cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1069865 [1/3] - in /cxf/trunk: ./ distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/ distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/ rt/ws/se...
Date Fri, 11 Feb 2011 16:33:48 GMT
Author: coheigea
Date: Fri Feb 11 16:33:46 2011
New Revision: 1069865

URL: http://svn.apache.org/viewvc?rev=1069865&view=rev
Log:
Merging wss4j-1.6-snapshot branch to trunk.

Removed:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenProcessorWithoutCallbacks.java
Modified:
    cxf/trunk/   (props changed)
    cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java
    cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java
    cxf/trunk/rt/ws/security/pom.xml
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ContentEncryptedElements.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredElements.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredParts.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedElements.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/CustomProcessor.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWss4JInOutTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/SignatureConfirmationTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JInOutTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/WSS4JOutInterceptorTest.java
    cxf/trunk/systests/databinding/src/test/resources/aegisJaxWsBeans.xml
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssc/server/Server.java
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec10/server/UTPasswordCallback.java
    cxf/trunk/systests/ws-specs/src/test/java/org/apache/cxf/systest/ws/wssec11/server/KeystorePasswordCallback.java

Propchange: cxf/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Fri Feb 11 16:33:46 2011
@@ -0,0 +1,2 @@
+/cxf/branches/wss4j-1.6-port:1043100-1069432
+/cxf/sandbox/wss4j-1.6-port:1031652-1043098

Modified: cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssc/src/main/java/interop/client/KeystorePasswordCallback.java Fri Feb 11 16:33:46 2011
@@ -61,17 +61,11 @@ public class KeystorePasswordCallback im
                 //The above is an issue when doing encrypt or signing only.
                 //Perhaps using a more suitable keystore format like .jks would be better
                 pc.setPassword("password");
-                return;
             } catch (NumberFormatException nfe) {
-                //not a pfx alias, carry on to next
-            }
-
-            String pass = passwords.get(pc.getIdentifier());
-            if (pass != null) {
-                pc.setPassword(pass);
-                return;
-            } else {
-                pc.setPassword("password");
+                String pass = passwords.get(pc.getIdentifier());
+                if (pass != null) {
+                    pc.setPassword(pass);
+                }
             }
         }
     } 

Modified: cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java
URL: http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java (original)
+++ cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/wssec11/src/main/java/interop/server/KeystorePasswordCallback.java Fri Feb 11 16:33:46 2011
@@ -42,6 +42,8 @@ public class KeystorePasswordCallback im
         passwords.put("alice", "abcd!1234");
         passwords.put("Bob", "abcd!1234");
         passwords.put("bob", "abcd!1234");
+        passwords.put("350334201beea6502d11342f93eea09fc0b5df01", "password");
+        passwords.put("abcd", "dcba");
     }
 
     /**
@@ -55,9 +57,6 @@ public class KeystorePasswordCallback im
             String pass = passwords.get(pc.getIdentifier());
             if (pass != null) {
                 pc.setPassword(pass);
-                return;
-            } else {
-                pc.setPassword("password");
             }
         }
     }

Modified: cxf/trunk/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/pom.xml?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/pom.xml (original)
+++ cxf/trunk/rt/ws/security/pom.xml Fri Feb 11 16:33:46 2011
@@ -91,21 +91,9 @@
         <dependency>
             <groupId>org.apache.ws.security</groupId>
             <artifactId>wss4j</artifactId>
-            <version>1.5.11</version>
+            <version>1.6-SNAPSHOT</version>
             <exclusions>
                 <exclusion>
-                    <groupId>axis</groupId>
-                    <artifactId>axis</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>opensaml</groupId>
-                    <artifactId>opensaml</artifactId>
-                </exclusion>
-                <exclusion>
-                    <groupId>axis</groupId>
-                    <artifactId>axis-ant</artifactId>
-                </exclusion>
-                <exclusion>
                     <groupId>xerces</groupId>
                     <artifactId>xercesImpl</artifactId>
                 </exclusion>

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Fri Feb 11 16:33:46 2011
@@ -31,6 +31,7 @@ public final class SecurityConstants {
     public static final String USERNAME = "ws-security.username";
     public static final String PASSWORD = "ws-security.password";
     public static final String VALIDATE_TOKEN = "ws-security.validate.token";
+    public static final String USERNAME_TOKEN_VALIDATOR = "ws-security.ut.validator";
     
     public static final String CALLBACK_HANDLER = "ws-security.callback-handler";
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java Fri Feb 11 16:33:46 2011
@@ -21,7 +21,6 @@ package org.apache.cxf.ws.security.polic
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
 
 public final class SP11Constants extends SPConstants {
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java Fri Feb 11 16:33:46 2011
@@ -21,8 +21,6 @@ package org.apache.cxf.ws.security.polic
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.common.util.StringUtils;
-import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
-import org.apache.cxf.ws.security.policy.SPConstants.Version;
 
 public final class SP12Constants extends SPConstants {
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Fri Feb 11 16:33:46 2011
@@ -22,11 +22,11 @@ package org.apache.cxf.ws.security.polic
 import java.security.Principal;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Vector;
-
+import java.util.List;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
@@ -213,14 +213,11 @@ public class IssuedTokenInterceptorProvi
                 }
                 if (!isRequestor(message)) {
                     boolean found = false;
-                    Vector results = (Vector)message.get(WSHandlerConstants.RECV_RESULTS);
+                    List<WSHandlerResult> results = 
+                        CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
                     if (results != null) {
-                        for (int i = 0; i < results.size(); i++) {
-                            WSHandlerResult rResult =
-                                    (WSHandlerResult) results.get(i);
-    
-                            Vector wsSecEngineResults = rResult.getResults();
-                            SecurityToken token = findIssuedToken(wsSecEngineResults);
+                        for (WSHandlerResult rResult : results) {
+                            SecurityToken token = findIssuedToken(rResult.getResults());
                             if (token != null) {
                                 found = true;
                                 message.getExchange().put(SecurityConstants.TOKEN, token);
@@ -239,10 +236,10 @@ public class IssuedTokenInterceptorProvi
             }
         }
         
-        private SecurityToken findIssuedToken(Vector wsSecEngineResults) {
-            for (int j = 0; j < wsSecEngineResults.size(); j++) {
-                WSSecurityEngineResult wser =
-                    (WSSecurityEngineResult) wsSecEngineResults.get(j);
+        private SecurityToken findIssuedToken(
+            List<WSSecurityEngineResult> wsSecEngineResults
+        ) {
+            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                 Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                 if (actInt.intValue() == WSConstants.SIGN) {
                     Principal principal = 
@@ -251,13 +248,13 @@ public class IssuedTokenInterceptorProvi
                         CustomTokenPrincipal customPrincipal = 
                             (CustomTokenPrincipal)principal;
                         byte[] secretKey = 
-                            (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+                            (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
                         if (secretKey != null) {
                             SecurityToken token = 
                                 new SecurityToken(
                                     customPrincipal.getName(), 
-                                    (java.util.Calendar)null, 
-                                    (java.util.Calendar)null
+                                    (java.util.Date)null, 
+                                    (java.util.Date)null
                                 );
                             token.setSecret(secretKey);
                             return token;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java Fri Feb 11 16:33:46 2011
@@ -19,10 +19,9 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
-import java.util.Calendar;
 import java.util.Collection;
+import java.util.Date;
 import java.util.List;
-import java.util.Vector;
 import java.util.logging.Logger;
 
 import javax.xml.transform.dom.DOMSource;
@@ -36,6 +35,7 @@ import org.apache.cxf.binding.soap.SoapB
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.interceptor.Interceptor;
@@ -86,8 +86,8 @@ import org.apache.ws.security.handler.WS
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.token.SecurityContextToken;
 import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.XmlSchemaDateFormat;
-import org.apache.xml.security.utils.Base64;
 
 class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
     static final Logger LOG = LogUtils.getL7dLogger(SecureConversationInInterceptor.class);
@@ -385,10 +385,10 @@ class SecureConversationInInterceptor ex
                 new SecurityContextToken(SecureConversationTokenInterceptorProvider
                                               .getWSCVersion(tokenType), writer.getDocument());
             
-            Calendar created = Calendar.getInstance();
-            Calendar expires = Calendar.getInstance();
-            expires.setTimeInMillis(System.currentTimeMillis() + ttl);
-
+            Date created = new Date();
+            Date expires = new Date();
+            expires.setTime(created.getTime() + (ttl * 1000));
+            
             SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
             token.setToken(sct.getElement());
             token.setTokenType(WSConstants.WSC_SCT);
@@ -457,17 +457,13 @@ class SecureConversationInInterceptor ex
         public void handleMessage(SoapMessage message) throws Fault {
             //Find the SC token
             boolean found = false;
-            List results = (List)message.get(WSHandlerConstants.RECV_RESULTS);
+            List<WSHandlerResult> results = 
+                CastUtils.cast((List<?>)message.get(WSHandlerConstants.RECV_RESULTS));
             if (results != null) {
-                for (int i = 0; i < results.size(); i++) {
-                    WSHandlerResult rResult =
-                            (WSHandlerResult) results.get(i);
+                for (WSHandlerResult rResult : results) {
+                    List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
     
-                    Vector wsSecEngineResults = rResult.getResults();
-    
-                    for (int j = 0; j < wsSecEngineResults.size(); j++) {
-                        WSSecurityEngineResult wser =
-                                (WSSecurityEngineResult) wsSecEngineResults.get(j);
+                    for (WSSecurityEngineResult wser : wsSecEngineResults) {
                         Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                         if (actInt.intValue() == WSConstants.SCT) {
                             SecurityContextToken tok
@@ -522,6 +518,7 @@ class SecureConversationInInterceptor ex
             doCancel(message, aim, tok);
 
         }
+        
         private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken itok) {
             Message m2 = message.getExchange().getOutMessage();
             

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.java Fri Feb 11 16:33:46 2011
@@ -20,7 +20,6 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Map;
@@ -67,8 +66,8 @@ import org.apache.ws.security.conversati
 import org.apache.ws.security.conversation.dkalgo.P_SHA1;
 import org.apache.ws.security.message.token.Reference;
 import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.Base64;
 import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -96,6 +95,7 @@ public class SecureConversationTokenInte
         }
         return (Trust10)ais.iterator().next().getAssertion();
     }
+    
     static final Trust13 getTrust13(AssertionInfoMap aim) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
         if (ais == null || ais.isEmpty()) {
@@ -114,6 +114,7 @@ public class SecureConversationTokenInte
         }
         return tokenStore;
     }
+    
     static PolicyAssertion getAddressingPolicy(AssertionInfoMap aim, boolean optional) {
         Collection<AssertionInfo> lst = aim.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
         PolicyAssertion assertion = null;
@@ -233,6 +234,7 @@ public class SecureConversationTokenInte
         }
         return client;
     }
+    
     static byte[] writeProofToken(String prefix, 
                                           String namespace,
                                           W3CDOMStreamWriter writer,
@@ -242,9 +244,7 @@ public class SecureConversationTokenInte
         byte secret[] = null; 
         writer.writeStartElement(prefix, "RequestedProofToken", namespace);
         if (clientEntropy == null) {
-            SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-            secret = new byte[keySize / 8];
-            random.nextBytes(secret);
+            secret = WSSecurityUtil.generateNonce(keySize / 8);
             
             writer.writeStartElement(prefix, "BinarySecret", namespace);
             writer.writeAttribute("Type", namespace + "/Nonce");

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ContentEncryptedElements.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ContentEncryptedElements.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ContentEncryptedElements.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/ContentEncryptedElements.java Fri Feb 11 16:33:46 2011
@@ -109,8 +109,8 @@ public class ContentEncryptedElements ex
 
         String xpathExpression;
 
-        for (Iterator iterator = xPathExpressions.iterator(); iterator.hasNext();) {
-            xpathExpression = (String)iterator.next();
+        for (Iterator<String> iterator = xPathExpressions.iterator(); iterator.hasNext();) {
+            xpathExpression = iterator.next();
             // <sp:XPath ..>
             writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
             writer.writeCharacters(xpathExpression);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredElements.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredElements.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredElements.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredElements.java Fri Feb 11 16:33:46 2011
@@ -109,8 +109,8 @@ public class RequiredElements extends Ab
 
         String xpathExpression;
 
-        for (Iterator iterator = xPathExpressions.iterator(); iterator.hasNext();) {
-            xpathExpression = (String)iterator.next();
+        for (Iterator<String> iterator = xPathExpressions.iterator(); iterator.hasNext();) {
+            xpathExpression = iterator.next();
             // <sp:XPath ..>
             writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
             writer.writeCharacters(xpathExpression);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredParts.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredParts.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredParts.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/RequiredParts.java Fri Feb 11 16:33:46 2011
@@ -82,8 +82,8 @@ public class RequiredParts extends Abstr
         writer.writeNamespace(prefix, namespaceURI);
 
         Header header;
-        for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
-            header = (Header)iterator.next();
+        for (Iterator<Header> iterator = headers.iterator(); iterator.hasNext();) {
+            header = iterator.next();
             // <sp:Header Name=".." Namespace=".." />
             writer.writeStartElement(prefix, SPConstants.HEADER, namespaceURI);
             // Name attribute is optional

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedElements.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedElements.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedElements.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedElements.java Fri Feb 11 16:33:46 2011
@@ -114,8 +114,8 @@ public class SignedEncryptedElements ext
 
         String xpathExpression;
 
-        for (Iterator iterator = xPathExpressions.iterator(); iterator.hasNext();) {
-            xpathExpression = (String)iterator.next();
+        for (Iterator<String> iterator = xPathExpressions.iterator(); iterator.hasNext();) {
+            xpathExpression = iterator.next();
             // <sp:XPath ..>
             writer.writeStartElement(prefix, SPConstants.XPATH_EXPR, namespaceURI);
             writer.writeCharacters(xpathExpression);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SignedEncryptedParts.java Fri Feb 11 16:33:46 2011
@@ -140,8 +140,8 @@ public class SignedEncryptedParts extend
         }
 
         Header header;
-        for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
-            header = (Header)iterator.next();
+        for (Iterator<Header> iterator = headers.iterator(); iterator.hasNext();) {
+            header = iterator.next();
             // <sp:Header Name=".." Namespace=".." />
             writer.writeStartElement(prefix, SPConstants.HEADER, namespaceURI);
             // Name attribute is optional

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/MemoryTokenStore.java Fri Feb 11 16:33:46 2011
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.token
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
@@ -108,18 +109,19 @@ public class MemoryTokenStore implements
     }
 
     protected void processTokenExpiry() {
-        long time = System.currentTimeMillis();
         for (SecurityToken token : tokens.values()) {
             if (token.getState() == State.EXPIRED
                 || token.getState() == State.CANCELLED) {
                 if (autoRemove) {
                     remove(token);
                 }
-            } else if (token.getExpires() != null 
-                && token.getExpires().getTimeInMillis() < time) {
-                token.setState(SecurityToken.State.EXPIRED);
-                if (autoRemove) {
-                    remove(token);
+            } else if (token.getExpires() != null) {
+                Date current = new Date();
+                if (token.getExpires().before(current)) {
+                    token.setState(SecurityToken.State.EXPIRED);
+                    if (autoRemove) {
+                        remove(token);
+                    }
                 }
             }            
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/tokenstore/SecurityToken.java Fri Feb 11 16:33:46 2011
@@ -20,12 +20,11 @@
 package org.apache.cxf.ws.security.tokenstore;
 
 import java.security.cert.X509Certificate;
-import java.util.Calendar;
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Date;
 import java.util.Properties;
 
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeFactory;
-
 import org.w3c.dom.Element;
 
 import org.apache.cxf.helpers.DOMUtils;
@@ -34,6 +33,7 @@ import org.apache.cxf.staxutils.W3CDOMSt
 import org.apache.ws.security.WSConstants;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
 
 
 /**
@@ -106,12 +106,12 @@ public class SecurityToken {
     /**
      * Created time
      */
-    private Calendar created;
+    private Date created;
     
     /**
      * Expiration time
      */
-    private Calendar expires;
+    private Date expires;
     
     /**
      * Issuer end point address
@@ -136,7 +136,7 @@ public class SecurityToken {
     public SecurityToken() {
         
     }
-    public SecurityToken(String id, Calendar created, Calendar expires) {
+    public SecurityToken(String id, Date created, Date expires) {
         this.id = id;
         this.created = created;
         this.expires = expires;
@@ -144,8 +144,8 @@ public class SecurityToken {
     
     public SecurityToken(String id,
                  Element tokenElem,
-                 Calendar created,
-                 Calendar expires) {
+                 Date created,
+                 Date expires) {
         this.id = id;
         this.token = cloneElement(tokenElem);
         this.created = created;
@@ -178,22 +178,20 @@ public class SecurityToken {
      */
     private void processLifeTime(Element lifetimeElem) {
         try {
-            DatatypeFactory factory = DatatypeFactory.newInstance();
-            
             Element createdElem = 
                 DOMUtils.getFirstChildWithName(lifetimeElem,
                                                 WSConstants.WSU_NS,
                                                 WSConstants.CREATED_LN);
-            this.created = factory.newXMLGregorianCalendar(DOMUtils.getContent(createdElem))
-                .toGregorianCalendar();
+            DateFormat zulu = new XmlSchemaDateFormat();
+            
+            this.created = zulu.parse(DOMUtils.getContent(createdElem));
 
             Element expiresElem = 
                 DOMUtils.getFirstChildWithName(lifetimeElem,
                                                 WSConstants.WSU_NS,
                                                 WSConstants.EXPIRES_LN);
-            this.expires = factory.newXMLGregorianCalendar(DOMUtils.getContent(expiresElem))
-                .toGregorianCalendar();
-        } catch (DatatypeConfigurationException e) {
+            this.expires = zulu.parse(DOMUtils.getContent(expiresElem));
+        } catch (ParseException e) {
             //shouldn't happen
         }
     }
@@ -324,21 +322,21 @@ public class SecurityToken {
     /**
      * @return Returns the created.
      */
-    public Calendar getCreated() {
+    public Date getCreated() {
         return created;
     }
 
     /**
      * @return Returns the expires.
      */
-    public Calendar getExpires() {
+    public Date getExpires() {
         return expires;
     }
 
     /**
      * @param expires The expires to set.
      */
-    public void setExpires(Calendar expires) {
+    public void setExpires(Date expires) {
         this.expires = expires;
     }
 
@@ -350,7 +348,6 @@ public class SecurityToken {
         this.issuerAddress = issuerAddress;
     }
     
-
     /**
      * @param sha SHA1 of the encrypted key
      */
@@ -407,16 +404,18 @@ public class SecurityToken {
         }
         return null;
     }
+    
     public void setX509Certificate(X509Certificate cert, Crypto cpt) {
         x509cert = cert;
         crypto = cpt;
     }
+    
     public X509Certificate getX509Certificate() {
         return x509cert;
     }
+    
     public Crypto getCrypto() {
         return crypto;
     }
 
-
 } 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/trust/STSClient.java Fri Feb 11 16:33:46 2011
@@ -32,7 +32,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
-import java.util.Vector;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -101,7 +100,8 @@ import org.apache.neethi.ExactlyOne;
 import org.apache.neethi.Policy;
 import org.apache.neethi.PolicyComponent;
 import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSDocInfo;
+import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
@@ -288,6 +288,7 @@ public class STSClient implements Config
     public void setKeySize(int i) {
         keySize = i;
     }
+    
     public int getKeySize() {
         return keySize;
     }
@@ -311,9 +312,9 @@ public class STSClient implements Config
     protected void setPolicyInternal(Policy newPolicy) {
         this.policy = newPolicy;
         if (algorithmSuite == null) {
-            Iterator i = policy.getAlternatives();
+            Iterator<?> i = policy.getAlternatives();
             while (i.hasNext() && algorithmSuite == null) {
-                List<PolicyComponent> p = CastUtils.cast((List)i.next());
+                List<PolicyComponent> p = CastUtils.cast((List<?>)i.next());
                 for (PolicyComponent p2 : p) {
                     if (p2 instanceof Binding) {
                         algorithmSuite = ((Binding)p2).getAlgorithmSuite();
@@ -578,10 +579,12 @@ public class STSClient implements Config
         String ns = "http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
         return new PrimitiveAssertion(new QName(ns, "UsingAddressing"));
     }
+    
     public boolean validateSecurityToken(SecurityToken tok) throws Exception {
         return validateSecurityToken(tok,
                                      namespace + "/RSTR/Status");
     }
+    
     private boolean validateSecurityToken(SecurityToken tok, String string) 
         throws Exception {
         createClient();
@@ -887,13 +890,14 @@ public class STSClient implements Config
                 secret = Base64.decode(b64Secret);
             } else if (childQname.equals(new QName(namespace, WSConstants.ENC_KEY_LN))) {
                 try {
-
-                    EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
-
-                    processor.handleToken(child, null, createCrypto(true), createHandler(), null,
-                                          new Vector(), null);
-
-                    secret = processor.getDecryptedBytes();
+                    EncryptedKeyProcessor proc = new EncryptedKeyProcessor();
+                    WSDocInfo docInfo = new WSDocInfo(child.getOwnerDocument());
+                    List<WSSecurityEngineResult> result =
+                        proc.handleToken(child, null, createCrypto(true), createHandler(), docInfo, null);
+                    secret = 
+                        (byte[])result.get(0).get(
+                            WSSecurityEngineResult.TAG_SECRET
+                        );
                 } catch (IOException e) {
                     throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
                 }
@@ -959,7 +963,6 @@ public class STSClient implements Config
     }
 
     private Crypto createCrypto(boolean decrypt) throws IOException {
-        WSSConfig.getDefaultWSConfig();
         Crypto crypto = (Crypto)getProperty(SecurityConstants.STS_TOKEN_CRYPTO + (decrypt ? ".decrypt" : ""));
         if (crypto != null) {
             return crypto;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractUsernameTokenAuthenticatingInterceptor.java Fri Feb 11 16:33:46 2011
@@ -18,15 +18,12 @@
  */
 package org.apache.cxf.ws.security.wss4j;
 
-import java.io.IOException;
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -38,13 +35,10 @@ import org.apache.cxf.interceptor.securi
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptorChain;
 import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.WSUsernameTokenPrincipal;
-import org.apache.ws.security.handler.RequestData;
-import org.apache.ws.security.processor.Processor;
+import org.apache.ws.security.validate.UsernameTokenValidator;
+import org.apache.ws.security.validate.Validator;
 
 
 /**
@@ -174,83 +168,61 @@ public abstract class AbstractUsernameTo
                                     String nonce,
                                     String created) throws SecurityException;
     
-    
-    /**
-     * {@inheritDoc}
-     * 
-     */
-    @Override
-    protected CallbackHandler getCallback(RequestData reqData, int doAction, boolean utNoCallbacks) 
-        throws WSSecurityException {
-        
-        // Given that a custom UT processor is used for dealing with digests 
-        // no callback handler is required when the request UT contains a digest;
-        // however a custom callback may still be needed for decrypting the encrypted UT
-        
-        if ((doAction & WSConstants.UT) != 0) {
-            CallbackHandler pwdCallback = null;
-            try {
-                pwdCallback = super.getCallback(reqData, doAction, false);
-            } catch (Exception ex) {
-                // ignore
-            }
-            return new SubjectCreatingCallbackHandler(pwdCallback);
-        }
-        
-        return super.getCallback(reqData, doAction, false);
-    }
-    
     @Override 
     protected WSSecurityEngine getSecurityEngine(boolean utNoCallbacks) {
-        if (!supportDigestPasswords) {
-            return super.getSecurityEngine(true);
-        }
-        Map<QName, Object> profiles = new HashMap<QName, Object>(3);
+        Map<QName, Object> profiles = new HashMap<QName, Object>(1);
         
-        Processor processor = new CustomUsernameTokenProcessor();
-        profiles.put(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN), processor);
-        profiles.put(new QName(WSConstants.WSSE11_NS, WSConstants.USERNAME_TOKEN_LN), processor);
+        Validator validator = new CustomValidator();
+        profiles.put(WSSecurityEngine.USERNAME_TOKEN, validator);
         return createSecurityEngine(profiles);
     }
     
-    protected class SubjectCreatingCallbackHandler extends DelegatingCallbackHandler {
-
-        public SubjectCreatingCallbackHandler(CallbackHandler pwdHandler) {
-            super(pwdHandler);
+    protected class CustomValidator extends UsernameTokenValidator {
+        
+        @Override
+        protected void verifyCustomPassword(
+            org.apache.ws.security.message.token.UsernameToken usernameToken
+        ) throws WSSecurityException {
+            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
+                usernameToken.getName(), usernameToken.getPassword(), false, null, null
+            );
+        }
+        
+        @Override
+        protected void verifyPlaintextPassword(
+            org.apache.ws.security.message.token.UsernameToken usernameToken
+        ) throws WSSecurityException {
+            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
+                usernameToken.getName(), usernameToken.getPassword(), false, null, null
+            );
         }
         
         @Override
-        protected void handleCallback(Callback c) throws IOException {
-            if (c instanceof WSPasswordCallback) {
-                WSPasswordCallback pc = (WSPasswordCallback)c;
-                if (WSConstants.PASSWORD_TEXT.equals(pc.getPasswordType()) 
-                    && pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
-                    AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
-                        pc.getIdentifier(), pc.getPassword(), false, null, null);
-                } 
+        protected void verifyDigestPassword(
+            org.apache.ws.security.message.token.UsernameToken usernameToken
+        ) throws WSSecurityException {
+            if (!supportDigestPasswords) {
+                throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION);
             }
+            String user = usernameToken.getName();
+            String password = usernameToken.getPassword();
+            boolean isHashed = usernameToken.isDerivedKey();
+            String nonce = usernameToken.getNonce();
+            String createdTime = usernameToken.getCreated();
+            AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
+                user, password, isHashed, nonce, createdTime
+            );
         }
-    }
-    
-    /**
-     * Custom UsernameTokenProcessor
-     * Unfortunately, WSS4J UsernameTokenProcessor makes it impossible to
-     * override its handleUsernameToken only. 
-     *
-     */
-    protected class CustomUsernameTokenProcessor extends UsernameTokenProcessorWithoutCallbacks {
         
         @Override
-        protected WSUsernameTokenPrincipal createPrincipal(String user, 
-                                                           String password,
-                                                           boolean isHashed,
-                                                           String nonce,
-                                                           String createdTime,
-                                                           String pwType) throws WSSecurityException {
+        protected void verifyUnknownPassword(
+            org.apache.ws.security.message.token.UsernameToken usernameToken
+        ) throws WSSecurityException {
             AbstractUsernameTokenAuthenticatingInterceptor.this.setSubject(
-                 user, password, isHashed, nonce, createdTime);
-            return super.createPrincipal(user, password, isHashed, nonce, createdTime, pwType);
+                usernameToken.getName(), null, false, null, null
+            );
         }
+        
     }
     
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JInterceptor.java Fri Feb 11 16:33:46 2011
@@ -26,7 +26,6 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
 import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
 
 import javax.xml.namespace.QName;
 
@@ -39,12 +38,10 @@ import org.apache.cxf.message.MessageUti
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.resource.ResourceManager;
 import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.components.crypto.Crypto;
 import org.apache.ws.security.components.crypto.CryptoFactory;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandler;
-import org.apache.ws.security.handler.WSHandlerConstants;
 
 public abstract class AbstractWSS4JInterceptor extends WSHandler implements SoapInterceptor, 
     PhaseInterceptor<SoapMessage> {
@@ -61,7 +58,6 @@ public abstract class AbstractWSS4JInter
     private Set<String> after = new HashSet<String>();
     private String phase;
     private String id;
-    private Map<String, Crypto> cryptoTable = new ConcurrentHashMap<String, Crypto>();
     
     public AbstractWSS4JInterceptor() {
         super();
@@ -154,56 +150,7 @@ public abstract class AbstractWSS4JInter
         return MessageUtils.isRequestor(message);
     }  
 
-    protected boolean decodeEnableSignatureConfirmation(RequestData reqData) throws WSSecurityException {
-
-        String value = getString(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION,
-                reqData.getMsgContext());
-
-        //we need the default to be false to not break older applications and such
-        if (value == null) {
-            return false;
-        }
-        return super.decodeEnableSignatureConfirmation(reqData);
-    }
-
-    public Crypto loadSignatureCrypto(RequestData reqData) 
-        throws WSSecurityException {
-        Crypto crypto = null;
-        /*
-         *Get crypto property file for signature. If none specified throw
-         * fault, otherwise get a crypto instance.
-         */
-        String sigPropFile = getString(WSHandlerConstants.SIG_PROP_FILE,
-                   reqData.getMsgContext());
-        String refId = null;
-        if (sigPropFile != null) {
-            crypto = cryptoTable.get(sigPropFile);
-            if (crypto == null) {
-                crypto = loadCryptoFromPropertiesFile(sigPropFile, reqData);
-                cryptoTable.put(sigPropFile, crypto);
-            }
-        } else if (getString(WSHandlerConstants.SIG_PROP_REF_ID, reqData
-            .getMsgContext()) != null) {
-            /*
-             * If the property file is missing then 
-             * look for the Properties object 
-             */
-            refId = getString(WSHandlerConstants.SIG_PROP_REF_ID,
-                reqData.getMsgContext());
-            if (refId != null) {
-                Object propObj = getProperty(reqData.getMsgContext(), refId);
-                if (propObj instanceof Properties) {
-                    crypto = cryptoTable.get(refId);
-                    if (crypto == null) {
-                        crypto = CryptoFactory.getInstance((Properties)propObj);
-                        cryptoTable.put(refId, crypto);
-                    }
-                }
-            }
-        } 
-        return crypto;
-    }
-    
+    @Override
     protected Crypto loadCryptoFromPropertiesFile(String propFilename, RequestData reqData) {
         ClassLoader orig = Thread.currentThread().getContextClassLoader();
         try {
@@ -235,78 +182,4 @@ public abstract class AbstractWSS4JInter
         }
     }
 
-    protected Crypto loadDecryptionCrypto(RequestData reqData) 
-        throws WSSecurityException {
-        Crypto crypto = null;
-        String decPropFile = getString(WSHandlerConstants.DEC_PROP_FILE,
-                 reqData.getMsgContext());
-        String refId = null;
-        if (decPropFile != null) {
-            crypto = cryptoTable.get(decPropFile);
-            if (crypto == null) {
-                crypto = loadCryptoFromPropertiesFile(decPropFile, reqData);
-                cryptoTable.put(decPropFile, crypto);
-            }
-        } else if (getString(WSHandlerConstants.DEC_PROP_REF_ID, reqData
-            .getMsgContext()) != null) {
-            /*
-             * If the property file is missing then 
-             * look for the Properties object 
-             */
-            refId = getString(WSHandlerConstants.DEC_PROP_REF_ID,
-                reqData.getMsgContext());
-            if (refId != null) {
-                Object propObj = getProperty(reqData.getMsgContext(), refId);
-                if (propObj instanceof Properties) {
-                    crypto = cryptoTable.get(refId);
-                    if (crypto == null) {
-                        crypto = CryptoFactory.getInstance((Properties)propObj);
-                        cryptoTable.put(refId, crypto);
-                    }
-                }
-            }
-        } 
-        return crypto;
-    }
-    
-    protected Crypto loadEncryptionCrypto(RequestData reqData) 
-        throws WSSecurityException {
-        Crypto crypto = null;
-        /*
-        * Get encryption crypto property file. If non specified take crypto
-        * instance from signature, if that fails: throw fault
-        */
-        String encPropFile = getString(WSHandlerConstants.ENC_PROP_FILE,
-                       reqData.getMsgContext());
-        String refId = null;
-        if (encPropFile != null) {
-            crypto = cryptoTable.get(encPropFile);
-            if (crypto == null) {
-                crypto = loadCryptoFromPropertiesFile(encPropFile, reqData);
-                cryptoTable.put(encPropFile, crypto);
-            }
-        } else if (getString(WSHandlerConstants.ENC_PROP_REF_ID, reqData
-                .getMsgContext()) != null) {
-            /*
-             * If the property file is missing then 
-             * look for the Properties object 
-             */
-            refId = getString(WSHandlerConstants.ENC_PROP_REF_ID,
-                    reqData.getMsgContext());
-            if (refId != null) {
-                Object propObj = getProperty(reqData.getMsgContext(), refId);
-                if (propObj instanceof Properties) {
-                    crypto = cryptoTable.get(refId);
-                    if (crypto == null) {
-                        crypto = CryptoFactory.getInstance((Properties)propObj);
-                        cryptoTable.put(refId, crypto);
-                    }
-                }
-            }
-        } else if (reqData.getSigCrypto() == null) {
-            return crypto;
-        }
-        return crypto;
-    }
-
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageChecker.java Fri Feb 11 16:33:46 2011
@@ -116,14 +116,14 @@ public class CryptoCoverageChecker exten
         final Collection<WSDataRef> signed = new HashSet<WSDataRef>();
         final Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
         
-        List<Object> results = CastUtils.cast(
+        List<WSHandlerResult> results = CastUtils.cast(
                 (List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
         
-        for (Object result : results) {
-        
-            final WSHandlerResult wshr = (WSHandlerResult) result;
-            final Vector<Object> wsSecurityEngineSignResults = new Vector<Object>();
-            final Vector<Object> wsSecurityEngineEncResults = new Vector<Object>();
+        for (final WSHandlerResult wshr : results) {
+            final List<WSSecurityEngineResult> wsSecurityEngineSignResults = 
+                new Vector<WSSecurityEngineResult>();
+            final List<WSSecurityEngineResult> wsSecurityEngineEncResults = 
+                new Vector<WSSecurityEngineResult>();
             
             WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
                     WSConstants.SIGN, wsSecurityEngineSignResults);
@@ -131,8 +131,7 @@ public class CryptoCoverageChecker exten
             WSSecurityUtil.fetchAllActionResults(wshr.getResults(),
                     WSConstants.ENCR, wsSecurityEngineEncResults);
             
-            for (Object o : wsSecurityEngineSignResults) {
-                WSSecurityEngineResult wser = (WSSecurityEngineResult) o;
+            for (WSSecurityEngineResult wser : wsSecurityEngineSignResults) {
             
                 List<WSDataRef> sl = CastUtils.cast((List<?>) wser
                         .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
@@ -149,9 +148,7 @@ public class CryptoCoverageChecker exten
                 }
             }
             
-            for (Object o : wsSecurityEngineEncResults) {
-                WSSecurityEngineResult wser = (WSSecurityEngineResult) o;
-            
+            for (WSSecurityEngineResult wser : wsSecurityEngineEncResults) {
                 List<WSDataRef> el = CastUtils.cast((List<?>) wser
                         .get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/CryptoCoverageUtil.java Fri Feb 11 16:33:46 2011
@@ -82,9 +82,9 @@ public final class CryptoCoverageUtil {
                 final WSDataRef signedRef = signedRefsIt.next();
                 
                 if (isSignedEncryptionRef(encryptedRef, signedRef)) {
-                    
-                    final WSDataRef encryptedSignedRef = 
-                        new WSDataRef(signedRef.getDataref());
+
+                    final WSDataRef encryptedSignedRef = new WSDataRef();
+                    encryptedSignedRef.setWsuId(signedRef.getWsuId());
                     
                     encryptedSignedRef.setContent(false);
                     encryptedSignedRef.setName(encryptedRef.getName());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Fri Feb 11 16:33:46 2011
@@ -27,7 +27,6 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
-import java.util.Vector;
 import java.util.concurrent.ConcurrentHashMap;
 
 import javax.xml.namespace.QName;
@@ -459,7 +458,8 @@ public class PolicyBasedWSS4JInIntercept
     }
     
     protected void doResults(SoapMessage msg, String actor, 
-                             SOAPMessage doc, Vector results, boolean utWithCallbacks) 
+                             SOAPMessage doc, List<WSSecurityEngineResult> results, 
+                             boolean utWithCallbacks) 
         throws SOAPException, XMLStreamException, WSSecurityException {
         
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -469,9 +469,7 @@ public class PolicyBasedWSS4JInIntercept
         boolean hasEndorsement = false;
         Protections prots = Protections.NONE;
         
-        for (int j = 0; j < results.size(); j++) {
-            WSSecurityEngineResult wser =
-                    (WSSecurityEngineResult) results.get(j);
+        for (WSSecurityEngineResult wser : results) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             switch (actInt.intValue()) {                    
             case WSConstants.SIGN:

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Fri Feb 11 16:33:46 2011
@@ -21,14 +21,18 @@ package org.apache.cxf.ws.security.wss4j
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
+import java.util.logging.Logger;
 
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Element;
 
+import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor;
+import org.apache.cxf.common.i18n.Message;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
@@ -44,12 +48,16 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
+import org.apache.ws.security.WSSecurityException;
 import org.apache.ws.security.message.WSSecHeader;
 
 public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
     public static final String SECURITY_PROCESSED = PolicyBasedWSS4JOutInterceptor.class.getName() + ".DONE";
     public static final PolicyBasedWSS4JOutInterceptor INSTANCE = new PolicyBasedWSS4JOutInterceptor();
     
+    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JOutInterceptor.class);
+
+    
     private PolicyBasedWSS4JOutInterceptorInternal ending;
     private SAAJOutInterceptor saajOut = new SAAJOutInterceptor();    
 
@@ -122,7 +130,14 @@ public class PolicyBasedWSS4JOutIntercep
                 
                 if (transport != null) {
                     WSSecHeader secHeader = new WSSecHeader(actor, mustUnderstand);
-                    Element el = secHeader.insertSecurityHeader(saaj.getSOAPPart());
+                    Element el = null;
+                    try {
+                        el = secHeader.insertSecurityHeader(saaj.getSOAPPart());
+                    } catch (WSSecurityException e) {
+                        throw new SoapFault(
+                            new Message("SECURITY_FAILED", LOG), e, message.getVersion().getSender()
+                        );
+                    }
                     try {
                         //move to end
                         saaj.getSOAPHeader().removeChild(el);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Fri Feb 11 16:33:46 2011
@@ -20,11 +20,11 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.security.Principal;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-import java.util.Vector;
 import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
@@ -57,6 +57,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.UsernameToken;
 import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSDocInfo;
 import org.apache.ws.security.WSPasswordCallback;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
@@ -65,6 +66,7 @@ import org.apache.ws.security.handler.WS
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.WSSecUsernameToken;
 import org.apache.ws.security.processor.UsernameTokenProcessor;
+import org.apache.ws.security.validate.Validator;
 
 /**
  * 
@@ -128,12 +130,16 @@ public class UsernameTokenInterceptor ex
                 try  {
                     final WSUsernameTokenPrincipal princ = getPrincipal(child, message);
                     if (princ != null) {
-                        Vector<WSSecurityEngineResult>v = new Vector<WSSecurityEngineResult>();
-                        v.add(0, new WSSecurityEngineResult(WSConstants.UT, princ, null, null, null));
-                        List<Object> results = CastUtils.cast((List)message
+                        List<WSSecurityEngineResult>v = new ArrayList<WSSecurityEngineResult>();
+                        int action = WSConstants.UT;
+                        if (princ.getPassword() == null) {
+                            action = WSConstants.UT_NOPASSWORD;
+                        }
+                        v.add(0, new WSSecurityEngineResult(action, princ, null, null, null));
+                        List<WSHandlerResult> results = CastUtils.cast((List<?>)message
                                                                   .get(WSHandlerConstants.RECV_RESULTS));
                         if (results == null) {
-                            results = new Vector<Object>();
+                            results = new ArrayList<WSHandlerResult>();
                             message.put(WSHandlerConstants.RECV_RESULTS, results);
                         }
                         WSHandlerResult rResult = new WSHandlerResult(null, v);
@@ -166,7 +172,15 @@ public class UsernameTokenInterceptor ex
             MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
         if (utWithCallbacks) {
             UsernameTokenProcessor p = new UsernameTokenProcessor();
-            return p.handleUsernameToken(tokenElement, getCallback(message));
+            Object validator = 
+                message.getContextualProperty(SecurityConstants.USERNAME_TOKEN_VALIDATOR);
+            if (validator instanceof Validator) {
+                p.setValidator((Validator)validator);
+            }
+            WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
+            List<WSSecurityEngineResult> results = 
+                p.handleToken(tokenElement, null, null, getCallback(message), wsDocInfo, null);
+            return (WSUsernameTokenPrincipal)results.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
         } else {
             WSUsernameTokenPrincipal principal = parseTokenAndCreatePrincipal(tokenElement);
             WSS4JTokenConverter.convertToken(message, principal);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1069865&r1=1069864&r2=1069865&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Fri Feb 11 16:33:46 2011
@@ -20,11 +20,10 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.io.IOException;
 import java.security.Principal;
-import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Vector;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -63,14 +62,14 @@ import org.apache.ws.security.WSSConfig;
 import org.apache.ws.security.WSSecurityEngine;
 import org.apache.ws.security.WSSecurityEngineResult;
 import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.WSUsernameTokenPrincipal;
 import org.apache.ws.security.handler.RequestData;
 import org.apache.ws.security.handler.WSHandlerConstants;
 import org.apache.ws.security.handler.WSHandlerResult;
 import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.message.token.Timestamp;
 import org.apache.ws.security.processor.Processor;
 import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.validate.NoOpValidator;
+import org.apache.ws.security.validate.Validator;
 
 /**
  * Performs WS-Security inbound actions.
@@ -83,6 +82,7 @@ public class WSS4JInInterceptor extends 
     public static final String SIGNATURE_RESULT = "wss4j.signature.result";
     public static final String PRINCIPAL_RESULT = "wss4j.principal.result";
     public static final String PROCESSOR_MAP = "wss4j.processor.map";
+    public static final String VALIDATOR_MAP = "wss4j.validator.map";
 
     public static final String SECURITY_PROCESSED = WSS4JInInterceptor.class.getName() + ".DONE";
     
@@ -113,10 +113,21 @@ public class WSS4JInInterceptor extends 
     public WSS4JInInterceptor(Map<String, Object> properties) {
         this();
         setProperties(properties);
-        final Map<QName, Object> map = CastUtils.cast(
-            (Map)properties.get(PROCESSOR_MAP));
-        if (map != null) {
-            secEngineOverride = createSecurityEngine(map);
+        final Map<QName, Object> processorMap = CastUtils.cast(
+            (Map<?, ?>)properties.get(PROCESSOR_MAP));
+        final Map<QName, Object> validatorMap = CastUtils.cast(
+            (Map<?, ?>)properties.get(VALIDATOR_MAP));
+        
+        if (processorMap != null) {
+            if (validatorMap != null) {
+                processorMap.putAll(validatorMap);
+            }
+            secEngineOverride = createSecurityEngine(processorMap);
+        } else if (validatorMap != null) {
+            if (processorMap != null) {
+                validatorMap.putAll(processorMap);
+            }
+            secEngineOverride = createSecurityEngine(validatorMap);
         }
     }
 
@@ -188,6 +199,7 @@ public class WSS4JInInterceptor extends 
         }
 
         RequestData reqData = new RequestData();
+        reqData.setWssConfig(engine.getWssConfig());
         /*
          * The overall try, just to have a finally at the end to perform some
          * housekeeping.
@@ -195,7 +207,7 @@ public class WSS4JInInterceptor extends 
         try {
             reqData.setMsgContext(msg);
             computeAction(msg, reqData);
-            Vector actions = new Vector();
+            List<Integer> actions = new ArrayList<Integer>();
             String action = getAction(msg, version);
 
             int doAction = WSSecurityUtil.decodeAction(action, actions);
@@ -203,6 +215,11 @@ public class WSS4JInInterceptor extends 
             String actor = (String)getOption(WSHandlerConstants.ACTOR);
 
             CallbackHandler cbHandler = getCallback(reqData, doAction, utWithCallbacks);
+            
+            String passwordTypeStrict = (String)getOption(WSHandlerConstants.PASSWORD_TYPE_STRICT);
+            if (passwordTypeStrict == null) {
+                setProperty(WSHandlerConstants.PASSWORD_TYPE_STRICT, "true");
+            }
 
             /*
              * Get and check the Signature specific parameters first because
@@ -210,12 +227,11 @@ public class WSS4JInInterceptor extends 
              */
             doReceiverAction(doAction, reqData);
             
-            Vector wsResult = null;
             if (doTimeLog) {
                 t1 = System.currentTimeMillis();
             }
 
-            wsResult = engine.processSecurityHeader(
+            List<WSSecurityEngineResult> wsResult = engine.processSecurityHeader(
                 doc.getSOAPPart(), 
                 actor, 
                 cbHandler, 
@@ -232,14 +248,14 @@ public class WSS4JInInterceptor extends 
                     checkSignatureConfirmation(reqData, wsResult);
                 }
 
-                checkSignatures(msg, reqData, wsResult);
-                checkTimestamps(msg, reqData, wsResult);
+                storeSignature(msg, reqData, wsResult);
+                storeTimestamp(msg, reqData, wsResult);
                 checkActions(msg, reqData, wsResult, actions);
                 doResults(msg, actor, doc, wsResult, utWithCallbacks);
             } else { // no security header found
-                // Create an empty result vector to pass into the required validation
+                // Create an empty result list to pass into the required validation
                 // methods.
-                wsResult = new Vector<Object>();
+                wsResult = new ArrayList<WSSecurityEngineResult>();
                 
                 if (doc.getSOAPPart().getEnvelope().getBody().hasFault()) {
                     LOG.warning("Request does not contain Security header, " 
@@ -287,8 +303,12 @@ public class WSS4JInInterceptor extends 
         }
     }
 
-    private void checkActions(SoapMessage msg, RequestData reqData, Vector wsResult, Vector actions) 
-        throws WSSecurityException {
+    private void checkActions(
+        SoapMessage msg, 
+        RequestData reqData, 
+        List<WSSecurityEngineResult> wsResult, 
+        List<Integer> actions
+    ) throws WSSecurityException {
         /*
          * now check the security actions: do they match, in any order?
          */
@@ -297,76 +317,31 @@ public class WSS4JInInterceptor extends 
             throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
         }
     }
-    private void checkSignatures(SoapMessage msg, RequestData reqData, Vector wsResult) 
-        throws WSSecurityException {
-        /*
-         * Now we can check the certificate used to sign the message. In the
-         * following implementation the certificate is only trusted if
-         * either it itself or the certificate of the issuer is installed in
-         * the keystore. Note: the method verifyTrust(X509Certificate)
-         * allows custom implementations with other validation algorithms
-         * for subclasses.
-         */
-
-        // Extract the signature action result from the action vector
-        Vector signatureResults = new Vector();
+    
+    private void storeSignature(
+        SoapMessage msg, RequestData reqData, List<WSSecurityEngineResult> wsResult
+    ) throws WSSecurityException {
+        // Extract the signature action result from the action list
+        List<WSSecurityEngineResult> signatureResults = new ArrayList<WSSecurityEngineResult>();
         signatureResults = 
             WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.SIGN, signatureResults);
 
+        // Store the last signature result
         if (!signatureResults.isEmpty()) {
-            for (int i = 0; i < signatureResults.size(); i++) {
-                WSSecurityEngineResult result = 
-                    (WSSecurityEngineResult) signatureResults.get(i);
-                
-                //
-                // Verify the certificate chain associated with signature verification if
-                // it exists. If it does not, then try to verify the (single) certificate
-                // used for signature verification
-                //
-                X509Certificate returnCert = (X509Certificate)result
-                    .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
-                X509Certificate[] returnCertChain = (X509Certificate[])result
-                .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
-                
-                if (returnCertChain != null && !verifyTrust(returnCertChain, reqData)) {
-                    LOG.warning("The certificate chain used for the signature is not trusted");
-                    throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
-                } else if (returnCert != null && !verifyTrust(returnCert, reqData)) {
-                    LOG.warning("The certificate used for the signature is not trusted");
-                    throw new WSSecurityException(WSSecurityException.FAILED_CHECK);
-                }
-                msg.put(SIGNATURE_RESULT, result);
-            }
+            msg.put(SIGNATURE_RESULT, signatureResults.get(signatureResults.size() - 1));
         }
     }
     
-    protected void checkTimestamps(SoapMessage msg, RequestData reqData, Vector wsResult) 
-        throws WSSecurityException {
-        /*
-         * Perform further checks on the timestamp that was transmitted in
-         * the header. In the following implementation the timestamp is
-         * valid if it was created after (now-ttl), where ttl is set on
-         * server side, not by the client. Note: the method
-         * verifyTimestamp(Timestamp) allows custom implementations with
-         * other validation algorithms for subclasses.
-         */
-        // Extract the timestamp action result from the action vector
-        Vector timestampResults = new Vector();
+    private void storeTimestamp(
+        SoapMessage msg, RequestData reqData, List<WSSecurityEngineResult> wsResult
+    ) throws WSSecurityException {
+        // Extract the timestamp action result from the action list
+        List<WSSecurityEngineResult> timestampResults = new ArrayList<WSSecurityEngineResult>();
         timestampResults = 
             WSSecurityUtil.fetchAllActionResults(wsResult, WSConstants.TS, timestampResults);
 
         if (!timestampResults.isEmpty()) {
-            for (int i = 0; i < timestampResults.size(); i++) {
-                WSSecurityEngineResult result = 
-                    (WSSecurityEngineResult) timestampResults.get(i);
-                Timestamp timestamp = (Timestamp)result.get(WSSecurityEngineResult.TAG_TIMESTAMP);
-
-                if (timestamp != null && !verifyTimestamp(timestamp, decodeTimeToLive(reqData))) {
-                    LOG.warning("The timestamp could not be validated");
-                    throw new WSSecurityException(WSSecurityException.MESSAGE_EXPIRED);
-                }
-                msg.put(TIMESTAMP_RESULT, result);
-            }
+            msg.put(TIMESTAMP_RESULT, timestampResults.get(timestampResults.size() - 1));
         }
     }
     
@@ -381,20 +356,23 @@ public class WSS4JInInterceptor extends 
         
     }
 
-    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult)
-        throws SOAPException, XMLStreamException, WSSecurityException {
+    protected void doResults(
+        SoapMessage msg, String actor, SOAPMessage doc, List<WSSecurityEngineResult> wsResult
+    ) throws SOAPException, XMLStreamException, WSSecurityException {
         doResults(msg, actor, doc, wsResult, false);
     }
 
-    protected void doResults(SoapMessage msg, String actor, SOAPMessage doc, Vector wsResult, 
-        boolean utWithCallbacks) throws SOAPException, XMLStreamException, WSSecurityException {
+    protected void doResults(
+        SoapMessage msg, String actor, SOAPMessage doc, List<WSSecurityEngineResult> wsResult, 
+        boolean utWithCallbacks
+    ) throws SOAPException, XMLStreamException, WSSecurityException {
         /*
          * All ok up to this point. Now construct and setup the security result
          * structure. The service may fetch this and check it.
          */
-        List<Object> results = CastUtils.cast((List)msg.get(WSHandlerConstants.RECV_RESULTS));
+        List<WSHandlerResult> results = CastUtils.cast((List<?>)msg.get(WSHandlerConstants.RECV_RESULTS));
         if (results == null) {
-            results = new Vector<Object>();
+            results = new ArrayList<WSHandlerResult>();
             msg.put(WSHandlerConstants.RECV_RESULTS, results);
         }
         WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
@@ -412,23 +390,7 @@ public class WSS4JInInterceptor extends 
             i++;
         }
         msg.setContent(XMLStreamReader.class, reader);
-        String pwType = (String)getProperty(msg, "passwordType");
-        if ("PasswordDigest".equals(pwType)) {
-            //CXF-2150 - we need to check the UsernameTokens
-            for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) {
-                Integer actInt = (Integer)o.get(WSSecurityEngineResult.TAG_ACTION);
-                if (actInt == WSConstants.UT) {
-                    WSUsernameTokenPrincipal princ 
-                        = (WSUsernameTokenPrincipal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
-                    if (!princ.isPasswordDigest()) {
-                        LOG.warning("Non-digest UsernameToken found, but digest required");
-                        throw new WSSecurityException(WSSecurityException.INVALID_SECURITY);
-                    }
-                }
-            }            
-        }
-        
-        for (WSSecurityEngineResult o : CastUtils.cast(wsResult, WSSecurityEngineResult.class)) {
+        for (WSSecurityEngineResult o : wsResult) {
             final Principal p = (Principal)o.get(WSSecurityEngineResult.TAG_PRINCIPAL);
             if (p != null) {
                 msg.put(PRINCIPAL_RESULT, p);
@@ -483,7 +445,7 @@ public class WSS4JInInterceptor extends 
                 
                 String id = pc.getIdentifier();
                 
-                if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(pc.getKeyType())) {
+                if (SecurityTokenReference.ENC_KEY_SHA1_URI.equals(pc.getType())) {
                     for (SecurityToken token : store.getValidTokens()) {
                         if (id.equals(token.getSHA1())) {
                             pc.setKey(token.getSecret());
@@ -508,7 +470,8 @@ public class WSS4JInInterceptor extends 
 
     protected CallbackHandler getCallback(RequestData reqData, int doAction, boolean utWithCallbacks) 
         throws WSSecurityException {
-        if (!utWithCallbacks && (doAction & WSConstants.UT) != 0) {
+        if (!utWithCallbacks 
+            && ((doAction & WSConstants.UT) != 0 || (doAction & WSConstants.UT_NOPASSWORD) != 0)) {
             CallbackHandler pwdCallback = null;
             try {
                 pwdCallback = getCallback(reqData, doAction);
@@ -575,9 +538,6 @@ public class WSS4JInInterceptor extends 
      *              construction); otherwise, it is taken to be the default
      *              WSSecEngine instance (currently defined in the WSHandler
      *              base class).
-     *
-     * TODO the WSHandler base class defines secEngine to be static, which
-     * is really bad, because the engine has mutable state on it.
      */
     protected WSSecurityEngine getSecurityEngine(boolean utWithCallbacks) {
         if (secEngineOverride != null) {
@@ -585,10 +545,9 @@ public class WSS4JInInterceptor extends 
         }
         
         if (!utWithCallbacks) {
-            Map<QName, Object> profiles = new HashMap<QName, Object>(3);
-            Processor processor = new UsernameTokenProcessorWithoutCallbacks();
-            profiles.put(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN), processor);
-            profiles.put(new QName(WSConstants.WSSE11_NS, WSConstants.USERNAME_TOKEN_LN), processor);
+            Map<QName, Object> profiles = new HashMap<QName, Object>(1);
+            Validator validator = new NoOpValidator();
+            profiles.put(WSSecurityEngine.USERNAME_TOKEN, validator);
             return createSecurityEngine(profiles);
         }
         
@@ -599,9 +558,6 @@ public class WSS4JInInterceptor extends 
      * @return      a freshly minted WSSecurityEngine instance, using the
      *              (non-null) processor map, to be used to initialize the
      *              WSSecurityEngine instance.
-     *
-     * TODO The WSS4J APIs leave something to be desired here, but hopefully
-     * we'll clean all this up in WSS4J-2.0
      */
     protected static WSSecurityEngine
     createSecurityEngine(
@@ -612,17 +568,14 @@ public class WSS4JInInterceptor extends 
         for (Map.Entry<QName, Object> entry : map.entrySet()) {
             final QName key = entry.getKey();
             Object val = entry.getValue();
-            
-            if (val instanceof String) {
-                String valStr = ((String)val).trim();
-                if ("null".equals(valStr) || valStr.length() == 0) {
-                    valStr = null;
-                }
-                config.setProcessor(key, valStr);
+            if (val instanceof Class<?>) {
+                config.setProcessor(key, (Class<?>)val);
             } else if (val instanceof Processor) {
                 config.setProcessor(key, (Processor)val);
+            } else if (val instanceof Validator) {
+                config.setValidator(key, (Validator)val);
             } else if (val == null) {
-                config.setProcessor(key, (String)val);
+                config.setProcessor(key, (Class<?>)val);
             }
         }
         final WSSecurityEngine ret = new WSSecurityEngine();



Mime
View raw message