cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r699060 [1/2] - in /cxf/trunk/rt/ws: addr/src/main/java/org/apache/cxf/ws/addressing/ security/src/main/java/org/apache/cxf/ws/security/policy/builders/ security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/ security/src/mai...
Date Thu, 25 Sep 2008 19:32:01 GMT
Author: dkulp
Date: Thu Sep 25 12:32:00 2008
New Revision: 699060

URL: http://svn.apache.org/viewvc?rev=699060&view=rev
Log:
Start getting SymetricBinding stuff working.   MS WCF InteropFest section 4.1 is now working.

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java   (with props)
Modified:
    cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/MAPAggregator.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/Trust10Builder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/MAPAggregator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/MAPAggregator.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/MAPAggregator.java (original)
+++ cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/MAPAggregator.java Thu Sep 25 12:32:00 2008
@@ -53,6 +53,7 @@
 import org.apache.cxf.service.model.UnwrappedOperationInfo;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
+import org.apache.cxf.ws.addressing.VersionTransformer.Names200408;
 import org.apache.cxf.ws.addressing.policy.MetadataConstants;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -681,10 +682,22 @@
 
         if (maps == null && isProviderContext) {
             maps = new AddressingPropertiesImpl();
+            setupNamespace(maps, message);
         }
         return maps;
     }
 
+    private void setupNamespace(AddressingPropertiesImpl maps, Message message) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        if (null == aim) {
+            return;
+        }
+        Collection<AssertionInfo> aic = aim.getAssertionInfo(MetadataConstants.USING_ADDRESSING_2004_QNAME);
+        if (aic != null && !aic.isEmpty()) {
+            maps.exposeAs(Names200408.WSA_NAMESPACE_NAME);
+        }
+    }
+    
     /**
      * Validate incoming MAPs
      * @param maps the incoming MAPs

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SymmetricBindingBuilder.java Thu Sep 25 12:32:00 2008
@@ -84,7 +84,8 @@
             assertion = (Assertion)iterator.next();
             name = assertion.getName();
 
-            if (!consts.getNamespace().equals(name.getNamespaceURI())) {
+            if (!consts.getNamespace().equals(name.getNamespaceURI())
+                && !SP12Constants.INSTANCE.getNamespace().equals(name.getNamespaceURI())) {
                 continue;
             }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/Trust10Builder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/Trust10Builder.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/Trust10Builder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/Trust10Builder.java Thu Sep 25 12:32:00 2008
@@ -29,7 +29,6 @@
 import org.apache.cxf.ws.policy.AssertionBuilder;
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.security.policy.SP11Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 
 
@@ -41,9 +40,9 @@
     public PolicyAssertion build(Element element)
         throws IllegalArgumentException {
 
-        element = DOMUtils.getFirstChildWithName(element, SPConstants.POLICY);
-
-        if (element == null) {
+        
+        element = DOMUtils.getFirstElement(element);
+        if (element == null || !element.getLocalName().equals("Policy")) {
             throw new IllegalArgumentException("Trust10 assertion doesn't contain any Policy");
         }
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Thu Sep 25 12:32:00 2008
@@ -40,6 +40,7 @@
         ASSERTION_TYPES.add(SP11Constants.ALGORITHM_SUITE);
         ASSERTION_TYPES.add(SP11Constants.WSS10);
         ASSERTION_TYPES.add(SP11Constants.WSS11);
+        ASSERTION_TYPES.add(SP11Constants.TRUST_10);
         ASSERTION_TYPES.add(SP11Constants.SIGNED_SUPPORTING_TOKENS);
         ASSERTION_TYPES.add(SP11Constants.USERNAME_TOKEN);
         ASSERTION_TYPES.add(SP11Constants.TRANSPORT_TOKEN);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java Thu Sep 25 12:32:00 2008
@@ -22,6 +22,7 @@
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamWriter;
 
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.neethi.All;
@@ -32,9 +33,7 @@
 public class SymmetricBinding extends SymmetricAsymmetricBindingBase {
 
     private EncryptionToken encryptionToken;
-
     private SignatureToken signatureToken;
-
     private ProtectionToken protectionToken;
 
     public SymmetricBinding(SPConstants version) {
@@ -103,40 +102,43 @@
         return SP12Constants.INSTANCE.getSymmetricBinding();
     }
     public PolicyComponent normalize() {
-        if (isNormalized()) {
-            return this;
-        }
-
-        AlgorithmSuite algorithmSuite = getAlgorithmSuite();
-
-        Policy policy = new Policy();
-        ExactlyOne exactlyOne = new ExactlyOne();
-
-        All wrapper = new All();
-        SymmetricBinding symmetricBinding = new SymmetricBinding(constants);
-
-        symmetricBinding.setAlgorithmSuite(algorithmSuite);
+        return this;
+    }
 
-        symmetricBinding.setEncryptionToken(getEncryptionToken());
-        symmetricBinding.setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
-        symmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
-        symmetricBinding.setLayout(getLayout());
-        symmetricBinding.setProtectionOrder(getProtectionOrder());
-        symmetricBinding.setProtectionToken(getProtectionToken());
-        symmetricBinding.setSignatureProtection(isSignatureProtection());
-        symmetricBinding.setSignatureToken(getSignatureToken());
-        symmetricBinding.setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
-        symmetricBinding.setSignedSupportingToken(getSignedSupportingToken());
-        symmetricBinding.setTokenProtection(isTokenProtection());
-
-        symmetricBinding.setNormalized(true);
-        wrapper.addPolicyComponent(symmetricBinding);
-        exactlyOne.addPolicyComponent(wrapper);
+    public Policy getPolicy() {
+        Policy p = new Policy();
+        ExactlyOne ea = new ExactlyOne();
+        p.addPolicyComponent(ea);
+        All all = new All();
+        
+        if (this.getProtectionToken() != null) {
+            all.addPolicyComponent(this.getProtectionToken());
+        }
+        if (this.getSignatureToken() != null) {
+            all.addPolicyComponent(this.getSignatureToken());
+        }
+        if (this.getEncryptionToken() != null) {
+            all.addPolicyComponent(this.getEncryptionToken());
+        }
+        if (isIncludeTimestamp()) {
+            all.addPolicyComponent(new PrimitiveAssertion(SP12Constants.INCLUDE_TIMESTAMP));
+        }
+        if (getLayout() != null) {
+            all.addPolicyComponent(getLayout());
+        }
 
-        policy.addPolicyComponent(exactlyOne);
-        return policy;
+        
+        ea.addPolicyComponent(all);
+        PolicyComponent pc = p.normalize(true);
+        if (pc instanceof Policy) {
+            return (Policy)pc;
+        } else {
+            p = new Policy();
+            p.addPolicyComponent(pc);
+            return p;
+        }
     }
-
+    
     public void serialize(XMLStreamWriter writer) throws XMLStreamException {
 
         String localname = getRealName().getLocalPart();

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=699060&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Thu Sep 25 12:32:00 2008
@@ -0,0 +1,132 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+
+/**
+ * 
+ */
+public class MemoryTokenStore implements TokenStore {
+
+    Map<String, SecurityToken> tokens = new ConcurrentHashMap<String, SecurityToken>();
+    
+    /** {@inheritDoc}*/
+    public void add(SecurityToken token) {
+        if (token != null && !StringUtils.isEmpty(token.getId())) {
+            tokens.put(token.getId(), token);
+        }
+    }
+
+    /** {@inheritDoc}*/
+    public void update(SecurityToken token) {
+        add(token);
+    }
+
+    public Collection<SecurityToken> getCancelledTokens() {
+        return getTokens(SecurityToken.State.CANCELLED);
+    }
+    public Collection<SecurityToken> getExpiredTokens() {
+        return getTokens(SecurityToken.State.EXPIRED);
+    }
+    public Collection<SecurityToken> getRenewedTokens() {
+        return getTokens(SecurityToken.State.RENEWED);
+    }
+    public Collection<String> getTokenIdentifiers() {
+        return tokens.keySet();
+    }
+
+    public Collection<SecurityToken> getValidTokens() {
+        Collection<SecurityToken> toks = getTokens(SecurityToken.State.ISSUED);
+        toks.addAll(getTokens(SecurityToken.State.RENEWED));
+        toks.addAll(getTokens(SecurityToken.State.UNKNOWN));
+        return toks;
+    }
+
+    public SecurityToken getToken(String id) {
+        processTokenExpiry();
+        
+        SecurityToken token = tokens.get(id);
+        if (token == null) {
+            for (SecurityToken t : tokens.values()) {
+                Element elem = t.getAttachedReference();
+                if (elem != null && id.equals(getIdFromSTR(elem))) {
+                    return t;
+                }
+                elem = t.getUnattachedReference();
+                if (elem != null && id.equals(getIdFromSTR(elem))) {
+                    return t;
+                }
+            }
+        }
+        return token;
+    }
+
+    
+    protected Collection<SecurityToken> getTokens(SecurityToken.State state) {
+        processTokenExpiry();
+        List<SecurityToken> t = new ArrayList<SecurityToken>();
+        for (SecurityToken token : tokens.values()) {
+            if (token.getState() == state) {
+                t.add(token);
+            }
+        }
+        return t;
+    }
+
+    protected void processTokenExpiry() {
+        for (SecurityToken token : tokens.values()) {
+            if (token.getExpires() != null 
+                && token.getExpires().getTimeInMillis() < System.currentTimeMillis()) {
+                token.setState(SecurityToken.State.EXPIRED);
+            }            
+        }
+    }
+    
+    public static String getIdFromSTR(Element str) {
+        Element child = DOMUtils.getFirstElement(str);
+        if (child == null) {
+            return null;
+        }
+        
+        if ("KeyInfo".equals(child.getLocalName())
+            && WSConstants.SIG_NS.equals(child.getNamespaceURI())) {
+            return DOMUtils.getContent(child);
+        } else if (Reference.TOKEN.getLocalPart().equals(child.getLocalName())
+            && Reference.TOKEN.getNamespaceURI().equals(child.getNamespaceURI())) {
+            return child.getAttribute("URI").substring(1);
+        }
+        return null;
+    }
+
+    
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=699060&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Thu Sep 25 12:32:00 2008
@@ -0,0 +1,349 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import java.util.Calendar;
+import java.util.Properties;
+
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.staxutils.StaxUtils;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.ws.security.WSConstants;
+
+
+/**
+ * 
+ */
+public class SecurityToken {
+    enum State {
+        UNKNOWN,
+        ISSUED, 
+        EXPIRED, 
+        CANCELLED, 
+        RENEWED
+    };
+    
+    /**
+     * Token identifier
+     */
+    private String id;
+    
+    /**
+     * Current state of the token
+     */
+    private State state = State.UNKNOWN;
+    
+    /**
+     * The actual token in its current state
+     */
+    private Element token;
+    
+    /**
+     * The token in its previous state
+     */
+    private Element previousToken;
+    
+    /**
+     * The RequestedAttachedReference element
+     * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows 
+     * an extensibility mechanism for wsse:SecurityTokenReference and 
+     * wsse:Reference. Hence we cannot limit to the 
+     * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and 
+     * the ValueType values.
+     */
+    private Element attachedReference;
+    
+    /**
+     * The RequestedUnattachedReference element
+     * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows 
+     * an extensibility mechanism for wsse:SecurityTokenRefence and 
+     * wsse:Reference. Hence we cannot limit to the 
+     * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and 
+     * the ValueType values.
+     */
+    private Element unattachedReference;
+    
+    /**
+     * A bag to hold any other properties
+     */
+    private Properties  properties;
+
+    /**
+     * A flag to assist the TokenStorage
+     */
+    private boolean changed;
+    
+    /**
+     * The secret associated with the Token
+     */
+    private byte[] secret;
+    
+    /**
+     * Created time
+     */
+    private Calendar created;
+    
+    /**
+     * Expiration time
+     */
+    private Calendar expires;
+    
+    /**
+     * Issuer end point address
+     */
+    private String issuerAddress;
+    
+    /**
+     * If an encrypted key, this contains the sha1 for the key
+     */
+    private String encrKeySha1Value;
+    
+    
+    public SecurityToken(String id, Calendar created, Calendar expires) {
+        this.id = id;
+        this.created = created;
+        this.expires = expires;
+    }
+    
+    public SecurityToken(String id,
+                 Element tokenElem,
+                 Calendar created,
+                 Calendar expires) {
+        this.id = id;
+        this.token = cloneElement(tokenElem);
+        this.created = created;
+        this.expires = expires;
+    }
+
+    public SecurityToken(String id,
+                 Element tokenElem,
+                 Element lifetimeElem) {
+        this.id = id;
+        this.token = cloneElement(tokenElem);
+        this.processLifeTime(lifetimeElem);
+    }
+    private static Element cloneElement(Element el) {
+        try {
+            W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+            StaxUtils.copy(el, writer);
+            return writer.getDocument().getDocumentElement();
+        } catch (Exception ex) {
+            //ignore
+        }
+        return el;
+    }
+    /**
+     * @param lifetimeElem
+     * @throws TrustException 
+     */
+    private void processLifeTime(Element lifetimeElem) {
+        try {
+            DatatypeFactory factory = DatatypeFactory.newInstance();
+            
+            Element createdElem = 
+                DOMUtils.getFirstChildWithName(lifetimeElem,
+                                                WSConstants.WSU_NS,
+                                                WSConstants.CREATED_LN);
+            this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
+                .toGregorianCalendar();
+
+            Element expiresElem = 
+                DOMUtils.getFirstChildWithName(lifetimeElem,
+                                                WSConstants.WSU_NS,
+                                                WSConstants.EXPIRES_LN);
+            this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
+                .toGregorianCalendar();
+        } catch (DatatypeConfigurationException e) {
+            //shouldn't happen
+        }
+    }
+
+    /**
+     * @return Returns the changed.
+     */
+    public boolean isChanged() {
+        return changed;
+    }
+
+    /**
+     * @param chnaged The changed to set.
+     */
+    public void setChanged(boolean chnaged) {
+        this.changed = chnaged;
+    }
+    
+    /**
+     * @return Returns the properties.
+     */
+    public Properties getProperties() {
+        return properties;
+    }
+
+    /**
+     * @param properties The properties to set.
+     */
+    public void setProperties(Properties properties) {
+        this.properties = properties;
+    }
+
+    /**
+     * @return Returns the state.
+     */
+    public State getState() {
+        return state;
+    }
+
+    /**
+     * @param state The state to set.
+     */
+    public void setState(State state) {
+        this.state = state;
+    }
+
+    /**
+     * @return Returns the token.
+     */
+    public Element getToken() {
+        return token;
+    }
+
+    /**
+     * @param token The token to set.
+     */
+    public void setToken(Element token) {
+        this.token = token;
+    }
+
+    /**
+     * @return Returns the id.
+     */
+    public String getId() {
+        return id;
+    }
+
+    /**
+     * @return Returns the presivousToken.
+     */
+    public Element getPreviousToken() {
+        return previousToken;
+    }
+
+    /**
+     * @param presivousToken The presivousToken to set.
+     */
+    public void setPreviousToken(Element previousToken) {
+        this.previousToken = cloneElement(previousToken);
+    }
+
+    /**
+     * @return Returns the secret.
+     */
+    public byte[] getSecret() {
+        return secret;
+    }
+
+    /**
+     * @param secret The secret to set.
+     */
+    public void setSecret(byte[] secret) {
+        this.secret = secret;
+    }
+
+    /**
+     * @return Returns the attachedReference.
+     */
+    public Element getAttachedReference() {
+        return attachedReference;
+    }
+
+    /**
+     * @param attachedReference The attachedReference to set.
+     */
+    public void setAttachedReference(Element attachedReference) {
+        if (attachedReference != null) {
+            this.attachedReference = cloneElement(attachedReference);
+        }
+    }
+
+    /**
+     * @return Returns the unattachedReference.
+     */
+    public Element getUnattachedReference() {
+        return unattachedReference;
+    }
+
+    /**
+     * @param unattachedReference The unattachedReference to set.
+     */
+    public void setUnattachedReference(Element unattachedReference) {
+        if (unattachedReference != null) {
+            this.unattachedReference = cloneElement(unattachedReference);
+        }
+    }
+
+    /**
+     * @return Returns the created.
+     */
+    public Calendar getCreated() {
+        return created;
+    }
+
+    /**
+     * @return Returns the expires.
+     */
+    public Calendar getExpires() {
+        return expires;
+    }
+
+    /**
+     * @param expires The expires to set.
+     */
+    public void setExpires(Calendar expires) {
+        this.expires = expires;
+    }
+
+    public String getIssuerAddress() {
+        return issuerAddress;
+    }
+
+    public void setIssuerAddress(String issuerAddress) {
+        this.issuerAddress = issuerAddress;
+    }
+    
+
+    /**
+     * @param sha SHA1 of the encrypted key
+     */
+    public void setSHA1(String sha) {
+        this.encrKeySha1Value = sha;
+    }
+    
+    /** 
+     * @return SHA1 value of the encrypted key 
+     */
+    public String getSHA1() {
+        return encrKeySha1Value;
+    }
+} 

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java?rev=699060&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java Thu Sep 25 12:32:00 2008
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.tokenstore;
+
+import java.util.Collection;
+
+/**
+ * 
+ */
+public interface TokenStore {
+    /**
+     * Add the given token to the list.
+     * @param token The token to be added
+     * @throws TokenStoreException
+     */
+    void add(SecurityToken token);
+    
+    /**
+     * Update an existing token.
+     * @param token
+     */
+    void update(SecurityToken token);
+    
+    /**
+     * Return the list of all token identifiers.
+     * @return As array of token identifiers
+     */
+    Collection<String> getTokenIdentifiers();
+    
+    /**
+     * Return the list of <code>EXPIRED</code> tokens.
+     * If there are no <code>EXPIRED</code> tokens <code>null</code> will be 
+     * returned
+     * @return An array of expired <code>Tokens</code>
+     */
+    Collection<SecurityToken> getExpiredTokens();
+    
+    /**
+     * Return the list of ISSUED and RENEWED tokens.
+     * @return An array of ISSUED and RENEWED <code>Tokens</code>.
+     */
+    Collection<SecurityToken> getValidTokens();
+    
+    /**
+     * Return the list of RENEWED tokens.
+     * @return An array of RENEWED <code>Tokens</code>
+     */
+    Collection<SecurityToken> getRenewedTokens();
+    
+    /**
+     * Return the list of CANCELLED tokens
+     * @return An array of CANCELLED <code>Tokens</code>
+     */
+    Collection<SecurityToken> getCancelledTokens();
+    
+    /**
+     * Returns the <code>Token</code> of the given id
+     * @param id
+     * @return The requested <code>Token</code> identified by the give id
+     */
+    SecurityToken getToken(String id);
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/TokenStore.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Thu Sep 25 12:32:00 2008
@@ -43,11 +43,12 @@
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.Layout;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.ws.security.WSConstants;
@@ -164,6 +165,9 @@
     }  
     
     protected void policyAsserted(AssertionInfoMap aim, PolicyAssertion assertion) {
+        if (assertion == null) {
+            return;
+        }
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -222,7 +226,89 @@
         } 
         return action + " " + val;
     }
-    
+    boolean assertPolicy(AssertionInfoMap aim, QName q) {
+        Collection<AssertionInfo> ais = aim.get(q);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    String assertAsymetricBinding(AssertionInfoMap aim, String action, SoapMessage message) {
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                AsymmetricBinding abinding = (AsymmetricBinding)ai.getAssertion();
+                if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
+                    action = addToAction(action, "Signature", true);
+                    action = addToAction(action, "Encrypt", true);
+                } else {
+                    action = addToAction(action, "Encrypt", true);
+                    action = addToAction(action, "Signature", true);
+                }
+                Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+                Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+                if (isRequestor(message)) {
+                    message.put("SignaturePropRefId", "SigRefId");
+                    message.put("SigRefId", getProps(e, message));
+                    message.put("decryptionPropRefId", "DecRefId");
+                    message.put("DecRefId", getProps(s, message));
+                } else {
+                    message.put("SignaturePropRefId", "SigRefId");
+                    message.put("SigRefId", getProps(s, message));
+                    message.put("decryptionPropRefId", "DecRefId");
+                    message.put("DecRefId", getProps(e, message));                        
+                }
+                ai.setAsserted(true);
+                policyAsserted(aim, abinding.getInitiatorToken());
+                policyAsserted(aim, abinding.getRecipientToken());
+                policyAsserted(aim, abinding.getInitiatorToken().getToken());
+                policyAsserted(aim, abinding.getRecipientToken().getToken());
+                policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
+                policyAsserted(aim, SP12Constants.SIGNED_PARTS);
+            }
+        }
+     
+        return action;
+    }
+    String assertSymetricBinding(AssertionInfoMap aim, String action, SoapMessage message) {
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                SymmetricBinding abinding = (SymmetricBinding)ai.getAssertion();
+                if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
+                    action = addToAction(action, "Signature", true);
+                    action = addToAction(action, "Encrypt", true);
+                } else {
+                    action = addToAction(action, "Encrypt", true);
+                    action = addToAction(action, "Signature", true);
+                }
+                Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
+                Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
+                if (isRequestor(message)) {
+                    message.put("SignaturePropRefId", "SigRefId");
+                    message.put("SigRefId", getProps(e, message));
+                    message.put("decryptionPropRefId", "DecRefId");
+                    message.put("DecRefId", getProps(s, message));
+                } else {
+                    message.put("SignaturePropRefId", "SigRefId");
+                    message.put("SigRefId", getProps(s, message));
+                    message.put("decryptionPropRefId", "DecRefId");
+                    message.put("DecRefId", getProps(e, message));                        
+                }
+                ai.setAsserted(true);
+                policyAsserted(aim, abinding.getEncryptionToken());
+                policyAsserted(aim, abinding.getSignatureToken());
+                policyAsserted(aim, abinding.getProtectionToken());
+                policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
+                policyAsserted(aim, SP12Constants.SIGNED_PARTS);
+            }
+        }
+        return action;
+    }
+
     protected void checkPolicies(SoapMessage message, RequestData data) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
         // extract Assertion information
@@ -231,65 +317,14 @@
             action = "";
         }
         if (aim != null) {
-            Collection<AssertionInfo> ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    if (!action.contains(WSHandlerConstants.TIMESTAMP)) {
-                        action = addToAction(action, WSHandlerConstants.TIMESTAMP, true);
-                    }
-                    ai.setAsserted(true);
-                }                    
-            }
-            ais = aim.get(SP12Constants.LAYOUT);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    Layout lay = (Layout)ai.getAssertion();
-                    //wss4j can only do "Lax"
-                    if (SPConstants.Layout.Lax == lay.getValue()) {
-                        ai.setAsserted(true);
-                    }
-                }                    
-            }
-            ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    ai.setAsserted(true);
-                }                    
-            }
-            ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    AsymmetricBinding abinding = (AsymmetricBinding)ai.getAssertion();
-                    if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
-                        action = addToAction(action, "Signature", true);
-                        action = addToAction(action, "Encrypt", true);
-                    } else {
-                        action = addToAction(action, "Encrypt", true);
-                        action = addToAction(action, "Signature", true);
-                    }
-                    Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
-                    Object e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
-                    if (isRequestor(message)) {
-                        message.put("SignaturePropRefId", "SigRefId");
-                        message.put("SigRefId", getProps(e, message));
-                        message.put("decryptionPropRefId", "DecRefId");
-                        message.put("DecRefId", getProps(s, message));
-                    } else {
-                        message.put("SignaturePropRefId", "SigRefId");
-                        message.put("SigRefId", getProps(s, message));
-                        message.put("decryptionPropRefId", "DecRefId");
-                        message.put("DecRefId", getProps(e, message));                        
-                    }
-                    ai.setAsserted(true);
-                    policyAsserted(aim, abinding.getInitiatorToken());
-                    policyAsserted(aim, abinding.getRecipientToken());
-                    policyAsserted(aim, abinding.getInitiatorToken().getToken());
-                    policyAsserted(aim, abinding.getRecipientToken().getToken());
-                    policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
-                    policyAsserted(aim, SP12Constants.SIGNED_PARTS);
-                }
+            if (assertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP)) {
+                action = addToAction(action, WSHandlerConstants.TIMESTAMP, true);
             }
-            ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+            assertPolicy(aim, SP12Constants.LAYOUT);
+            assertPolicy(aim, SP12Constants.TRANSPORT_BINDING);
+            action = assertAsymetricBinding(aim, action, message);
+            action = assertSymetricBinding(aim, action, message);
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
             if (ais != null) {
                 for (AssertionInfo ai : ais) {
                     SupportingToken sp = (SupportingToken)ai.getAssertion();
@@ -297,18 +332,10 @@
                     ai.setAsserted(true);
                 }                    
             }
-            ais = aim.get(SP12Constants.WSS10);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    ai.setAsserted(true);
-                }                    
-            }
-            ais = aim.get(SP12Constants.WSS11);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    ai.setAsserted(true);
-                }                    
-            }
+            assertPolicy(aim, SP12Constants.WSS10);
+            assertPolicy(aim, SP12Constants.WSS11);
+            assertPolicy(aim, SP12Constants.TRUST_13);
+            assertPolicy(aim, SP11Constants.TRUST_10);
             message.put(WSHandlerConstants.ACTION, action.trim());
         }
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Thu Sep 25 12:32:00 2008
@@ -38,6 +38,7 @@
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.TransportBinding;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
+import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
 import org.apache.ws.security.message.WSSecHeader;
 
@@ -115,7 +116,8 @@
                         new TransportBindingHandler((TransportBinding)transport, saaj,
                                                     secHeader, aim, message).handleBinding();
                     } else if (transport instanceof SymmetricBinding) {
-                        //TODO
+                        new SymmetricBindingHandler((SymmetricBinding)transport, saaj,
+                                                     secHeader, aim, message).handleBinding();
                     } else {
                         new AsymmetricBindingHandler((AsymmetricBinding)transport, saaj,
                                                      secHeader, aim, message).handleBinding();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Thu Sep 25 12:32:00 2008
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.ws.security.wss4j;
 
+import java.io.IOException;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.List;
@@ -25,7 +26,10 @@
 import java.util.Vector;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+
+import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPBody;
 import javax.xml.soap.SOAPException;
@@ -42,13 +46,17 @@
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -335,6 +343,31 @@
         }
         return action;
     }
+    
+    private class TokenStoreCallbackHandler implements CallbackHandler {
+        private CallbackHandler internal;
+        private TokenStore store;
+        public TokenStoreCallbackHandler(CallbackHandler in,
+                                         TokenStore st) {
+            internal = in;
+            store = st;
+        }
+        
+        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+            for (int i = 0; i < callbacks.length; i++) {
+                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+                String id = pc.getIdentifer();
+                for (SecurityToken token : store.getValidTokens()) {
+                    if (id.equals(token.getSHA1())) {
+                        pc.setKey(token.getSecret());
+                        return;
+                    }
+                }
+            }
+            internal.handle(callbacks);
+        }
+        
+    }
 
     private CallbackHandler getCallback(RequestData reqData, int doAction) throws WSSecurityException {
         /*
@@ -359,6 +392,15 @@
                 cbHandler = getPasswordCB(reqData);
             }
         }
+        if (cbHandler != null) {
+            Endpoint ep = ((SoapMessage)reqData.getMsgContext()).getExchange().get(Endpoint.class);
+            if (ep != null && ep.getEndpointInfo() != null) {
+                TokenStore store = (TokenStore)ep.getEndpointInfo().getProperty(TokenStore.class.getName());
+                if (store != null) {
+                    return new TokenStoreCallbackHandler(cbHandler, store);
+                }
+            }
+        }
         return cbHandler;
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Thu Sep 25 12:32:00 2008
@@ -21,7 +21,6 @@
 
 
 import java.util.Collection;
-import java.util.Map;
 import java.util.Vector;
 
 import javax.xml.soap.SOAPException;
@@ -32,16 +31,12 @@
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.RecipientToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.TokenWrapper;
-import org.apache.cxf.ws.security.policy.model.Wss10;
-import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
 import org.apache.ws.security.WSSecurityEngineResult;
@@ -55,7 +50,6 @@
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecSignature;
-import org.apache.ws.security.message.WSSecSignatureConfirmation;
 import org.apache.ws.security.message.WSSecTimestamp;
 import org.apache.ws.security.util.WSSecurityUtil;
 
@@ -69,11 +63,6 @@
     private String encryptedKeyId;
     private byte[] encryptedKeyValue;
     
-    private Map<Token, WSSecBase> endEncSuppTokMap;
-    private Map<Token, WSSecBase> endSuppTokMap;
-    private Map<Token, WSSecBase> sgndEndEncSuppTokMap;
-    private Map<Token, WSSecBase> sgndEndSuppTokMap;
-    
     public AsymmetricBindingHandler(AsymmetricBinding binding,
                                     SOAPMessage saaj,
                                     WSSecHeader secHeader,
@@ -85,80 +74,38 @@
     
     public void handleBinding() {
         WSSecTimestamp timestamp = createTimestamp();
-        timestamp = handleLayout(timestamp);
         
         if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
         } else {
             doSignBeforeEncrypt();
         }
-
-        if (timestamp != null) {
-            timestamp.prependToHeader(secHeader);
-        }
+        handleLayout(timestamp);
     }
 
 
-    private void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
-        
-        SupportingToken sgndSuppTokens = 
-            (SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-        
-        Map<Token, WSSecBase> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);           
-        
-        SupportingToken endSuppTokens = 
-            (SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-        
-        endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
-        
-        SupportingToken sgndEndSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
-        
-        SupportingToken sgndEncryptedSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        Map<Token, WSSecBase> sgndEncSuppTokMap 
-            = this.handleSupportingTokens(sgndEncryptedSuppTokens);
-        
-        SupportingToken endorsingEncryptedSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        endEncSuppTokMap 
-            = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
-        
-        SupportingToken sgndEndEncSuppTokens 
-            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        sgndEndEncSuppTokMap 
-            = this.handleSupportingTokens(sgndEndEncSuppTokens);
-        
-        SupportingToken supportingToks 
-            = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
-        this.handleSupportingTokens(supportingToks);
-        
-        SupportingToken encryptedSupportingToks 
-            = (SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
-        this.handleSupportingTokens(encryptedSupportingToks);
-    
-        //Setup signature parts
-        addSignatureParts(sigSuppTokMap, sigs);
-        addSignatureParts(sgndEncSuppTokMap, sigs);
-        addSignatureParts(sgndEndSuppTokMap, sigs);
-        addSignatureParts(sgndEndEncSuppTokMap, sigs);
-
-        //Add timestamp
-        if (timestampEl != null) {
-            Element el = timestampEl.getElement();
-            sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
-        }
-    }
+
     private void doSignBeforeEncrypt() {
         try {
             Vector<WSEncryptionPart> sigs = getSignedParts();
             if (isRequestor()) {
+                //Add timestamp
+                if (timestampEl != null) {
+                    Element el = timestampEl.getElement();
+                    sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+                }
+
                 addSupportingTokens(sigs);
                 doSignature(sigs, null);
                 doEndorse();
             } else {
                 //confirm sig
+                //Add timestamp
+                if (timestampEl != null) {
+                    Element el = timestampEl.getElement();
+                    sigs.add(new WSEncryptionPart(addWsuIdToElement(el)));
+                }
+
                 addSignatureConfirmation(sigs);
                 doSignature(sigs, null);
             }
@@ -326,68 +273,7 @@
         }
     }
     
-    protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts) {
-        Wss10 wss10 = getWss10();
-        
-        if (!(wss10 instanceof Wss11) 
-            || !((Wss11)wss10).isRequireSignatureConfirmation()) {
-            //If we don't require sig confirmation simply go back :-)
-            return;
-        }
-        
-        Vector results = (Vector)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
-        /*
-         * loop over all results gathered by all handlers in the chain. For each
-         * handler result get the various actions. After that loop we have all
-         * signature results in the signatureActions vector
-         */
-        Vector signatureActions = new Vector();
-        for (int i = 0; i < results.size(); i++) {
-            WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
-
-            WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
-                    WSConstants.SIGN, signatureActions);
-            WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
-                    WSConstants.ST_SIGNED, signatureActions);
-            WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
-                    WSConstants.UT_SIGN, signatureActions);
-        }
-        
-        // prepare a SignatureConfirmation token
-        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
-        if (signatureActions.size() > 0) {
-            for (int i = 0; i < signatureActions.size(); i++) {
-                WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
-                        .get(i);
-                byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
-                wsc.setSignatureValue(sigVal);
-                wsc.prepare(saaj.getSOAPPart());
-                wsc.prependToHeader(secHeader);
-                if (sigParts != null) {
-                    sigParts.add(new WSEncryptionPart(wsc.getId()));
-                }
-            }
-        } else {
-            //No Sig value
-            wsc.prepare(saaj.getSOAPPart());
-            wsc.prependToHeader(secHeader);
-            if (sigParts != null) {
-                sigParts.add(new WSEncryptionPart(wsc.getId()));
-            }
-        }
-    }
-
-    private void doEndorse() {
-        // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
-        endSuppTokMap.putAll(endEncSuppTokMap);
-        // Do endorsed signatures
-        doEndorsedSignatures(endSuppTokMap, abinding.isTokenProtection());
-
-        //Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
-        sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
-        // Do signed endorsing signatures
-        doEndorsedSignatures(sgndEndSuppTokMap, abinding.isTokenProtection());
-    }    
+   
     
     private WSSecBase doEncryption(TokenWrapper recToken,
                                     Vector<WSEncryptionPart> encrParts,
@@ -428,7 +314,7 @@
                     setKeyIdentifierType(encr, recToken, encrToken);
                     
                     encr.setDocument(saaj.getSOAPPart());
-                    setEncryptionUser(encr, encrToken, false);
+                    setEncryptionUser(encr, recToken, false);
                     encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                     encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
                     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java?rev=699060&r1=699059&r2=699060&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/BindingBuilder.java Thu Sep 25 12:32:00 2008
@@ -63,6 +63,7 @@
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
@@ -70,6 +71,7 @@
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.policy.model.TokenWrapper;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
@@ -92,8 +94,10 @@
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecSignatureConfirmation;
 import org.apache.ws.security.message.WSSecTimestamp;
 import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.util.WSSecurityUtil;
 
 /**
  * 
@@ -111,6 +115,12 @@
     
     protected Set<String> encryptedTokensIdList = new HashSet<String>();
 
+    protected Map<Token, WSSecBase> endEncSuppTokMap;
+    protected Map<Token, WSSecBase> endSuppTokMap;
+    protected Map<Token, WSSecBase> sgndEndEncSuppTokMap;
+    protected Map<Token, WSSecBase> sgndEndSuppTokMap;
+    
+    protected Vector<byte[]> signatures = new Vector<byte[]>();
 
     
     public BindingBuilder(Binding binding,
@@ -123,6 +133,7 @@
         this.secHeader = secHeader;
         this.saaj = saaj;
         this.message = message;
+        message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
     }
 
     
@@ -143,6 +154,7 @@
         }
     }
     protected void policyNotAsserted(PolicyAssertion assertion, String reason) {
+        LOG.log(Level.INFO, "Not asserting " + assertion.getName(), reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -154,6 +166,7 @@
         }
     }
     protected void policyAsserted(PolicyAssertion assertion) {
+        LOG.log(Level.INFO, "Asserting " + assertion.getName());
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
         if (ais != null) {
@@ -164,6 +177,14 @@
             }
         }
     }
+    protected void policyAsserted(QName n) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }
+        }
+    }
     
     protected PolicyAssertion findPolicy(QName n) {
         Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
@@ -191,6 +212,7 @@
                 ai.setAsserted(true);
             }                    
         }
+        timestampEl.prependToHeader(secHeader);
         return timestampEl;
     }
     
@@ -200,25 +222,26 @@
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 Layout layout = (Layout)ai.getAssertion();
+                ai.setAsserted(true);
                 if (SPConstants.Layout.LaxTimestampLast == layout.getValue()) {
                     if (timestamp == null) {
                         ai.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires a timestamp");
                     } else {
                         ai.setAsserted(true);
-                        //get the timestamp into the header first before anything else
-                        timestamp.prependToHeader(secHeader);
-                        timestamp = null;
+                        Element el = timestamp.getElement();
+                        secHeader.getSecurityHeader().removeChild(el);
+                        secHeader.getSecurityHeader().appendChild(el);
+                    }
+                } else if (SPConstants.Layout.LaxTimestampFirst == layout.getValue()) {
+                    if (timestamp == null) {
+                        ai.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires a timestamp");
+                    } else {
+                        Element el = timestamp.getElement();
+                        secHeader.getSecurityHeader().removeChild(el);
+                        secHeader.getSecurityHeader().insertBefore(el,
+                                                                   secHeader.getSecurityHeader()
+                                                                       .getFirstChild());
                     }
-                } else if (SPConstants.Layout.Strict == layout.getValue()) {
-                    //FIXME - don't have strict writing working yet
-                    ai.setAsserted(false);
-                } else if (SPConstants.Layout.Lax == layout.getValue()) {
-                    ai.setAsserted(true);                            
-                    //go ahead and put the timestamp in
-                    timestamp.prependToHeader(secHeader);
-                    timestamp = null;
-                } else {
-                    ai.setAsserted(true);                            
                 }
             }                    
         }
@@ -599,7 +622,7 @@
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
         
         setKeyIdentifierType(encrKey, wrapper, token);
-        setEncryptionUser(encrKey, token, false);
+        setEncryptionUser(encrKey, wrapper, false);
         encrKey.setKeySize(binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
         encrKey.setKeyEncAlgo(binding.getAlgorithmSuite().getAsymmetricKeyWrap());
         
@@ -700,7 +723,7 @@
             secBase.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
         }
     }
-    public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, Token token, boolean sign) {
+    public void setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token, boolean sign) {
         String encrUser = (String)message.getContextualProperty(sign 
                                                                 ? SecurityConstants.USERNAME
                                                                 : SecurityConstants.ENCRYPT_USERNAME);
@@ -860,6 +883,8 @@
                     sig.addReferencesToSign(sigParts, secHeader);
                     sig.computeSignature();
                     sig.appendToHeader(secHeader);
+                    
+                    signatures.add(sig.getSignatureValue());
                 } catch (WSSecurityException e) {
                     policyNotAsserted(ent.getKey(), e);
                 }
@@ -867,5 +892,121 @@
             }
         } 
     }
+    
+    protected void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
+        
+        SupportingToken sgndSuppTokens = 
+            (SupportingToken)findPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+        
+        Map<Token, WSSecBase> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens);           
+        
+        SupportingToken endSuppTokens = 
+            (SupportingToken)findPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+        
+        endSuppTokMap = this.handleSupportingTokens(endSuppTokens);
+        
+        SupportingToken sgndEndSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens);
+        
+        SupportingToken sgndEncryptedSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        Map<Token, WSSecBase> sgndEncSuppTokMap 
+            = this.handleSupportingTokens(sgndEncryptedSuppTokens);
+        
+        SupportingToken endorsingEncryptedSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        endEncSuppTokMap 
+            = this.handleSupportingTokens(endorsingEncryptedSuppTokens);
+        
+        SupportingToken sgndEndEncSuppTokens 
+            = (SupportingToken)findPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        sgndEndEncSuppTokMap 
+            = this.handleSupportingTokens(sgndEndEncSuppTokens);
+        
+        SupportingToken supportingToks 
+            = (SupportingToken)findPolicy(SP12Constants.SUPPORTING_TOKENS);
+        this.handleSupportingTokens(supportingToks);
+        
+        SupportingToken encryptedSupportingToks 
+            = (SupportingToken)findPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+        this.handleSupportingTokens(encryptedSupportingToks);
+    
+        //Setup signature parts
+        addSignatureParts(sigSuppTokMap, sigs);
+        addSignatureParts(sgndEncSuppTokMap, sigs);
+        addSignatureParts(sgndEndSuppTokMap, sigs);
+        addSignatureParts(sgndEndEncSuppTokMap, sigs);
+
+    }
+    
 
+    protected void doEndorse() {
+        boolean tokenProtect = false;
+        if (binding instanceof AsymmetricBinding) {
+            tokenProtect = ((AsymmetricBinding)binding).isTokenProtection();
+        } else if (binding instanceof SymmetricBinding) {
+            tokenProtect = ((SymmetricBinding)binding).isTokenProtection();
+        }
+        // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
+        endSuppTokMap.putAll(endEncSuppTokMap);
+        // Do endorsed signatures
+        doEndorsedSignatures(endSuppTokMap, tokenProtect);
+
+        //Adding the signed endorsed encrypted tokens to signed endorsed supporting tokens
+        sgndEndSuppTokMap.putAll(sgndEndEncSuppTokMap);
+        // Do signed endorsing signatures
+        doEndorsedSignatures(sgndEndSuppTokMap, tokenProtect);
+    } 
+
+    protected void addSignatureConfirmation(Vector<WSEncryptionPart> sigParts) {
+        Wss10 wss10 = getWss10();
+        
+        if (!(wss10 instanceof Wss11) 
+            || !((Wss11)wss10).isRequireSignatureConfirmation()) {
+            //If we don't require sig confirmation simply go back :-)
+            return;
+        }
+        
+        Vector results = (Vector)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
+        /*
+         * loop over all results gathered by all handlers in the chain. For each
+         * handler result get the various actions. After that loop we have all
+         * signature results in the signatureActions vector
+         */
+        Vector signatureActions = new Vector();
+        for (int i = 0; i < results.size(); i++) {
+            WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+
+            WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+                    WSConstants.SIGN, signatureActions);
+            WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+                    WSConstants.ST_SIGNED, signatureActions);
+            WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+                    WSConstants.UT_SIGN, signatureActions);
+        }
+        
+        // prepare a SignatureConfirmation token
+        WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+        if (signatureActions.size() > 0) {
+            for (int i = 0; i < signatureActions.size(); i++) {
+                WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
+                        .get(i);
+                byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
+                wsc.setSignatureValue(sigVal);
+                wsc.prepare(saaj.getSOAPPart());
+                wsc.prependToHeader(secHeader);
+                if (sigParts != null) {
+                    sigParts.add(new WSEncryptionPart(wsc.getId()));
+                }
+            }
+        } else {
+            //No Sig value
+            wsc.prepare(saaj.getSOAPPart());
+            wsc.prependToHeader(secHeader);
+            if (sigParts != null) {
+                sigParts.add(new WSEncryptionPart(wsc.getId()));
+            }
+        }
+    }
 }



Mime
View raw message