 100644 index 00000000000..022499d55a8 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/server-fips.xml @@ -0,0 +1,192 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server-fips.xml new file mode 100644 index 00000000000..da9b4ea5fc4 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/swa/stax-policy-server-fips.xml @@ -0,0 +1,124 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server-fips.xml new file mode 100644 index 00000000000..8be85bcbe27 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/bst-server-fips.xml @@ -0,0 +1,44 @@ + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client-fips.xml new file mode 100644 index 00000000000..4b96dffe9f6 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/client-fips.xml @@ -0,0 +1,184 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/encrypted-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/encrypted-supp-token-policy-fips.xml new file mode 100644 index 00000000000..b999d76b83c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/encrypted-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-client-fips.xml new file mode 100644 index 00000000000..92a7dd88757 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-client-fips.xml @@ -0,0 +1,124 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-server-fips.xml new file mode 100644 index 00000000000..70e2d9f481f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-server-fips.xml @@ -0,0 +1,119 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-x509-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-x509-supp-token-policy-fips.xml new file mode 100644 index 00000000000..30746369d08 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/endorsing-x509-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/server-fips.xml new file mode 100644 index 00000000000..873e811f936 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/server-fips.xml @@ -0,0 +1,158 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-encrypted-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-encrypted-supp-token-policy-fips.xml new file mode 100644 index 00000000000..4c28feac36f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-encrypted-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-endorsing-x509-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-endorsing-x509-supp-token-policy-fips.xml new file mode 100644 index 00000000000..13f8d81a56a --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-endorsing-x509-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-supp-token-policy-fips.xml new file mode 100644 index 00000000000..41efb026258 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-x509-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-x509-supp-token-policy-fips.xml new file mode 100644 index 00000000000..2007da7f9e7 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/signed-x509-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-endorsing-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-endorsing-server-fips.xml new file mode 100644 index 00000000000..3069ee24fba --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-endorsing-server-fips.xml @@ -0,0 +1,125 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-server-fips.xml new file mode 100644 index 00000000000..792628d5f42 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/stax-server-fips.xml @@ -0,0 +1,167 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/supp-token-policy-fips.xml new file mode 100644 index 00000000000..abe3bca4568 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-client-fips.xml new file mode 100644 index 00000000000..dc5c93cbaa5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-client-fips.xml @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-server-fips.xml new file mode 100644 index 00000000000..43a19b193ee --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-server-fips.xml @@ -0,0 +1,80 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server-fips.xml new file mode 100644 index 00000000000..bc76628c709 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/tls-stax-server-fips.xml @@ -0,0 +1,82 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/x509-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/x509-supp-token-policy-fips.xml new file mode 100644 index 00000000000..57e45889475 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/tokens/x509-supp-token-policy-fips.xml @@ -0,0 +1,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt-fips.wsdl new file mode 100644 index 00000000000..a8b14314efd --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUt-fips.wsdl @@ -0,0 +1,579 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived-fips.wsdl new file mode 100644 index 00000000000..e7c4e4de858 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/DoubleItUtDerived-fips.wsdl @@ -0,0 +1,462 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/clean-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/clean-policy-fips.xml new file mode 100644 index 00000000000..18fabb48bd2 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/clean-policy-fips.xml @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client-fips.xml new file mode 100644 index 00000000000..26ffb88ef53 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/client-fips.xml @@ -0,0 +1,215 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/created-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/created-policy-fips.xml new file mode 100644 index 00000000000..9d55955bf81 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/created-policy-fips.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/hash-pass-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/hash-pass-policy-fips.xml new file mode 100644 index 00000000000..d66fcb40872 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/hash-pass-policy-fips.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/no-pass-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/no-pass-policy-fips.xml new file mode 100644 index 00000000000..486db37e853 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/no-pass-policy-fips.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/nonce-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/nonce-policy-fips.xml new file mode 100644 index 00000000000..1caa2d0f578 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/nonce-policy-fips.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-policy-fips.xml new file mode 100644 index 00000000000..d03a19b060b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-policy-fips.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy-fips.xml new file mode 100644 index 00000000000..0d739cd87b6 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/plaintext-pass-timestamp-policy-fips.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-client-fips.xml new file mode 100644 index 00000000000..1133adc6c25 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-client-fips.xml @@ -0,0 +1,184 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-server-fips.xml new file mode 100644 index 00000000000..d5d77f19dd9 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/policy-server-fips.xml @@ -0,0 +1,183 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived-fips.xml new file mode 100644 index 00000000000..e8bc4ee7db5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-derived-fips.xml @@ -0,0 +1,98 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-fips.xml new file mode 100644 index 00000000000..1f8e5ff1c2c --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server-fips.xml @@ -0,0 +1,220 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-policy-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-policy-server-fips.xml new file mode 100644 index 00000000000..a95a12926c0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-policy-server-fips.xml @@ -0,0 +1,196 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server-fips.xml new file mode 100644 index 00000000000..45cacb1c8e5 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/stax-server-fips.xml @@ -0,0 +1,233 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/supp-token-policy-fips.xml new file mode 100644 index 00000000000..d03a19b060b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/supp-token-policy-fips.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC-fips.wsdl new file mode 100644 index 00000000000..5e887a07a8e --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/DoubleItWSSC-fips.wsdl @@ -0,0 +1,369 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server-fips.xml new file mode 100644 index 00000000000..bcc19b281de --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssc/unit-server-fips.xml @@ -0,0 +1,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite-fips.xml new file mode 100644 index 00000000000..daeb0a1ffd3 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_customAlgorithmSuite-fips.xml @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server-fips.xml new file mode 100644 index 00000000000..091b04be2b2 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server-fips.xml @@ -0,0 +1,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite-fips.xml new file mode 100644 index 00000000000..7db5f3f2745 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_customAlgorithmSuite-fips.xml @@ -0,0 +1,112 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted-fips.xml new file mode 100644 index 00000000000..05a67f075f1 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted-fips.xml @@ -0,0 +1,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server-fips.xml new file mode 100644 index 00000000000..26711858802 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server-fips.xml @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite-fips.xml new file mode 100644 index 00000000000..c748dcc570d --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_customAlgorithmSuite-fips.xml @@ -0,0 +1,116 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_restricted-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_restricted-fips.xml new file mode 100644 index 00000000000..0d17107290a --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/stax-server_restricted-fips.xml @@ -0,0 +1,99 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations-fips.wsdl new file mode 100644 index 00000000000..0fde92326d8 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItOperations-fips.wsdl @@ -0,0 +1,116 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509-fips.wsdl new file mode 100644 index 00000000000..669195fd0d2 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509-fips.wsdl @@ -0,0 +1,2099 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Header/wsaws:ReplyTo + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Body + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Body + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Addressing-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Addressing-fips.wsdl new file mode 100644 index 00000000000..7a9e9928e88 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Addressing-fips.wsdl @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature-fips.wsdl new file mode 100644 index 00000000000..2c0d79510b1 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/DoubleItX509Signature-fips.wsdl @@ -0,0 +1,388 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Signature_Encryption_Policy + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/clean-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/clean-policy-fips.xml new file mode 100644 index 00000000000..880c8ec24f7 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/clean-policy-fips.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client-fips.xml new file mode 100644 index 00000000000..47ef29f796f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/client-fips.xml @@ -0,0 +1,471 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/end-supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/end-supp-token-policy-fips.xml new file mode 100644 index 00000000000..c50581496b9 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/end-supp-token-policy-fips.xml @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/intermediary-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/intermediary-fips.xml new file mode 100644 index 00000000000..d0ed342bc3b --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/intermediary-fips.xml @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/jaxws-client-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/jaxws-client-fips.xml new file mode 100644 index 00000000000..9bd3ae40875 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/jaxws-client-fips.xml @@ -0,0 +1,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server-fips.xml new file mode 100644 index 00000000000..96bb89ebe3d --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/server-fips.xml @@ -0,0 +1,433 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server-fips.xml new file mode 100644 index 00000000000..e4b740c835f --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/stax-server-fips.xml @@ -0,0 +1,484 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-pki-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-pki-policy-fips.xml new file mode 100644 index 00000000000..59f2b1f4c52 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-pki-policy-fips.xml @@ -0,0 +1,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-policy-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-policy-fips.xml new file mode 100644 index 00000000000..3a8f65eb923 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/x509/supp-token-policy-fips.xml @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS-fips.wsdl b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS-fips.wsdl new file mode 100644 index 00000000000..8d3c6c565eb --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/DoubleItXKMS-fips.wsdl @@ -0,0 +1,187 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Body + + + + + + + + + + + + + + + + + + + + + + + + /soap:Envelope/soap:Body + + + + + + + + diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/server-fips.xml new file mode 100644 index 00000000000..5039999078e --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/server-fips.xml @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/stax-server-fips.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/stax-server-fips.xml new file mode 100644 index 00000000000..956c77154d0 --- /dev/null +++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/xkms/stax-server-fips.xml @@ -0,0 +1,57 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl new file mode 100644 index 00000000000..a6c29bd82d6 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation-fips.wsdl @@ -0,0 +1,127 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation_policy-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation_policy-fips.wsdl new file mode 100644 index 00000000000..25157b52c9b --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssc/WSSecureConversation_policy-fips.wsdl @@ -0,0 +1,3811 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl new file mode 100644 index 00000000000..9c819c9941f --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10-fips.wsdl @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_policy_restricted_hashed-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_policy_restricted_hashed-fips.wsdl new file mode 100644 index 00000000000..c4ffad2e006 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_policy_restricted_hashed-fips.wsdl @@ -0,0 +1,79 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_restricted_hashed-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_restricted_hashed-fips.wsdl new file mode 100644 index 00000000000..7d164251c90 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_12_restricted_hashed-fips.wsdl @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy-fips.wsdl new file mode 100644 index 00000000000..1a16fbee7f2 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy-fips.wsdl @@ -0,0 +1,326 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy_restricted-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy_restricted-fips.wsdl new file mode 100644 index 00000000000..e894921c4ef --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_policy_restricted-fips.wsdl @@ -0,0 +1,325 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl new file mode 100644 index 00000000000..0ef90cb2760 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec10/WsSecurity10_restricted-fips.wsdl @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl new file mode 100644 index 00000000000..ff2af795fd1 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11-fips.wsdl @@ -0,0 +1,139 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy-fips.wsdl new file mode 100644 index 00000000000..b373f07ce2e --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy-fips.wsdl @@ -0,0 +1,2052 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy_restricted-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy_restricted-fips.wsdl new file mode 100644 index 00000000000..405141e7ed6 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_policy_restricted-fips.wsdl @@ -0,0 +1,2052 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl new file mode 100644 index 00000000000..bbbd66c94d3 --- /dev/null +++ b/systests/ws-security/src/test/resources/wsdl_systest_wssec/wssec11/WsSecurity11_restricted-fips.wsdl @@ -0,0 +1,139 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/testutils/src/test/resources/keys/Bethal-fips.p12 b/testutils/src/test/resources/keys/Bethal-fips.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f8b1b769792ba829f16f0f7d75bfa3a057ba50ce GIT binary patch literal 5581 zcmZ9PWmFW5v&LE2g(VfFyHjMz1tgbTLYD53?pzQhT~MS&LQ*;;K$)-uK@7Va}ZAnR&kc&I|-aF^mnsfuJbDaPfKHs=mD>2H*j5P!vcYio)}+?FvDG z693N#6b?jzLjT%Gzq#$(vN+Jje5KJAJ&bp+{ z^c5Q$j0Iu9#kYE^3b4Zg0(gNBtyda@=DR&QqF>%<-fiZ315v<9vhmQ`>}IHBmjPB# z`#c7#$mNCwrmC=Q%zsOVXaAOoDcd~q}t5yD!>@U>1( zusC5Weq-$1etvb6YToB#f?*^>IJfGt@XP4g%MMe)(T+IGL=u#l>nknNBk9K-`B{ZN z=kPWd`xPhbd==$Y}AedfZ5? zcyDqq&R2Pq*>N)K%Ea*Qm%A@mbi8$w&=GZ8?RzU+5aW?qoS3&AJg+CwoYiDM{-d_o z_O3RtX&6nSzgNF=zXG@m!jUC(_b+oO?Univ$6hhtb6>@ZysaeJ7#c~~mG?UT$#x2S zsKp9QK;HpFO~80xa&p}uUnE$Ml}Zv@qCZg>Dv-$vRMn$g%b1;iIlbiZ^E&-P&b1Ra zN%jOb!9*5CP>L2Q3DClJ_c9$IyvGEtF!V%LR)a{1$o6qF3qZdgE-p3Qyz04PE7rt1 zYNWWGl!d>UHd7*ZFLeKyt5qcjPBavWg1#&;U(-M8+hKsA!hf^tn>T-0P6 zn#;VG+fkQSX|gO}9@V^+8t=~*GBfSOkHv>h%r=^B^WMdaG+J=sHivRN4RLC~nv4M# zM&Wj~usq(_mN8kw$al>U~KQM}zep0~+{8GI-?)X|0EIBb>NcCbw1ZJMMa_IoaI)oWT%S! zv+MLi&zO$6QNX=2+U9}pO02=rtUqiSL7+AX2dWhc4XOcMIAqaM2hg>5O&(Hy`vT$Y zQk5TG4_LqE$hL5Yjk(~slRso*m9=T0YuJMv7miYZ67DVBY3 zyOKZC3dhw|?&tJ_Pn%WcRG)FQnCyaP;->MPWX2w;Af!JKG0uE1e_(QGjLd5#LoJK7#74`e#ygg$c4R1pePLQoH;{#nDr%|Sir`D=Ax1F-(K#(yUO zi2Xm}FN=*K;{Qq_2p^Dq0hd!zoQc2lQ7W^F@+X5f#nh#&|8N-_zziY61^+kQvGG9v zAJjEp%jl8=DZS+~vSAeUc8Q^=2Xb?smRu9ki8?bkOx;i1XANaJ_6QH(gJ;>2Fl4>M zJ5#NLDGFCXvlKR%N>`Z>QtD;PiHONETg=0KXj`>1DTliJ*ZQB;x=0lfyV$L=aP-gl z*bc(|e$7#e5=u8@(9g_zuSc;T_|?5I;`W={z&04`F4e(Co{#Xmcgq=JFGZOhHM9Kl z9EfSR)IMUsCkR3}pCR{qC&tc_peBOe8lOkAr?WB*c1E8mB1B@Q)*!kGA}xfFoDp?E zYXP>ne3>CpoVFKJQf;T+HIlJjT)zTfQ$JbTH*dgWclA`3YPM$eg&(QKXkG{5)*Og= zJj~9;b;^Zq@k4PKVIp>Hfx7S$Y`FgHVkrK^sqQ#A;V)&%+?Mizl8BTTCO8+o_b0jf zjzc-3jVSzMO}pTB-r&+Kla)|6&HFl~hliCG=gRBO=YGszDVtCx!IFZ8UWO0h0vZtjG z#+4ajbWr7cv6YsNzgFzJ+DqH}`N)+!qDA1l)8{n)e0opf9?U~Uo-_1{4nv=p(nNp2 z$?=#CC#A>?|%T1sFq+$ zl>uIVToTt(rS5*@8OdI&3x{w(ybV z=vlS?A~)hdP7yJJb;a|t1ntVHuj+SyNcaAH`O1gMDrbw**ICwf1@?&R;wpZ<{7n#{ z;M6|XTVO7wFX@mcl2u(Ubqx4pMJ_ye99PURXUyFOAoJ)N9m4o=&*mW7yg%~ok_*Si zE8wcBh|JRb_F?F>2x?ac=HbwmXt%tBp$Z&)5o>vDKb0=t04>uqT68mPq};BU-Dc6j zrM`OZe%`#(EfEnfBnyKSsGHcTln94uM8~S7jZ7GnIj`gmM4j%%4JK_xV%@4NHE748 zrfQ<1-^R*+OPgC|^E-@ijvO4v%b{p{TT$e9h9Fvwl3^jb)L=hV?XunZEx+ zgwF6Q2yC1$-9_Y5Usf2sZp#spEVXjdd)}~$HSJm=y|yiw&%+;GtdK2s&sQ_P^ywyx zgC_bdONJh5TAWDZO55slS|Pw&K$_m@$?X@w0~Lw5DXnP?;38&V)=MP^FvlGT%OS;d z)^akKo^&Im8sYbn1Twqgtlj=%2oBvC-?>uO)_a||sfC6?X!FXV_xww&Bhrbtj?!Ty zmb*8v+AjFa{ks3Kk<*V8!4+OGmnt!t)zkaWbT9kz^^$@e$(5594SX@4?w#aDUw!;X zrLSK)2q#rY*;SMS&xGQ9ObHJjS;ngpmYb9&J`EP{X(((YL1cT6mY`ZPe@tHt2%b83vNqj|fF$1p&Y4Sy zS-;h%4J4x$Y|OHDl(BsF?A;j|LU&2L(k*CwG0Oj=Sl+X$9tDjkf-lUn?9+FEou zB|Nh$&X!7enm2;cJbmys7naibsm|Si@Y^n=z&^?FLt)RtZkq{2kwO7ub2qHYG}{Yy zB%@g4M$mlNlHB-yTzjAh=XQsRAizoH@t~A>kBNeq*n8HDK<+bIN9nY9(7?uKQB<(x zNQaGacrTRi$!QRX$Ie?gu*ZyJe|ZbFaFDon^hmwZVwX1om@<37YzH;XR@HaaGhn{> z1qdy|vBcPF4GCZU%JX^0bOkSL1wb`QdzR@B3ex7W0}7C#yn;6A>B+X;0wBLIm5vv( zX0SdRoMN92{kb=uvD$@2pwaUuDXEIJDVC?S^k=B=48wAqjBD`}dls)i3hb2x5#Pb` z(&Te~62J@h#Z5y>H!Aki{Uj|7s{7BghZ{6@iAHRcg%R{q>TWJcl2=h&p~@cFDedbQ zag#$n{a^lgd;c1Ua1rCQivPiqhx$X2+$!B>Qf5IAl((Mv>TLVc{8BbRiyIVdk{W}y zb##zl9w#2M-&A;69~gXV8@re7xL52&#qd#o^W@?kX+Zy=!Ak-BX5&FwI{VDotBfV& zs-A;kQa*WAh8{VG`)P;o+@CA{G;ono+N++sRSd9b-7s;%j=9sV3XF=&5)BuNik;#L z6XD;o_8dH<$xjDUxAQ4kkvE@bv89Z;|7qauspkT9uR5QX4!ae{9bXi?VSZg%y86UD z-N!yJE-FqhY8FwG6a~3CSf&&Zh38@yLOiX9Ut`gMD#|nU>gdw8#Y=#{Pd>%)?$Hcj z$9M7dNw3T!A@QeHbg^KXR4{)vLrPZLbm4M=BNO3js=gq`d>5Cp?uOKgFqN^@Y)1S# z6P=^cca$~pRrDLtSbZ8T6z$eb*PO)4?vyw3!~lA|8_RqvsDW+x&gs}=x`MS?Fsvyz zLzHmivm#l%E%Z%wfp<-Z5<8TN^Y?2~(+YrUU!Qlm@x_>aaBO)FJ>$4z%JfZs$~QPW z^G3lz4c!-r7&m$>>h&XEV`EN9mj(fC{suh%y{Y48d|j&d^}(9UInZ4s2cK9I;(|s4 z{^93w?V27-EscX73AW7M>Kk{ODRjTQQ_@hke0s#yXx4i(l&*`vkAvY3Sj%dw&%xSC zQN%_VHzLg!-d0+kDEU40T-l7`T5p2BkqWHBxcgM@2WQN##yAx<9bm&qXtU_oERsRL z=PD)Z>`mBo$9b)rpi(z}e$CjNb9`>w(KDUl+I9mi+0_SLqBJ!M;dJm2IsU+2`3`$_ zHFdD9i}T)$>^n2==E^Ct-(KyeFUGX^HeUsQYs-tPi8Kzrw(=<$;39;-(Lub*cRTMf}iuhhTmxh-`V`Kc_-1ogt@MjJ@C z{8lX$&|_jqct;~SSVM-^wpV*nuUoXzWcv zLzGokl=ZCE-(RnDtYLhNR~qHDH~I=bJ8J@l(4^c987e!*z5(7${O!|1I?7AHux9*+ zL0!u34>odF!{^{Wt-#x-p2CDfD#uQTf5gG;Wwt$Nt88wLr$zky(nH66AI9(FuhZ{# zYmV+U<@R``2sFP8-R>;SOxQ}U61sy}P;eeT$6L9{{aZ7U#Y|y8LrEJ7W#khAfB39K z)oZE%1ilH>g)HKQ7pJjXuQBL57l~Q0A$Ni$|L^6G?6sG5-%cZSu6z^8XkallS0>8X zo%cL?DzxUv&qRWoZNq&$W*KUiVWou3sgbX&Thdts6YN^fqA8tCzZSKOkWNU*QCVp` z_R#Pi*Fhvo3>kjgu{~Swu?9!I*mW!%Xf+l;=pxAihDu4qLAY!hBG+f%-$D{HDSQTnb&KKT%H zV|HoM;C$bAhcjF)N-kTY%W+N!~|!mueN1TZg4l{S{gIzHB_qEC?2IiZxs{`+FQ5U zje-5AX!9}st2bD?KO|Y+@c^32U@1kWl(cvt{5&%B$`)6U=vs$04U|L=-roX{yzLzt z|4=FUv%%<|6}}72OLX6Z#|gB&-`}v}S1RrZ zbtw3}qpsc{R&kfAE-we=@2wM&X%^gsGxX0>3aif6I~21>uV^JD!aJ=_gC^n4^lsYmYGYCa8SX@uo(}nwuI2?dT}$~r zf-<2LYitDgkc8gT#8fdTRkN&YLdCX|OYs|2Vy>aZo{NI^(vWUW;(4aUY8iszt$AD* z_6^tBDGBU5GS<1%i(Y;v>PqrUhXE$>Y!5EvU(6F%db| n*R+y3c9-6qhCp(eBq!eZ$ry5#eaEc1Nwp><<8<_YUiSY2=EZu` literal 0 HcmV?d00001 diff --git a/testutils/src/test/resources/keys/Morpit-fips.p12 b/testutils/src/test/resources/keys/Morpit-fips.p12 new file mode 100644 index 0000000000000000000000000000000000000000..f8cd5cd4fb828098066efd2b3fa77e2564533d11 GIT binary patch literal 5581 zcmZ9PWmFW7w#9*gp?l~S7;<2!0qGeUX$7RayFnOYq*J6j1nKS&q)S>rkWjioq@;ZR zyWU&(zV|+yb=Kbd?61GI4irT(hJg-%qA1=1ak(RvBX0=NvC#`r6yBI93ip3(XDA9Q z<^M!j;g~3_(0}Zpf5sn(|357PJamjg6c+10CKFWU-wiB6s3er`Kav1Sgo#twLTSBR z^{y5J0|yPt0K_$qR7SS}V4`zll8^vIX?ZvH@t=2v7+uJhL}8*ZXPQV%>$9C7KtmB) zA9ZdP8JIYK$9wDzMW{bK%|L3{H+B?9=N+vr6$t5hv`&X(GIoM8v#>Nw2cP`8(#xx_ zL9pc{&vd@=6?rtpxaOrhR^y~HX*(R2XzPfky8r=hCF38?cD$#r6#6L4dHSCuEut4K z?+?+qOy~ccx$jZ0o60e$d`{GR zPRPMM{G=Y8QNGS->_}*@S6B&7<*HS*G>BZNw#Kvx{2@rTmW|Ia))E*IGq#X^RtInj z)`QMe2CnD69fzlns;b`;(#z+sx_1G3qNjy~av^Ydf}8f7V_U}7cT~5AL7ni>uc@&N zQjI1xo>8fLNa~_{6RX3KZ5cRAGkU z)1223)-P*)zaJK?g!!B~u0w&4%U_8MVzqlx;RhaaOMar++|yi92*RUpAU(dau{s-3 z3wbGzEZe3Eg2bSO-RTr>&ll`gpi?`mETv=QQq1qKv)-bcW0CN15S!P$1mXOLTZkfa zNa&^+Wa0V^3n?Q!cLE16O$>%NdQivb4S*T3J9pS(fq9TL=E?C{((TsmA{?iSiq-%x zwft}O#h3HF22Q@t@2C@M8E$(=UPwP+uX~W54@Zr1(;c?ipQ+Sx&dITH`q5tbud__j zf}((cFVx5Vw$_w8!GX^Y+Fi=zm72l=&p)1A~jc&-(?bi$R6O3^>{Z3vinUsWt)uEw2 zpYa92I)=%1=7NT$`@=%z3ew%BJdkE)EUl6oQEFIhekKOnGpUBqv$vq2OZa(%2`gOH8dH zs-ivT_~`tt=~fBMojHP$AgqAMRp>gwSE;!>Wt-gBZO_NqcM_g_5|YuMZh^a7~EqxOx?#3=MJH-;WJwO z#pWK|Ti($VQsYctJ0wUrtKu=tQosBc92$@Zb^YX7V0)SvSxCCqYPxjm5rBuRt<^vO zW&j(~@bo~%Ze-cOXvL189q#Ls&#fUSEy%pSu4TNR!{vHJXTMi$3FpJk={n6E*mLNbtOfj!=ZotKBOMm^0ucpK~coB|31S87NUsz|FL>7(9!-`ZU0Hop|<}P z|FGBqD)t{q0Oi31`GksGj_KS!#6NClNN5DsIUvqq|Kc(RIy002i1Xic$H2z=|DbLR z{yA^(z+9!*3xk{c{-zE^5zF@PXqOKhzu#tQKMZwyd($`xX9dNsHCRr+YezXGXOaG$ zTXfs`R-K{u9Ra>|v`t?rzTR@yk~AT>KH3aJAlTNh+R@KqLei@oC*EP(NwZQH`8ytF z+jI+_6%s2n+e8oM$bQYA%Z2nupG^}R*f6IZWfRV^H%d{(vfjtBz|&;NA7mD1Z+aPv z@k|R80__GTi<1=W)ILk_zeLvEV!TDiA(+;xulR#;3D{0=ThdSV&-;UqIv@*|x>efI zldVXjuGls&4)fRrN2$!+n}4|_eQrxqfzQLJnzWIzU}a*W@YWyUqjuAiG|V(-+!%77 zewpZdLog|@4q6~p7w;(JG^(q_Y+hf9A?dA5{nA~;A;9_4)`(R_>*HkE^6QE7y}Z2b z-2LIo3kLeVzUpDYrQv4DWiev^Hqlqc2%g=n2ZlE~R=LF7u;|NSpi#Dk*q*IfSoefX zpLg@xLUQWPTear!R)c|=XhHnt2U97v55h<>5F3qL7PXWu4^F92qRaY?bqg9(zCZV! zgO~0_1`JUtHY}UtPO+kX~U{OE!o#Y7IQnIjQnBSf)L-~)PDSn{4s3@{S48=}LXeX+l?N#*JmD3m}F=BKIE_+{Io)&DN1P&wFNc;ae-%8{C_i zsFOfXD!J>p(Xv-sbn_qApQU!m(ta^_Iq$hqHB&pTj)z+Q320VpTPSvNTJ{;D;d<%S zJ=)#2i`=t`<6;66L_>t%V!%hYuCmJwU1E>$YG5zd8JKufuuNH|r>!?UdV1_o<2B1i zL1x+P+^nfF-*_8YMkCTCcf5QZa2*LmpZD{jH)X&Sirl_hal4>vh}38L^TFc3l&H&_ z`^NL7M-eS``ulyP_quc*bNnD^A$M70#;G-K^haAu@%^N^i?>g|RLrafvO#XaHsA!p zRi=VY+Qzpymx8YsQ+;-e(aT+u{&T|&9Lun#p{lu?&it8r*!;7=i*0AEv67D#;Igl3 zuV_{DtmkNPyN(X!)2F_HwG&fbiaB*33At;1mic^aIEZX6;1J@J?(a_T{&YmJkrvLa zA@ce6RymyGH^$E$yX-M7B^;S-Lsr?kLcX8AuGJJKF%0n2rbly|Q1V4Lj-fDhI)FZur^m2OC_4pv!IKmT6S*qzRI=t@jY9;y(2!O-1e|jtXXJ8mMNftAR=4>*C<0#* z10WzM9^*$cE#b4cln#p(^pouJdXhP5xX_2Z5Z1K|)<6o<@U%io^1$OhK>EEv{pQgX z{aDBsw7v3{NK#pOK@gTDxkzjcWLtcX9N$QP=VG+XW>t4HOXyn`Em`X(DoOO>FeQUj zJ}~PUAzkQ)wWv&{@08hEX}h<-dDRF}Ma}jH`4Bp)uD8W%Xq(wBcqBO%=@m@2gET$L zzrD-}*~*V1&wQF+7`KgQuSo~`6)e)S$Y1CN6<$fe&T(ETq*^-RA6`|RBl#|8CY*Vc zs1HoqOISg@hPgxhQ+;&Vk|avvUV_CQK*!9B%Dcf}5aMhTkaLIea_jQP+%F^e7Up+a zBSSiSwYguB7wBYEU;0Mgu(<-N#xKH?fK-IT^E63oXp%yVV+`KXHt!hqGt)#Ztk=y} z(GCmYIv2-}G^_Y#S?>n0fjJ+&=a3J!SwQ=+)};A^!K(A0qbz^h z(*2X{zLHg^Qg*7RSTqb$OD=Lx`O|z&6-4?^mlb#)4hnVn1s;pQUTsKBG{xiT04iAZ z1+suS?)oZxw_@)54(9x8{KTJ~=CwJ!2OV_)Bnr%Ees0^|3?Hwgb__l6+}@wXg1 zF)xZ!8Ky^sRTs0I7M8UdmMA<3TWddft*=^U$_7y`(i0EX1PmZuPcmL>=CF^8Fh-S=))Y zF@+Bi%&AK`G9^p}+o6fh?-z^PKSfFz7MLr#RFi+UNel~ZX}6Y}!_%%C{Wait0fCWI zZ=OP!&OHk2D4tUb)jwjh40fzyrkR5A!V(!Ql6_-QH1li-+!st#2AMaSB1mHc;s*vw zn*?Mj4APRF_?BYj>Z|z2w1E`$0@_h6!WU{Ix3cgV%Vi?Vn;%7S@(SDR$~ax#%-Y%I zJmb$><|-3IJTsN#hEk&oOKt)vD&wva$c$7@e^0atzT?v2DQ@Zw`_ZT4QD-c`Oyney za8mKAvg5e&Oc{;n*s7V9$i@&S{npybGLC)Rzf6Ld+x|_^#ny$=>T9{1&X*v46LJ+F z{0=J07Q#ocGI5YT`2?633-VpKUm<+tDeTWkQ|J|D5cVEl*xjeB$`ixqoKPP#5_;M7 zDF=43;K$vy`|`9py^I*i28?qu%!nHs7A5Y977;hE6&<}Y4z$*r;w&uwOYZy6<_egg zi1e%u>kof7zpq6o)9-qYjSf>$!%4rYP|@Q(tO^bnawLF9$lC=vLm1m`foh-L$!J;~ zd4ifyT0ZeAo(edE>|*6z+}s>lx3%Z&?E6?eG$e>%(WEWG|frm|;i!eYsLgk)&<_L8|nA+DRz^I7ozMSTlrovo=ck^FH&vM!0eH#wb#Y35KnZ01iLGBfxch zr%|02aJlkY-7Pn&{w`8nZUOX{KmTWCL7R|jjEbmc=>S2yvE7r=&zq{wXUq6num>F) z?G={QS*HiH0lRfOmt zgJk29oY#ej`^M_rkP@!1^#SHSkFUC7w}ctOEhohTuh{_SDeGvIE4=3j@=4 z0YUejO@LjjWhEvlw@xZbL8HAzwCbF&6i6FN&mD6;PJo!B z`oLKUrKdU&G;vwsq_-Zp>&s@&HB8g+!DXH!)iGK3lwtRE%8x+UOr6%BQH#J%+M9V+ z_J2v_sBaoFy@-m!g@hn$7x4t2bz(_c#nFb%Q7+yE*snU98VHoY3TFG#*tKbNLsjdU zqd|c+rF8ZzMT1gjI$tFzeDN3}*qHE<4ugnmm$$LxN{YNzc0yTcvN)+y*-L9O(hq>` zue5>u*8xLrajXI9i0eDpMm7}ujH{E~A(Y4=Tf;z^t_VmYRTC|@zM{?@-PFfK8o$q^Hkxzao4jFPy;&tyb z?}mH_S)i&bj%(LjyAi7F4Z1SwgF+n5XKMk@xpkj)*jro?Rq(2_r|2DiduTDo@SXfS z&D1n{$lkpW?Qu>=N#C5bysnjIrwQ29kB8v!H!fbIBNjgAD6f?Z*8AIa7bt$(nz-h;RGIhYJ zMucSkY(e)c)+?DruixH`Cy_6obl@GW*E4v=WR$pfmY~xn#(VNEPqipXt~6lb>%o(G z3@&POQpPJxA<0;sw>*1}0^@ma>z>GGnFG!mb^w3ZrYIN2dd@9kQf}?ssKf}HQvimm zE}isPN5K;EMt_^6KO~9&E*r^Bxp@l{&9=+Bq+f-)I}+6_XbH_n*OUnDN%F)ed|muf zA$)+Q3%qH!R^F_lUVP-(aloJR^X+~;eSMg31-|yieiu?<jKb0vp7Se?3g2 z7fD`^c+ezwP?$agG)u;ba>x-s=fMeqEc0IXswnbmP3j#)lHhGb$^)yuRL?V(#i^1` zb-C(k?#Wd^v{N*RRfJ#AGptwLR9wGn+EfyLks3Gc8lKV@|Wnj(B n*=bb~COP910uwYbvGk}tOYqp6@Hb3XKwR@87(Mr2FZ+K17fV&r literal 0 HcmV?d00001