cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r752221 [1/2] - in /cxf/trunk: api/src/main/java/org/apache/cxf/ws/policy/ rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/ rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/ rt/ws/security/src/main/java/org/apache/cxf/ws/security/ rt...
Date Tue, 10 Mar 2009 19:25:04 GMT
Author: dkulp
Date: Tue Mar 10 19:25:04 2009
New Revision: 752221

URL: http://svn.apache.org/viewvc?rev=752221&view=rev
Log:
Get the "cancel" stuff working for sec-conv tokens

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java   (with props)
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java   (with props)
Modified:
    cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java
    cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java
    cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java
    cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java
    cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java
    cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java
    cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java (original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/ws/policy/PolicyConstants.java Tue Mar 10 19:25:04 2009
@@ -58,7 +58,9 @@
         "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
     public static final String WSU_ID_ATTR_NAME = "Id";
 
-    
+    public static final String POLICY_OVERRIDE 
+        = "org.apache.cxf.ws.policy.override";
+        
     public static final String POLICY_IN_INTERCEPTOR_ID
         = "org.apache.cxf.ws.policy.PolicyInInterceptor";
     public static final String POLICY_OUT_INTERCEPTOR_ID

Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EffectivePolicyImpl.java Tue Mar 10 19:25:04 2009
@@ -69,10 +69,13 @@
     }
     
     
-    void initialise(EndpointPolicyImpl epi, PolicyEngineImpl engine) {
+    void initialise(EndpointPolicyImpl epi, PolicyEngineImpl engine, boolean inbound) {
         policy = epi.getPolicy();
         chosenAlternative = epi.getChosenAlternative();
-        initialiseInterceptors(engine, false);  
+        if (chosenAlternative == null) {
+            chooseAlternative(engine, null);
+        }
+        initialiseInterceptors(engine, inbound);  
     }
     
     void initialise(EndpointInfo ei, 

Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/EndpointPolicyImpl.java Tue Mar 10 19:25:04 2009
@@ -64,6 +64,9 @@
     public EndpointPolicyImpl() {
         
     }
+    public EndpointPolicyImpl(Policy p) {
+        policy = p;
+    }
     
     public EndpointPolicyImpl(EndpointInfo ei,
                               PolicyEngineImpl engine, 

Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyInInterceptor.java Tue Mar 10 19:25:04 2009
@@ -36,6 +36,7 @@
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
+import org.apache.neethi.Policy;
 
 /**
  * 
@@ -65,8 +66,28 @@
         }
         
         if (MessageUtils.isRequestor(msg)) {
+            
             BindingOperationInfo boi = exchange.get(BindingOperationInfo.class);
-            if (boi == null) {
+            Policy p = (Policy)msg.getContextualProperty(PolicyConstants.POLICY_OVERRIDE);
+            if (p != null) {
+                EndpointPolicyImpl endpi = new EndpointPolicyImpl(p);
+                EffectivePolicyImpl effectivePolicy = new EffectivePolicyImpl();
+                effectivePolicy.initialise(endpi, (PolicyEngineImpl)pe, true);
+                msg.put(EffectivePolicy.class, effectivePolicy);
+                PolicyUtils.logPolicy(LOG, Level.FINEST, "Using effective policy: ", 
+                                      effectivePolicy.getPolicy());
+                
+                List<Interceptor> interceptors = effectivePolicy.getInterceptors();
+                for (Interceptor i : interceptors) {            
+                    msg.getInterceptorChain().add(i);
+                    LOG.log(Level.FINE, "Added interceptor of type {0}", i.getClass().getSimpleName());
+                }
+                Collection<PolicyAssertion> assertions = effectivePolicy.getChosenAlternative();
+                if (null != assertions && !assertions.isEmpty()) {
+                    msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+                    msg.getInterceptorChain().add(PolicyVerificationInInterceptor.INSTANCE);
+                }
+            } else if (boi == null) {
                 Conduit conduit = exchange.getConduit(msg);
             
                 EndpointPolicy ep = pe.getClientEndpointPolicy(ei, conduit);

Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyOutInterceptor.java Tue Mar 10 19:25:04 2009
@@ -36,6 +36,7 @@
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.Destination;
+import org.apache.neethi.Policy;
 
 /**
  * 
@@ -70,8 +71,39 @@
         if (null == pe) {
             return;
         }
-        
-        if (MessageUtils.isRequestor(msg)) {
+        Policy p = (Policy)msg.getContextualProperty(PolicyConstants.POLICY_OVERRIDE);
+        if (p != null) {
+            EndpointPolicyImpl endpi = new EndpointPolicyImpl(p);
+            EffectivePolicyImpl effectivePolicy = new EffectivePolicyImpl();
+            effectivePolicy.initialise(endpi, (PolicyEngineImpl)pe, false);
+            msg.put(EffectivePolicy.class, effectivePolicy);
+            PolicyUtils.logPolicy(LOG, Level.FINEST, "Using effective policy: ", 
+                                  effectivePolicy.getPolicy());
+            
+            List<Interceptor> interceptors = effectivePolicy.getInterceptors();
+            for (Interceptor i : interceptors) {            
+                msg.getInterceptorChain().add(i);
+                LOG.log(Level.FINE, "Added interceptor of type {0}", i.getClass().getSimpleName());
+            }
+            
+            // insert assertions of the chosen alternative into the message
+            
+            Collection<PolicyAssertion> assertions = effectivePolicy.getChosenAlternative();
+            if (null != assertions && !assertions.isEmpty()) {
+                if (LOG.isLoggable(Level.FINEST)) {
+                    StringBuffer buf = new StringBuffer();
+                    buf.append("Chosen alternative: ");
+                    String nl = System.getProperty("line.separator");
+                    buf.append(nl);
+                    for (PolicyAssertion a : assertions) {
+                        PolicyUtils.printPolicyComponent(a, buf, 1);
+                    }
+                    LOG.finest(buf.toString());
+                }
+                msg.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+                msg.getInterceptorChain().add(PolicyVerificationOutInterceptor.INSTANCE);
+            }
+        } else if (MessageUtils.isRequestor(msg)) {
             Conduit conduit = exchange.getConduit(msg);
             
             // add the required interceptors

Modified: cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/policy/src/main/java/org/apache/cxf/ws/policy/PolicyVerificationInInterceptor.java Tue Mar 10 19:25:04 2009
@@ -84,11 +84,13 @@
         
         getTransportAssertions(message);  
         
-        EffectivePolicy effectivePolicy = null;
-        if (MessageUtils.isRequestor(message)) {
-            effectivePolicy = pe.getEffectiveClientResponsePolicy(ei, boi);
-        } else {
-            effectivePolicy = pe.getEffectiveServerRequestPolicy(ei, boi);
+        EffectivePolicy effectivePolicy = message.get(EffectivePolicy.class);
+        if (effectivePolicy == null) {
+            if (MessageUtils.isRequestor(message)) {
+                effectivePolicy = pe.getEffectiveClientResponsePolicy(ei, boi);
+            } else {
+                effectivePolicy = pe.getEffectiveServerRequestPolicy(ei, boi);
+            }
         }
                 
         aim.checkEffectivePolicy(effectivePolicy.getPolicy());

Modified: cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java (original)
+++ cxf/trunk/rt/ws/policy/src/test/java/org/apache/cxf/ws/policy/EffectivePolicyImplTest.java Tue Mar 10 19:25:04 2009
@@ -91,7 +91,7 @@
         effectivePolicy.initialiseInterceptors(pe, false);
         EasyMock.expectLastCall();
         control.replay();
-        effectivePolicy.initialise(endpointPolicy, pe);
+        effectivePolicy.initialise(endpointPolicy, pe, false);
         control.verify();    
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Tue Mar 10 19:25:04 2009
@@ -58,8 +58,7 @@
     public static final String STS_TOKEN_PROPERTIES = "ws-security.sts.token.properties";
     public static final String STS_TOKEN_USERNAME = "ws-security.sts.token.username";
     
-    
-    public static final String STS_TOKEN_CONTEXT_TOKEN = "ws-security.sts.token.context.token";
+    public static final String STS_TOKEN_DO_CANCEL = "ws-security.sts.token.do.cancel";
 
     public static final Set<String> ALL_PROPERTIES;
     
@@ -68,7 +67,8 @@
             USERNAME, PASSWORD, CALLBACK_HANDLER, 
             SIGNATURE_USERNAME, SIGNATURE_PROPERTIES, SIGNATURE_CRYPTO,
             ENCRYPT_USERNAME, ENCRYPT_PROPERTIES, ENCRYPT_CRYPTO,
-            TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO
+            TOKEN, TOKEN_ID, STS_CLIENT, STS_TOKEN_PROPERTIES, STS_TOKEN_CRYPTO,
+            STS_TOKEN_DO_CANCEL
         }));
         ALL_PROPERTIES = Collections.unmodifiableSet(s);
     }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=752221&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Tue Mar 10 19:25:04 2009
@@ -0,0 +1,535 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.List;
+import java.util.Vector;
+import java.util.logging.Logger;
+
+import javax.xml.transform.dom.DOMSource;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.binding.soap.SoapBindingConstants;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.interceptor.Interceptor;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageContentsList;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.invoker.Invoker;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
+import org.apache.cxf.transport.Destination;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.addressing.AddressingPropertiesImpl;
+import org.apache.cxf.ws.addressing.AttributedURIType;
+import org.apache.cxf.ws.addressing.JAXWSAConstants;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.EndpointPolicy;
+import org.apache.cxf.ws.policy.PolicyAssertion;
+import org.apache.cxf.ws.policy.PolicyEngine;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.ProtectionToken;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
+import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.Trust10;
+import org.apache.cxf.ws.security.policy.model.Trust13;
+import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.utils.Base64;
+
+class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+    static final Logger LOG = LogUtils.getL7dLogger(SecureConversationInInterceptor.class);
+
+    
+    public SecureConversationInInterceptor() {
+        super(Phase.PRE_PROTOCOL);
+    }
+    private Binding getBinding(AssertionInfoMap aim) {
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+        if (ais != null && !ais.isEmpty()) {
+            return (Binding)ais.iterator().next().getAssertion();
+        }
+        ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+        if (ais != null && !ais.isEmpty()) {
+            return (Binding)ais.iterator().next().getAssertion();
+        }
+        ais = aim.get(SP12Constants.TRANSPORT_BINDING);
+        if (ais != null && !ais.isEmpty()) {
+            return (Binding)ais.iterator().next().getAssertion();
+        }
+        return null;
+    }
+    public void handleMessage(SoapMessage message) throws Fault {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        // extract Assertion information
+        if (aim != null) {
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+            if (ais == null || ais.isEmpty()) {
+                return;
+            }
+            if (isRequestor(message)) {
+                //client side should be checked on the way out
+                for (AssertionInfo ai : ais) {
+                    ai.setAsserted(true);
+                }      
+                
+                Object s = message.getContextualProperty(SecurityConstants.STS_TOKEN_DO_CANCEL);
+                if (s != null && (Boolean.TRUE.equals(s) || "true".equalsIgnoreCase(s.toString()))) {
+                    SecureConversationToken tok = (SecureConversationToken)ais.iterator()
+                        .next().getAssertion();
+                    doCancel(message, aim, tok);
+                }
+                return;
+            }
+            String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+            String addNs = null;
+            AddressingProperties inProps = (AddressingProperties)message
+                .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
+            if (inProps != null) {
+                addNs = inProps.getNamespaceURI();
+                if (s == null) {
+                    //MS/WCF doesn't put a soap action out for this, must check the headers
+                    s = inProps.getAction().getValue();
+                }
+            }
+
+            if (s != null 
+                && s.contains("/RST/SCT")
+                && (s.startsWith(STSUtils.WST_NS_05_02)
+                    || s.startsWith(STSUtils.WST_NS_05_12))) {
+
+                SecureConversationToken tok = (SecureConversationToken)ais.iterator()
+                    .next().getAssertion();
+                Policy pol = tok.getBootstrapPolicy();
+                if (s.endsWith("Cancel") || s.endsWith("/Renew")) {
+                    //Cancel and Renew just sign with the token
+                    Policy p = new Policy();
+                    ExactlyOne ea = new ExactlyOne();
+                    p.addPolicyComponent(ea);
+                    All all = new All();
+                    PolicyAssertion ass = SecureConversationTokenInterceptorProvider
+                        .getAddressingPolicy(aim, false);
+                    all.addPolicyComponent(ass);
+                    ea.addPolicyComponent(all);
+                    SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE);
+                    binding.setIncludeTimestamp(true);
+                    ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE);
+                    token.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
+                    binding.setProtectionToken(token);
+                    binding.setEntireHeadersAndBodySignatures(true);
+                    
+                    Binding origBinding = getBinding(aim);
+                    binding.setAlgorithmSuite(origBinding.getAlgorithmSuite());
+                    all.addPolicyComponent(binding);
+                    
+                    SignedEncryptedParts parts = new SignedEncryptedParts(true, 
+                                                                          SP12Constants.INSTANCE);
+                    parts.setBody(true);
+                    if (addNs != null) {
+                        parts.addHeader(new Header("To", addNs));
+                        parts.addHeader(new Header("From", addNs));
+                        parts.addHeader(new Header("FaultTo", addNs));
+                        parts.addHeader(new Header("ReplyTO", addNs));
+                        parts.addHeader(new Header("MessageID", addNs));
+                        parts.addHeader(new Header("RelatesTo", addNs));
+                        parts.addHeader(new Header("Action", addNs));
+                    }
+                    all.addPolicyComponent(parts);
+                    pol = p;
+                    message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
+                } else {
+                    Policy p = new Policy();
+                    ExactlyOne ea = new ExactlyOne();
+                    p.addPolicyComponent(ea);
+                    All all = new All();
+                    PolicyAssertion ass = SecureConversationTokenInterceptorProvider
+                        .getAddressingPolicy(aim, false);
+                    all.addPolicyComponent(ass);
+                    ea.addPolicyComponent(all);
+                    pol = p.merge(pol);
+                }
+                
+                //setup SCT endpoint and forward to it.
+                unmapSecurityProps(message);
+                String ns = STSUtils.WST_NS_05_12;
+                if (s.startsWith(STSUtils.WST_NS_05_02)) {
+                    ns = STSUtils.WST_NS_05_02;
+                }
+                recalcEffectivePolicy(message, ns, pol);
+            } else {
+                message.getInterceptorChain().add(SecureConversationTokenFinderInterceptor.INSTANCE);
+            }
+        }
+    }
+    private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) {
+        Message m2 = message.getExchange().getOutMessage();
+        
+        SecurityToken tok = (SecurityToken)m2.getContextualProperty(SecurityConstants.TOKEN);
+        if (tok == null) {
+            String tokId = (String)m2.getContextualProperty(SecurityConstants.TOKEN_ID);
+            if (tokId != null) {
+                tok = SecureConversationTokenInterceptorProvider
+                    .getTokenStore(m2).getToken(tokId);
+            }
+        }
+
+        STSClient client = SecureConversationTokenInterceptorProvider.getClient(m2);
+        AddressingProperties maps =
+            (AddressingProperties)message
+                .get("javax.xml.ws.addressing.context.inbound");
+        if (maps == null) {
+            maps = (AddressingProperties)m2
+                .get("javax.xml.ws.addressing.context");
+        }
+        
+        synchronized (client) {
+            try {
+                SecureConversationTokenInterceptorProvider
+                    .setupClient(client, message, aim, itok, true);
+
+                if (maps != null) {
+                    client.setAddressingNamespace(maps.getNamespaceURI());
+                }
+                client.cancelSecurityToken(tok);
+            } catch (RuntimeException e) {
+                throw e;
+            } catch (Exception e) {
+                throw new Fault(e);
+            } finally {
+                client.setTrust((Trust10)null);
+                client.setTrust((Trust13)null);
+                client.setTemplate(null);
+                client.setLocation(null);
+                client.setAddressingNamespace(null);
+            }
+        }
+
+    }
+    private void recalcEffectivePolicy(SoapMessage message, 
+                                       String namespace,
+                                       Policy policy) {
+        Exchange ex = message.getExchange();
+        Bus bus = ex.get(Bus.class);
+        PolicyEngine pe = bus.getExtension(PolicyEngine.class);
+        if (null == pe) {
+            return;
+        }
+        Destination destination = ex.getDestination();
+        try {
+            Endpoint endpoint = message.getExchange().get(Endpoint.class);
+            TokenStore store = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
+            if (store == null) {
+                store = new MemoryTokenStore();
+                endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
+            }
+            endpoint = STSUtils.createSTSEndpoint(bus, 
+                                                  namespace,
+                                                  null,
+                                                  destination.getAddress().getAddress().getValue(),
+                                                  message.getVersion().getBindingId(), 
+                                                  policy,
+                                                  null);
+            endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
+        
+            EndpointPolicy ep = pe.getServerEndpointPolicy(endpoint.getEndpointInfo(), destination);
+            List<Interceptor> interceptors = ep.getInterceptors();
+            for (Interceptor i : interceptors) {
+                message.getInterceptorChain().add(i);
+            }
+            
+            Collection<PolicyAssertion> assertions = ep.getVocabulary();
+            if (null != assertions) {
+                message.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
+            }
+            endpoint.getService().setInvoker(new STSInvoker());
+            ex.put(Endpoint.class, endpoint);
+            ex.put(Service.class, endpoint.getService());
+        } catch (Exception exc) {
+            throw new Fault(exc);
+        }
+    }
+    private void unmapSecurityProps(Message message) {
+        Exchange ex = message.getExchange();
+        for (String s : SecurityConstants.ALL_PROPERTIES) {
+            Object v = message.getContextualProperty(s + ".sct");
+            if (v != null) {
+                ex.put(s, v);
+            }
+        }
+    }
+
+    public class STSInvoker implements Invoker {
+
+        public Object invoke(Exchange exchange, Object o) {
+            AddressingProperties inProps = (AddressingProperties)exchange.getInMessage()
+                .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
+            if (inProps != null) {
+                AddressingProperties props = new AddressingPropertiesImpl(inProps.getNamespaceURI());
+                AttributedURIType action = new AttributedURIType();
+                action.setValue(inProps.getAction().getValue().replace("/RST/", "/RSTR/"));
+                props.setAction(action);
+                exchange.getOutMessage().put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND,
+                                             props);
+            }
+            
+            MessageContentsList lst = (MessageContentsList)o;
+            DOMSource src = (DOMSource)lst.get(0);
+            Node nd = src.getNode();
+            Element requestEl = null;
+            if (nd instanceof Document) {
+                requestEl = ((Document)nd).getDocumentElement();
+            } else {
+                requestEl = (Element)nd;
+            }
+            String namespace = requestEl.getNamespaceURI();
+            String prefix = requestEl.getPrefix();
+            SecurityToken cancelToken = null;
+            if ("RequestSecurityToken".equals(requestEl.getLocalName())) {
+                try {
+                    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+                    writer.setNsRepairing(true);
+                    if (STSUtils.WST_NS_05_12.equals(namespace)) {
+                        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection",
+                                                 namespace);
+                    }
+                    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
+                    
+                    String requestType = null;
+                    Element el = DOMUtils.getFirstElement(requestEl);
+                    while (el != null) {
+                        String localName = el.getLocalName();
+                        if (namespace.equals(el.getNamespaceURI())) {
+                            if ("RequestType".equals(localName)) {
+                                requestType = el.getTextContent();
+                            } else if ("CancelTarget".equals(localName)) {
+                                cancelToken = findCancelToken(exchange, el);
+                            }
+                        }
+                        
+                        el = DOMUtils.getNextElement(el);
+                    }
+                    if (requestType == null) {
+                        requestType = "/Issue";
+                    }
+                    
+                    if (requestType.endsWith("/Issue")) { 
+                        doIssue(requestEl, exchange, writer, prefix, namespace);
+                    } else if (requestType.endsWith("/Cancel")) {
+                        TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+                            .getProperty(TokenStore.class.getName());
+                        cancelToken.setState(SecurityToken.State.CANCELLED);
+                        store.update(cancelToken);
+                        writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
+                        exchange.put(SecurityConstants.TOKEN, cancelToken);
+                    } else if (requestType.endsWith("/Renew")) {
+                        //REVISIT - implement
+                    }
+                    writer.writeEndElement();
+                    if (STSUtils.WST_NS_05_12.equals(namespace)) {
+                        writer.writeEndElement();
+                    }
+                    return new MessageContentsList(new DOMSource(writer.getDocument()));
+                } catch (RuntimeException ex) {
+                    throw ex;
+                } catch (Exception ex) {
+                    throw new Fault(ex);
+                }
+            } else {
+                throw new Fault("Unknown SecureConversation element: " + requestEl.getLocalName(),
+                                LOG);
+            }
+        }
+
+        private void doIssue(Element requestEl,
+                             Exchange exchange, W3CDOMStreamWriter writer,
+                             String prefix, String namespace) 
+            throws Exception {
+            byte clientEntropy[] = null;
+            int keySize = 256;
+            int ttl = 300000;
+            String tokenType = null;
+            Element el = DOMUtils.getFirstElement(requestEl);
+            while (el != null) {
+                String localName = el.getLocalName();
+                if (namespace.equals(el.getNamespaceURI())) {
+                    if ("Entropy".equals(localName)) {
+                        Element bs = DOMUtils.getFirstElement(el);
+                        if (bs != null) {
+                            clientEntropy = Base64.decode(bs.getTextContent());
+                        }
+                    } else if ("KeySize".equals(localName)) {
+                        keySize = Integer.parseInt(el.getTextContent());
+                    } else if ("TokenType".equals(localName)) {
+                        tokenType = el.getTextContent();
+                    }
+                }
+                
+                el = DOMUtils.getNextElement(el);
+            }
+            
+            writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
+            SecurityContextToken sct =
+                new SecurityContextToken(SecureConversationTokenInterceptorProvider
+                                              .getWSCVersion(tokenType), writer.getDocument());
+            
+            Calendar created = Calendar.getInstance();
+            Calendar expires = Calendar.getInstance();
+            expires.setTimeInMillis(System.currentTimeMillis() + ttl);
+
+            SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
+            token.setToken(sct.getElement());
+            token.setTokenType(WSConstants.WSC_SCT);
+            
+            writer.getCurrentNode().appendChild(sct.getElement());
+            writer.writeEndElement();        
+            
+            writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
+            token.setAttachedReference(SecureConversationTokenInterceptorProvider
+                                           .writeSecurityTokenReference(writer,
+                                                                   "#" + sct.getID(), 
+                                                                   tokenType));
+            writer.writeEndElement();
+            
+            writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
+            token.setUnattachedReference(SecureConversationTokenInterceptorProvider
+                                             .writeSecurityTokenReference(writer,
+                                                                     sct.getIdentifier(),
+                                                                     tokenType));
+            writer.writeEndElement();
+            
+            XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
+            writer.writeStartElement(prefix, "Lifetime", namespace);
+            writer.writeNamespace("wsu", WSConstants.WSU_NS);
+            writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
+            writer.writeCharacters(fmt.format(created.getTime()));
+            writer.writeEndElement();
+            
+            writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
+            writer.writeCharacters(fmt.format(expires.getTime()));
+            writer.writeEndElement();
+            writer.writeEndElement();
+
+            byte[] secret = SecureConversationTokenInterceptorProvider.writeProofToken(prefix, 
+                                            namespace,
+                                            writer,
+                                            clientEntropy, 
+                                            keySize);
+            token.setSecret(secret);
+            ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+                    .getProperty(TokenStore.class.getName())).add(token);
+        }
+
+        private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException {
+            SecurityTokenReference ref = new SecurityTokenReference(DOMUtils.getFirstElement(el));
+            String uri = ref.getReference().getURI();
+            TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
+                    .getProperty(TokenStore.class.getName());
+            return store.getToken(uri);
+        }
+
+    }
+    
+    
+    static final class SecureConversationTokenFinderInterceptor 
+        extends AbstractPhaseInterceptor<SoapMessage> {
+        
+        static final SecureConversationTokenFinderInterceptor INSTANCE 
+            = new SecureConversationTokenFinderInterceptor();
+        
+        private SecureConversationTokenFinderInterceptor() {
+            super(Phase.PRE_PROTOCOL);
+            addAfter(WSS4JInInterceptor.class.getName());
+        }
+
+        public void handleMessage(SoapMessage message) throws Fault {
+            //Find the SC token
+            boolean found = false;
+            List results = (List)message.get(WSHandlerConstants.RECV_RESULTS);
+            for (int i = 0; i < results.size(); i++) {
+                WSHandlerResult rResult =
+                        (WSHandlerResult) results.get(i);
+
+                Vector wsSecEngineResults = rResult.getResults();
+
+                for (int j = 0; j < wsSecEngineResults.size(); j++) {
+                    WSSecurityEngineResult wser =
+                            (WSSecurityEngineResult) wsSecEngineResults.get(j);
+                    Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+                    if (actInt.intValue() == WSConstants.SCT) {
+                        SecurityContextToken tok
+                            = (SecurityContextToken)wser
+                                .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
+                        message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
+                        found = true;
+                    }
+                }
+            }
+            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+            // extract Assertion information
+            if (aim != null) {
+                Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+                if (ais == null || ais.isEmpty()) {
+                    return;
+                }
+                for (AssertionInfo inf : ais) {
+                    if (found) {
+                        inf.setAsserted(true);
+                    } else {
+                        inf.setNotAsserted("No SecureConversation token found in message.");
+                    }
+                }
+            }
+        }
+    }
+
+    
+}
\ No newline at end of file

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java?rev=752221&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java Tue Mar 10 19:25:04 2009
@@ -0,0 +1,173 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.Collection;
+import java.util.Map;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.SP12Constants;
+import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
+import org.apache.cxf.ws.security.policy.model.Trust10;
+import org.apache.cxf.ws.security.policy.model.Trust13;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.ws.security.WSConstants;
+
+class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+    public SecureConversationOutInterceptor() {
+        super(Phase.PREPARE_SEND);
+    }
+    public void handleMessage(SoapMessage message) throws Fault {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        // extract Assertion information
+        if (aim != null) {
+            Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
+            if (ais == null || ais.isEmpty()) {
+                return;
+            }
+            if (isRequestor(message)) {
+                SecureConversationToken itok = (SecureConversationToken)ais.iterator()
+                    .next().getAssertion();
+                
+                SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+                if (tok == null) {
+                    String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+                    if (tokId != null) {
+                        tok = SecureConversationTokenInterceptorProvider
+                            .getTokenStore(message).getToken(tokId);
+                    }
+                }
+                if (tok == null) {
+                    tok = issueToken(message, aim, itok);
+                } else {
+                    renewToken(message, aim, tok, itok);
+                }
+                if (tok != null) {
+                    for (AssertionInfo ai : ais) {
+                        ai.setAsserted(true);
+                    }
+                    message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, 
+                                                                  tok.getId());
+                    SecureConversationTokenInterceptorProvider.getTokenStore(message).add(tok);
+                    
+                }
+            } else {
+                //server side should be checked on the way in
+                for (AssertionInfo ai : ais) {
+                    ai.setAsserted(true);
+                }                    
+            }
+        }
+    }
+    
+    
+    private void renewToken(SoapMessage message,
+                            AssertionInfoMap aim, 
+                            SecurityToken tok,
+                            SecureConversationToken itok) {
+        if (tok.getState() != SecurityToken.State.EXPIRED) {
+            return;
+        }
+        
+        STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+        AddressingProperties maps =
+            (AddressingProperties)message
+                .get("javax.xml.ws.addressing.context.outbound");
+        if (maps == null) {
+            maps = (AddressingProperties)message
+                .get("javax.xml.ws.addressing.context");
+        } else if (maps.getAction().getValue().endsWith("Renew")) {
+            return;
+        }
+        synchronized (client) {
+            try {
+                SecureConversationTokenInterceptorProvider.setupClient(client, message, aim, itok, true);
+
+                String s = message
+                    .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+                client.setLocation(s);
+                
+                Map<String, Object> ctx = client.getRequestContext();
+                ctx.put(SecurityConstants.TOKEN, tok);
+                if (maps != null) {
+                    client.setAddressingNamespace(maps.getNamespaceURI());
+                }
+                client.renewSecurityToken(tok);
+            } catch (RuntimeException e) {
+                throw e;
+            } catch (Exception e) {
+                throw new Fault(e);
+            } finally {
+                client.setTrust((Trust10)null);
+                client.setTrust((Trust13)null);
+                client.setTemplate(null);
+                client.setLocation(null);
+                client.setAddressingNamespace(null);
+            }
+        }            
+    }
+    private SecurityToken issueToken(SoapMessage message,
+                                     AssertionInfoMap aim,
+                                     SecureConversationToken itok) {
+        STSClient client = SecureConversationTokenInterceptorProvider.getClient(message);
+        AddressingProperties maps =
+            (AddressingProperties)message
+                .get("javax.xml.ws.addressing.context.outbound");
+        if (maps == null) {
+            maps = (AddressingProperties)message
+                .get("javax.xml.ws.addressing.context");
+        }
+        synchronized (client) {
+            try {
+                String s = SecureConversationTokenInterceptorProvider
+                    .setupClient(client, message, aim, itok, false);
+
+                SecurityToken tok = null;
+                if (maps != null) {
+                    client.setAddressingNamespace(maps.getNamespaceURI());
+                }
+                tok = client.requestSecurityToken(s);
+                tok.setTokenType(WSConstants.WSC_SCT);
+                return tok;
+            } catch (RuntimeException e) {
+                throw e;
+            } catch (Exception e) {
+                throw new Fault(e);
+            } finally {
+                client.setTrust((Trust10)null);
+                client.setTrust((Trust13)null);
+                client.setTemplate(null);
+                client.setLocation(null);
+                client.setAddressingNamespace(null);
+            }
+        }
+    }
+
+}
\ No newline at end of file

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java Tue Mar 10 19:25:04 2009
@@ -22,93 +22,56 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Arrays;
-import java.util.Calendar;
 import java.util.Collection;
-import java.util.List;
 import java.util.Map;
-import java.util.Vector;
 import java.util.logging.Logger;
 
 import javax.xml.stream.XMLStreamException;
-import javax.xml.transform.dom.DOMSource;
 
-import org.w3c.dom.Document;
 import org.w3c.dom.Element;
-import org.w3c.dom.Node;
 
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.Soap11;
-import org.apache.cxf.binding.soap.SoapBindingConstants;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.interceptor.Interceptor;
-import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageContentsList;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.service.Service;
-import org.apache.cxf.service.invoker.Invoker;
 import org.apache.cxf.staxutils.W3CDOMStreamWriter;
-import org.apache.cxf.transport.Destination;
-import org.apache.cxf.ws.addressing.AddressingProperties;
-import org.apache.cxf.ws.addressing.AddressingPropertiesImpl;
-import org.apache.cxf.ws.addressing.AttributedURIType;
-import org.apache.cxf.ws.addressing.JAXWSAConstants;
 import org.apache.cxf.ws.addressing.policy.MetadataConstants;
 import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.policy.EndpointPolicy;
 import org.apache.cxf.ws.policy.PolicyAssertion;
-import org.apache.cxf.ws.policy.PolicyEngine;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants.SupportTokenType;
-import org.apache.cxf.ws.security.policy.model.Binding;
-import org.apache.cxf.ws.security.policy.model.Header;
-import org.apache.cxf.ws.security.policy.model.ProtectionToken;
 import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.cxf.ws.security.policy.model.Trust10;
 import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSClient;
-import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
 import org.apache.neethi.All;
 import org.apache.neethi.ExactlyOne;
 import org.apache.neethi.Policy;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.conversation.ConversationConstants;
 import org.apache.ws.security.conversation.ConversationException;
 import org.apache.ws.security.conversation.dkalgo.P_SHA1;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.token.Reference;
-import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.message.token.SecurityTokenReference;
 import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
 import org.apache.xml.security.utils.Base64;
 
 /**
  * 
  */
 public class SecureConversationTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
-    private static final Logger LOG = LogUtils.getL7dLogger(SecureConversationTokenInterceptorProvider.class);
+    static final Logger LOG = LogUtils.getL7dLogger(SecureConversationTokenInterceptorProvider.class);
 
 
     public SecureConversationTokenInterceptorProvider() {
@@ -147,7 +110,7 @@
         }
         return tokenStore;
     }
-    private static PolicyAssertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
+    static PolicyAssertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
         Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
         PolicyAssertion assertion = null;
         if (null != lst && !lst.isEmpty()) {
@@ -228,507 +191,7 @@
         }
         return client;
     }
-    static class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
-        public SecureConversationOutInterceptor() {
-            super(Phase.PREPARE_SEND);
-        }
-        public void handleMessage(SoapMessage message) throws Fault {
-            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-            // extract Assertion information
-            if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
-                if (ais == null || ais.isEmpty()) {
-                    return;
-                }
-                if (isRequestor(message)) {
-                    SecureConversationToken itok = (SecureConversationToken)ais.iterator()
-                        .next().getAssertion();
-                    
-                    SecurityToken tok = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
-                    if (tok == null) {
-                        String tokId = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
-                        if (tokId != null) {
-                            tok = getTokenStore(message).getToken(tokId);
-                        }
-                    }
-                    if (tok == null) {
-                        tok = issueToken(message, aim, itok);
-                    } else {
-                        renewToken(message, aim, tok, itok);
-                    }
-                    if (tok != null) {
-                        for (AssertionInfo ai : ais) {
-                            ai.setAsserted(true);
-                        }
-                        message.getExchange().get(Endpoint.class).put(SecurityConstants.TOKEN_ID, 
-                                                                      tok.getId());
-                        getTokenStore(message).add(tok);
-                    }
-                } else {
-                    //server side should be checked on the way in
-                    for (AssertionInfo ai : ais) {
-                        ai.setAsserted(true);
-                    }                    
-                }
-            }
-        }
-        
-        
-        private void renewToken(SoapMessage message,
-                                AssertionInfoMap aim, 
-                                SecurityToken tok,
-                                SecureConversationToken itok) {
-            if (tok.getState() != SecurityToken.State.EXPIRED) {
-                return;
-            }
-            
-            STSClient client = getClient(message);
-            AddressingProperties maps =
-                (AddressingProperties)message
-                    .get("javax.xml.ws.addressing.context.outbound");
-            if (maps == null) {
-                maps = (AddressingProperties)message
-                    .get("javax.xml.ws.addressing.context");
-            } else if (maps.getAction().getValue().endsWith("Renew")) {
-                return;
-            }
-            synchronized (client) {
-                try {
-                    setupClient(client, message, aim, itok, true);
-
-                    String s = message
-                        .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
-                    client.setLocation(s);
-                    
-                    Map<String, Object> ctx = client.getRequestContext();
-                    ctx.put(SecurityConstants.TOKEN, tok);
-                    if (maps != null) {
-                        client.setAddressingNamespace(maps.getNamespaceURI());
-                    }
-                    client.renewSecurityToken(tok);
-                } catch (RuntimeException e) {
-                    throw e;
-                } catch (Exception e) {
-                    throw new Fault(e);
-                } finally {
-                    client.setTrust((Trust10)null);
-                    client.setTrust((Trust13)null);
-                    client.setTemplate(null);
-                    client.setLocation(null);
-                    client.setAddressingNamespace(null);
-                }
-            }            
-        }
-        private SecurityToken issueToken(SoapMessage message,
-                                         AssertionInfoMap aim,
-                                         SecureConversationToken itok) {
-            STSClient client = getClient(message);
-            AddressingProperties maps =
-                (AddressingProperties)message
-                    .get("javax.xml.ws.addressing.context.outbound");
-            if (maps == null) {
-                maps = (AddressingProperties)message
-                    .get("javax.xml.ws.addressing.context");
-            }
-            synchronized (client) {
-                try {
-                    String s = setupClient(client, message, aim, itok, false);
-
-                    SecurityToken tok = null;
-                    if (maps != null) {
-                        client.setAddressingNamespace(maps.getNamespaceURI());
-                    }
-                    tok = client.requestSecurityToken(s);
-                    tok.setTokenType(WSConstants.WSC_SCT);
-                    return tok;
-                } catch (RuntimeException e) {
-                    throw e;
-                } catch (Exception e) {
-                    throw new Fault(e);
-                } finally {
-                    client.setTrust((Trust10)null);
-                    client.setTrust((Trust13)null);
-                    client.setTemplate(null);
-                    client.setLocation(null);
-                    client.setAddressingNamespace(null);
-                }
-            }
-        }
-
-    }
-    static class SecureConversationTokenFinderInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
-        public SecureConversationTokenFinderInterceptor() {
-            super(Phase.PRE_PROTOCOL);
-            addAfter(WSS4JInInterceptor.class.getName());
-        }
-
-        public void handleMessage(SoapMessage message) throws Fault {
-            //Find the SC token
-            boolean found = false;
-            Vector results = (Vector)message.get(WSHandlerConstants.RECV_RESULTS);
-            for (int i = 0; i < results.size(); i++) {
-                WSHandlerResult rResult =
-                        (WSHandlerResult) results.get(i);
-
-                Vector wsSecEngineResults = rResult.getResults();
-
-                for (int j = 0; j < wsSecEngineResults.size(); j++) {
-                    WSSecurityEngineResult wser =
-                            (WSSecurityEngineResult) wsSecEngineResults.get(j);
-                    Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
-                    if (actInt.intValue() == WSConstants.SCT) {
-                        SecurityContextToken tok
-                            = (SecurityContextToken)wser
-                                .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
-                        message.getExchange().put(SecurityConstants.TOKEN_ID, tok.getID());
-                        found = true;
-                    }
-                }
-            }
-            if (!found) {
-                AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-                // extract Assertion information
-                if (aim != null) {
-                    Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
-                    if (ais == null || ais.isEmpty()) {
-                        return;
-                    }
-                    ais.iterator().next().setNotAsserted("No SecureConversation token found in message.");
-                }
-            }
-        }
-    }
-    static class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
-        public SecureConversationInInterceptor() {
-            super(Phase.PRE_PROTOCOL);
-        }
-        private Binding getBinding(AssertionInfoMap aim) {
-            Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-            if (ais != null && !ais.isEmpty()) {
-                return (Binding)ais.iterator().next().getAssertion();
-            }
-            ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-            if (ais != null && !ais.isEmpty()) {
-                return (Binding)ais.iterator().next().getAssertion();
-            }
-            ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-            if (ais != null && !ais.isEmpty()) {
-                return (Binding)ais.iterator().next().getAssertion();
-            }
-            return null;
-        }
-        public void handleMessage(SoapMessage message) throws Fault {
-            AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-            // extract Assertion information
-            if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURE_CONVERSATION_TOKEN);
-                if (ais == null || ais.isEmpty()) {
-                    return;
-                }
-                if (isRequestor(message)) {
-                    //client side should be checked on the way out
-                    for (AssertionInfo ai : ais) {
-                        ai.setAsserted(true);
-                    }                    
-                    return;
-                }
-                String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
-                String addNs = null;
-                AddressingProperties inProps = (AddressingProperties)message
-                    .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
-                if (inProps != null) {
-                    addNs = inProps.getNamespaceURI();
-                    if (s == null) {
-                        //MS/WCF doesn't put a soap action out for this, must check the headers
-                        s = inProps.getAction().getValue();
-                    }
-                }
-
-                if (s != null 
-                    && s.contains("/RST/SCT")
-                    && (s.startsWith(STSUtils.WST_NS_05_02)
-                        || s.startsWith(STSUtils.WST_NS_05_12))) {
-
-                    SecureConversationToken tok = (SecureConversationToken)ais.iterator()
-                        .next().getAssertion();
-                    Policy pol = tok.getBootstrapPolicy();
-                    if (s.endsWith("Cancel") || s.endsWith("/Renew")) {
-                        //Cancel and Renew just sign with the token
-                        Policy p = new Policy();
-                        ExactlyOne ea = new ExactlyOne();
-                        p.addPolicyComponent(ea);
-                        All all = new All();
-                        PolicyAssertion ass = getAddressingPolicy(aim, false);
-                        all.addPolicyComponent(ass);
-                        ea.addPolicyComponent(all);
-                        SymmetricBinding binding = new SymmetricBinding(SP12Constants.INSTANCE);
-                        ProtectionToken token = new ProtectionToken(SP12Constants.INSTANCE);
-                        token.setToken(new SecureConversationToken(SP12Constants.INSTANCE));
-                        binding.setProtectionToken(token);
-                        binding.setEntireHeadersAndBodySignatures(true);
-                        
-                        Binding origBinding = getBinding(aim);
-                        binding.setAlgorithmSuite(origBinding.getAlgorithmSuite());
-                        all.addPolicyComponent(binding);
-                        
-                        SignedEncryptedParts parts = new SignedEncryptedParts(true, 
-                                                                              SP12Constants.INSTANCE);
-                        parts.setBody(true);
-                        if (addNs != null) {
-                            parts.addHeader(new Header("To", addNs));
-                            parts.addHeader(new Header("From", addNs));
-                            parts.addHeader(new Header("FaultTo", addNs));
-                            parts.addHeader(new Header("ReplyTO", addNs));
-                            parts.addHeader(new Header("MessageID", addNs));
-                            parts.addHeader(new Header("RelatesTo", addNs));
-                            parts.addHeader(new Header("Action", addNs));
-                        }
-                        all.addPolicyComponent(parts);
-                        pol = p;
-                    } else {
-                        Policy p = new Policy();
-                        ExactlyOne ea = new ExactlyOne();
-                        p.addPolicyComponent(ea);
-                        All all = new All();
-                        PolicyAssertion ass = getAddressingPolicy(aim, false);
-                        all.addPolicyComponent(ass);
-                        ea.addPolicyComponent(all);
-                        pol = p.merge(pol);
-                    }
-                    
-                    //setup SCT endpoint and forward to it.
-                    unmapSecurityProps(message);
-                    String ns = STSUtils.WST_NS_05_12;
-                    if (s.startsWith(STSUtils.WST_NS_05_02)) {
-                        ns = STSUtils.WST_NS_05_02;
-                    }
-                    recalcEffectivePolicy(message, ns, pol);
-                } else {
-                    message.getInterceptorChain().add(new SecureConversationTokenFinderInterceptor());
-                }
-            }
-        }
-        private void recalcEffectivePolicy(SoapMessage message, 
-                                           String namespace,
-                                           Policy policy) {
-            Exchange ex = message.getExchange();
-            Bus bus = ex.get(Bus.class);
-            PolicyEngine pe = bus.getExtension(PolicyEngine.class);
-            if (null == pe) {
-                return;
-            }
-            Destination destination = ex.getDestination();
-            try {
-                Endpoint endpoint = message.getExchange().get(Endpoint.class);
-                TokenStore store = (TokenStore)message.getContextualProperty(TokenStore.class.getName());
-                if (store == null) {
-                    store = new MemoryTokenStore();
-                    endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
-                }
-                endpoint = STSUtils.createSTSEndpoint(bus, 
-                                                      namespace,
-                                                      null,
-                                                      destination.getAddress().getAddress().getValue(),
-                                                      message.getVersion().getBindingId(), 
-                                                      policy,
-                                                      null);
-                endpoint.getEndpointInfo().setProperty(TokenStore.class.getName(), store);
-            
-                EndpointPolicy ep = pe.getServerEndpointPolicy(endpoint.getEndpointInfo(), destination);
-                List<Interceptor> interceptors = ep.getInterceptors();
-                for (Interceptor i : interceptors) {
-                    message.getInterceptorChain().add(i);
-                }
-                
-                Collection<PolicyAssertion> assertions = ep.getVocabulary();
-                if (null != assertions) {
-                    message.put(AssertionInfoMap.class, new AssertionInfoMap(assertions));
-                }
-                endpoint.getService().setInvoker(new STSInvoker());
-                ex.put(Endpoint.class, endpoint);
-                ex.put(Service.class, endpoint.getService());
-            } catch (Exception exc) {
-                throw new Fault(exc);
-            }
-        }
-        private void unmapSecurityProps(Message message) {
-            Exchange ex = message.getExchange();
-            for (String s : SecurityConstants.ALL_PROPERTIES) {
-                Object v = message.getContextualProperty(s + ".sct");
-                if (v != null) {
-                    ex.put(s, v);
-                }
-            }
-        }
-
-        public class STSInvoker implements Invoker {
-
-            public Object invoke(Exchange exchange, Object o) {
-                AddressingProperties inProps = (AddressingProperties)exchange.getInMessage()
-                    .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
-                if (inProps != null) {
-                    AddressingProperties props = new AddressingPropertiesImpl(inProps.getNamespaceURI());
-                    AttributedURIType action = new AttributedURIType();
-                    action.setValue(inProps.getAction().getValue().replace("/RST/", "/RSTR/"));
-                    props.setAction(action);
-                    exchange.getOutMessage().put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND,
-                                                 props);
-                }
-                
-                MessageContentsList lst = (MessageContentsList)o;
-                DOMSource src = (DOMSource)lst.get(0);
-                Node nd = src.getNode();
-                Element requestEl = null;
-                if (nd instanceof Document) {
-                    requestEl = ((Document)nd).getDocumentElement();
-                } else {
-                    requestEl = (Element)nd;
-                }
-                String namespace = requestEl.getNamespaceURI();
-                String prefix = requestEl.getPrefix();
-                SecurityToken cancelToken = null;
-                if ("RequestSecurityToken".equals(requestEl.getLocalName())) {
-                    try {
-                        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
-                        writer.setNsRepairing(true);
-                        if (STSUtils.WST_NS_05_12.equals(namespace)) {
-                            writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection",
-                                                     namespace);
-                        }
-                        writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
-                        
-                        String requestType = null;
-                        Element el = DOMUtils.getFirstElement(requestEl);
-                        while (el != null) {
-                            String localName = el.getLocalName();
-                            if (namespace.equals(el.getNamespaceURI())) {
-                                if ("RequestType".equals(localName)) {
-                                    requestType = el.getTextContent();
-                                } else if ("CancelTarget".equals(localName)) {
-                                    cancelToken = findCancelToken(exchange, el);
-                                }
-                            }
-                            
-                            el = DOMUtils.getNextElement(el);
-                        }
-                        if (requestType == null) {
-                            requestType = "/Issue";
-                        }
-                        
-                        if (requestType.endsWith("/Issue")) { 
-                            doIssue(requestEl, exchange, writer, prefix, namespace);
-                        } else if (requestType.endsWith("/Cancel")) {
-                            TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
-                                .getProperty(TokenStore.class.getName());
-                            cancelToken.setState(SecurityToken.State.CANCELLED);
-                            store.update(cancelToken);
-                            writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);
-                            exchange.put(SecurityConstants.TOKEN, cancelToken);
-                        } else if (requestType.endsWith("/Renew")) {
-                            //REVISIT - implement
-                        }
-                        writer.writeEndElement();
-                        if (STSUtils.WST_NS_05_12.equals(namespace)) {
-                            writer.writeEndElement();
-                        }
-                        return new MessageContentsList(new DOMSource(writer.getDocument()));
-                    } catch (RuntimeException ex) {
-                        throw ex;
-                    } catch (Exception ex) {
-                        throw new Fault(ex);
-                    }
-                } else {
-                    throw new Fault("Unknown SecureConversation element: " + requestEl.getLocalName(), LOG);
-                }
-            }
-
-            private void doIssue(Element requestEl,
-                                 Exchange exchange, W3CDOMStreamWriter writer,
-                                 String prefix, String namespace) 
-                throws Exception {
-                byte clientEntropy[] = null;
-                int keySize = 256;
-                int ttl = 300000;
-                String tokenType = null;
-                Element el = DOMUtils.getFirstElement(requestEl);
-                while (el != null) {
-                    String localName = el.getLocalName();
-                    if (namespace.equals(el.getNamespaceURI())) {
-                        if ("Entropy".equals(localName)) {
-                            Element bs = DOMUtils.getFirstElement(el);
-                            if (bs != null) {
-                                clientEntropy = Base64.decode(bs.getTextContent());
-                            }
-                        } else if ("KeySize".equals(localName)) {
-                            keySize = Integer.parseInt(el.getTextContent());
-                        } else if ("TokenType".equals(localName)) {
-                            tokenType = el.getTextContent();
-                        }
-                    }
-                    
-                    el = DOMUtils.getNextElement(el);
-                }
-                
-                writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
-                SecurityContextToken sct =
-                    new SecurityContextToken(getWSCVersion(tokenType), writer.getDocument());
-                
-                Calendar created = Calendar.getInstance();
-                Calendar expires = Calendar.getInstance();
-                expires.setTimeInMillis(System.currentTimeMillis() + ttl);
-
-                SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
-                token.setToken(sct.getElement());
-                token.setTokenType(WSConstants.WSC_SCT);
-                
-                writer.getCurrentNode().appendChild(sct.getElement());
-                writer.writeEndElement();        
-                
-                writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
-                token.setAttachedReference(writeSecurityTokenReference(writer,
-                                                                       "#" + sct.getID(), 
-                                                                       tokenType));
-                writer.writeEndElement();
-                
-                writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
-                token.setUnattachedReference(writeSecurityTokenReference(writer,
-                                                                         sct.getIdentifier(),
-                                                                         tokenType));
-                writer.writeEndElement();
-                
-                XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
-                writer.writeStartElement(prefix, "Lifetime", namespace);
-                writer.writeNamespace("wsu", WSConstants.WSU_NS);
-                writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
-                writer.writeCharacters(fmt.format(created.getTime()));
-                writer.writeEndElement();
-                
-                writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
-                writer.writeCharacters(fmt.format(expires.getTime()));
-                writer.writeEndElement();
-                writer.writeEndElement();
-
-                byte[] secret = writeProofToken(prefix, 
-                                                namespace,
-                                                writer,
-                                                clientEntropy, 
-                                                keySize);
-                token.setSecret(secret);
-                ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
-                        .getProperty(TokenStore.class.getName())).add(token);
-            }
-
-            private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException {
-                SecurityTokenReference ref = new SecurityTokenReference(DOMUtils.getFirstElement(el));
-                String uri = ref.getReference().getURI();
-                TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
-                        .getProperty(TokenStore.class.getName());
-                return store.getToken(uri);
-            }
-
-        }
-    }
-    private static byte[] writeProofToken(String prefix, 
+    static byte[] writeProofToken(String prefix, 
                                           String namespace,
                                           W3CDOMStreamWriter writer,
                                           byte[] clientEntropy,
@@ -769,7 +232,7 @@
         return secret;
     }
     
-    private static Element writeSecurityTokenReference(W3CDOMStreamWriter writer,
+    static Element writeSecurityTokenReference(W3CDOMStreamWriter writer,
                                                     String id,
                                                     String refValueType) {
 
@@ -786,7 +249,7 @@
     }
 
     
-    private static int getWSCVersion(String tokenTypeValue) throws ConversationException {
+    static int getWSCVersion(String tokenTypeValue) throws ConversationException {
 
         if (tokenTypeValue == null) {
             return ConversationConstants.DEFAULT_VERSION;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AlgorithmSuite.java Tue Mar 10 19:25:04 2009
@@ -79,6 +79,12 @@
 
 
 
+    public AlgorithmSuite() {
+        super(SP12Constants.INSTANCE);
+    }
+
+
+
     /**
      * @return Returns the asymmetricKeyWrap.
      */

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ProtectionToken.java Tue Mar 10 19:25:04 2009
@@ -27,6 +27,9 @@
 
 public class ProtectionToken extends TokenWrapper {
 
+    public ProtectionToken() {
+        super(SP12Constants.INSTANCE);
+    }
     public ProtectionToken(SPConstants version) {
         super(version);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SecureConversationToken.java Tue Mar 10 19:25:04 2009
@@ -38,10 +38,14 @@
 
     private Element issuerEpr;
 
+    public SecureConversationToken() {
+        super(SP12Constants.INSTANCE);
+    }
     public SecureConversationToken(SPConstants version) {
         super(version);
     }
 
+
     /**
      * @return Returns the bootstrapPolicy.
      */

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java Tue Mar 10 19:25:04 2009
@@ -45,6 +45,10 @@
         super(version);
         this.signedParts = signedParts;
     }
+    public SignedEncryptedParts(boolean signedParts) {
+        super(SP12Constants.INSTANCE);
+        this.signedParts = signedParts;
+    }
 
     /**
      * @return Returns the body.

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java?rev=752221&r1=752220&r2=752221&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SymmetricBinding.java Tue Mar 10 19:25:04 2009
@@ -36,6 +36,9 @@
     private SignatureToken signatureToken;
     private ProtectionToken protectionToken;
 
+    public SymmetricBinding() {
+        super(SP12Constants.INSTANCE);
+    }
     public SymmetricBinding(SPConstants version) {
         super(version);
     }



Mime
View raw message