cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r748275 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/interceptors/ trust/ wss4j/policyhandlers/
Date Thu, 26 Feb 2009 19:22:52 GMT
Author: dkulp
Date: Thu Feb 26 19:22:51 2009
New Revision: 748275

URL: http://svn.apache.org/viewvc?rev=748275&view=rev
Log:
Start progressing toward renewal support
Fix issues if policies are merged to have multiple SupportingToken things that they all get
added.

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=748275&r1=748274&r2=748275&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
Thu Feb 26 19:22:51 2009
@@ -70,11 +70,13 @@
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
 import org.apache.cxf.ws.security.policy.model.Binding;
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.ProtectionToken;
 import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
+import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
@@ -173,6 +175,48 @@
         return assertion;
     }
 
+    static String setupClient(STSClient client,
+                            SoapMessage message,
+                            AssertionInfoMap aim,
+                            SecureConversationToken itok,
+                            boolean endorse) {
+        client.setTrust(getTrust10(aim));
+        client.setTrust(getTrust13(aim));
+        Policy pol = itok.getBootstrapPolicy();
+        Policy p = new Policy();
+        ExactlyOne ea = new ExactlyOne();
+        p.addPolicyComponent(ea);
+        All all = new All();
+        all.addPolicyComponent(getAddressingPolicy(aim, false));
+        ea.addPolicyComponent(all);
+        
+        if (endorse) {
+            SupportingToken st = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_ENDORSING,
+                                                     SP12Constants.INSTANCE);
+            st.addToken(itok);
+            all.addPolicyComponent(st);
+        }
+        pol = p.merge(pol);
+        
+        client.setPolicy(pol);
+        client.setSoap11(message.getVersion() == Soap11.getInstance());
+        client.setSecureConv(true);
+        String s = message
+            .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+        client.setLocation(s);
+        
+        Map<String, Object> ctx = client.getRequestContext();
+        mapSecurityProps(message, ctx);
+        return s;
+    }
+    private static void mapSecurityProps(Message message, Map<String, Object> ctx)
{
+        for (String s : SecurityConstants.ALL_PROPERTIES) {
+            Object v = message.getContextualProperty(s + ".sct");
+            if (v != null) {
+                ctx.put(s, v);
+            }
+        }
+    }
     static STSClient getClient(Message message) {
         STSClient client = (STSClient)message
             .getContextualProperty(SecurityConstants.STS_CLIENT);
@@ -207,59 +251,9 @@
                         }
                     }
                     if (tok == null) {
-                        STSClient client = getClient(message);
-                        AddressingProperties maps =
-                            (AddressingProperties)message
-                                .get("javax.xml.ws.addressing.context.outbound");
-                        if (maps == null) {
-                            maps = (AddressingProperties)message
-                                .get("javax.xml.ws.addressing.context");
-                        }
-                        synchronized (client) {
-                            try {
-                                client.setTrust(getTrust10(aim));
-                                client.setTrust(getTrust13(aim));
-                                Policy pol = itok.getBootstrapPolicy();
-                                if (maps != null) {
-                                    Policy p = new Policy();
-                                    ExactlyOne ea = new ExactlyOne();
-                                    p.addPolicyComponent(ea);
-                                    All all = new All();
-                                    all.addPolicyComponent(getAddressingPolicy(aim, false));
-                                    ea.addPolicyComponent(all);
-                                    pol = p.merge(pol);
-                                }
-                                
-                                client.setPolicy(pol);
-                                client.setSoap11(message.getVersion() == Soap11.getInstance());
-                                client.setSecureConv(true);
-                                String s = message
-                                    .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
-                                client.setLocation(s);
-                                
-                                Map<String, Object> ctx = client.getRequestContext();
-                                mapSecurityProps(message, ctx);
-                                if (maps == null) {
-                                    tok = client.requestSecurityToken(s);
-                                } else {
-                                    client.setAddressingNamespace(maps.getNamespaceURI());
-                                    tok = client.requestSecurityToken(s);
-                                }
-                                tok.setTokenType(WSConstants.WSC_SCT);
-                            } catch (RuntimeException e) {
-                                throw e;
-                            } catch (Exception e) {
-                                throw new Fault(e);
-                            } finally {
-                                client.setTrust((Trust10)null);
-                                client.setTrust((Trust13)null);
-                                client.setTemplate(null);
-                                client.setLocation(null);
-                                client.setAddressingNamespace(null);
-                            }
-                        }
+                        tok = issueToken(message, aim, itok);
                     } else {
-                        //renew token?
+                        renewToken(message, aim, tok, itok);
                     }
                     if (tok != null) {
                         for (AssertionInfo ai : ais) {
@@ -279,11 +273,83 @@
         }
         
         
-        private void mapSecurityProps(Message message, Map<String, Object> ctx) {
-            for (String s : SecurityConstants.ALL_PROPERTIES) {
-                Object v = message.getContextualProperty(s + ".sct");
-                if (v != null) {
-                    ctx.put(s, v);
+        private void renewToken(SoapMessage message,
+                                AssertionInfoMap aim, 
+                                SecurityToken tok,
+                                SecureConversationToken itok) {
+            if (tok.getState() != SecurityToken.State.EXPIRED) {
+                return;
+            }
+            
+            STSClient client = getClient(message);
+            AddressingProperties maps =
+                (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context.outbound");
+            if (maps == null) {
+                maps = (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context");
+            } else if (maps.getAction().getValue().endsWith("Renew")) {
+                return;
+            }
+            synchronized (client) {
+                try {
+                    setupClient(client, message, aim, itok, true);
+
+                    String s = message
+                        .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+                    client.setLocation(s);
+                    
+                    Map<String, Object> ctx = client.getRequestContext();
+                    ctx.put(SecurityConstants.TOKEN, tok);
+                    if (maps != null) {
+                        client.setAddressingNamespace(maps.getNamespaceURI());
+                    }
+                    client.renewSecurityToken(tok);
+                } catch (RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new Fault(e);
+                } finally {
+                    client.setTrust((Trust10)null);
+                    client.setTrust((Trust13)null);
+                    client.setTemplate(null);
+                    client.setLocation(null);
+                    client.setAddressingNamespace(null);
+                }
+            }            
+        }
+        private SecurityToken issueToken(SoapMessage message,
+                                         AssertionInfoMap aim,
+                                         SecureConversationToken itok) {
+            STSClient client = getClient(message);
+            AddressingProperties maps =
+                (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context.outbound");
+            if (maps == null) {
+                maps = (AddressingProperties)message
+                    .get("javax.xml.ws.addressing.context");
+            }
+            synchronized (client) {
+                try {
+                    String s = setupClient(client, message, aim, itok, false);
+
+                    SecurityToken tok = null;
+                    if (maps != null) {
+                        client.setAddressingNamespace(maps.getNamespaceURI());
+                    }
+                    tok = client.requestSecurityToken(s);
+                    tok.setTokenType(WSConstants.WSC_SCT);
+                    return tok;
+                } catch (RuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    throw new Fault(e);
+                } finally {
+                    client.setTrust((Trust10)null);
+                    client.setTrust((Trust13)null);
+                    client.setTemplate(null);
+                    client.setLocation(null);
+                    client.setAddressingNamespace(null);
                 }
             }
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=748275&r1=748274&r2=748275&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Thu Feb 26 19:22:51 2009
@@ -259,15 +259,25 @@
     public SecurityToken requestSecurityToken() throws Exception {
         return requestSecurityToken(null);
     }
-
     public SecurityToken requestSecurityToken(String appliesTo) throws Exception {
+        String action = null;
+        if (isSecureConv) {
+            action = namespace + "/RST/SCT";
+        }
+        return requestSecurityToken(appliesTo, action, "/Issue", null);
+    }
+    
+    public SecurityToken requestSecurityToken(String appliesTo,
+                                              String action,
+                                              String requestType,
+                                              SecurityToken target) throws Exception {
         createClient();
         BindingOperationInfo boi = findOperation("/RST/Issue");
         
         client.getRequestContext().putAll(ctx);
-        if (isSecureConv) {
+        if (action != null) {
             client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION,
-                                           namespace + "/RST/SCT");
+                                           action);
         }
         
         W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
@@ -290,7 +300,7 @@
         
 
         writer.writeStartElement("wst", "RequestType", namespace);
-        writer.writeCharacters(namespace + "/Issue");
+        writer.writeCharacters(namespace + requestType);
         writer.writeEndElement();        
         addAppliesTo(writer, appliesTo);
         if (isSecureConv) {
@@ -349,6 +359,15 @@
             writer.writeEndElement();
             writer.writeEndElement();
         }
+        if (target != null) {
+            writer.writeStartElement("wst", "RenewTarget", namespace);
+            Element el = target.getUnattachedReference();
+            if (el == null) {
+                el = target.getAttachedReference();
+            }
+            StaxUtils.copy(el, writer);
+            writer.writeEndElement();
+        }
         writer.writeEndElement();
         
         Object obj[] = client.invoke(boi,
@@ -356,7 +375,14 @@
         
         return createSecurityToken((Document)((DOMSource)obj[0]).getNode(), requestorEntropy);
     }
-    
+    public void renewSecurityToken(SecurityToken tok) throws Exception {
+        String action = null;
+        if (isSecureConv) {
+            action = namespace + "/RST/SCT/Renew";
+        }
+        requestSecurityToken(tok.getIssuerAddress(), action, "/Renew", tok);
+    }
+
     private void addLifetime(XMLStreamWriter writer) throws XMLStreamException {
         Date creationTime = new Date();
         Date expirationTime = new Date();
@@ -544,4 +570,5 @@
         template = rstTemplate;
     }
 
+
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=748275&r1=748274&r2=748275&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Thu Feb 26 19:22:51 2009
@@ -76,6 +76,7 @@
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
 import org.apache.cxf.ws.security.policy.model.Layout;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
 import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
@@ -290,19 +291,15 @@
         }
     }
     
-    protected PolicyAssertion findPolicy(QName n) {
+    protected Collection<PolicyAssertion> findAndAssertPolicy(QName n) {
         Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
         if (ais != null && !ais.isEmpty()) {
-            return ais.iterator().next().getAssertion();
-        }
-        return null;
-    } 
-    protected PolicyAssertion findAndAssertPolicy(QName n) {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
-        if (ais != null && !ais.isEmpty()) {
-            AssertionInfo ai = ais.iterator().next();
-            ai.setAsserted(true);
-            return ai.getAssertion();
+            List<PolicyAssertion> p = new ArrayList<PolicyAssertion>(ais.size());
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+                p.add(ai.getAssertion());
+            }
+            return p;
         }
         return null;
     } 
@@ -362,16 +359,36 @@
         }
         return timestamp;
     }
-    protected void assertSupportingTokens(PolicyAssertion suppTokens) {
-        if (suppTokens instanceof SupportingToken) {
-            for (Token token : ((SupportingToken)suppTokens).getTokens()) {
-                this.policyAsserted(token);
-            }        
+    protected void assertSupportingTokens(Collection<PolicyAssertion> suppTokens) {
+        if (suppTokens == null) {
+            return;
+        }
+        for (PolicyAssertion pa : suppTokens) {
+            if (pa instanceof SupportingToken) {
+                for (Token token : ((SupportingToken)suppTokens).getTokens()) {
+                    this.policyAsserted(token);
+                }        
+            }
         }
     }
-    
-    protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens,
boolean endorse) {
+    protected Map<Token, WSSecBase> handleSupportingTokens(Collection<PolicyAssertion>
tokens, 
+                                                           boolean endorse) {
         Map<Token, WSSecBase> ret = new HashMap<Token, WSSecBase>();
+        if (tokens != null) {
+            for (PolicyAssertion pa : tokens) {
+                if (pa instanceof SupportingToken) {
+                    handleSupportingTokens((SupportingToken)pa, endorse, ret);
+                }
+            }
+        }
+        return ret;
+    }    
+    protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens,
boolean endorse) {
+        return handleSupportingTokens(suppTokens, endorse, new HashMap<Token, WSSecBase>());
+    }
+    protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken suppTokens,

+                                                           boolean endorse,
+                                                           Map<Token, WSSecBase> ret)
{
         if (suppTokens == null) {
             return ret;
         }
@@ -386,8 +403,10 @@
                     //See:  http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
                     encryptedTokensIdList.add(utBuilder.getId());
                 }
-            } else if (token instanceof IssuedToken && isRequestor()) {
-                //ws-trust stuff.......
+            } else if (isRequestor() 
+                && (token instanceof IssuedToken
+                    || token instanceof SecureConversationToken)) {
+                //ws-trust/ws-sc stuff.......
                 SecurityToken secToken = getSecurityToken();
                 if (secToken == null) {
                     policyNotAsserted(token, "Could not find IssuedToken");
@@ -1229,8 +1248,12 @@
             }
             
         } else {
-            sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
-                                  + WSConstants.SAML_ASSERTION_ID);
+            if (tok.getTokenType() != null) {
+                sig.setCustomTokenValueType(tok.getTokenType());
+            } else {
+                sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS
+                                            + WSConstants.SAML_ASSERTION_ID);
+            }
             sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
         }
         
@@ -1273,42 +1296,41 @@
     }    
     protected void addSupportingTokens(Vector<WSEncryptionPart> sigs) {
         
-        SupportingToken sgndSuppTokens = 
-            (SupportingToken)findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> sgndSuppTokens = 
+            findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         
         Map<Token, WSSecBase> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens,
false);           
         
-        SupportingToken endSuppTokens = 
-            (SupportingToken)findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> endSuppTokens = 
+            findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
 
         endSuppTokMap = this.handleSupportingTokens(endSuppTokens, true);
 
-        SupportingToken sgndEndSuppTokens 
-            = (SupportingToken)findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> sgndEndSuppTokens 
+            = findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
         sgndEndSuppTokMap = this.handleSupportingTokens(sgndEndSuppTokens, true);
         
-        SupportingToken sgndEncryptedSuppTokens 
-            = (SupportingToken)findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> sgndEncryptedSuppTokens 
+            = findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
         Map<Token, WSSecBase> sgndEncSuppTokMap 
             = this.handleSupportingTokens(sgndEncryptedSuppTokens, false);
         
-        SupportingToken endorsingEncryptedSuppTokens 
-            = (SupportingToken)findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> endorsingEncryptedSuppTokens 
+            = findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         endEncSuppTokMap 
             = this.handleSupportingTokens(endorsingEncryptedSuppTokens, true);
 
-        SupportingToken sgndEndEncSuppTokens 
-            = (SupportingToken)findAndAssertPolicy(SP12Constants
-                                                       .SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> sgndEndEncSuppTokens 
+            = findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         sgndEndEncSuppTokMap 
             = this.handleSupportingTokens(sgndEndEncSuppTokens, true);
 
-        SupportingToken supportingToks 
-            = (SupportingToken)findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> supportingToks 
+            = findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS);
         this.handleSupportingTokens(supportingToks, false);
 
-        SupportingToken encryptedSupportingToks 
-            = (SupportingToken)findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
+        Collection<PolicyAssertion> encryptedSupportingToks 
+            = findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
         this.handleSupportingTokens(encryptedSupportingToks, false);
 
         //Setup signature parts

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=748275&r1=748274&r2=748275&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Thu Feb 26 19:22:51 2009
@@ -25,7 +25,6 @@
 import java.util.Calendar;
 import java.util.Vector;
 
-import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Document;
@@ -109,12 +108,7 @@
         }
         
         if (sbinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
-            try {
-                doEncryptBeforeSign();
-            } catch (Exception e) {
-                e.printStackTrace();
-                //REVISIT - exception
-            }
+            doEncryptBeforeSign();
         } else {
             doSignBeforeEncrypt();
         }
@@ -140,132 +134,126 @@
     }
     
     
-    private void doEncryptBeforeSign() throws SOAPException, 
-        WSSecurityException, ConversationException {
-        
-        TokenWrapper encryptionWrapper = getEncryptionToken();
-        Token encryptionToken = encryptionWrapper.getToken();
-        Vector<WSEncryptionPart> encrParts = getEncryptedParts();
-        Vector<WSEncryptionPart> sigParts = getSignedParts();
-        
-        if (encryptionToken == null && encrParts.size() > 0) {
-            //REVISIT - nothing to encrypt?
-        }
-        
-        if (encryptionToken != null && encrParts.size() > 0) {
-            //The encryption token can be an IssuedToken or a 
-             //SecureConversationToken
-            String tokenId = null;
-            SecurityToken tok = null;
-            if (encryptionToken instanceof IssuedToken) {
-                tok = getSecurityToken();
-            } else if (encryptionToken instanceof SecureConversationToken) {
-                tok = getSecurityToken();
-            } else if (encryptionToken instanceof X509Token) {
-                if (isRequestor()) {
-                    tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
-                } else {
-                    tokenId = getEncryptedKey();
+    private void doEncryptBeforeSign() {
+        try {
+            TokenWrapper encryptionWrapper = getEncryptionToken();
+            Token encryptionToken = encryptionWrapper.getToken();
+            Vector<WSEncryptionPart> encrParts = getEncryptedParts();
+            Vector<WSEncryptionPart> sigParts = getSignedParts();
+            
+            if (encryptionToken == null && encrParts.size() > 0) {
+                //REVISIT - nothing to encrypt?
+            }
+            
+            if (encryptionToken != null && encrParts.size() > 0) {
+                //The encryption token can be an IssuedToken or a 
+                 //SecureConversationToken
+                String tokenId = null;
+                SecurityToken tok = null;
+                if (encryptionToken instanceof IssuedToken) {
+                    tok = getSecurityToken();
+                } else if (encryptionToken instanceof SecureConversationToken) {
+                    tok = getSecurityToken();
+                } else if (encryptionToken instanceof X509Token) {
+                    if (isRequestor()) {
+                        tokenId = setupEncryptedKey(encryptionWrapper, encryptionToken);
+                    } else {
+                        tokenId = getEncryptedKey();
+                    }
                 }
-            }
-            if (tok == null) {
-                if (tokenId == null || tokenId.length() == 0) {
-                    //REVISIT - no tokenId?   Exception?
+                if (tok == null) {
+                    if (tokenId == null || tokenId.length() == 0) {
+                        //REVISIT - no tokenId?   Exception?
+                    }
+                    if (tokenId.startsWith("#")) {
+                        tokenId = tokenId.substring(1);
+                    }
+                    
+                    /*
+                     * Get hold of the token from the token storage
+                     */
+                    tok = tokenStore.getToken(tokenId);
                 }
-                if (tokenId.startsWith("#")) {
-                    tokenId = tokenId.substring(1);
+    
+                boolean attached = false;
+                
+                if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == encryptionToken.getInclusion()
+                    || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion()
+                    || (isRequestor() 
+                        && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT

+                            == encryptionToken.getInclusion())) {
+                    
+                    Element el = tok.getToken();
+                    this.addEncyptedKeyElement(cloneElement(el));
+                    attached = true;
+                } else if (encryptionToken instanceof X509Token && isRequestor())
{
+                    Element el = tok.getToken();
+                    this.addEncyptedKeyElement(cloneElement(el));
+                    attached = true;
                 }
                 
-                /*
-                 * Get hold of the token from the token storage
-                 */
-                tok = tokenStore.getToken(tokenId);
-            }
-
-            boolean attached = false;
-            
-            if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == encryptionToken.getInclusion()
-                || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == encryptionToken.getInclusion()
-                || (isRequestor() 
-                    && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT

-                        == encryptionToken.getInclusion())) {
+                WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts,
true);
                 
-                Element el = tok.getToken();
-                this.addEncyptedKeyElement(cloneElement(el));
-                attached = true;
-            } else if (encryptionToken instanceof X509Token && isRequestor()) {
-                Element el = tok.getToken();
-                this.addEncyptedKeyElement(cloneElement(el));
-                attached = true;
-            }
-            
-            WSSecBase encr = doEncryption(encryptionWrapper, tok, attached, encrParts, true);
-            
-            handleEncryptedSignedHeaders(encrParts, sigParts);
-            
-            
-            if (timestampEl != null) {
-                sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
-            }
-            
-            if (isRequestor()) {
-                this.addSupportingTokens(sigParts);
-            } else {
-                addSignatureConfirmation(sigParts);
-            }
+                handleEncryptedSignedHeaders(encrParts, sigParts);
                 
-            
-            //Sign the message
-            //We should use the same key in the case of EncryptBeforeSig
-            if (sigParts.size() > 0) {
-                signatures.add(this.doSignature(sigParts, encryptionWrapper, encryptionToken,
tok, attached));
-            }
-            
-            if (isRequestor()) {
-                this.doEndorse();
-            }
-            
-            
-            //Check for signature protection and encryption of UsernameToken
-            if (sbinding.isSignatureProtection() && this.mainSigId != null 
-                || encryptedTokensIdList.size() > 0 && isRequestor()) {
-                Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
                 
-                //Now encrypt the signature using the above token
-                if (sbinding.isSignatureProtection()) {
-                    secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+                if (timestampEl != null) {
+                    sigParts.add(new WSEncryptionPart(addWsuIdToElement(timestampEl.getElement())));
                 }
                 
                 if (isRequestor()) {
-                    for (String s : encryptedTokensIdList) {
-                        secondEncrParts.add(new WSEncryptionPart(s, "Element"));
-                    }
+                    this.addSupportingTokens(sigParts);
+                } else {
+                    addSignatureConfirmation(sigParts);
+                }
+                    
+                
+                //Sign the message
+                //We should use the same key in the case of EncryptBeforeSig
+                if (sigParts.size() > 0) {
+                    signatures.add(this.doSignature(sigParts, encryptionWrapper, encryptionToken,

+                                                    tok, attached));
+                }
+                
+                if (isRequestor()) {
+                    this.doEndorse();
                 }
                 
-                Element secondRefList = null;
                 
-                if (encryptionToken.isDerivedKeys()) {
-                    try {
+                //Check for signature protection and encryption of UsernameToken
+                if (sbinding.isSignatureProtection() && this.mainSigId != null 
+                    || encryptedTokensIdList.size() > 0 && isRequestor()) {
+                    Vector<WSEncryptionPart> secondEncrParts = new Vector<WSEncryptionPart>();
+                    
+                    //Now encrypt the signature using the above token
+                    if (sbinding.isSignatureProtection()) {
+                        secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+                    }
+                    
+                    if (isRequestor()) {
+                        for (String s : encryptedTokensIdList) {
+                            secondEncrParts.add(new WSEncryptionPart(s, "Element"));
+                        }
+                    }
+                    
+                    Element secondRefList = null;
+                    
+                    if (encryptionToken.isDerivedKeys()) {
                         secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null,

                                 secondEncrParts);
                         this.addDerivedKeyElement(secondRefList);
-                    } catch (WSSecurityException e) {
-                        //REVISIT - exception
-                    }
-                } else {
-                    try {
+                    } else {
                         //Encrypt, get hold of the ref list and add it
                         secondRefList = ((WSSecEncrypt)encr).encryptForExternalRef(null,
                                 encrParts);
                         this.addDerivedKeyElement(secondRefList);
-                    } catch (WSSecurityException e) {
-                        //REVISIT - exception
-                    }    
+                    }
                 }
             }
-           
-        } else {
-            //REVISIT - nothing to do?!?
+        } catch (RuntimeException ex) {
+            throw ex;
+        } catch (Exception ex) {
+            throw new Fault(ex);
         }
     }
     private void doSignBeforeEncrypt() {
@@ -389,7 +377,6 @@
                          enc,
                          false);
         } catch (Exception e) {
-            e.printStackTrace();
             throw new Fault(e);
         }
     }



Mime
View raw message