cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r726329 - in /cxf/trunk/rt: bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/ ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/ ws/security/src/main/java/org/apache/cxf/ws/security/ ws/security/src/main/java/org/apache/...
Date Sun, 14 Dec 2008 01:42:19 GMT
Author: dkulp
Date: Sat Dec 13 17:42:18 2008
New Revision: 726329

URL: http://svn.apache.org/viewvc?rev=726329&view=rev
Log:
Actually manage to get a token back from the sts

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java   (with props)
Modified:
    cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/Messages.properties
    cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/AddressingAssertionBuilder.java
    cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/MetadataConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/Messages.properties?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/Messages.properties (original)
+++ cxf/trunk/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/saaj/Messages.properties Sat Dec 13 17:42:18 2008
@@ -19,3 +19,4 @@
 #
 #
 SOAPHANDLERINTERCEPTOR_EXCEPTION = Problems creating SAAJ object model
+SOAPEXCEPTION = Problem writing SAAJ model to stream
\ No newline at end of file

Modified: cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/AddressingAssertionBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/AddressingAssertionBuilder.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/AddressingAssertionBuilder.java (original)
+++ cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/AddressingAssertionBuilder.java Sat Dec 13 17:42:18 2008
@@ -55,6 +55,9 @@
         KNOWN.add(MetadataConstants.ADDRESSING_ASSERTION_QNAME);
         KNOWN.add(MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME);
         KNOWN.add(MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME);
+        KNOWN.add(MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705);
+        KNOWN.add(MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705);
+        KNOWN.add(MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705);
     }
     
     public PolicyAssertion build(Element elem) {
@@ -68,14 +71,20 @@
         if (attribute != null) {
             optional = Boolean.valueOf(attribute.getValue());
         }
-        if (MetadataConstants.ADDRESSING_ASSERTION_QNAME.equals(qn)) {
+        if (MetadataConstants.ADDRESSING_ASSERTION_QNAME.equals(qn)
+            || MetadataConstants.ADDRESSING_ASSERTION_QNAME_0705.equals(qn)) {
             PolicyBuilder builder = bus.getExtension(PolicyBuilder.class);
-            return new NestedPrimitiveAssertion(elem, builder);
-        } else if (MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME.equals(qn)) {
+            NestedPrimitiveAssertion nap = new NestedPrimitiveAssertion(elem, builder);
+            nap.setName(MetadataConstants.ADDRESSING_ASSERTION_QNAME);
+            return nap;
+        } else if (MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME.equals(qn)
+            || MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME_0705.equals(qn)) {
             return new PrimitiveAssertion(MetadataConstants.ANON_RESPONSES_ASSERTION_QNAME, 
                                           optional);
         } else if (MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME.getLocalPart()
-            .equals(localName)) {
+            .equals(localName)
+            || MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME_0705.getLocalPart()
+                .equals(localName)) {
             return new PrimitiveAssertion(MetadataConstants.NON_ANON_RESPONSES_ASSERTION_QNAME,
                                           optional);
         }

Modified: cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/MetadataConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/MetadataConstants.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/MetadataConstants.java (original)
+++ cxf/trunk/rt/ws/addr/src/main/java/org/apache/cxf/ws/addressing/policy/MetadataConstants.java Sat Dec 13 17:42:18 2008
@@ -28,6 +28,8 @@
     
     public static final String NAMESPACE_URI = 
         "http://www.w3.org/2007/02/addressing/metadata";
+    public static final String NAMESPACE_URI_0705 = 
+        "http://www.w3.org/2007/05/addressing/metadata";
     public static final String ADDRESSING_ELEM_NAME = "Addressing";
     public static final String ANON_RESPONSES_ELEM_NAME = "AnonymousResponses";
     public static final String NON_ANON_RESPONSES_ELEM_NAME = "NonAnonymousResponses";
@@ -46,7 +48,14 @@
         = new QName(NAMESPACE_URI, ANON_RESPONSES_ELEM_NAME);
     public static final QName NON_ANON_RESPONSES_ASSERTION_QNAME
         = new QName(NAMESPACE_URI, NON_ANON_RESPONSES_ELEM_NAME);
-    
+
+    public static final QName ADDRESSING_ASSERTION_QNAME_0705
+        = new QName(NAMESPACE_URI_0705, ADDRESSING_ELEM_NAME);
+    public static final QName ANON_RESPONSES_ASSERTION_QNAME_0705
+        = new QName(NAMESPACE_URI_0705, ANON_RESPONSES_ELEM_NAME);
+    public static final QName NON_ANON_RESPONSES_ASSERTION_QNAME_0705
+        = new QName(NAMESPACE_URI_0705, NON_ANON_RESPONSES_ELEM_NAME);
+
     public static final QName USING_ADDRESSING_2004_QNAME
         = new QName(ADDR_POLICY_2004_NAMESPACE_URI, USING_ADDRESSING_ELEM_NAME);
     public static final QName USING_ADDRESSING_2005_QNAME

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Sat Dec 13 17:42:18 2008
@@ -35,7 +35,11 @@
     
     public static final String SIGNATURE_CRYPTO = "ws-security.signature.crypto";
     public static final String ENCRYPT_CRYPTO = "ws-security.encryption.crypto";
+
+    public static final String TRUST_TOKEN = "ws-security.trust.token";
+    public static final String TRUST_TOKEN_ID = "ws-security.trust.token.id";
     
+
     private SecurityConstants() {
         //utility class
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java Sat Dec 13 17:42:18 2008
@@ -48,8 +48,8 @@
     public static final String INCLUDE_ALWAYS = SP12Constants.SP_NS
         + SPConstants.INCLUDE_TOKEN_ALWAYS_SUFFIX;
     
-    public static final QName TRUST_13 = new QName(SP11Constants.SP_NS, SPConstants.TRUST_13,
-            SP11Constants.SP_PREFIX);
+    public static final QName TRUST_13 = new QName(SP12Constants.SP_NS, SPConstants.TRUST_13,
+            SP12Constants.SP_PREFIX);
     
     public static final QName REQUIRE_CLIENT_CERTIFICATE 
         = new QName(SP12Constants.SP_NS, "RequireClientCertificate", SP12Constants.SP_PREFIX); 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java Sat Dec 13 17:42:18 2008
@@ -67,64 +67,51 @@
         if (includeAttr != null) {
             issuedToken.setInclusion(consts.getInclusionFromAttributeValue(includeAttr));
         }
-        // Extract Issuer
-        Element issuerElem = DOMUtils.getFirstChildWithName(element, SP11Constants.ISSUER);
-        if (issuerElem != null) {
-            Element issuerEpr = DOMUtils
-                .getFirstChildWithName(issuerElem, 
+        
+        Element child = DOMUtils.getFirstElement(element);
+        while (child != null) {
+            String ln = child.getLocalName();
+            if (SP11Constants.ISSUER.getLocalPart().equals(ln)) {
+                Element issuerEpr = DOMUtils
+                    .getFirstChildWithName(child, 
                                        new QName(WSA_NAMESPACE, "Address"));
 
-            // try the other addressing namespace
-            if (issuerEpr == null) {
-                issuerEpr = DOMUtils
-                    .getFirstChildWithName(issuerElem,
+                // try the other addressing namespace
+                if (issuerEpr == null) {
+                    issuerEpr = DOMUtils
+                        .getFirstChildWithName(child,
                                            new QName(WSA_NAMESPACE_SUB,
                                                      "Address"));
-            }
-
-            issuedToken.setIssuerEpr(issuerEpr);
-        }
-
-        // TODO check why this returns an Address element
-        // iter = issuerElem.getChildrenWithLocalName("Metadata");
+                }
+                issuedToken.setIssuerEpr(issuerEpr);
 
-        if (issuerElem != null) {
-            Element issuerMex = DOMUtils
-                .getFirstChildWithName(issuerElem,
+                Element issuerMex = DOMUtils
+                    .getFirstChildWithName(child,
                                        new QName(WSA_NAMESPACE, "Metadata"));
 
-            // try the other addressing namespace
-            if (issuerMex == null) {
-                issuerMex = DOMUtils
-                    .getFirstChildWithName(issuerElem,
-                                           new QName(WSA_NAMESPACE_SUB, 
-                                                     "Metadata"));
-            }
-
-            issuedToken.setIssuerMex(issuerMex);
-        }
-
-        // Extract RSTTemplate
-        Element rstTmplElem = DOMUtils.getFirstChildWithName(element, 
-                                                             SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
-        if (rstTmplElem != null) {
-            issuedToken.setRstTemplate(rstTmplElem);
-        }
-
-        Element policyElement = DOMUtils.getFirstChildWithName(element,
-                                                               org.apache.neethi.Constants.Q_ELEM_POLICY);
-
-        if (policyElement != null) {
-
-            Policy policy = builder.getPolicy(policyElement);
-            policy = (Policy)policy.normalize(false);
-
-            for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
-                processAlternative((List)iterator.next(), issuedToken);
-                break; // since there should be only one alternative ..
+                // try the other addressing namespace
+                if (issuerMex == null) {
+                    issuerMex = DOMUtils
+                        .getFirstChildWithName(child,
+                                               new QName(WSA_NAMESPACE_SUB, 
+                                                         "Metadata"));
+                }
+    
+                issuedToken.setIssuerMex(issuerMex);
+            } else if (SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE.equals(ln)) {
+                issuedToken.setRstTemplate(child);
+            } else if (org.apache.neethi.Constants.ELEM_POLICY.equals(ln)) {
+                Policy policy = builder.getPolicy(child);
+                policy = (Policy)policy.normalize(false);
+
+                for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+                    processAlternative((List)iterator.next(), issuedToken);
+                    break; // since there should be only one alternative ..
+                }                
             }
+            
+            child = DOMUtils.getNextElement(child);
         }
-
         return issuedToken;
     }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SupportingTokensBuilder.java Sat Dec 13 17:42:18 2008
@@ -31,6 +31,7 @@
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.policy.PolicyBuilder;
 import org.apache.cxf.ws.security.policy.SP11Constants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
@@ -100,19 +101,19 @@
             Assertion primitive = (Assertion)iterator.next();
             QName qname = primitive.getName();
 
-            if (SP11Constants.ALGORITHM_SUITE.equals(qname)) {
+            if (SP12Constants.ALGORITHM_SUITE.equals(qname)) {
                 supportingToken.setAlgorithmSuite((AlgorithmSuite)primitive);
 
-            } else if (SP11Constants.SIGNED_PARTS.equals(qname)) {
+            } else if (SP12Constants.SIGNED_PARTS.equals(qname)) {
                 supportingToken.setSignedParts((SignedEncryptedParts)primitive);
 
-            } else if (SP11Constants.SIGNED_ELEMENTS.equals(qname)) {
+            } else if (SP12Constants.SIGNED_ELEMENTS.equals(qname)) {
                 supportingToken.setSignedElements((SignedEncryptedElements)primitive);
 
-            } else if (SP11Constants.ENCRYPTED_PARTS.equals(qname)) {
+            } else if (SP12Constants.ENCRYPTED_PARTS.equals(qname)) {
                 supportingToken.setEncryptedParts((SignedEncryptedParts)primitive);
 
-            } else if (SP11Constants.ENCRYPTED_ELEMENTS.equals(qname)) {
+            } else if (SP12Constants.ENCRYPTED_ELEMENTS.equals(qname)) {
                 supportingToken.setEncryptedElements((SignedEncryptedElements)primitive);
 
             } else if (primitive instanceof Token) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java Sat Dec 13 17:42:18 2008
@@ -51,7 +51,7 @@
 
         UsernameToken usernameToken = new UsernameToken(consts);
 
-        String attribute = DOMUtils.getAttribute(element, SP11Constants.INCLUDE_TOKEN);
+        String attribute = element.getAttributeNS(element.getNamespaceURI(), SPConstants.ATTR_INCLUDE_TOKEN);
         if (attribute != null) {
             usernameToken.setInclusion(consts.getInclusionFromAttributeValue(attribute));
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Sat Dec 13 17:42:18 2008
@@ -55,6 +55,7 @@
         ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);
         ASSERTION_TYPES.add(SP12Constants.WSS10);
         ASSERTION_TYPES.add(SP12Constants.WSS11);
+        ASSERTION_TYPES.add(SP12Constants.TRUST_13);
         ASSERTION_TYPES.add(SP12Constants.USERNAME_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);            
         ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AbstractSecurityAssertion.java Sat Dec 13 17:42:18 2008
@@ -37,6 +37,9 @@
     public AbstractSecurityAssertion(SPConstants version) {
         constants = version;
     }
+    public final SPConstants getSPConstants() {
+        return constants;
+    }
 
     public boolean isOptional() {
         return isOptional;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java Sat Dec 13 17:42:18 2008
@@ -168,6 +168,9 @@
         this.addToken(tok);
     }
     public Token getToken() {
+        if (tokens.size() == 1) { 
+            return tokens.get(0);
+        }
         return null;
     }
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Sat Dec 13 17:42:18 2008
@@ -120,7 +120,9 @@
      */
     private String encrKeySha1Value;
     
-    
+    public SecurityToken() {
+        
+    }
     public SecurityToken(String id, Calendar created, Calendar expires) {
         this.id = id;
         this.created = created;

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties?rev=726329&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties Sat Dec 13 17:42:18 2008
@@ -0,0 +1,26 @@
+#
+#
+#    Licensed to the Apache Software Foundation (ASF) under one
+#    or more contributor license agreements. See the NOTICE file
+#    distributed with this work for additional information
+#    regarding copyright ownership. The ASF licenses this file
+#    to you under the Apache License, Version 2.0 (the
+#    "License"); you may not use this file except in compliance
+#    with the License. You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing,
+#    software distributed under the License is distributed on an
+#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#    KIND, either express or implied. See the License for the
+#    specific language governing permissions and limitations
+#    under the License.
+#
+#
+
+NO_ID=Could not determine Token ID from RequestSecurityTokenResponse
+NO_ENTROPY=Could not find Entropy in RequestSecurityTokenResponse
+DERIVED_KEY_ERROR=Exception while trying to create secret key from RequestSecurityTokenResponse
+ENCRYPTED_KEY_ERROR=Exception while trying to decrypt key from RequestSecurityTokenResponse
+

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/Messages.properties
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Sat Dec 13 17:42:18 2008
@@ -23,10 +23,14 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Vector;
+import java.util.logging.Logger;
 
+import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 import javax.xml.transform.dom.DOMSource;
 
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
 import org.apache.cxf.Bus;
@@ -35,6 +39,9 @@
 import org.apache.cxf.binding.BindingFactoryManager;
 import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.model.SoapOperationInfo;
+import org.apache.cxf.common.i18n.Message;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.configuration.Configurable;
 import org.apache.cxf.configuration.Configurer;
 import org.apache.cxf.databinding.source.SourceDataBinding;
@@ -44,6 +51,7 @@
 import org.apache.cxf.endpoint.EndpointException;
 import org.apache.cxf.endpoint.EndpointImpl;
 import org.apache.cxf.helpers.CastUtils;
+import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.ServiceImpl;
 import org.apache.cxf.service.model.BindingInfo;
@@ -54,6 +62,7 @@
 import org.apache.cxf.service.model.MessagePartInfo;
 import org.apache.cxf.service.model.OperationInfo;
 import org.apache.cxf.service.model.ServiceInfo;
+import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.transport.ConduitInitiator;
 import org.apache.cxf.transport.ConduitInitiatorManager;
@@ -65,6 +74,13 @@
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyComponent;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
 import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
 
@@ -72,6 +88,7 @@
  * 
  */
 public class STSClient implements Configurable {
+    private static final Logger LOG = LogUtils.getL7dLogger(STSClient.class);
     
     Bus bus;
     String name = "default.sts-client";
@@ -82,9 +99,15 @@
     int keySize = 256;
     Trust10 trust10;
     Trust13 trust13;
+    Element template;
     AlgorithmSuite algorithmSuite;
+    String namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
     
     Map<String, Object> ctx = new HashMap<String, Object>();
+
+    private CallbackHandler cbHandler;
+
+    private Crypto crypto;
     
     public STSClient(Bus b) {
         bus = b;
@@ -129,11 +152,14 @@
             setSoap12();
         }
     }
+    
     public void setTrust(Trust10 trust) {
+        namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
         trust10 = trust;
     }
     public void setTrust(Trust13 trust) {
         trust13 = trust;        
+        namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; 
     }
     public void setAlgorithmSuite(AlgorithmSuite ag) {
         algorithmSuite = ag;
@@ -157,8 +183,7 @@
         
         
         Service service = null;
-        String ns = "http://schemas.xmlsoap.org/ws/2005/02/trust/wsdl";
-        String typeNs = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+        String ns = namespace + "/wsdl";
         ServiceInfo si = new ServiceInfo();
         
         QName iName = new QName(ns, "SecurityTokenService");
@@ -169,13 +194,13 @@
                                            MessageInfo.Type.INPUT);
         oi.setInput("RequestSecurityTokenMsg", mii);
         MessagePartInfo mpi = mii.addMessagePart("request");
-        mpi.setElementQName(new QName(typeNs, "RequestSecurityToken"));
+        mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
         
         MessageInfo mio = oi.createMessage(new QName(ns, "RequestSecurityTokenResponseMsg"), 
                                            MessageInfo.Type.OUTPUT);
         oi.setOutput("RequestSecurityTokenResponseMsg", mio);
         mpi = mio.addMessagePart("response");
-        mpi.setElementQName(new QName(typeNs, "RequestSecurityTokenResponse"));
+        mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
         
         si.setInterface(ii);
         service = new ServiceImpl(si);
@@ -200,7 +225,7 @@
             soi = new SoapOperationInfo();
             boi.addExtensor(soi);
         }
-        soi.setAction("http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue");
+        soi.setAction(namespace + "/RST/Issue");
         
 
         service.setDataBinding(new SourceDataBinding());
@@ -218,30 +243,49 @@
         client.getRequestContext().putAll(ctx);
         
         W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-        String namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
         writer.writeStartElement(namespace, "RequestSecurityToken");
+        boolean wroteKeyType = false;
+        boolean wroteKeySize = false;
+        if (template != null) {
+            Element tl = DOMUtils.getFirstElement(template);
+            while (tl != null) {
+                StaxUtils.copy(tl, writer);
+                wroteKeyType |= "KeyType".equals(tl.getLocalName());
+                if ("KeySize".equals(tl.getLocalName())) {
+                    wroteKeySize = true;
+                    keySize = Integer.parseInt(DOMUtils.getContent(tl));
+                }
+                tl = DOMUtils.getNextElement(tl);
+            }
+        }
+        
+        
         writer.writeStartElement(namespace, "RequestType");
-        writer.writeCharacters("http://schemas.xmlsoap.org/ws/2005/02/trust/Issue");
+        writer.writeCharacters(namespace + "/Issue");
         writer.writeEndElement();
         if (appliesTo != null) {
             //TODO: AppliesTo element? 
         }
         //TODO: Lifetime element?
-        writer.writeStartElement(namespace, "KeyType");
-        //TODO: Set the KeyType?
-        writer.writeCharacters(namespace + "/SymmetricKey");
-        writer.writeEndElement();
-        writer.writeStartElement(namespace, "KeySize");
-        writer.writeCharacters(Integer.toString(keySize));
-        writer.writeEndElement();
-        
+        if (!wroteKeyType) {
+            writer.writeStartElement(namespace, "KeyType");
+            //TODO: Set the KeyType?
+            writer.writeCharacters(namespace + "/SymmetricKey");
+            writer.writeEndElement();
+        }
+        if (!wroteKeySize) {
+            writer.writeStartElement(namespace, "KeySize");
+            writer.writeCharacters(Integer.toString(keySize));
+            writer.writeEndElement();
+        }
         
+        byte[] requestorEntropy = null;
         if ((trust10 != null && trust10.isRequireClientEntropy())
             || (trust13 != null && trust13.isRequireClientEntropy())) {
             writer.writeStartElement(namespace, "Entropy");
             writer.writeStartElement(namespace, "BinarySecret");
             writer.writeAttribute("Type", namespace + "/Nounce");
-            byte[] requestorEntropy =
+            requestorEntropy =
                 WSSecurityUtil.generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
             writer.writeCharacters(Base64.encode(requestorEntropy));
 
@@ -253,13 +297,148 @@
         }
         writer.writeEndElement();
         
-        client.invoke("RequestSecurityToken",
-                      new DOMSource(writer.getDocument().getDocumentElement()));
-        return null;
+        Object obj[] = client.invoke("RequestSecurityToken",
+                                     new DOMSource(writer.getDocument().getDocumentElement()));
+        
+        return createSecurityToken((Document)((DOMSource)obj[0]).getNode(), requestorEntropy);
     }
 
+    private SecurityToken createSecurityToken(Document document, byte[] requestorEntropy) 
+        throws WSSecurityException {
+        
+        Element el = document.getDocumentElement();
+        if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
+            el = DOMUtils.getFirstElement(el);
+        }
+        el = DOMUtils.getFirstElement(el);
+        
+        Element rst = null;
+        Element rar = null;
+        Element rur = null;
+        Element rpt = null;
+        Element lte = null;
+        Element entropy = null;
+        
+        while (el != null) {
+            String ln = el.getLocalName();
+            if (namespace.equals(el.getNamespaceURI())) {
+                if ("Lifetime".equals(ln)) {
+                    lte = el;
+                } else if ("RequestedSecurityToken".equals(ln)) {
+                    rst = DOMUtils.getFirstElement(el);
+                } else if ("RequestedAttachedReference".equals(ln)) {
+                    rar = DOMUtils.getFirstElement(el);
+                } else if ("RequestedUnattachedReference".equals(ln)) {
+                    rur = DOMUtils.getFirstElement(el);
+                } else if ("RequestedProofToken".equals(ln)) {
+                    rpt = el;
+                } else if ("Entropy".equals(ln)) {
+                    entropy = el;
+                }
+            }
+            el = DOMUtils.getNextElement(el);
+        }
+        
+        String id = findID(rar, rur, rst);
+        if (StringUtils.isEmpty(id)) {
+            throw new TrustException(new Message("NO_ID", LOG));
+        }
+        
+        SecurityToken token = new SecurityToken(id, rst, lte);
+        token.setAttachedReference(rar);
+        token.setUnattachedReference(rur);
+        token.setIssuerAddress(location);
+                
+        
+        byte[] secret = null;
+
+        if (rpt != null) {
+            Element child = DOMUtils.getFirstElement(rpt);
+            QName childQname = DOMUtils.getElementQName(child);
+            if (childQname.equals(new QName(namespace, "BinarySecret"))) {
+                //First check for the binary secret
+                String b64Secret = DOMUtils.getContent(child);
+                secret = Base64.decode(b64Secret);
+            } else if (childQname.equals(new QName(namespace, WSConstants.ENC_KEY_LN))) {
+                try {
+
+
+                    EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
+                    processor.handleToken(child, null, crypto,
+                                          cbHandler, null, new Vector(),
+                                          null);
+
+                    secret = processor.getDecryptedBytes();
+                } catch (WSSecurityException e) {
+                    throw new TrustException(new Message("ENCRYPTED_KEY_ERROR", LOG), e);
+                }
+            } else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
+                //Handle the computed key
+                Element binSecElem = entropy == null ? null 
+                    : DOMUtils.getFirstElement(entropy);
+                String content = binSecElem == null ? null
+                    : DOMUtils.getContent(binSecElem);
+                if (content != null && !StringUtils.isEmpty(content.trim())) {
+
+                    byte[] serviceEntr = Base64.decode(content);
+
+                    //Right now we only use PSHA1 as the computed key algo                    
+                    P_SHA1 psha1 = new P_SHA1();
+
+                    int length = (keySize > 0) ? keySize
+                                 : algorithmSuite
+                                     .getMaximumSymmetricKeyLength();
+                    try {
+                        secret = psha1.createKey(requestorEntropy, serviceEntr, 0, length / 8);
+                    } catch (ConversationException e) {
+                        throw new TrustException(new Message("DERIVED_KEY_ERROR", LOG), e);
+                    }
+                } else {
+                    //Service entropy missing
+                    throw new TrustException(new Message("NO_ENTROPY", LOG));
+                }
+            }
+        } else if (requestorEntropy != null) {
+            //Use requester entropy as the key
+            secret = requestorEntropy;
+        }
+        token.setSecret(secret);
+        
+        return token;
+    }
 
 
+    private String findID(Element rar, Element rur, Element rst) {
+        String id = null;
+        if (rar != null) {
+            id = this.getIDFromSTR(rar);
+        }
+        if (id == null && rur != null) {
+            id = this.getIDFromSTR(rur);
+        } 
+        if (id == null) {
+            id = rst.getAttributeNS(WSConstants.WSU_NS, "Id");
+        }
+        return id;
+    }
    
+    private String getIDFromSTR(Element el) {
+        Element child = DOMUtils.getFirstElement(el);
+        if (child == null) {
+            return null;
+        }
+        if (DOMUtils.getElementQName(child).equals(new QName(WSConstants.SIG_NS, "KeyInfo"))
+            || DOMUtils.getElementQName(child).equals(new QName(WSConstants.WSSE_NS, "KeyIdentifier"))) {
+            return DOMUtils.getContent(child);
+        } else if (DOMUtils.getElementQName(child).equals(Reference.TOKEN)) {
+            return child.getAttribute("URI");
+        }
+        return null;        
+    }
+
+    public void setTemplate(Element rstTemplate) {
+        template = rstTemplate;
+    }
 
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java?rev=726329&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java Sat Dec 13 17:42:18 2008
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.trust;
+
+import org.apache.cxf.common.i18n.Message;
+import org.apache.cxf.common.i18n.UncheckedException;
+
+/**
+ * 
+ */
+public class TrustException extends UncheckedException {
+
+    /**
+     * @param msg
+     */
+    public TrustException(Message msg) {
+        super(msg);
+    }
+
+    /**
+     * @param msg
+     * @param t
+     */
+    public TrustException(Message msg, Throwable t) {
+        super(msg, t);
+    }
+
+    /**
+     * @param cause
+     */
+    public TrustException(Throwable cause) {
+        super(cause);
+    }
+
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/TrustException.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Sat Dec 13 17:42:18 2008
@@ -268,7 +268,6 @@
                 policyAsserted(aim, abinding.getInitiatorToken().getToken());
                 policyAsserted(aim, abinding.getRecipientToken().getToken());
                 policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
-                policyAsserted(aim, SP12Constants.SIGNED_PARTS);
             }
         }
      
@@ -307,7 +306,6 @@
                 policyAsserted(aim, abinding.getSignatureToken());
                 policyAsserted(aim, abinding.getProtectionToken());
                 policyAsserted(aim, SP12Constants.ENCRYPTED_PARTS);
-                policyAsserted(aim, SP12Constants.SIGNED_PARTS);
             }
         }
         return action;
@@ -382,6 +380,8 @@
             assertPolicy(aim, SP12Constants.WSS10);
             assertPolicy(aim, SP12Constants.TRUST_13);
             assertPolicy(aim, SP11Constants.TRUST_10);
+            policyAsserted(aim, SP12Constants.SIGNED_PARTS);
+
             message.put(WSHandlerConstants.ACTION, action.trim());
         }
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Sat Dec 13 17:42:18 2008
@@ -47,6 +47,7 @@
 import javax.xml.xpath.XPathFactory;
 
 import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
@@ -56,6 +57,7 @@
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.resource.ResourceManager;
@@ -72,6 +74,7 @@
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
 import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -82,6 +85,9 @@
 import org.apache.cxf.ws.security.policy.model.Wss10;
 import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.cxf.ws.security.policy.model.X509Token;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.wsdl.WSDLConstants;
 import org.apache.velocity.util.ClassUtils;
 import org.apache.ws.security.WSConstants;
@@ -92,15 +98,19 @@
 import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecBase;
+import org.apache.ws.security.message.WSSecDKSign;
 import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecHeader;
 import org.apache.ws.security.message.WSSecSignature;
 import org.apache.ws.security.message.WSSecSignatureConfirmation;
 import org.apache.ws.security.message.WSSecTimestamp;
 import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.util.WSSecurityUtil;
 
 /**
@@ -224,6 +234,9 @@
             org.apache.cxf.message.Message.REQUESTOR_ROLE));
     }  
     protected void policyNotAsserted(PolicyAssertion assertion, Exception reason) {
+        if (assertion == null) {
+            return;
+        }
         LOG.log(Level.INFO, "Not asserting " + assertion.getName() + ": " + reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
@@ -237,6 +250,9 @@
         throw new PolicyException(reason);
     }
     protected void policyNotAsserted(PolicyAssertion assertion, String reason) {
+        if (assertion == null) {
+            return;
+        }
         LOG.log(Level.INFO, "Not asserting " + assertion.getName() + ": " + reason);
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
@@ -250,6 +266,9 @@
         throw new PolicyException(new Message(reason, LOG));
     }
     protected void policyAsserted(PolicyAssertion assertion) {
+        if (assertion == null) {
+            return;
+        }
         LOG.log(Level.INFO, "Asserting " + assertion.getName());
         Collection<AssertionInfo> ais;
         ais = aim.get(assertion.getName());
@@ -287,6 +306,15 @@
         return null;
     } 
     
+    protected final TokenStore getTokenStore() {
+        TokenStore tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+        if (tokenStore == null) {
+            tokenStore = new MemoryTokenStore();
+            message.getExchange().get(Endpoint.class).getEndpointInfo()
+                .setProperty(TokenStore.class.getName(), tokenStore);
+        }
+        return tokenStore;
+    }
     protected WSSecTimestamp createTimestamp() {
         Collection<AssertionInfo> ais;
         ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
@@ -359,8 +387,19 @@
                 }
             } else if (token instanceof IssuedToken && isRequestor()) {
                 //ws-trust stuff.......
-                //REVISIT
-                policyNotAsserted(token, "Issued token not yet supported");
+                SecurityToken secToken = getSecurityToken();
+                if (secToken == null) {
+                    policyNotAsserted(token, "Could not find IssuedToken");
+                }
+                addSupportingElement(cloneElement(secToken.getToken()));
+        
+                if (suppTokens.isEncryptedToken()) {
+                    this.encryptedTokensIdList.add(secToken.getId());
+                }
+        
+                //Add the extracted token
+                ret.put(token, new WSSecurityTokenHolder(secToken));
+
             } else if (token instanceof X509Token) {
                 //We have to use a cert
                 //Prepare X509 signature
@@ -379,6 +418,21 @@
         return ret;
     }
     
+    protected Element cloneElement(Element el) {
+        return (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
+    }
+
+    protected SecurityToken getSecurityToken() {
+        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TRUST_TOKEN);
+        if (st == null) {
+            String id = (String)message.getContextualProperty(SecurityConstants.TRUST_TOKEN_ID);
+            if (id != null) {
+                st = getTokenStore().getToken(id);
+            }
+        }
+        return st;
+    }
+
     protected void addSignatureParts(Map<Token, WSSecBase> tokenMap,
                                        List<WSEncryptionPart> sigParts) {
         
@@ -1036,9 +1090,200 @@
                     policyNotAsserted(ent.getKey(), e);
                 }
                 
+            } else if (tempTok instanceof WSSecurityTokenHolder) {
+                SecurityToken token = ((WSSecurityTokenHolder)tempTok).getToken();
+                if (isTokenProtection) {
+                    sigParts.add(new WSEncryptionPart(token.getId()));
+                }
+                
+                try {
+                    doSymmSignature(ent.getKey(), token, sigParts, isTokenProtection);
+                } catch (Exception e) {
+                    // TODO Auto-generated catch block
+                    e.printStackTrace();
+                }
             }
         } 
     }
+    private void doSymmSignature(Token policyToken, SecurityToken tok,
+                                 Vector<WSEncryptionPart> sigParts, boolean isTokenProtection)
+        throws WSSecurityException, ConversationException {
+        
+        Document doc = saaj.getSOAPPart();
+        if (policyToken.isDerivedKeys()) {
+            WSSecDKSign dkSign = new WSSecDKSign();  
+            
+            //Check whether it is security policy 1.2 and use the secure conversation accordingly
+            if (SP12Constants.INSTANCE == policyToken.getSPConstants()) {
+                dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
+            }
+                          
+            //Check for whether the token is attached in the message or not
+            boolean attached = false;
+            
+            if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == policyToken.getInclusion()
+                || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == policyToken.getInclusion()
+                || (isRequestor() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT 
+                        == policyToken.getInclusion())) {
+                attached = true;
+            }
+            
+            // Setting the AttachedReference or the UnattachedReference according to the flag
+            Element ref;
+            if (attached) {
+                ref = tok.getAttachedReference();
+            } else {
+                ref = tok.getUnattachedReference();
+            }
+            
+            if (ref != null) {
+                dkSign.setExternalKey(tok.getSecret(), (Element) 
+                                      cloneElement(ref));
+            } else if (!isRequestor() && policyToken.isDerivedKeys()) { 
+                // If the Encrypted key used to create the derived key is not
+                // attached use key identifier as defined in WSS1.1 section
+                // 7.7 Encrypted Key reference
+                SecurityTokenReference tokenRef 
+                    = new SecurityTokenReference(doc);
+                if (tok.getSHA1() != null) {
+                    tokenRef.setKeyIdentifierEncKeySHA1(tok.getSHA1());
+                }
+                dkSign.setExternalKey(tok.getSecret(), tokenRef.getElement());
+            
+            } else {
+                dkSign.setExternalKey(tok.getSecret(), tok.getId());
+            }
+
+            //Set the algo info
+            dkSign.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+            dkSign.setDerivedKeyLength(binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
+            if (tok.getSHA1() != null) {
+                //Set the value type of the reference
+                dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
+                    + WSConstants.ENC_KEY_VALUE_TYPE);
+            }
+            
+            dkSign.prepare(doc, secHeader);
+            
+            if (isTokenProtection) {
+
+                //Hack to handle reference id issues
+                //TODO Need a better fix
+                String sigTokId = tok.getId();
+                if (sigTokId.startsWith("#")) {
+                    sigTokId = sigTokId.substring(1);
+                }
+                sigParts.add(new WSEncryptionPart(sigTokId));
+            }
+            
+            dkSign.setParts(sigParts);
+            
+            dkSign.addReferencesToSign(sigParts, secHeader);
+            
+            //Do signature
+            dkSign.computeSignature();
+
+            //Add elements to header
+            
+            /*
+            if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
+                    this.getInsertionLocation() == null ) {
+                this.setInsertionLocation(RampartUtil
+                        
+                        .insertSiblingBefore(rmd, 
+                                this.mainRefListElement,
+                                dkSign.getdktElement()));
+
+                    this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+                            rmd, 
+                            this.getInsertionLocation(), 
+                            dkSign.getSignatureElement()));                
+            } else {
+                this.setInsertionLocation(RampartUtil
+            
+                    .insertSiblingAfter(rmd, 
+                            this.getInsertionLocation(),
+                            dkSign.getdktElement()));
+
+                this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+                        rmd, 
+                        this.getInsertionLocation(), 
+                        dkSign.getSignatureElement()));
+            }
+            */
+        } else {
+            WSSecSignature sig = new WSSecSignature();
+            // If a EncryptedKeyToken is used, set the correct value type to
+            // be used in the wsse:Reference in ds:KeyInfo
+            if (policyToken instanceof X509Token) {
+                if (isRequestor()) {
+                    sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+                                          + WSConstants.ENC_KEY_VALUE_TYPE);
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+                } else {
+                    //the tok has to be an EncryptedKey token
+                    sig.setEncrKeySha1value(tok.getSHA1());
+                    sig.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
+                }
+                
+            } else {
+                sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+                                      + WSConstants.SAML_ASSERTION_ID);
+                sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+            }
+            
+            String sigTokId; 
+            
+            if (policyToken instanceof SecureConversationToken) {
+                Element ref = tok.getAttachedReference();
+                if (ref == null) {
+                    ref = tok.getUnattachedReference();
+                }
+                
+                if (ref != null) {
+                    sigTokId = MemoryTokenStore.getIdFromSTR(ref);
+                } else {
+                    sigTokId = tok.getId();
+                }
+            } else {
+                sigTokId = tok.getId();
+            }
+                           
+            //Hack to handle reference id issues
+            //TODO Need a better fix
+            if (sigTokId.startsWith("#")) {
+                sigTokId = sigTokId.substring(1);
+            }
+            
+            sig.setCustomTokenId(sigTokId);
+            sig.setSecretKey(tok.getSecret());
+            sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+            sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+            sig.prepare(doc, getSignatureCrypto(null), secHeader);
+
+            sig.setParts(sigParts);
+            sig.addReferencesToSign(sigParts, secHeader);
+
+            //Do signature
+            sig.computeSignature();
+
+            /*
+            if (rpd.getProtectionOrder().equals(SPConstants.ENCRYPT_BEFORE_SIGNING) &&
+                    this.getInsertionLocation() == null) {
+                this.setInsertionLocation(RampartUtil.insertSiblingBefore(
+                        rmd,
+                        this.mainRefListElement,
+                        sig.getSignatureElement()));                    
+            } else {
+                this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+                        rmd,
+                        this.getInsertionLocation(),
+                        sig.getSignatureElement()));     
+            }
+            */
+        }
+    }
+
     protected void assertSupportingTokens(Vector<WSEncryptionPart> sigs) {
         assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
         assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS));

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Sat Dec 13 17:42:18 2008
@@ -33,7 +33,6 @@
 
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
@@ -81,12 +80,7 @@
                                     SoapMessage message) {
         super(binding, saaj, secHeader, aim, message);
         this.sbinding = binding;
-        tokenStore = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
-        if (tokenStore == null) {
-            tokenStore = new MemoryTokenStore();
-            message.getExchange().get(Endpoint.class).getEndpointInfo()
-                .setProperty(TokenStore.class.getName(), tokenStore);
-        }
+        tokenStore = getTokenStore();
     }
     
     private TokenWrapper getSignatureToken() {
@@ -160,9 +154,9 @@
             //The encryption token can be an IssuedToken or a 
              //SecureConversationToken
             String tokenId = null;
-            
+            SecurityToken tok = null;
             if (encryptionToken instanceof IssuedToken) {
-                //REVISIT - IssuedToken
+                tok = getSecurityToken();
             } else if (encryptionToken instanceof SecureConversationToken) {
                 //REVISIT - SecureConversation
             } else if (encryptionToken instanceof X509Token) {
@@ -172,18 +166,19 @@
                     tokenId = getEncryptedKey();
                 }
             }
-            
-            if (tokenId == null || tokenId.length() == 0) {
-                //REVISIT - no tokenM
-            }
-            if (tokenId.startsWith("#")) {
-                tokenId = tokenId.substring(1);
+            if (tok != null) {
+                if (tokenId == null || tokenId.length() == 0) {
+                    //REVISIT - no tokenM
+                }
+                if (tokenId.startsWith("#")) {
+                    tokenId = tokenId.substring(1);
+                }
+                
+                /*
+                 * Get hold of the token from the token storage
+                 */
+                tok = tokenStore.getToken(tokenId);
             }
-            
-            /*
-             * Get hold of the token from the token storage
-             */
-            SecurityToken tok = tokenStore.getToken(tokenId);
 
             boolean attached = false;
             
@@ -194,13 +189,11 @@
                         == encryptionToken.getInclusion())) {
                 
                 Element el = tok.getToken();
-                el = (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
-                this.addEncyptedKeyElement(el);
+                this.addEncyptedKeyElement(cloneElement(el));
                 attached = true;
             } else if (encryptionToken instanceof X509Token && isRequestor()) {
                 Element el = tok.getToken();
-                el = (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
-                this.addEncyptedKeyElement(el);
+                this.addEncyptedKeyElement(cloneElement(el));
             }
             
             WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
@@ -281,11 +274,12 @@
         Element sigTokElem = null;
         
         try {
+            SecurityToken sigTok = null;
             if (sigToken != null) {
                 if (sigToken instanceof SecureConversationToken) {
                     //sigTokId = getSecConvTokenId();
                 } else if (sigToken instanceof IssuedToken) {
-                    //sigTokId = getIssuedSignatureTokenId();
+                    sigTok = getSecurityToken();
                 } else if (sigToken instanceof X509Token) {
                     if (isRequestor()) {
                         sigTokId = setupEncryptedKey(sigTokenWrapper, sigToken);
@@ -298,14 +292,15 @@
                 return;
             }
             
-            if (StringUtils.isEmpty(sigTokId)) {
+            if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
                 policyNotAsserted(sigTokenWrapper, "No signature token id");
                 return;
             } else {
                 policyAsserted(sigTokenWrapper);
             }
-            
-            SecurityToken sigTok = tokenStore.getToken(sigTokId);
+            if (sigTok == null) {
+                sigTok = tokenStore.getToken(sigTokId);
+            }
             if (sigTok == null) {
                 //REVISIT - no token?
             }
@@ -316,8 +311,7 @@
                         == sigToken.getInclusion())) {
                 
                 Element el = sigTok.getToken();
-                sigTokElem = (Element)secHeader.getSecurityHeader().getOwnerDocument()
-                        .importNode(el, true);
+                sigTokElem = cloneElement(el);
                 this.addEncyptedKeyElement((Element)sigTokElem);
             } else if (isRequestor() && sigToken instanceof X509Token) {
                 Element el = sigTok.getToken();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=726329&r1=726328&r2=726329&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Sat Dec 13 17:42:18 2008
@@ -22,19 +22,37 @@
 import java.util.Collection;
 import java.util.Vector;
 
-import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
+import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.IssuedToken;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
+import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.cxf.ws.security.policy.model.TokenWrapper;
 import org.apache.cxf.ws.security.policy.model.TransportBinding;
+import org.apache.cxf.ws.security.policy.model.UsernameToken;
+import org.apache.cxf.ws.security.policy.model.X509Token;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
 import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.WSSecSignature;
 import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.WSSecUsernameToken;
 
 /**
  * 
@@ -51,13 +69,30 @@
         this.tbinding = binding;
     }
     
+    private void addUsernameTokens(SupportingToken sgndSuppTokens) {
+        for (Token token : sgndSuppTokens.getTokens()) {
+            if (token instanceof UsernameToken) {
+                WSSecUsernameToken utBuilder = 
+                    addUsernameToken((UsernameToken)token);
+                if (utBuilder != null) {
+                    utBuilder.prepare(saaj.getSOAPPart());
+                    utBuilder.appendToHeader(secHeader);
+                }
+            } else {
+                //REVISIT - not supported for signed.  Exception?
+            }
+        }
+        
+    }
+    
     public void handleBinding() {
         Collection<AssertionInfo> ais;
         WSSecTimestamp timestamp = createTimestamp();
         handleLayout(timestamp);
         try {
-            Vector<WSEncryptionPart> sigParts = getSignedParts();
             if (this.isRequestor()) {
+                Vector<byte[]> signatureValues = new Vector<byte[]>();
+
                 ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
                 if (ais != null) {
                     SupportingToken sgndSuppTokens = null;
@@ -65,9 +100,8 @@
                         sgndSuppTokens = (SupportingToken)ai.getAssertion();
                         ai.setAsserted(true);
                     }
-                    if (sgndSuppTokens != null && sgndSuppTokens.getTokens() != null 
-                        && sgndSuppTokens.getTokens().size() > 0) {
-                        addSignatureParts(handleSupportingTokens(sgndSuppTokens), sigParts);
+                    if (sgndSuppTokens != null) {
+                        addUsernameTokens(sgndSuppTokens);
                     }
                 }
                 ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
@@ -77,9 +111,28 @@
                         sgndSuppTokens = (SupportingToken)ai.getAssertion();
                         ai.setAsserted(true);
                     }
-                    if (sgndSuppTokens != null && sgndSuppTokens.getTokens() != null 
-                        && sgndSuppTokens.getTokens().size() > 0) {
-                        doEndorsedSignatures(handleSupportingTokens(sgndSuppTokens), false);
+                    if (sgndSuppTokens != null) {
+                        SignedEncryptedParts signdParts = sgndSuppTokens.getSignedParts();
+
+                        for (Token token : sgndSuppTokens.getTokens()) {
+                            if (token instanceof IssuedToken) {
+                                signatureValues.add(doIssuedTokenSignature(token, signdParts,
+                                                                           sgndSuppTokens));
+                            } else if (token instanceof X509Token) {
+                                signatureValues.add(doX509TokenSignature(token, signdParts, sgndSuppTokens));
+                            }
+                        }
+                    }
+                }
+                ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+                if (ais != null) {
+                    SupportingToken sgndSuppTokens = null;
+                    for (AssertionInfo ai : ais) {
+                        sgndSuppTokens = (SupportingToken)ai.getAssertion();
+                        ai.setAsserted(true);
+                    }
+                    if (sgndSuppTokens != null) {
+                        addUsernameTokens(sgndSuppTokens);
                     }
                 }
                 ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
@@ -89,11 +142,21 @@
                         sgndSuppTokens = (SupportingToken)ai.getAssertion();
                         ai.setAsserted(true);
                     }
-                    if (sgndSuppTokens != null && sgndSuppTokens.getTokens() != null 
-                        && sgndSuppTokens.getTokens().size() > 0) {
-                        
-                        
-                        doEndorsedSignatures(handleSupportingTokens(sgndSuppTokens), false);
+                    if (sgndSuppTokens != null) {
+                        SignedEncryptedParts signdParts = sgndSuppTokens.getSignedParts();
+
+                        for (Token token : sgndSuppTokens.getTokens()) {
+                            if (token instanceof IssuedToken) {
+                                signatureValues.add(doIssuedTokenSignature(token, signdParts, 
+                                                                           sgndSuppTokens));
+                            } else if (token instanceof X509Token) {
+                                signatureValues.add(doX509TokenSignature(token, signdParts, 
+                                                                         sgndSuppTokens));
+                            } else if (token instanceof SecureConversationToken) {
+                                signatureValues.add(doSecureConversationSignature(token,
+                                                                                  signdParts));
+                            }
+                        }
                     }
                 }
                 
@@ -113,10 +176,200 @@
             } else {
                 addSignatureConfirmation(null);
             }
-
-        } catch (SOAPException e) {
+        } catch (Exception e) {
             throw new Fault(e);
         }
     }
+    
+    
+    private byte[] doX509TokenSignature(Token token, SignedEncryptedParts signdParts,
+                                        TokenWrapper wrapper) 
+        throws Exception {
+        
+        Document doc = saaj.getSOAPPart();
+        
+        Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+        
+        if (timestampEl != null) {
+            sigParts.add(new WSEncryptionPart(timestampEl.getId()));                          
+        }
+        
+        if (signdParts != null) {
+            if (signdParts.isBody()) {
+                sigParts.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
+            }
+            for (Header header : signdParts.getHeaders()) {
+                WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
+                        header.getNamespace(),
+                        "Content");
+                sigParts.add(wep);
+            }
+        }
+        if (token.isDerivedKeys()) {
+            WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(wrapper, token);
+            
+            Element bstElem = encrKey.getBinarySecurityTokenElement();
+            if (bstElem != null) {
+                addTopDownElement(bstElem);
+            }
+            encrKey.appendToHeader(secHeader);
+            
+            WSSecDKSign dkSig = new WSSecDKSign();
+            
+            dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
+            dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+            dkSig.setDerivedKeyLength(binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
+            
+            dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+            
+            dkSig.prepare(doc, secHeader);
+            
+            /*
+            if(binding.isTokenProtection()) {
+                sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
+            }
+            */
+            
+            dkSig.setParts(sigParts);
+            dkSig.addReferencesToSign(sigParts, secHeader);
+            
+            //Do signature
+            dkSig.computeSignature();
+            
+            dkSig.appendDKElementToHeader(secHeader);
+            dkSig.appendSigToHeader(secHeader);
+            
+            return dkSig.getSignatureValue();
+        } else {
+            WSSecSignature sig = getSignatureBuider(wrapper, token);
+            sig.prependBSTElementToHeader(secHeader);
+            /*
+            if (isTokenProtection()
+                && !(SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER == token.getInclusion())) {
+                sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+            }
+            */
+            
+            sig.addReferencesToSign(sigParts, secHeader);
+            insertBeforeBottomUp(sig.getSignatureElement());
+            
+            sig.computeSignature();
+            
+            return sig.getSignatureValue();    
+        }
+    }
+
+    private byte[] doIssuedTokenSignature(Token token, SignedEncryptedParts signdParts,
+                                          TokenWrapper wrapper) throws Exception {
+        Document doc = saaj.getSOAPPart();
+        
+        //Get the issued token
+        SecurityToken secTok = getSecurityToken();
+   
+        SPConstants.IncludeTokenType inclusion = token.getInclusion();
+        boolean tokenIncluded = false;
+        
+        if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
+            || ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT 
+                || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) 
+                && isRequestor())) {
+          
+            //Add the token
+            addEncyptedKeyElement(cloneElement(secTok.getToken()));
+            tokenIncluded = true;
+        }
+
+        Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
+        
+        if (timestampEl != null) {
+            sigParts.add(new WSEncryptionPart(timestampEl.getId()));                          
+        }
+        
+        /*
+        if (tbinding.isTokenProtection() && tokenIncluded) {
+            sigParts.add(new WSEncryptionPart(secTok.getId()));
+        }
+        */
+        
+        if (signdParts != null) {
+            if (signdParts.isBody()) {
+                sigParts.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
+            }
+    
+            for (Header header : signdParts.getHeaders()) {
+                WSEncryptionPart wep = new WSEncryptionPart(header.getName(), 
+                        header.getNamespace(),
+                        "Content");
+                sigParts.add(wep);
+            }
+        }
+        
+        //check for derived keys
+        AlgorithmSuite algorithmSuite = tbinding.getAlgorithmSuite();
+        if (token.isDerivedKeys()) {
+            //Do Signature with derived keys
+            WSSecDKSign dkSign = new WSSecDKSign();
+          
+            //Setting the AttachedReference or the UnattachedReference according to the flag
+            Element ref;
+            if (tokenIncluded) {
+                ref = secTok.getAttachedReference();
+            } else {
+                ref = secTok.getUnattachedReference();
+            }
+          
+            if (ref != null) {
+                dkSign.setExternalKey(secTok.getSecret(), cloneElement(ref));
+            } else {
+                dkSign.setExternalKey(secTok.getSecret(), secTok.getId());
+            }
+          
+            //    Set the algo info
+            dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+            dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
+          
+            dkSign.prepare(doc, secHeader);
+          
+            addDerivedKeyElement(dkSign.getdktElement());
+          
+            dkSign.setParts(sigParts);
+            dkSign.addReferencesToSign(sigParts, secHeader);
+          
+            //Do signature
+            dkSign.computeSignature();
+          
+            dkSign.appendSigToHeader(secHeader);
+          
+            return dkSign.getSignatureValue();
+        } else {
+            WSSecSignature sig = new WSSecSignature();
+            sig.setCustomTokenId(secTok.getId().substring(1));
+            sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+                                        + WSConstants.SAML_ASSERTION_ID);
+            sig.setSecretKey(secTok.getSecret());
+            sig.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
+            sig.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
+            sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+            sig.prepare(doc, getSignatureCrypto(wrapper), secHeader);
+
+            sig.setParts(sigParts);
+            sig.addReferencesToSign(sigParts, secHeader);
+
+            //Do signature
+            sig.computeSignature();
+
+            //Add elements to header
+            insertBeforeBottomUp(sig.getSignatureElement());
+
+            return sig.getSignatureValue();
+        }
+    }
+    
+    private byte[] doSecureConversationSignature(Token token, 
+                                                 SignedEncryptedParts signdParts) 
+        throws Exception {
+        return null;
+    }
+
 
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java?rev=726329&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java Sat Dec 13 17:42:18 2008
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.ws.security.message.WSSecBase;
+
+/**
+ * 
+ */
+public class WSSecurityTokenHolder extends WSSecBase {
+    SecurityToken token;
+    
+    public WSSecurityTokenHolder(SecurityToken t) {
+        super();
+        token = t;
+    }
+    
+    public SecurityToken getToken() {
+        return token;
+    }
+}

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/WSSecurityTokenHolder.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date



Mime
View raw message