cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r751832 - in /cxf/trunk: api/src/main/java/org/apache/cxf/ws/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/ rt/ws/security/src/main/java/org/apache/c...
Date Mon, 09 Mar 2009 21:03:29 GMT
Author: dkulp
Date: Mon Mar  9 21:03:28 2009
New Revision: 751832

URL: http://svn.apache.org/viewvc?rev=751832&view=rev
Log:
Start progressing toward a cancel operation
Make some things optional if they are marked optional

Modified:
    cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java Mon Mar  9 21:03:28
2009
@@ -120,7 +120,14 @@
         }
     }
 
-    
+    public static boolean isOptional(Element e) {
+        Attr at = findOptionalAttribute(e);
+        if (at != null) {
+            String v = at.getValue();
+            return "true".equalsIgnoreCase(v) || "1".equals(v);
+        }
+        return false;
+    }
     public static Attr findOptionalAttribute(Element e) {
         NamedNodeMap atts = e.getAttributes();
         for (int x = 0; x < atts.getLength(); x++) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
Mon Mar  9 21:03:28 2009
@@ -59,6 +59,7 @@
     public static final String STS_TOKEN_USERNAME = "ws-security.sts.token.username";
     
     
+    public static final String STS_TOKEN_CONTEXT_TOKEN = "ws-security.sts.token.context.token";
 
     public static final Set<String> ALL_PROPERTIES;
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/HttpsTokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -68,7 +68,8 @@
 
         
         HttpsToken httpsToken = new HttpsToken(consts);
-        
+        httpsToken.setOptional(PolicyConstants.isOptional(element));
+
         if (consts.getVersion() == SPConstants.Version.SP_V11) {
             String attr = DOMUtils.getAttribute(element,
                                                 SPConstants.REQUIRE_CLIENT_CERTIFICATE);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorTokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorTokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -30,6 +30,7 @@
 import org.apache.cxf.ws.policy.AssertionBuilder;
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.policy.PolicyConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
@@ -58,6 +59,7 @@
             ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
 
         InitiatorToken initiatorToken = new InitiatorToken(consts);
+        initiatorToken.setOptional(PolicyConstants.isOptional(element));
 
         Policy policy = builder.getPolicy(DOMUtils.getFirstElement(element));
         policy = (Policy)policy.normalize(false);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/IssuedTokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -30,6 +30,7 @@
 import org.apache.cxf.ws.policy.AssertionBuilder;
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.policy.PolicyConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
@@ -62,6 +63,7 @@
     
 
         IssuedToken issuedToken = new IssuedToken(consts);
+        issuedToken.setOptional(PolicyConstants.isOptional(element));
 
         String includeAttr = DOMUtils.getAttribute(element, consts.getIncludeToken());
         if (includeAttr != null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/KeyValueTokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -51,7 +51,8 @@
             ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
 
         KeyValueToken token = new KeyValueToken(consts);
-
+        token.setOptional(PolicyConstants.isOptional(element));
+        
         String attribute = element.getAttributeNS(element.getNamespaceURI(), SPConstants.ATTR_INCLUDE_TOKEN);
         if (StringUtils.isEmpty(attribute)) {
             attribute = element.getAttributeNS(consts.getNamespace(), SPConstants.ATTR_INCLUDE_TOKEN);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/SecureConversationTokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -57,6 +57,7 @@
         
         
         SecureConversationToken conversationToken = new SecureConversationToken(consts);
+        conversationToken.setOptional(PolicyConstants.isOptional(element));
 
         String attribute = DOMUtils.getAttribute(element, consts.getIncludeToken());
         if (attribute == null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/UsernameTokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -51,6 +51,7 @@
             ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
 
         UsernameToken usernameToken = new UsernameToken(consts);
+        usernameToken.setOptional(PolicyConstants.isOptional(element));
 
         String attribute = element.getAttributeNS(element.getNamespaceURI(), SPConstants.ATTR_INCLUDE_TOKEN);
         if (attribute != null) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/X509TokenBuilder.java
Mon Mar  9 21:03:28 2009
@@ -30,6 +30,7 @@
 import org.apache.cxf.ws.policy.AssertionBuilder;
 import org.apache.cxf.ws.policy.PolicyAssertion;
 import org.apache.cxf.ws.policy.PolicyBuilder;
+import org.apache.cxf.ws.policy.PolicyConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
@@ -53,6 +54,7 @@
         SPConstants consts = SP11Constants.SP_NS.equals(element.getNamespaceURI())
             ? SP11Constants.INSTANCE : SP12Constants.INSTANCE;
         X509Token x509Token = new X509Token(consts);
+        x509Token.setOptional(PolicyConstants.isOptional(element));
 
         Element policyElement = DOMUtils.getFirstElement(element);
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
Mon Mar  9 21:03:28 2009
@@ -116,11 +116,10 @@
     Policy policy;
     String soapVersion = SoapBindingConstants.SOAP11_BINDING_ID;
     int keySize = 256;
-    Trust10 trust10;
-    Trust13 trust13;
+    boolean requiresEntropy = true;
     Element template;
     AlgorithmSuite algorithmSuite;
-    String namespace = STSUtils.WST_NS_05_02;
+    String namespace = STSUtils.WST_NS_05_12;
     String addressingNamespace;
     
     boolean isSecureConv;
@@ -178,15 +177,23 @@
     public void setTrust(Trust10 trust) {
         if (trust != null) {
             namespace = STSUtils.WST_NS_05_02;
+            requiresEntropy = trust.isRequireClientEntropy();
         }
-        trust10 = trust;
     }
     public void setTrust(Trust13 trust) {
         if (trust != null) {
             namespace = STSUtils.WST_NS_05_12;
+            requiresEntropy = trust.isRequireClientEntropy();
         }
-        trust13 = trust;        
     }
+    public boolean isRequiresEntropy() {
+        return requiresEntropy;
+    }
+
+    public void setRequiresEntropy(boolean requiresEntropy) {
+        this.requiresEntropy = requiresEntropy;
+    }
+
     public boolean isSecureConv() {
         return isSecureConv;
     }
@@ -328,8 +335,7 @@
                 writer.writeEndElement();
             }
         
-            if ((trust10 != null && trust10.isRequireClientEntropy())
-                || (trust13 != null && trust13.isRequireClientEntropy())) {
+            if (requiresEntropy) {
                 writer.writeStartElement("wst", "Entropy", namespace);
                 writer.writeStartElement("wst", "BinarySecret", namespace);
                 writer.writeAttribute("Type", namespace + "/Nonce");
@@ -390,7 +396,34 @@
         }
         requestSecurityToken(tok.getIssuerAddress(), action, "/Renew", tok);
     }
-    
+    public void cancelSecurityToken(SecurityToken token) throws Exception {
+        createClient();
+        
+        client.getRequestContext().putAll(ctx);
+        client.getRequestContext().put(SecurityConstants.STS_TOKEN_CONTEXT_TOKEN, token);
+        BindingOperationInfo boi = findOperation("/RST/Cancel");
+        
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+        writer.writeStartElement("wst", "RequestType", namespace);
+        writer.writeCharacters(namespace + "/Cancel");
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wst", "CancelTarget", namespace);
+        Element el = token.getUnattachedReference();
+        if (el == null) {
+            el = token.getAttachedReference();
+        }
+        StaxUtils.copy(el, writer);
+
+        writer.writeEndElement();
+        writer.writeEndElement();
+        
+        Object obj[] = client.invoke(boi,
+                                     new DOMSource(writer.getDocument().getDocumentElement()));
+        System.out.println(obj);
+    }
+
     private String writeKeyType(W3CDOMStreamWriter writer, String keyType) throws XMLStreamException
{
         if (isSecureConv) {
             addLifetime(writer);
@@ -691,4 +724,5 @@
     }
 
 
+
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSUtils.java
Mon Mar  9 21:03:28 2009
@@ -84,18 +84,9 @@
         QName iName = new QName(ns, "SecurityTokenService");
         si.setName(iName);
         InterfaceInfo ii = new InterfaceInfo(si, iName);
-        OperationInfo oi = ii.addOperation(new QName(ns, "RequestSecurityToken"));
-        MessageInfo mii = oi.createMessage(new QName(ns, "RequestSecurityTokenMsg"), 
-                                           MessageInfo.Type.INPUT);
-        oi.setInput("RequestSecurityTokenMsg", mii);
-        MessagePartInfo mpi = mii.addMessagePart("request");
-        mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
         
-        MessageInfo mio = oi.createMessage(new QName(ns, "RequestSecurityTokenResponseMsg"),

-                                           MessageInfo.Type.OUTPUT);
-        oi.setOutput("RequestSecurityTokenResponseMsg", mio);
-        mpi = mio.addMessagePart("response");
-        mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+        OperationInfo ioi = addIssueOperation(ii, namespace, ns);
+        OperationInfo coi = addCancelOperation(ii, namespace, ns);
         
         si.setInterface(ii);
         service = new ServiceImpl(si);
@@ -117,7 +108,7 @@
         si.addEndpoint(ei);
         ei.addExtensor(policy);
         
-        BindingOperationInfo boi = bi.getOperation(oi);
+        BindingOperationInfo boi = bi.getOperation(ioi);
         SoapOperationInfo soi = boi.getExtensor(SoapOperationInfo.class);
         if (soi == null) {
             soi = new SoapOperationInfo();
@@ -125,8 +116,51 @@
         }
         soi.setAction(namespace + "/RST/Issue");
         
-
+        boi = bi.getOperation(coi);
+        soi = boi.getExtensor(SoapOperationInfo.class);
+        if (soi == null) {
+            soi = new SoapOperationInfo();
+            boi.addExtensor(soi);
+        }
+        soi.setAction(namespace + "/RST/Cancel");
         service.setDataBinding(new SourceDataBinding());
         return new EndpointImpl(bus, service, ei);
     }
+    
+    private static OperationInfo addIssueOperation(InterfaceInfo ii, 
+                                                   String namespace,
+                                                   String servNamespace) {
+        OperationInfo oi = ii.addOperation(new QName(servNamespace, "RequestSecurityToken"));
+        MessageInfo mii = oi.createMessage(new QName(servNamespace, "RequestSecurityTokenMsg"),

+                                           MessageInfo.Type.INPUT);
+        oi.setInput("RequestSecurityTokenMsg", mii);
+        MessagePartInfo mpi = mii.addMessagePart("request");
+        mpi.setElementQName(new QName(namespace, "RequestSecurityToken"));
+        
+        MessageInfo mio = oi.createMessage(new QName(servNamespace, 
+                                                     "RequestSecurityTokenResponseMsg"),

+                                           MessageInfo.Type.OUTPUT);
+        oi.setOutput("RequestSecurityTokenResponseMsg", mio);
+        mpi = mio.addMessagePart("response");
+        mpi.setElementQName(new QName(namespace, "RequestSecurityTokenResponse"));
+        return oi;
+    }
+    private static OperationInfo addCancelOperation(InterfaceInfo ii, 
+                                                    String namespace,
+                                                    String servNamespace) {
+        OperationInfo oi = ii.addOperation(new QName(servNamespace, "CancelSecurityToken"));
+        MessageInfo mii = oi.createMessage(new QName(servNamespace, "CancelSecurityTokenMsg"),

+                                           MessageInfo.Type.INPUT);
+        oi.setInput("CancelSecurityTokenMsg", mii);
+        MessagePartInfo mpi = mii.addMessagePart("request");
+        mpi.setElementQName(new QName(namespace, "CancelSecurityToken"));
+        
+        MessageInfo mio = oi.createMessage(new QName(servNamespace, 
+                                                     "CancelSecurityTokenResponseMsg"), 
+                                           MessageInfo.Type.OUTPUT);
+        oi.setOutput("CancelSecurityTokenResponseMsg", mio);
+        mpi = mio.addMessagePart("response");
+        mpi.setElementQName(new QName(namespace, "CancelSecurityTokenResponse"));
+        return oi;
+    }
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Mon Mar  9 21:03:28 2009
@@ -267,7 +267,9 @@
                 }
             }
         }
-        throw new PolicyException(new Message(reason, LOG));
+        if (!assertion.isOptional()) {
+            throw new PolicyException(new Message(reason, LOG));
+        }
     }
     protected void policyAsserted(PolicyAssertion assertion) {
         if (assertion == null) {
@@ -1134,6 +1136,7 @@
         }
         if (StringUtils.isEmpty(user)) {
             policyNotAsserted(token, "No " + type + " username found.");
+            return null;
         }
 
         String password = getPassword(user, token, WSPasswordCallback.SIGNATURE);
@@ -1156,8 +1159,8 @@
     }
 
     protected void doEndorsedSignatures(Map<Token, WSSecBase> tokenMap,
-                                          boolean isTokenProtection,
-                                          boolean isSigProtect) {
+                                        boolean isTokenProtection,
+                                        boolean isSigProtect) {
         
         for (Map.Entry<Token, WSSecBase> ent : tokenMap.entrySet()) {
             WSSecBase tempTok = ent.getValue();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=751832&r1=751831&r2=751832&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Mon Mar  9 21:03:28 2009
@@ -27,12 +27,16 @@
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import com.ibm.wsdl.util.xml.DOMUtils;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
+import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.Header;
 import org.apache.cxf.ws.security.policy.model.IssuedToken;
@@ -101,7 +105,11 @@
         }
         
     }
-    
+    private static void addSig(Vector<byte[]> signatureValues, byte[] val) {
+        if (val != null) {
+            signatureValues.add(val);
+        }
+    }
     public void handleBinding() {
         Collection<AssertionInfo> ais;
         WSSecTimestamp timestamp = createTimestamp();
@@ -136,11 +144,14 @@
                             if (token instanceof IssuedToken
                                 || token instanceof SecureConversationToken
                                 || token instanceof KeyValueToken) {
-                                signatureValues.add(doIssuedTokenSignature(token, signdParts,
-                                                                           sgndSuppTokens));
+                                addSig(signatureValues, doIssuedTokenSignature(token, signdParts,
+                                                                               sgndSuppTokens,
+                                                                               null));
                             } else if (token instanceof X509Token
                                 || token instanceof KeyValueToken) {
-                                signatureValues.add(doX509TokenSignature(token, signdParts,
sgndSuppTokens));
+                                addSig(signatureValues, doX509TokenSignature(token,
+                                                                             signdParts,
+                                                                             sgndSuppTokens));
                             }
                         }
                     }
@@ -159,30 +170,62 @@
                 
                 ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
                 if (ais != null) {
-                    SupportingToken sgndSuppTokens = null;
+                    SupportingToken endSuppTokens = null;
                     for (AssertionInfo ai : ais) {
-                        sgndSuppTokens = (SupportingToken)ai.getAssertion();
+                        endSuppTokens = (SupportingToken)ai.getAssertion();
                         ai.setAsserted(true);
                     } 
                     
-                    if (sgndSuppTokens != null) {
-                        for (Token token : sgndSuppTokens.getTokens()) {
+                    if (endSuppTokens != null) {
+                        for (Token token : endSuppTokens.getTokens()) {
                             if (token instanceof IssuedToken
                                 || token instanceof SecureConversationToken) {
-                                signatureValues.add(doIssuedTokenSignature(token, 
-                                                                           sgndSuppTokens.getSignedParts(),

-                                                                           sgndSuppTokens));
+                                addSig(signatureValues, doIssuedTokenSignature(token, 
+                                                                               endSuppTokens
+                                                                                   .getSignedParts(),

+                                                                               endSuppTokens,
+                                                                               null));
                             } else if (token instanceof X509Token
                                 || token instanceof KeyValueToken) {
-                                signatureValues.add(doX509TokenSignature(token, 
-                                                                         sgndSuppTokens.getSignedParts(),

-                                                                         sgndSuppTokens));
+                                addSig(signatureValues, doX509TokenSignature(token, 
+                                                                             endSuppTokens.getSignedParts(),

+                                                                             endSuppTokens));
                             }
                         }
                     }
-                    
                 }
-                
+                SecurityToken token = (SecurityToken)message
+                    .getContextualProperty(SecurityConstants.STS_TOKEN_CONTEXT_TOKEN);
+                if (token != null) {
+                    SupportingToken endSuppTokens 
+                        = new SupportingToken(SupportTokenType.SUPPORTING_TOKEN_ENDORSING,
+                                                            SP12Constants.INSTANCE);
+                    SignedEncryptedParts signedParts = new SignedEncryptedParts(true, 
+                                                                                SP12Constants.INSTANCE);
+                    signedParts.setBody(true);
+                    endSuppTokens.setSignedParts(signedParts);
+                    //need to endorse everything
+                    Element el = DOMUtils.getFirstChildElement(saaj.getSOAPHeader());
+                    while (el != null) {
+                        if (el != this.secHeader.getSecurityHeader()) {
+                            signedParts.addHeader(new Header(el.getLocalName(),
+                                                             el.getNamespaceURI()));
+                        }
+                        el = DOMUtils.getNextSiblingElement(el);
+                    }
+                    el = DOMUtils.getFirstChildElement(secHeader.getSecurityHeader());
+                    while (el != null) {
+                        if (timestamp != null && el != timestamp.getElement()) {
+                            signedParts.addHeader(new Header(el.getLocalName(),
+                                                             el.getNamespaceURI()));
+                        }
+                        el = DOMUtils.getNextSiblingElement(el);
+                    }
+                    addSig(signatureValues, doIssuedTokenSignature(new IssuedToken(SP12Constants.INSTANCE),

+                                                                   endSuppTokens.getSignedParts(),

+                                                                   endSuppTokens,
+                                                                   token));
+                }
                 ais = aim.get(SP12Constants.SUPPORTING_TOKENS);
                 if (ais != null) {
                     SupportingToken suppTokens = null;
@@ -265,38 +308,53 @@
             return dkSig.getSignatureValue();
         } else {
             WSSecSignature sig = getSignatureBuider(wrapper, token, false);
-            sig.prependBSTElementToHeader(secHeader);
+            if (sig != null) {
+                sig.prependBSTElementToHeader(secHeader);
             
-            sig.addReferencesToSign(sigParts, secHeader);
-            insertBeforeBottomUp(sig.getSignatureElement());
+                sig.addReferencesToSign(sigParts, secHeader);
+                insertBeforeBottomUp(sig.getSignatureElement());
             
-            sig.computeSignature();
+                sig.computeSignature();
             
-            return sig.getSignatureValue();    
+                return sig.getSignatureValue();
+            } else {
+                return null;
+            }
         }
     }
 
-    private byte[] doIssuedTokenSignature(Token token, SignedEncryptedParts signdParts,
-                                          TokenWrapper wrapper) throws Exception {
+    private byte[] doIssuedTokenSignature(Token token, 
+                                          SignedEncryptedParts signdParts,
+                                          TokenWrapper wrapper,
+                                          SecurityToken securityTok) throws Exception {
         Document doc = saaj.getSOAPPart();
         
         //Get the issued token
-        SecurityToken secTok = getSecurityToken();
+        SecurityToken secTok = securityTok;
+        if (secTok == null) {
+            secTok = getSecurityToken();
+        }
    
         SPConstants.IncludeTokenType inclusion = token.getInclusion();
         boolean tokenIncluded = false;
         
+        Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
         if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS
             || ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT

                 || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) 
                 && isRequestor())) {
           
             //Add the token
-            addEncyptedKeyElement(cloneElement(secTok.getToken()));
+            Element el = cloneElement(secTok.getToken());
+            if (securityTok != null) {
+                //do we need to sign this as well?
+                //String id = addWsuIdToElement(el);
+                //sigParts.add(new WSEncryptionPart(id));                          
+            }
+            
+            addEncyptedKeyElement(el);
             tokenIncluded = true;
         }
-
-        Vector<WSEncryptionPart> sigParts = new Vector<WSEncryptionPart>();
         
         if (timestampEl != null) {
             sigParts.add(new WSEncryptionPart(timestampEl.getId()));                    
     
@@ -306,7 +364,8 @@
             if (signdParts.isBody()) {
                 sigParts.add(new WSEncryptionPart(addWsuIdToElement(saaj.getSOAPBody())));
             }
-            if (secTok.getX509Certificate() != null) {
+            if (secTok.getX509Certificate() != null
+                || securityTok != null) {
                 //the "getX509Certificate" this is to workaround an issue in WCF
                 //In WCF, for TransportBinding, in most cases, it doesn't wan't any of
                 //the headers signed even if the policy sais so.   HOWEVER, for KeyValue



Mime
View raw message