cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1173182 [2/9] - in /cxf/trunk: ./ services/ services/sts/ services/sts/sts-core/ services/sts/sts-core/src/ services/sts/sts-core/src/main/ services/sts/sts-core/src/main/java/ services/sts/sts-core/src/main/java/org/ services/sts/sts-core...
Date Tue, 20 Sep 2011 15:12:11 GMT
Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/LdapClaimsHandler.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,174 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.SearchControls;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.springframework.ldap.core.AttributesMapper;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.filter.AndFilter;
+import org.springframework.ldap.filter.EqualsFilter;
+
+public class LdapClaimsHandler implements ClaimsHandler {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(LdapClaimsHandler.class);
+
+    private LdapTemplate ldap;
+    private Map<String, String> claimMapping;
+    private String userBaseDn;
+
+    public void setLdapTemplate(LdapTemplate ldapTemplate) {
+        this.ldap = ldapTemplate;
+    }
+
+    public LdapTemplate getLdapTemplate() {
+        return ldap;
+    }
+
+    public void setClaimsLdapAttributeMapping(Map<String, String> ldapClaimMapping) {
+        this.claimMapping = ldapClaimMapping;
+    }
+
+    public Map<String, String> getClaimsLdapAttributeMapping() {
+        return claimMapping;
+    }
+
+    public void setUserBaseDN(String userBaseDN) {
+        this.userBaseDn = userBaseDN;
+    }
+
+    public String getUserBaseDN() {
+        return userBaseDn;
+    }
+
+
+    public List<URI> getSupportedClaimTypes() {
+        List<URI> uriList = new ArrayList<URI>();
+        for (String uri : getClaimsLdapAttributeMapping().keySet()) {
+            try {
+                uriList.add(new URI(uri));
+            } catch (URISyntaxException e) {
+                e.printStackTrace();
+            }
+        }
+
+        return uriList;
+    }
+
+    public ClaimCollection retrieveClaimValues(Principal principal, RequestClaimCollection claims) {
+
+        String dn = getDnOfPrincipal(principal.getName());
+
+        List<String> searchAttributeList = new ArrayList<String>();
+        for (RequestClaim claim : claims) {
+            if (getClaimsLdapAttributeMapping().keySet().contains(claim.getClaimType().toString())) {
+                searchAttributeList.add(
+                    getClaimsLdapAttributeMapping().get(claim.getClaimType().toString())
+                );
+            } else {
+                LOG.warning("Unsupported claim: " + claim.getClaimType());
+            }
+        }
+
+        String[] searchAttributes = null;
+        searchAttributes = searchAttributeList.toArray(new String[] {});
+
+        AttributesMapper mapper = 
+            new AttributesMapper() {
+                public Object mapFromAttributes(Attributes attrs) throws NamingException {
+                    Map<String, String> map = new HashMap<String, String>();
+                    NamingEnumeration<? extends Attribute> attrEnum = attrs.getAll();
+                    while (attrEnum.hasMore()) {
+                        Attribute att = attrEnum.next();
+                        map.put(att.getID(), (String)att.get());
+                    }
+                    return map;
+                }
+            };
+        @SuppressWarnings("unchecked")
+        Map<String, String> ldapAttributes = 
+            (Map<String, String>) ldap.lookup(dn, searchAttributes, mapper);
+        ClaimCollection claimsColl = new ClaimCollection();
+
+        for (RequestClaim claim : claims) {
+            URI claimType = claim.getClaimType();
+            String ldapAttribute = getClaimsLdapAttributeMapping().get(claimType.toString());
+            String claimValue = ldapAttributes.get(ldapAttribute);
+            if (claimValue == null) {
+                if (!claim.isOptional()) {
+                    LOG.warning("Mandatory claim not found in LDAP: " + claim.getClaimType());
+                    throw new STSException("Mandatory claim '" + claim.getClaimType() + "' not found");
+                } else {
+                    LOG.fine("Claim '" + claim.getClaimType() + "' is null");
+                }
+            } else {
+                Claim c = new Claim();
+                c.setClaimType(claimType);
+                c.setPrincipal(principal);
+                c.setValue(claimValue);
+                // c.setIssuer(issuer);
+                // c.setOriginalIssuer(originalIssuer);
+                // c.setNamespace(namespace);
+                claimsColl.add(c);
+            }
+        }
+
+        return claimsColl;
+    }
+
+
+    private String getDnOfPrincipal(String principal) {
+        String dn = null;
+        AndFilter filter = new AndFilter();
+        filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", principal));
+
+        //find DN of user
+        AttributesMapper mapper = 
+            new AttributesMapper() {
+                public Object mapFromAttributes(Attributes attrs) throws NamingException {
+                    return attrs.get("distinguishedName").get();
+                }
+            };
+        @SuppressWarnings("rawtypes")
+        List users = 
+            ldap.search(this.userBaseDn, filter.toString(), SearchControls.SUBTREE_SCOPE, mapper);
+        if (users.size() == 1) {
+            dn = (String)users.get(0);
+        }
+        return dn;
+    }
+
+}
+

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaim.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+import java.net.URI;
+
+/**
+ * This represents a Claim that has been processed by the RequestParser.
+ */
+public class RequestClaim {
+
+    private URI claimType;
+    private boolean optional;
+
+    public URI getClaimType() {
+        return claimType;
+    }
+
+    public void setClaimType(URI claimType) {
+        this.claimType = claimType;
+    }
+
+    public boolean isOptional() {
+        return optional;
+    }
+
+    public void setOptional(boolean optional) {
+        this.optional = optional;
+    }
+
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/claims/RequestClaimCollection.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.claims;
+
+import java.net.URI;
+
+/**
+ * This holds a collection of RequestClaims.
+ */
+public class RequestClaimCollection extends java.util.ArrayList<RequestClaim> {
+    
+    private URI dialect;
+    
+    public URI getDialect() {
+        return dialect;
+    }
+    
+    public void setDialect(URI dialect) {
+        this.dialect = dialect;
+    }
+
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTInInterceptor.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTInInterceptor.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTInInterceptor.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,59 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.interceptor;
+
+import java.util.logging.Logger;
+
+import org.apache.cxf.binding.soap.SoapBindingConstants;
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.addressing.JAXWSAConstants;
+import org.apache.cxf.ws.security.trust.STSUtils;
+
+public class SCTInInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+    static final Logger LOG = LogUtils.getL7dLogger(SCTInInterceptor.class);
+
+    public SCTInInterceptor() {
+        super(Phase.POST_PROTOCOL);
+    }
+    
+    public void handleMessage(SoapMessage message) throws Fault {
+        
+        String s = (String)message.get(SoapBindingConstants.SOAP_ACTION);
+        AddressingProperties inProps = (AddressingProperties)message
+            .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
+        if (inProps != null && s == null) {
+            //MS/WCF doesn't put a soap action out for this, must check the headers
+            s = inProps.getAction().getValue();
+        }
+
+        if (s != null 
+            && s.contains("/RST/SCT")
+            && (s.startsWith(STSUtils.WST_NS_05_02)
+                || s.startsWith(STSUtils.WST_NS_05_12))) {
+            message.put(org.apache.cxf.ws.addressing.MAPAggregator.ACTION_VERIFIED, Boolean.TRUE);
+        }
+    }
+    
+}
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTOutInterceptor.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTOutInterceptor.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/interceptor/SCTOutInterceptor.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.interceptor;
+
+import java.util.logging.Logger;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.addressing.AddressingProperties;
+import org.apache.cxf.ws.addressing.AddressingPropertiesImpl;
+import org.apache.cxf.ws.addressing.AttributedURIType;
+import org.apache.cxf.ws.addressing.JAXWSAConstants;
+
+public class SCTOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
+    static final Logger LOG = LogUtils.getL7dLogger(SCTOutInterceptor.class);
+
+    public SCTOutInterceptor() {
+        super(Phase.PRE_PROTOCOL);
+    }
+    
+    public void handleMessage(SoapMessage message) throws Fault {
+        
+        AddressingProperties inProps = (AddressingProperties)message
+            .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_INBOUND);
+        AddressingProperties outProps = (AddressingProperties)message
+            .getContextualProperty(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND);
+        if (inProps != null) {
+            if (outProps == null) {
+                outProps = new AddressingPropertiesImpl(inProps.getNamespaceURI());
+            }
+            AttributedURIType action = new AttributedURIType();
+            action.setValue(inProps.getAction().getValue().replace("/RST/", "/RSTR/"));
+            outProps.setAction(action);
+            message.put(JAXWSAConstants.SERVER_ADDRESSING_PROPERTIES_OUTBOUND, outProps);
+        }
+    }
+    
+}
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/AbstractOperation.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,482 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.operation;
+
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.handler.MessageContext;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.cache.STSCache;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.service.ServiceMBean;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenReference;
+
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType;
+import org.apache.cxf.ws.security.sts.provider.model.secext.KeyIdentifierType;
+import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType;
+import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType;
+import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+
+/**
+ * This abstract class contains some common functionality for different operations.
+ */
+public abstract class AbstractOperation {
+
+    public static final QName TOKEN_TYPE = 
+        new QName(WSConstants.WSSE11_NS, WSConstants.TOKEN_TYPE, WSConstants.WSSE11_PREFIX);
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(AbstractOperation.class);
+
+    protected STSPropertiesMBean stsProperties;
+    protected boolean encryptIssuedToken;
+    protected List<ServiceMBean> services;
+    protected List<TokenProvider> tokenProviders = new ArrayList<TokenProvider>();
+    protected boolean returnReferences = true;
+    protected STSCache cache;
+    
+    public boolean isReturnReferences() {
+        return returnReferences;
+    }
+
+    public void setReturnReferences(boolean returnReferences) {
+        this.returnReferences = returnReferences;
+    }
+    
+    public STSCache getCache() {
+        return cache;
+    }
+
+    public void setCache(STSCache cache) {
+        this.cache = cache;
+    }
+
+    public void setStsProperties(STSPropertiesMBean stsProperties) {
+        this.stsProperties = stsProperties;
+    }
+    
+    public void setEncryptIssuedToken(boolean encryptIssuedToken) {
+        this.encryptIssuedToken = encryptIssuedToken;
+    }
+    
+    public void setServices(List<ServiceMBean> services) {
+        this.services = services;
+    }
+    
+    public void setTokenProviders(List<TokenProvider> tokenProviders) {
+        this.tokenProviders = tokenProviders;
+    }
+    
+    public List<TokenProvider> getTokenProviders() {
+        return tokenProviders;
+    }
+    
+    /**
+     * Check the arguments from the STSProvider and parse the request.
+     */
+    protected RequestParser parseRequest(
+        RequestSecurityTokenType request,
+        WebServiceContext context
+    ) {
+        if (context == null || context.getMessageContext() == null) {
+            throw new STSException("No message context found");
+        }
+        
+        if (stsProperties == null) {
+            throw new STSException("No STSProperties object found");
+        }
+        stsProperties.configureProperties();
+        
+        RequestParser requestParser = new RequestParser();
+        requestParser.parseRequest(request, context);
+        
+        return requestParser;
+    }
+    
+    /**
+     * Create a RequestedReferenceType object using a TokenReference object
+     */
+    protected static RequestedReferenceType createRequestedReference(
+        TokenReference tokenReference, boolean attached
+    ) {
+        RequestedReferenceType requestedReferenceType = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestedReferenceType();
+        SecurityTokenReferenceType securityTokenReferenceType = 
+            QNameConstants.WSSE_FACTORY.createSecurityTokenReferenceType();
+        
+        // Create the identifier according to whether it is an attached reference or not
+        String identifier = tokenReference.getIdentifier();
+        if (attached && identifier.charAt(0) != '#') {
+            identifier = "#" + identifier;
+        } else if (!attached && identifier.charAt(0) == '#') {
+            identifier = identifier.substring(1);
+        }
+        
+        // TokenType
+        String tokenType = tokenReference.getWsse11TokenType();
+        if (tokenType != null) {
+            securityTokenReferenceType.getOtherAttributes().put(TOKEN_TYPE, tokenType);
+        }
+        
+        if (tokenReference.isUseKeyIdentifier()) {
+            KeyIdentifierType keyIdentifierType = 
+                QNameConstants.WSSE_FACTORY.createKeyIdentifierType();
+            keyIdentifierType.setValue(identifier);
+            String valueType = tokenReference.getWsseValueType();
+            if (valueType != null) {
+                keyIdentifierType.setValueType(valueType);
+            }
+            JAXBElement<KeyIdentifierType> keyIdentifier = 
+                QNameConstants.WSSE_FACTORY.createKeyIdentifier(keyIdentifierType);
+            securityTokenReferenceType.getAny().add(keyIdentifier);
+        } else if (tokenReference.isUseDirectReference()) {
+            ReferenceType referenceType = QNameConstants.WSSE_FACTORY.createReferenceType();
+            referenceType.setURI(identifier);
+            
+            String valueType = tokenReference.getWsseValueType();
+            if (valueType != null) {
+                referenceType.setValueType(valueType);
+            }
+            JAXBElement<ReferenceType> reference = 
+                QNameConstants.WSSE_FACTORY.createReference(referenceType);
+            securityTokenReferenceType.getAny().add(reference);
+        }
+        
+        requestedReferenceType.setSecurityTokenReference(securityTokenReferenceType);
+        
+        return requestedReferenceType;
+    }
+    
+    /**
+     * Create a RequestedReferenceType object using a token id and tokenType
+     */
+    protected static RequestedReferenceType createRequestedReference(
+        String tokenId, String tokenType, boolean attached
+    ) {
+        TokenReference tokenReference = new TokenReference();
+        tokenReference.setIdentifier(tokenId);
+        
+        if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) 
+            || WSConstants.SAML_NS.equals(tokenType)) {
+            tokenReference.setWsse11TokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+            tokenReference.setUseKeyIdentifier(true);
+            tokenReference.setWsseValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+        } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+            || WSConstants.SAML2_NS.equals(tokenType)) {
+            tokenReference.setWsse11TokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
+            tokenReference.setUseKeyIdentifier(true);
+            tokenReference.setWsseValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+        } else {
+            tokenReference.setUseDirectReference(true);
+            tokenReference.setWsseValueType(tokenType);
+        }
+        
+        return createRequestedReference(tokenReference, attached);
+    }
+    
+    /**
+     * Create a LifetimeType object given a lifetime in seconds
+     */
+    protected static LifetimeType createLifetime(long lifetime) {
+        AttributedDateTime created = QNameConstants.UTIL_FACTORY.createAttributedDateTime();
+        AttributedDateTime expires = QNameConstants.UTIL_FACTORY.createAttributedDateTime();
+        
+        Date creationTime = new Date();
+        Date expirationTime = new Date();
+        if (lifetime <= 0) {
+            lifetime = 300L;
+        }
+        expirationTime.setTime(creationTime.getTime() + (lifetime * 1000L));
+
+        XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
+        created.setValue(fmt.format(creationTime));
+        LOG.fine("Token lifetime creation: " + created.getValue());
+        expires.setValue(fmt.format(expirationTime));
+        LOG.fine("Token lifetime expiration: " + expires.getValue());
+        
+        LifetimeType lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetimeType();
+        lifetimeType.setCreated(created);
+        lifetimeType.setExpires(expires);
+        return lifetimeType;
+    }
+    
+    /**
+     * Encrypt a Token element using the given arguments.
+     */
+    protected Element encryptToken(
+        Element element, 
+        String id, 
+        EncryptionProperties encryptionProperties,
+        KeyRequirements keyRequirements,
+        WebServiceContext context
+    ) throws WSSecurityException {
+        String name = encryptionProperties.getEncryptionName();
+        if (name == null) {
+            name = stsProperties.getEncryptionUsername();
+        }
+        if (name == null) {
+            throw new STSException("No encryption alias is configured", STSException.REQUEST_FAILED);
+        }
+        
+        // Get the encryption algorithm to use
+        String encryptionAlgorithm = keyRequirements.getEncryptionAlgorithm();
+        if (encryptionAlgorithm == null) {
+            // If none then default to what is configured
+            encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
+        } else {
+            List<String> supportedAlgorithms = 
+                encryptionProperties.getAcceptedEncryptionAlgorithms();
+            if (!supportedAlgorithms.contains(encryptionAlgorithm)) {
+                encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
+                LOG.fine("EncryptionAlgorithm not supported, defaulting to: " + encryptionAlgorithm);
+            }
+        }
+        // Get the key-wrap algorithm to use
+        String keyWrapAlgorithm = keyRequirements.getKeywrapAlgorithm();
+        if (keyWrapAlgorithm == null) {
+            // If none then default to what is configured
+            keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
+        } else {
+            List<String> supportedAlgorithms = 
+                encryptionProperties.getAcceptedKeyWrapAlgorithms();
+            if (!supportedAlgorithms.contains(keyWrapAlgorithm)) {
+                keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
+                LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keyWrapAlgorithm);
+            }
+        }
+        
+        WSSecEncrypt builder = new WSSecEncrypt();
+        if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(name)) {
+            X509Certificate cert = getReqSigCert(context.getMessageContext());
+            builder.setUseThisCert(cert);
+        } else {
+            builder.setUserInfo(name);
+        }
+        builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
+        builder.setSymmetricEncAlgorithm(encryptionAlgorithm);
+        builder.setKeyEncAlgo(keyWrapAlgorithm);
+        builder.setEmbedEncryptedKey(true);
+        
+        WSEncryptionPart encryptionPart = new WSEncryptionPart(id, "Element");
+        encryptionPart.setElement(element);
+        
+        Document doc = element.getOwnerDocument();
+        doc.appendChild(element);
+                                 
+        builder.prepare(element.getOwnerDocument(), stsProperties.getEncryptionCrypto());
+        builder.encryptForRef(null, Collections.singletonList(encryptionPart));
+        
+        return doc.getDocumentElement();
+    }
+    
+    /**
+     * Encrypt a secret using the given arguments producing a DOM EncryptedKey element
+     */
+    protected Element encryptSecret(
+        byte[] secret, 
+        EncryptionProperties encryptionProperties,
+        KeyRequirements keyRequirements
+    ) throws WSSecurityException {
+        String name = encryptionProperties.getEncryptionName();
+        if (name == null) {
+            name = stsProperties.getEncryptionUsername();
+        }
+        if (name == null) {
+            throw new STSException("No encryption alias is configured", STSException.REQUEST_FAILED);
+        }
+        
+        // Get the key-wrap algorithm to use
+        String keyWrapAlgorithm = keyRequirements.getKeywrapAlgorithm();
+        if (keyWrapAlgorithm == null) {
+            // If none then default to what is configured
+            keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
+        } else {
+            List<String> supportedAlgorithms = 
+                encryptionProperties.getAcceptedKeyWrapAlgorithms();
+            if (!supportedAlgorithms.contains(keyWrapAlgorithm)) {
+                keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
+                LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keyWrapAlgorithm);
+            }
+        }
+        
+        WSSecEncryptedKey builder = new WSSecEncryptedKey();
+        builder.setUserInfo(name);
+        builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
+        builder.setEphemeralKey(secret);
+        builder.setKeyEncAlgo(keyWrapAlgorithm);
+        
+        Document doc = DOMUtils.createDocument();
+                                 
+        builder.prepare(doc, stsProperties.getEncryptionCrypto());
+        
+        return builder.getEncryptedKeyElement();
+    }
+
+    /**
+     * Extract an address from an AppliesTo DOM element
+     */
+    protected static String extractAddressFromAppliesTo(Element appliesTo) {
+        LOG.fine("Parsing AppliesTo element");
+        if (appliesTo != null) {
+            Element endpointRef = 
+                DOMUtils.getFirstChildWithName(
+                    appliesTo, STSConstants.WSA_NS_05, "EndpointReference"
+                );
+            if (endpointRef != null) {
+                LOG.fine("Found EndpointReference element");
+                Element address = 
+                    DOMUtils.getFirstChildWithName(
+                        endpointRef, STSConstants.WSA_NS_05, "Address");
+                if (address != null) {
+                    LOG.fine("Found address element");
+                    return address.getTextContent();
+                }
+            }
+        }
+        LOG.fine("AppliesTo element does not exist or could not be parsed");
+        return null;
+    }
+
+    /**
+     * Create a TokenProviderParameters object given a RequestParser and WebServiceContext object
+     */
+    protected TokenProviderParameters createTokenProviderParameters(
+        RequestParser requestParser, WebServiceContext context
+    ) {
+        TokenProviderParameters providerParameters = new TokenProviderParameters();
+        providerParameters.setStsProperties(stsProperties);
+        providerParameters.setPrincipal(context.getUserPrincipal());
+        providerParameters.setWebServiceContext(context);
+        providerParameters.setCache(getCache());
+        
+        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        providerParameters.setKeyRequirements(keyRequirements);
+        providerParameters.setTokenRequirements(tokenRequirements);
+        
+        // Extract AppliesTo
+        String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
+        LOG.fine("The AppliesTo address that has been received is: " + address);
+        providerParameters.setAppliesToAddress(address);
+        
+        // Set the requested Claims
+        RequestClaimCollection claims = tokenRequirements.getClaims();
+        providerParameters.setRequestedClaims(claims);
+        
+        EncryptionProperties encryptionProperties = new EncryptionProperties();
+        if (address != null) {
+            boolean foundService = false;
+            // Get the stored Service object corresponding to the Service endpoint
+            if (services != null) {
+                for (ServiceMBean service : services) {
+                    if (service.isAddressInEndpoints(address)) {
+                        encryptionProperties = service.getEncryptionProperties();
+                        if (tokenRequirements.getTokenType() == null) {
+                            String tokenType = service.getTokenType();
+                            tokenRequirements.setTokenType(tokenType);
+                            LOG.fine("Using default token type of: " + tokenType);
+                        }
+                        if (keyRequirements.getKeyType() == null) {
+                            String keyType = service.getKeyType();
+                            keyRequirements.setKeyType(keyType);
+                            LOG.fine("Using default key type of: " + keyType);
+                        }
+                        foundService = true;
+                        break;
+                    }
+                }
+            }
+            if (!foundService) {
+                LOG.log(Level.WARNING, "The Service cannot match the received AppliesTo address");
+                throw new STSException(
+                    "No service corresponding to " + address + " is known", STSException.REQUEST_FAILED
+                );
+            }
+        }
+        
+        providerParameters.setEncryptionProperties(encryptionProperties);
+        
+        return providerParameters;
+    }
+    
+    /**
+     * Get the X509Certificate associated with the signature that was received. This cert is to be used
+     * for encrypting the issued token.
+     */
+    private X509Certificate getReqSigCert(MessageContext context) {
+        @SuppressWarnings("unchecked")
+        List<WSHandlerResult> results = 
+            (List<WSHandlerResult>) context.get(WSHandlerConstants.RECV_RESULTS);
+        if (results != null) {
+            for (WSHandlerResult rResult : results) {
+                List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+                for (WSSecurityEngineResult wser : wsSecEngineResults) {
+                    int wserAction = 
+                        ((java.lang.Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).intValue();
+                    if (wserAction == WSConstants.SIGN) {
+                        X509Certificate cert = 
+                            (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                        if (cert != null) {
+                            return cert;
+                        }
+                    }
+                }
+            }
+        }
+        return null;
+    }
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenCancelOperation.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.operation;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.canceller.TokenCanceller;
+import org.apache.cxf.sts.token.canceller.TokenCancellerParameters;
+import org.apache.cxf.sts.token.canceller.TokenCancellerResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedTokenCancelledType;
+import org.apache.cxf.ws.security.sts.provider.operation.CancelOperation;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ *  An implementation for Cancel operation interface.
+ */
+public class TokenCancelOperation extends AbstractOperation implements CancelOperation {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TokenCancelOperation.class);
+
+    private List<TokenCanceller> tokencancellers = new ArrayList<TokenCanceller>();
+    
+    public void setTokenCancellers(List<TokenCanceller> tokenCancellerList) {
+        this.tokencancellers = tokenCancellerList;
+    }
+    
+    public List<TokenCanceller> getTokenCancellers() {
+        return tokencancellers;
+    }
+    
+    public RequestSecurityTokenResponseType cancel(
+        RequestSecurityTokenType request, WebServiceContext context
+    ) {
+        RequestParser requestParser = parseRequest(request, context);
+        
+        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        
+        ReceivedToken cancelTarget = tokenRequirements.getCancelTarget();
+        if (cancelTarget == null || cancelTarget.getToken() == null) {
+            throw new STSException("No element presented for cancellation", STSException.INVALID_REQUEST);
+        }
+        if (tokenRequirements.getTokenType() == null) {
+            tokenRequirements.setTokenType(STSConstants.STATUS);
+            LOG.fine(
+                "Received TokenType is null, falling back to default token type: " + STSConstants.STATUS
+            );
+        }
+        
+        TokenCancellerParameters cancellerParameters = new TokenCancellerParameters();
+        cancellerParameters.setStsProperties(stsProperties);
+        cancellerParameters.setPrincipal(context.getUserPrincipal());
+        cancellerParameters.setWebServiceContext(context);
+        cancellerParameters.setCache(getCache());
+        
+        cancellerParameters.setKeyRequirements(keyRequirements);
+        cancellerParameters.setTokenRequirements(tokenRequirements);   
+        
+        //
+        // Cancel token
+        //
+        TokenCancellerResponse tokenResponse = null;
+        for (TokenCanceller tokenCanceller : tokencancellers) {
+            if (tokenCanceller.canHandleToken(cancelTarget)) {
+                try {
+                    tokenResponse = tokenCanceller.cancelToken(cancellerParameters);
+                } catch (RuntimeException ex) {
+                    LOG.log(Level.WARNING, "", ex);
+                    throw new STSException(
+                        "Error while cancelling a token", ex, STSException.REQUEST_FAILED
+                    );
+                }
+                break;
+            }
+        }
+        if (tokenResponse == null) {
+            LOG.fine("No Token Canceller has been found that can handle this token");
+            throw new STSException(
+                "No token canceller found for requested token type: " 
+                + tokenRequirements.getTokenType(), 
+                STSException.REQUEST_FAILED
+            );
+        }
+        
+        if (!tokenResponse.isTokenCancelled()) {
+            LOG.log(Level.WARNING, "Token cancellation failed.");
+            throw new STSException("Token cancellation failed.");
+        }
+        
+        // prepare response
+        try {
+            return createResponse(tokenRequirements);
+        } catch (Throwable ex) {
+            LOG.log(Level.WARNING, "", ex);
+            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
+        }
+    }
+
+    
+    private RequestSecurityTokenResponseType createResponse(
+        TokenRequirements tokenRequirements
+    ) throws WSSecurityException {
+        RequestSecurityTokenResponseType response = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
+        String context = tokenRequirements.getContext();
+        if (context != null) {
+            response.setContext(context);
+        }
+        RequestedTokenCancelledType cancelType = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestedTokenCancelledType();
+        JAXBElement<RequestedTokenCancelledType> cancel = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestedTokenCancelled(cancelType);
+        response.getAny().add(cancel);            
+        return response;
+    }
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenIssueOperation.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,301 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.operation;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.claims.ClaimsManager;
+import org.apache.cxf.sts.claims.RequestClaim;
+import org.apache.cxf.sts.claims.RequestClaimCollection;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.provider.TokenReference;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.sts.provider.model.BinarySecretType;
+import org.apache.cxf.ws.security.sts.provider.model.EntropyType;
+import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedProofTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.operation.IssueOperation;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * An implementation of the IssueOperation interface.
+ */
+public class TokenIssueOperation extends AbstractOperation implements IssueOperation {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TokenIssueOperation.class);
+
+    private ClaimsManager claimsManager;
+    
+    public ClaimsManager getClaimsManager() {
+        return claimsManager;
+    }
+
+    public void setClaimsManager(ClaimsManager claimsManager) {
+        this.claimsManager = claimsManager;
+    }
+        
+    public RequestSecurityTokenResponseCollectionType issue(
+        RequestSecurityTokenType request,
+        WebServiceContext context
+    ) {
+        RequestParser requestParser = parseRequest(request, context);
+        
+        TokenProviderParameters providerParameters = createTokenProviderParameters(requestParser, context);
+        
+        // Check if the requested claims can be handled by the configured claim handlers
+        RequestClaimCollection requestedClaims = providerParameters.getRequestedClaims();
+        if (requestedClaims != null) {
+            List<URI> unhandledClaimTypes = new ArrayList<URI>();
+            for (RequestClaim requestedClaim : requestedClaims) {
+                if (!claimsManager.getSupportedClaimTypes().contains(requestedClaim.getClaimType()) 
+                    && !requestedClaim.isOptional()) {
+                    unhandledClaimTypes.add(requestedClaim.getClaimType());
+                }
+            }
+        
+            if (unhandledClaimTypes.size() > 0) {
+                LOG.log(Level.WARNING, "The requested claim " + unhandledClaimTypes.toString() 
+                         + " cannot be fulfilled by the STS.");
+                throw new STSException(
+                    "The requested claim " + unhandledClaimTypes.toString() 
+                    + " cannot be fulfilled by the STS."
+                );
+            }
+        }
+        
+        providerParameters.setClaimsManager(claimsManager);
+        
+        // create token
+        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        String tokenType = tokenRequirements.getTokenType();
+        TokenProviderResponse tokenResponse = null;
+        for (TokenProvider tokenProvider : tokenProviders) {
+            if (tokenProvider.canHandleToken(tokenType)) {
+                try {
+                    tokenResponse = tokenProvider.createToken(providerParameters);
+                } catch (STSException ex) {
+                    LOG.log(Level.WARNING, "", ex);
+                    throw ex;
+                } catch (RuntimeException ex) {
+                    LOG.log(Level.WARNING, "", ex);
+                    throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
+                }
+                break;
+            }
+        }
+        if (tokenResponse == null || tokenResponse.getToken() == null) {
+            LOG.log(Level.WARNING, "No token provider found for requested token type: " + tokenType);
+            throw new STSException(
+                "No token provider found for requested token type: " + tokenType, 
+                STSException.REQUEST_FAILED
+            );
+        }
+        // prepare response
+        try {
+            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
+            RequestSecurityTokenResponseType response = 
+                createResponse(
+                    encryptionProperties, tokenResponse, tokenRequirements, keyRequirements, context
+                );
+            RequestSecurityTokenResponseCollectionType responseCollection = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseCollectionType();
+            responseCollection.getRequestSecurityTokenResponse().add(response);
+            return responseCollection;
+        } catch (Throwable ex) {
+            LOG.log(Level.WARNING, "", ex);
+            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
+        }
+    }
+
+    private RequestSecurityTokenResponseType createResponse(
+        EncryptionProperties encryptionProperties,
+        TokenProviderResponse tokenResponse, 
+        TokenRequirements tokenRequirements,
+        KeyRequirements keyRequirements,
+        WebServiceContext webServiceContext
+    ) throws WSSecurityException {
+        RequestSecurityTokenResponseType response = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
+        
+        String context = tokenRequirements.getContext();
+        if (context != null) {
+            response.setContext(context);
+        }
+
+        // TokenType
+        JAXBElement<String> jaxbTokenType = 
+            QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenRequirements.getTokenType());
+        response.getAny().add(jaxbTokenType);
+
+        // RequestedSecurityToken
+        RequestedSecurityTokenType requestedTokenType = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
+        JAXBElement<RequestedSecurityTokenType> requestedToken = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
+        LOG.fine("Encrypting Issued Token: " + encryptIssuedToken);
+        if (!encryptIssuedToken) {
+            requestedTokenType.setAny(tokenResponse.getToken());
+        } else {
+            requestedTokenType.setAny(
+                encryptToken(
+                    tokenResponse.getToken(), tokenResponse.getTokenId(), 
+                    encryptionProperties, keyRequirements, webServiceContext
+                )
+            );
+        }
+        response.getAny().add(requestedToken);
+
+        if (returnReferences) {
+            // RequestedAttachedReference
+            TokenReference attachedReference = tokenResponse.getAttachedReference();
+            RequestedReferenceType requestedAttachedReferenceType = null;
+            if (attachedReference != null) {
+                requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
+            } else {
+                requestedAttachedReferenceType = 
+                    createRequestedReference(
+                        tokenResponse.getTokenId(), tokenRequirements.getTokenType(), true
+                    );
+            }
+    
+            JAXBElement<RequestedReferenceType> requestedAttachedReference = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(
+                    requestedAttachedReferenceType
+                );
+            response.getAny().add(requestedAttachedReference);
+    
+            // RequestedUnattachedReference
+            TokenReference unAttachedReference = tokenResponse.getUnAttachedReference();
+            RequestedReferenceType requestedUnattachedReferenceType = null;
+            if (unAttachedReference != null) {
+                requestedUnattachedReferenceType = createRequestedReference(unAttachedReference, false);
+            } else {
+                requestedUnattachedReferenceType = 
+                    createRequestedReference(
+                        tokenResponse.getTokenId(), tokenRequirements.getTokenType(), false
+                    );
+            }
+        
+            JAXBElement<RequestedReferenceType> requestedUnattachedReference = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(
+                    requestedUnattachedReferenceType
+                );
+            response.getAny().add(requestedUnattachedReference);
+        }
+        
+        // AppliesTo
+        response.getAny().add(tokenRequirements.getAppliesTo());
+
+        // RequestedProofToken
+        if (tokenResponse.isComputedKey() && keyRequirements.getComputedKeyAlgorithm() != null) {
+            JAXBElement<String> computedKey = 
+                QNameConstants.WS_TRUST_FACTORY.createComputedKey(keyRequirements.getComputedKeyAlgorithm());
+            RequestedProofTokenType requestedProofTokenType = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
+            requestedProofTokenType.setAny(computedKey);
+            JAXBElement<RequestedProofTokenType> requestedProofToken = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
+            response.getAny().add(requestedProofToken);
+        } else if (tokenResponse.getEntropy() != null) {
+            Object token = 
+                constructSecretToken(tokenResponse.getEntropy(), encryptionProperties, keyRequirements);
+            RequestedProofTokenType requestedProofTokenType = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
+            requestedProofTokenType.setAny(token);
+            JAXBElement<RequestedProofTokenType> requestedProofToken = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
+            response.getAny().add(requestedProofToken);
+        }
+        
+        // Entropy
+        if (tokenResponse.isComputedKey() && tokenResponse.getEntropy() != null) {
+            Object token = 
+                constructSecretToken(tokenResponse.getEntropy(), encryptionProperties, keyRequirements);
+            EntropyType entropyType = QNameConstants.WS_TRUST_FACTORY.createEntropyType();
+            entropyType.getAny().add(token);
+            JAXBElement<EntropyType> entropyElement = 
+                QNameConstants.WS_TRUST_FACTORY.createEntropy(entropyType);
+            response.getAny().add(entropyElement);
+        }
+        
+        // Lifetime
+        LifetimeType lifetime = createLifetime(tokenResponse.getLifetime());
+        JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
+        response.getAny().add(lifetimeType);
+        
+        // KeySize
+        long keySize = tokenResponse.getKeySize();
+        if (keySize <= 0) {
+            keySize = keyRequirements.getKeySize();
+        }
+        if (keyRequirements.getKeySize() > 0) {
+            JAXBElement<Long> keySizeType = 
+                QNameConstants.WS_TRUST_FACTORY.createKeySize(keySize);
+            response.getAny().add(keySizeType);
+        }
+        
+        return response;
+    }
+    
+    /**
+     * Construct a token containing the secret to return to the client. If encryptIssuedToken is set
+     * then the token is wrapped in an EncryptedKey DOM element, otherwise it is returned in a 
+     * BinarySecretType JAXBElement.
+     */
+    private Object constructSecretToken(
+        byte[] secret,
+        EncryptionProperties encryptionProperties, 
+        KeyRequirements keyRequirements
+    ) throws WSSecurityException {
+        if (encryptIssuedToken) {
+            return encryptSecret(secret, encryptionProperties, keyRequirements);
+        } else {
+            BinarySecretType binarySecretType = QNameConstants.WS_TRUST_FACTORY.createBinarySecretType();
+            String nonce = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce";
+            binarySecretType.setType(nonce);
+            binarySecretType.setValue(secret);
+            JAXBElement<BinarySecretType> binarySecret = 
+                QNameConstants.WS_TRUST_FACTORY.createBinarySecret(binarySecretType);
+            return binarySecret;
+        }
+    }
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenValidateOperation.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,269 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.operation;
+
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.ws.WebServiceContext;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.RequestParser;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.provider.TokenReference;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
+import org.apache.cxf.ws.security.sts.provider.model.StatusType;
+import org.apache.cxf.ws.security.sts.provider.operation.ValidateOperation;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * An implementation of the ValidateOperation interface.
+ */
+public class TokenValidateOperation extends AbstractOperation implements ValidateOperation {
+
+    private static final Logger LOG = LogUtils.getL7dLogger(TokenValidateOperation.class);
+
+    private List<TokenValidator> tokenValidators = new ArrayList<TokenValidator>();
+    
+    public void setTokenValidators(List<TokenValidator> tokenValidators) {
+        this.tokenValidators = tokenValidators;
+    }
+    
+    public List<TokenValidator> getTokenValidators() {
+        return tokenValidators;
+    }
+    
+    public RequestSecurityTokenResponseType validate(
+        RequestSecurityTokenType request, 
+        WebServiceContext context
+    ) {
+        RequestParser requestParser = parseRequest(request, context);
+        
+        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
+        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
+        
+        ReceivedToken validateTarget = tokenRequirements.getValidateTarget();
+        if (validateTarget == null || validateTarget.getToken() == null) {
+            throw new STSException("No element presented for validation", STSException.INVALID_REQUEST);
+        }
+        if (tokenRequirements.getTokenType() == null) {
+            tokenRequirements.setTokenType(STSConstants.STATUS);
+            LOG.fine(
+                "Received TokenType is null, falling back to default token type: " 
+                + STSConstants.STATUS
+            );
+        }
+        
+        TokenValidatorParameters validatorParameters = new TokenValidatorParameters();
+        validatorParameters.setStsProperties(stsProperties);
+        validatorParameters.setPrincipal(context.getUserPrincipal());
+        validatorParameters.setWebServiceContext(context);
+        validatorParameters.setCache(getCache());
+        
+        validatorParameters.setKeyRequirements(keyRequirements);
+        validatorParameters.setTokenRequirements(tokenRequirements);
+        
+        //
+        // Validate token
+        //
+        TokenValidatorResponse tokenResponse = null;
+        for (TokenValidator tokenValidator : tokenValidators) {
+            if (tokenValidator.canHandleToken(validateTarget)) {
+                try {
+                    tokenResponse = tokenValidator.validateToken(validatorParameters);
+                } catch (RuntimeException ex) {
+                    LOG.log(Level.WARNING, "", ex);
+                    tokenResponse = new TokenValidatorResponse();
+                    tokenResponse.setValid(false);
+                }
+                break;
+            }
+        }
+        if (tokenResponse == null) {
+            LOG.fine("No Token Validator has been found that can handle this token");
+            tokenResponse = new TokenValidatorResponse();
+            tokenResponse.setValid(false);
+        }
+        
+        //
+        // Create a new token (if requested)
+        //
+        TokenProviderResponse tokenProviderResponse = null;
+        String tokenType = tokenRequirements.getTokenType();
+        if (tokenResponse.isValid() && !STSConstants.STATUS.equals(tokenType)) {
+            TokenProviderParameters providerParameters = 
+                 createTokenProviderParameters(requestParser, context);
+            Principal responsePrincipal = tokenResponse.getPrincipal();
+            if (responsePrincipal != null) {
+                providerParameters.setPrincipal(responsePrincipal);
+            }
+            Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
+            if (additionalProperties != null) {
+                providerParameters.setAdditionalProperties(additionalProperties);
+            }
+            for (TokenProvider tokenProvider : tokenProviders) {
+                if (tokenProvider.canHandleToken(tokenType)) {
+                    try {
+                        tokenProviderResponse = tokenProvider.createToken(providerParameters);
+                    } catch (STSException ex) {
+                        LOG.log(Level.WARNING, "", ex);
+                        throw ex;
+                    } catch (RuntimeException ex) {
+                        LOG.log(Level.WARNING, "", ex);
+                        throw new STSException(
+                            "Error in providing a token", ex, STSException.REQUEST_FAILED
+                        );
+                    }
+                    break;
+                }
+            }
+            if (tokenProviderResponse == null || tokenProviderResponse.getToken() == null) {
+                LOG.fine("No Token Provider has been found that can handle this token");
+                throw new STSException(
+                    "No token provider found for requested token type: " + tokenType, 
+                    STSException.REQUEST_FAILED
+                );
+            }
+        }
+        
+        // prepare response
+        try {
+            return createResponse(tokenResponse, tokenProviderResponse, tokenRequirements);
+        } catch (Throwable ex) {
+            LOG.log(Level.WARNING, "", ex);
+            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
+        }
+    }
+    
+    private RequestSecurityTokenResponseType createResponse(
+        TokenValidatorResponse tokenResponse,
+        TokenProviderResponse tokenProviderResponse,
+        TokenRequirements tokenRequirements
+    ) throws WSSecurityException {
+        RequestSecurityTokenResponseType response = 
+            QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
+
+        String context = tokenRequirements.getContext();
+        if (context != null) {
+            response.setContext(context);
+        }
+        
+        // TokenType
+        boolean valid = tokenResponse.isValid();
+        String tokenType = tokenRequirements.getTokenType();
+        if (valid || STSConstants.STATUS.equals(tokenType)) {
+            JAXBElement<String> jaxbTokenType = 
+                QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenType);
+            response.getAny().add(jaxbTokenType);
+        }
+        
+        // Status
+        StatusType statusType = QNameConstants.WS_TRUST_FACTORY.createStatusType();
+        if (valid) {
+            statusType.setCode(STSConstants.VALID_CODE);
+            statusType.setReason(STSConstants.VALID_REASON);
+        } else {
+            statusType.setCode(STSConstants.INVALID_CODE);
+            statusType.setReason(STSConstants.INVALID_REASON);
+        }
+        JAXBElement<StatusType> status = QNameConstants.WS_TRUST_FACTORY.createStatus(statusType);
+        response.getAny().add(status);
+        
+        // RequestedSecurityToken
+        if (valid && !STSConstants.STATUS.equals(tokenType) && tokenProviderResponse != null 
+            && tokenProviderResponse.getToken() != null) {
+            RequestedSecurityTokenType requestedTokenType = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
+            JAXBElement<RequestedSecurityTokenType> requestedToken = 
+                QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
+            requestedTokenType.setAny(tokenProviderResponse.getToken());
+            response.getAny().add(requestedToken);
+            
+            // Lifetime
+            LifetimeType lifetime = createLifetime(tokenProviderResponse.getLifetime());
+            JAXBElement<LifetimeType> lifetimeType =
+                QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
+            response.getAny().add(lifetimeType);
+            
+            if (returnReferences) {
+                // RequestedAttachedReference
+                TokenReference attachedReference = tokenProviderResponse.getAttachedReference();
+                RequestedReferenceType requestedAttachedReferenceType = null;
+                if (attachedReference != null) {
+                    requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
+                } else {
+                    requestedAttachedReferenceType = 
+                        createRequestedReference(
+                            tokenProviderResponse.getTokenId(), tokenRequirements.getTokenType(), true
+                        );
+                }
+    
+                JAXBElement<RequestedReferenceType> requestedAttachedReference = 
+                    QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(
+                        requestedAttachedReferenceType
+                    );
+                response.getAny().add(requestedAttachedReference);
+    
+                // RequestedUnattachedReference
+                TokenReference unAttachedReference = tokenProviderResponse.getUnAttachedReference();
+                RequestedReferenceType requestedUnattachedReferenceType = null;
+                if (unAttachedReference != null) {
+                    requestedUnattachedReferenceType = 
+                        createRequestedReference(unAttachedReference, false);
+                } else {
+                    requestedUnattachedReferenceType = 
+                        createRequestedReference(
+                            tokenProviderResponse.getTokenId(), tokenRequirements.getTokenType(), false
+                        );
+                }
+                
+                JAXBElement<RequestedReferenceType> requestedUnattachedReference = 
+                    QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(
+                        requestedUnattachedReferenceType
+                    );
+                response.getAny().add(requestedUnattachedReference);
+            }
+        }
+        
+        return response;
+    }
+    
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Entropy.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Entropy.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Entropy.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Entropy.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+/**
+ * This class contains values that have been extracted from an Entropy structure.
+ */
+public class Entropy {
+    private byte[] binarySecretValue;
+    private String binarySecretType;
+
+    public byte[] getBinarySecretValue() {
+        return binarySecretValue;
+    }
+    
+    public void setBinarySecretValue(byte[] binarySecretValue) {
+        this.binarySecretValue = binarySecretValue;
+    }
+    
+    public String getBinarySecretType() {
+        return binarySecretType;
+    }
+    
+    public void setBinarySecretType(String binarySecretType) {
+        this.binarySecretType = binarySecretType;
+    }
+    
+}
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/KeyRequirements.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,133 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * This class contains values that have been extracted from a RequestSecurityToken corresponding to 
+ * various key and encryption requirements.
+ */
+public class KeyRequirements {
+    
+    private String authenticationType;
+    private String keyType;
+    private long keySize;
+    private String signatureAlgorithm;
+    private String encryptionAlgorithm;
+    private String c14nAlgorithm;
+    private String computedKeyAlgorithm;
+    private String keywrapAlgorithm;
+    private X509Certificate certificate;
+    private Entropy entropy;
+    
+    public String getAuthenticationType() {
+        return authenticationType;
+    }
+    
+    public void setAuthenticationType(String authenticationType) {
+        this.authenticationType = authenticationType;
+    }
+    
+    public String getKeyType() {
+        return keyType;
+    }
+    
+    public void setKeyType(String keyType) {
+        this.keyType = keyType;
+    }
+    
+    public long getKeySize() {
+        return keySize;
+    }
+    
+    public void setKeySize(long keySize) {
+        this.keySize = keySize;
+    }
+    
+    /**
+     * This input parameter is ignored for the moment.
+     */
+    public String getSignatureAlgorithm() {
+        return signatureAlgorithm;
+    }
+    
+    /**
+     * This input parameter is ignored for the moment.
+     */
+    public void setSignatureAlgorithm(String signatureAlgorithm) {
+        this.signatureAlgorithm = signatureAlgorithm;
+    }
+    
+    public String getEncryptionAlgorithm() {
+        return encryptionAlgorithm;
+    }
+    
+    public void setEncryptionAlgorithm(String encryptionAlgorithm) {
+        this.encryptionAlgorithm = encryptionAlgorithm;
+    }
+    
+    /**
+     * This input parameter is ignored for the moment.
+     */
+    public String getC14nAlgorithm() {
+        return c14nAlgorithm;
+    }
+    
+    /**
+     * This input parameter is ignored for the moment.
+     */
+    public void setC14nAlgorithm(String c14nAlgorithm) {
+        this.c14nAlgorithm = c14nAlgorithm;
+    }
+    
+    public String getComputedKeyAlgorithm() {
+        return computedKeyAlgorithm;
+    }
+    
+    public void setComputedKeyAlgorithm(String computedKeyAlgorithm) {
+        this.computedKeyAlgorithm = computedKeyAlgorithm;
+    }
+    
+    public String getKeywrapAlgorithm() {
+        return keywrapAlgorithm;
+    }
+    
+    public void setKeywrapAlgorithm(String keywrapAlgorithm) {
+        this.keywrapAlgorithm = keywrapAlgorithm;
+    }
+
+    public X509Certificate getCertificate() {
+        return certificate;
+    }
+
+    public void setCertificate(X509Certificate certificate) {
+        this.certificate = certificate;
+    }
+    
+    public Entropy getEntropy() {
+        return entropy;
+    }
+    
+    public void setEntropy(Entropy entropy) {
+        this.entropy = entropy;
+    }
+    
+    
+}
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Lifetime.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Lifetime.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Lifetime.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/Lifetime.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * This class contains values that have been extracted from a Lifetime element.
+ */
+public class Lifetime {
+    private static final Logger LOG = LogUtils.getL7dLogger(Lifetime.class);
+    
+    private String created;
+    private String expires;
+    
+    public String getCreated() {
+        return created;
+    }
+
+    public void setCreated(String created) {
+        this.created = created;
+        LOG.fine("Found created value: " + created);
+    }
+
+    public String getExpires() {
+        return expires;
+    }
+
+    public void setExpires(String expires) {
+        this.expires = expires;
+        LOG.fine("Found expires value: " + expires);
+    }
+    
+}
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java (added)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/request/ReceivedToken.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,107 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.request;
+
+import java.util.logging.Logger;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+/**
+ * This class contains values that have been extracted from a received Token. The Token can be a
+ * JAXB UsernameTokenType/BinarySecurityTokenType or a DOM Element.
+ */
+public class ReceivedToken {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(ReceivedToken.class);
+    
+    private Object token;
+    private boolean isBinarySecurityToken;
+    private boolean isUsernameToken;
+    private boolean isDOMElement;
+    
+    public ReceivedToken(Object receivedToken) throws STSException {
+        if (receivedToken instanceof JAXBElement<?>) {
+            QName parentName = ((JAXBElement<?>)receivedToken).getName();
+            if (QNameConstants.USERNAME_TOKEN.equals(parentName)) {
+                isUsernameToken = true;
+                LOG.fine("Found a UsernameToken");
+            } else if (QNameConstants.BINARY_SECURITY_TOKEN.equals(parentName)) {
+                LOG.fine("Found a BinarySecurityToken");
+                isBinarySecurityToken = true;
+            } else if (QNameConstants.SECURITY_TOKEN_REFERENCE.equals(parentName)) {
+                LOG.fine("Found SecurityTokenReference");                
+            } else {
+                LOG.fine("Found unknown token object: " + parentName);
+                throw new STSException(
+                    "An unknown element was received", STSException.BAD_REQUEST
+                );
+            }
+            token = ((JAXBElement<?>)receivedToken).getValue();
+        } else if (receivedToken instanceof Element) {
+            LOG.fine("Found ValidateTarget element: " + ((Element)receivedToken).getLocalName());
+            this.token = (Element)receivedToken;
+            isDOMElement = true;
+        } else {
+            LOG.fine("Found ValidateTarget object of unknown type");
+            throw new STSException(
+                "An unknown element was received", STSException.BAD_REQUEST
+            );
+        }
+    }
+    
+    public Object getToken() {
+        return token;
+    }
+
+    public void setToken(Object token) {
+        this.token = token;
+    }
+    
+    public boolean isBinarySecurityToken() {
+        return isBinarySecurityToken;
+    }
+
+    public void setBinarySecurityToken(boolean binarySecurityToken) {
+        this.isBinarySecurityToken = binarySecurityToken;
+    }
+
+    public boolean isUsernameToken() {
+        return isUsernameToken;
+    }
+
+    public void setUsernameToken(boolean usernameToken) {
+        this.isUsernameToken = usernameToken;
+    }
+    
+    public boolean isDOMElement() {
+        return isDOMElement;
+    }
+
+    public void setDOMElement(boolean domElement) {
+        this.isDOMElement = domElement;
+    }
+    
+}
\ No newline at end of file



Mime
View raw message