cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1186905 [3/6] - in /cxf/trunk: rt/bindings/soap/src/test/java/org/apache/cxf/binding/soap/interceptor/ rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/ rt/transports/jms/src/test/java/org/apache/cxf/transport/jms/ rt/ws/policy/src/mai...
Date Thu, 20 Oct 2011 16:38:03 GMT
Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java Thu Oct 20 16:37:54 2011
@@ -1,429 +1,429 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.request.KeyRequirements;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.sts.token.realm.SAMLRealm;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
-import org.apache.ws.security.saml.ext.SAMLParms;
-import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
-import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
-import org.apache.ws.security.saml.ext.bean.ConditionsBean;
-import org.apache.ws.security.saml.ext.bean.SubjectBean;
-
-/**
- * A TokenProvider implementation that provides a SAML Token.
- */
-public class SAMLTokenProvider implements TokenProvider {
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenProvider.class);
-    
-    private List<AttributeStatementProvider> attributeStatementProviders;
-    private List<AuthenticationStatementProvider> authenticationStatementProviders;
-    private List<AuthDecisionStatementProvider> authenticationDecisionStatementProviders;
-    private SubjectProvider subjectProvider = new DefaultSubjectProvider();
-    private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
-    private boolean signToken = true;
-    private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType.
-     */
-    public boolean canHandleToken(String tokenType) {
-        return canHandleToken(tokenType, null);
-    }
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType in a given realm.
-     */
-    public boolean canHandleToken(String tokenType, String realm) {
-        if (realm != null && !realmMap.containsKey(realm)) {
-            return false;
-        }
-        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)
-            || WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
-            return true;
-        }
-        return false;
-    }
-    
-    /**
-     * Create a token given a TokenProviderParameters
-     */
-    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
-        testKeyType(tokenParameters);
-        byte[] secret = null;
-        byte[] entropyBytes = null;
-        long keySize = 0;
-        boolean computedKey = false;
-        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
-        
-        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
-            SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
-            keyHandler.createSymmetricKey();
-            secret = keyHandler.getSecret();
-            entropyBytes = keyHandler.getEntropyBytes();
-            keySize = keyHandler.getKeySize();
-            computedKey = keyHandler.isComputedKey();
-        } 
-        
-        try {
-            Document doc = DOMUtils.createDocument();
-            AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
-            Element token = assertion.toDOM(doc);
-            
-            // set the token in cache
-            if (tokenParameters.getTokenStore() != null) {
-                SecurityToken securityToken = new SecurityToken(assertion.getId());
-                securityToken.setToken(token);
-                securityToken.setPrincipal(tokenParameters.getPrincipal());
-                int hash = 0;
-                byte[] signatureValue = assertion.getSignatureValue();
-                if (signatureValue != null && signatureValue.length > 0) {
-                    hash = Arrays.hashCode(signatureValue);
-                    securityToken.setAssociatedHash(hash);
-                }
-                if (tokenParameters.getRealm() != null) {
-                    Properties props = securityToken.getProperties();
-                    if (props == null) {
-                        props = new Properties();
-                    }
-                    props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
-                    securityToken.setProperties(props);
-                }
-                Integer timeToLive = (int)(conditionsProvider.getLifetime() * 1000);
-                tokenParameters.getTokenStore().add(securityToken, timeToLive);
-            }
-            
-            TokenProviderResponse response = new TokenProviderResponse();
-            response.setToken(token);
-            String tokenType = tokenRequirements.getTokenType();
-            if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) 
-                || WSConstants.SAML2_NS.equals(tokenType)) {
-                response.setTokenId(token.getAttribute("ID"));
-            } else {
-                response.setTokenId(token.getAttribute("AssertionID"));
-            }
-            response.setLifetime(conditionsProvider.getLifetime());
-            response.setEntropy(entropyBytes);
-            if (keySize > 0) {
-                response.setKeySize(keySize);
-            }
-            response.setComputedKey(computedKey);
-            
-            return response;
-        } catch (Exception e) {
-            LOG.log(Level.WARNING, "", e);
-            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
-        }
-    }
-    
-    /**
-     * Set the List of AttributeStatementProviders.
-     */
-    public void setAttributeStatementProviders(
-        List<AttributeStatementProvider> attributeStatementProviders
-    ) {
-        this.attributeStatementProviders = attributeStatementProviders;
-    }
-    
-    /**
-     * Get the List of AttributeStatementProviders.
-     */
-    public List<AttributeStatementProvider> getAttributeStatementProviders() {
-        return attributeStatementProviders;
-    }
-    
-    /**
-     * Set the List of AuthenticationStatementProviders.
-     */
-    public void setAuthenticationStatementProviders(
-        List<AuthenticationStatementProvider> authnStatementProviders
-    ) {
-        this.authenticationStatementProviders = authnStatementProviders;
-    }
-    
-    /**
-     * Get the List of AuthenticationStatementProviders.
-     */
-    public List<AuthenticationStatementProvider> getAuthenticationStatementProviders() {
-        return authenticationStatementProviders;
-    }
-    
-    /**
-     * Set the List of AuthDecisionStatementProviders.
-     */
-    public void setAuthDecisionStatementProviders(
-        List<AuthDecisionStatementProvider> authDecisionStatementProviders
-    ) {
-        this.authenticationDecisionStatementProviders = authDecisionStatementProviders;
-    }
-    
-    /**
-     * Get the List of AuthDecisionStatementProviders.
-     */
-    public List<AuthDecisionStatementProvider> getAuthDecisionStatementProviders() {
-        return authenticationDecisionStatementProviders;
-    }
-
-    /**
-     * Set the SubjectProvider.
-     */
-    public void setSubjectProvider(SubjectProvider subjectProvider) {
-        this.subjectProvider = subjectProvider;
-    }
-    
-    /**
-     * Get the SubjectProvider.
-     */
-    public SubjectProvider getSubjectProvider() {
-        return subjectProvider;
-    }
-    
-    /**
-     * Set the ConditionsProvider
-     */
-    public void setConditionsProvider(ConditionsProvider conditionsProvider) {
-        this.conditionsProvider = conditionsProvider;
-    }
-    
-    /**
-     * Get the ConditionsProvider
-     */
-    public ConditionsProvider getConditionsProvider() {
-        return conditionsProvider;
-    }
-
-    /**
-     * Return whether the provided token will be signed or not. Default is true.
-     */
-    public boolean isSignToken() {
-        return signToken;
-    }
-
-    /**
-     * Set whether the provided token will be signed or not. Default is true.
-     */
-    public void setSignToken(boolean signToken) {
-        this.signToken = signToken;
-    }
-    
-    /**
-     * Set the map of realm->SAMLRealm for this token provider
-     * @param realms the map of realm->SAMLRealm for this token provider
-     */
-    public void setRealmMap(Map<String, SAMLRealm> realms) {
-        this.realmMap = realms;
-    }
-    
-    /**
-     * Get the map of realm->SAMLRealm for this token provider
-     * @return the map of realm->SAMLRealm for this token provider
-     */
-    public Map<String, SAMLRealm> getRealmMap() {
-        return realmMap;
-    }
-
-    private AssertionWrapper createSamlToken(
-        TokenProviderParameters tokenParameters, byte[] secret, Document doc
-    ) throws Exception {
-        String realm = tokenParameters.getRealm();
-        SAMLRealm samlRealm = null;
-        if (realm != null && realmMap.containsKey(realm)) {
-            samlRealm = realmMap.get(realm);
-        }
-        
-        SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
-        
-        SAMLParms samlParms = new SAMLParms();
-        samlParms.setCallbackHandler(handler);
-        AssertionWrapper assertion = new AssertionWrapper(samlParms);
-        
-        if (signToken) {
-            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-            
-            String alias = null;
-            if (samlRealm != null) {
-                alias = samlRealm.getSignatureAlias();
-            }
-            if (alias == null || "".equals(alias)) {
-                alias = stsProperties.getSignatureUsername();
-            }
-            if (alias == null || "".equals(alias)) {
-                Crypto signatureCrypto = stsProperties.getSignatureCrypto();
-                if (signatureCrypto != null) {
-                    alias = signatureCrypto.getDefaultX509Identifier();
-                    LOG.fine("Signature alias is null so using default alias: " + alias);
-                }
-            }
-            // Get the password
-            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
-            LOG.fine("Creating SAML Token");
-            stsProperties.getCallbackHandler().handle(cb);
-            String password = cb[0].getPassword();
-    
-            LOG.fine("Signing SAML Token");
-            boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
-            assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
-        }
-        
-        return assertion;
-    }
-    
-    public SamlCallbackHandler createCallbackHandler(
-        TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc
-    ) throws Exception {
-        // Parse the AttributeStatements
-        List<AttributeStatementBean> attrBeanList = null;
-        if (attributeStatementProviders != null && attributeStatementProviders.size() > 0) {
-            attrBeanList = new ArrayList<AttributeStatementBean>();
-            for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
-                AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
-                if (statementBean != null) {
-                    LOG.fine(
-                        "AttributeStatements" + statementBean.toString() 
-                        + "returned by AttributeStatementProvider " 
-                        + statementProvider.getClass().getName()
-                    );
-                    attrBeanList.add(statementBean);
-                }
-            }
-        }
-        
-        // Parse the AuthenticationStatements
-        List<AuthenticationStatementBean> authBeanList = null;
-        if (authenticationStatementProviders != null && authenticationStatementProviders.size() > 0) {
-            authBeanList = new ArrayList<AuthenticationStatementBean>();
-            for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
-                AuthenticationStatementBean statementBean = 
-                    statementProvider.getStatement(tokenParameters);
-                if (statementBean != null) {
-                    LOG.fine(
-                        "AuthenticationStatement" + statementBean.toString() 
-                        + "returned by AuthenticationStatementProvider " 
-                        + statementProvider.getClass().getName()
-                    );
-                    authBeanList.add(statementBean);
-                }
-            }
-        }
-        
-        // Parse the AuthDecisionStatements
-        List<AuthDecisionStatementBean> authDecisionBeanList = null;
-        if (authenticationDecisionStatementProviders != null 
-            && authenticationDecisionStatementProviders.size() > 0) {
-            authDecisionBeanList = new ArrayList<AuthDecisionStatementBean>();
-            for (AuthDecisionStatementProvider statementProvider 
-                : authenticationDecisionStatementProviders) {
-                AuthDecisionStatementBean statementBean = 
-                    statementProvider.getStatement(tokenParameters);
-                if (statementBean != null) {
-                    LOG.fine(
-                        "AuthDecisionStatement" + statementBean.toString() 
-                        + "returned by AuthDecisionStatementProvider " 
-                        + statementProvider.getClass().getName()
-                    );
-                    authDecisionBeanList.add(statementBean);
-                }
-            }
-        }
-        
-        // If no statements, then default to the DefaultAttributeStatementProvider
-        if ((attrBeanList == null || attrBeanList.isEmpty()) 
-            && (authBeanList == null || authBeanList.isEmpty())
-            && (authDecisionBeanList == null || authDecisionBeanList.isEmpty())) {
-            attrBeanList = new ArrayList<AttributeStatementBean>();
-            AttributeStatementProvider attributeProvider = new DefaultAttributeStatementProvider();
-            AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
-            attrBeanList.add(attributeBean);
-        }
-        
-        // Get the Subject and Conditions
-        SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret);
-        ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
-        
-        // Set all of the beans on the SamlCallbackHandler
-        SamlCallbackHandler handler = new SamlCallbackHandler();
-        handler.setTokenProviderParameters(tokenParameters);
-        handler.setSubjectBean(subjectBean);
-        handler.setConditionsBean(conditionsBean);
-        handler.setAttributeBeans(attrBeanList);
-        handler.setAuthenticationBeans(authBeanList);
-        handler.setAuthDecisionStatementBeans(authDecisionBeanList);
-        
-        if (samlRealm != null) {
-            handler.setIssuer(samlRealm.getIssuer());
-        }
-        
-        return handler;
-    }
-    
-    /**
-     * Do some tests on the KeyType parameter.
-     */
-    private void testKeyType(TokenProviderParameters tokenParameters) {
-        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
-
-        String keyType = keyRequirements.getKeyType();
-        if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
-            if (keyRequirements.getCertificate() == null) {
-                LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
-                throw new STSException(
-                    "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
-                );
-            }
-        } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
-            && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
-            LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
-            throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
-        }
-        
-    }
-    
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.ws.security.saml.ext.SAMLParms;
+import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
+import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
+import org.apache.ws.security.saml.ext.bean.ConditionsBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+
+/**
+ * A TokenProvider implementation that provides a SAML Token.
+ */
+public class SAMLTokenProvider implements TokenProvider {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(SAMLTokenProvider.class);
+    
+    private List<AttributeStatementProvider> attributeStatementProviders;
+    private List<AuthenticationStatementProvider> authenticationStatementProviders;
+    private List<AuthDecisionStatementProvider> authenticationDecisionStatementProviders;
+    private SubjectProvider subjectProvider = new DefaultSubjectProvider();
+    private ConditionsProvider conditionsProvider = new DefaultConditionsProvider();
+    private boolean signToken = true;
+    private Map<String, SAMLRealm> realmMap = new HashMap<String, SAMLRealm>();
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType.
+     */
+    public boolean canHandleToken(String tokenType) {
+        return canHandleToken(tokenType, null);
+    }
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm.
+     */
+    public boolean canHandleToken(String tokenType, String realm) {
+        if (realm != null && !realmMap.containsKey(realm)) {
+            return false;
+        }
+        if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML2_NS.equals(tokenType)
+            || WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType) || WSConstants.SAML_NS.equals(tokenType)) {
+            return true;
+        }
+        return false;
+    }
+    
+    /**
+     * Create a token given a TokenProviderParameters
+     */
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        testKeyType(tokenParameters);
+        byte[] secret = null;
+        byte[] entropyBytes = null;
+        long keySize = 0;
+        boolean computedKey = false;
+        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
+        
+        if (STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyRequirements.getKeyType())) {
+            SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
+            keyHandler.createSymmetricKey();
+            secret = keyHandler.getSecret();
+            entropyBytes = keyHandler.getEntropyBytes();
+            keySize = keyHandler.getKeySize();
+            computedKey = keyHandler.isComputedKey();
+        } 
+        
+        try {
+            Document doc = DOMUtils.createDocument();
+            AssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
+            Element token = assertion.toDOM(doc);
+            
+            // set the token in cache
+            if (tokenParameters.getTokenStore() != null) {
+                SecurityToken securityToken = new SecurityToken(assertion.getId());
+                securityToken.setToken(token);
+                securityToken.setPrincipal(tokenParameters.getPrincipal());
+                int hash = 0;
+                byte[] signatureValue = assertion.getSignatureValue();
+                if (signatureValue != null && signatureValue.length > 0) {
+                    hash = Arrays.hashCode(signatureValue);
+                    securityToken.setAssociatedHash(hash);
+                }
+                if (tokenParameters.getRealm() != null) {
+                    Properties props = securityToken.getProperties();
+                    if (props == null) {
+                        props = new Properties();
+                    }
+                    props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
+                    securityToken.setProperties(props);
+                }
+                Integer timeToLive = (int)(conditionsProvider.getLifetime() * 1000);
+                tokenParameters.getTokenStore().add(securityToken, timeToLive);
+            }
+            
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(token);
+            String tokenType = tokenRequirements.getTokenType();
+            if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) 
+                || WSConstants.SAML2_NS.equals(tokenType)) {
+                response.setTokenId(token.getAttribute("ID"));
+            } else {
+                response.setTokenId(token.getAttribute("AssertionID"));
+            }
+            response.setLifetime(conditionsProvider.getLifetime());
+            response.setEntropy(entropyBytes);
+            if (keySize > 0) {
+                response.setKeySize(keySize);
+            }
+            response.setComputedKey(computedKey);
+            
+            return response;
+        } catch (Exception e) {
+            LOG.log(Level.WARNING, "", e);
+            throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
+        }
+    }
+    
+    /**
+     * Set the List of AttributeStatementProviders.
+     */
+    public void setAttributeStatementProviders(
+        List<AttributeStatementProvider> attributeStatementProviders
+    ) {
+        this.attributeStatementProviders = attributeStatementProviders;
+    }
+    
+    /**
+     * Get the List of AttributeStatementProviders.
+     */
+    public List<AttributeStatementProvider> getAttributeStatementProviders() {
+        return attributeStatementProviders;
+    }
+    
+    /**
+     * Set the List of AuthenticationStatementProviders.
+     */
+    public void setAuthenticationStatementProviders(
+        List<AuthenticationStatementProvider> authnStatementProviders
+    ) {
+        this.authenticationStatementProviders = authnStatementProviders;
+    }
+    
+    /**
+     * Get the List of AuthenticationStatementProviders.
+     */
+    public List<AuthenticationStatementProvider> getAuthenticationStatementProviders() {
+        return authenticationStatementProviders;
+    }
+    
+    /**
+     * Set the List of AuthDecisionStatementProviders.
+     */
+    public void setAuthDecisionStatementProviders(
+        List<AuthDecisionStatementProvider> authDecisionStatementProviders
+    ) {
+        this.authenticationDecisionStatementProviders = authDecisionStatementProviders;
+    }
+    
+    /**
+     * Get the List of AuthDecisionStatementProviders.
+     */
+    public List<AuthDecisionStatementProvider> getAuthDecisionStatementProviders() {
+        return authenticationDecisionStatementProviders;
+    }
+
+    /**
+     * Set the SubjectProvider.
+     */
+    public void setSubjectProvider(SubjectProvider subjectProvider) {
+        this.subjectProvider = subjectProvider;
+    }
+    
+    /**
+     * Get the SubjectProvider.
+     */
+    public SubjectProvider getSubjectProvider() {
+        return subjectProvider;
+    }
+    
+    /**
+     * Set the ConditionsProvider
+     */
+    public void setConditionsProvider(ConditionsProvider conditionsProvider) {
+        this.conditionsProvider = conditionsProvider;
+    }
+    
+    /**
+     * Get the ConditionsProvider
+     */
+    public ConditionsProvider getConditionsProvider() {
+        return conditionsProvider;
+    }
+
+    /**
+     * Return whether the provided token will be signed or not. Default is true.
+     */
+    public boolean isSignToken() {
+        return signToken;
+    }
+
+    /**
+     * Set whether the provided token will be signed or not. Default is true.
+     */
+    public void setSignToken(boolean signToken) {
+        this.signToken = signToken;
+    }
+    
+    /**
+     * Set the map of realm->SAMLRealm for this token provider
+     * @param realms the map of realm->SAMLRealm for this token provider
+     */
+    public void setRealmMap(Map<String, SAMLRealm> realms) {
+        this.realmMap = realms;
+    }
+    
+    /**
+     * Get the map of realm->SAMLRealm for this token provider
+     * @return the map of realm->SAMLRealm for this token provider
+     */
+    public Map<String, SAMLRealm> getRealmMap() {
+        return realmMap;
+    }
+
+    private AssertionWrapper createSamlToken(
+        TokenProviderParameters tokenParameters, byte[] secret, Document doc
+    ) throws Exception {
+        String realm = tokenParameters.getRealm();
+        SAMLRealm samlRealm = null;
+        if (realm != null && realmMap.containsKey(realm)) {
+            samlRealm = realmMap.get(realm);
+        }
+        
+        SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(handler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        
+        if (signToken) {
+            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+            
+            String alias = null;
+            if (samlRealm != null) {
+                alias = samlRealm.getSignatureAlias();
+            }
+            if (alias == null || "".equals(alias)) {
+                alias = stsProperties.getSignatureUsername();
+            }
+            if (alias == null || "".equals(alias)) {
+                Crypto signatureCrypto = stsProperties.getSignatureCrypto();
+                if (signatureCrypto != null) {
+                    alias = signatureCrypto.getDefaultX509Identifier();
+                    LOG.fine("Signature alias is null so using default alias: " + alias);
+                }
+            }
+            // Get the password
+            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
+            LOG.fine("Creating SAML Token");
+            stsProperties.getCallbackHandler().handle(cb);
+            String password = cb[0].getPassword();
+    
+            LOG.fine("Signing SAML Token");
+            boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
+            assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
+        }
+        
+        return assertion;
+    }
+    
+    public SamlCallbackHandler createCallbackHandler(
+        TokenProviderParameters tokenParameters, byte[] secret, SAMLRealm samlRealm, Document doc
+    ) throws Exception {
+        // Parse the AttributeStatements
+        List<AttributeStatementBean> attrBeanList = null;
+        if (attributeStatementProviders != null && attributeStatementProviders.size() > 0) {
+            attrBeanList = new ArrayList<AttributeStatementBean>();
+            for (AttributeStatementProvider statementProvider : attributeStatementProviders) {
+                AttributeStatementBean statementBean = statementProvider.getStatement(tokenParameters);
+                if (statementBean != null) {
+                    LOG.fine(
+                        "AttributeStatements" + statementBean.toString() 
+                        + "returned by AttributeStatementProvider " 
+                        + statementProvider.getClass().getName()
+                    );
+                    attrBeanList.add(statementBean);
+                }
+            }
+        }
+        
+        // Parse the AuthenticationStatements
+        List<AuthenticationStatementBean> authBeanList = null;
+        if (authenticationStatementProviders != null && authenticationStatementProviders.size() > 0) {
+            authBeanList = new ArrayList<AuthenticationStatementBean>();
+            for (AuthenticationStatementProvider statementProvider : authenticationStatementProviders) {
+                AuthenticationStatementBean statementBean = 
+                    statementProvider.getStatement(tokenParameters);
+                if (statementBean != null) {
+                    LOG.fine(
+                        "AuthenticationStatement" + statementBean.toString() 
+                        + "returned by AuthenticationStatementProvider " 
+                        + statementProvider.getClass().getName()
+                    );
+                    authBeanList.add(statementBean);
+                }
+            }
+        }
+        
+        // Parse the AuthDecisionStatements
+        List<AuthDecisionStatementBean> authDecisionBeanList = null;
+        if (authenticationDecisionStatementProviders != null 
+            && authenticationDecisionStatementProviders.size() > 0) {
+            authDecisionBeanList = new ArrayList<AuthDecisionStatementBean>();
+            for (AuthDecisionStatementProvider statementProvider 
+                : authenticationDecisionStatementProviders) {
+                AuthDecisionStatementBean statementBean = 
+                    statementProvider.getStatement(tokenParameters);
+                if (statementBean != null) {
+                    LOG.fine(
+                        "AuthDecisionStatement" + statementBean.toString() 
+                        + "returned by AuthDecisionStatementProvider " 
+                        + statementProvider.getClass().getName()
+                    );
+                    authDecisionBeanList.add(statementBean);
+                }
+            }
+        }
+        
+        // If no statements, then default to the DefaultAttributeStatementProvider
+        if ((attrBeanList == null || attrBeanList.isEmpty()) 
+            && (authBeanList == null || authBeanList.isEmpty())
+            && (authDecisionBeanList == null || authDecisionBeanList.isEmpty())) {
+            attrBeanList = new ArrayList<AttributeStatementBean>();
+            AttributeStatementProvider attributeProvider = new DefaultAttributeStatementProvider();
+            AttributeStatementBean attributeBean = attributeProvider.getStatement(tokenParameters);
+            attrBeanList.add(attributeBean);
+        }
+        
+        // Get the Subject and Conditions
+        SubjectBean subjectBean = subjectProvider.getSubject(tokenParameters, doc, secret);
+        ConditionsBean conditionsBean = conditionsProvider.getConditions(tokenParameters);
+        
+        // Set all of the beans on the SamlCallbackHandler
+        SamlCallbackHandler handler = new SamlCallbackHandler();
+        handler.setTokenProviderParameters(tokenParameters);
+        handler.setSubjectBean(subjectBean);
+        handler.setConditionsBean(conditionsBean);
+        handler.setAttributeBeans(attrBeanList);
+        handler.setAuthenticationBeans(authBeanList);
+        handler.setAuthDecisionStatementBeans(authDecisionBeanList);
+        
+        if (samlRealm != null) {
+            handler.setIssuer(samlRealm.getIssuer());
+        }
+        
+        return handler;
+    }
+    
+    /**
+     * Do some tests on the KeyType parameter.
+     */
+    private void testKeyType(TokenProviderParameters tokenParameters) {
+        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+
+        String keyType = keyRequirements.getKeyType();
+        if (STSConstants.PUBLIC_KEY_KEYTYPE.equals(keyType)) {
+            if (keyRequirements.getCertificate() == null) {
+                LOG.log(Level.WARNING, "A PublicKey Keytype is requested, but no certificate is provided");
+                throw new STSException(
+                    "No client certificate for PublicKey KeyType", STSException.INVALID_REQUEST
+                );
+            }
+        } else if (!STSConstants.SYMMETRIC_KEY_KEYTYPE.equals(keyType)
+            && !STSConstants.BEARER_KEY_KEYTYPE.equals(keyType) && keyType != null) {
+            LOG.log(Level.WARNING, "An unknown KeyType was requested: " + keyType);
+            throw new STSException("Unknown KeyType", STSException.INVALID_REQUEST);
+        }
+        
+    }
+    
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SAMLTokenProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java Thu Oct 20 16:37:54 2011
@@ -1,191 +1,191 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-import java.util.Properties;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.w3c.dom.Document;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.request.TokenRequirements;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.trust.STSUtils;
-
-import org.apache.ws.security.conversation.ConversationConstants;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.message.token.SecurityContextToken;
-
-/**
- * A TokenProvider implementation that provides a SecurityContextToken.
- */
-public class SCTProvider implements TokenProvider {
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(SCTProvider.class);
-    private boolean returnEntropy = true;
-    private long lifetime = 300L;
-    
-    /**
-     * Return the lifetime of the generated SCT
-     * @return the lifetime of the generated SCT
-     */
-    public long getLifetime() {
-        return lifetime;
-    }
-
-    /**
-     * Set the lifetime of the generated SCT
-     * @param lifetime the lifetime of the generated SCT
-     */
-    public void setLifetime(long lifetime) {
-        this.lifetime = lifetime;
-    }
-
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType.
-     */
-    public boolean canHandleToken(String tokenType) {
-        return canHandleToken(tokenType, null);
-    }
-
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType in a given realm. The realm is ignored in this 
-     * token provider.
-     */
-    public boolean canHandleToken(String tokenType, String realm) {
-        if (STSUtils.TOKEN_TYPE_SCT_05_02.equals(tokenType) 
-            || STSUtils.TOKEN_TYPE_SCT_05_12.equals(tokenType)) {
-            return true;
-        }
-        return false;
-    }
-        
-    /**
-     * Set whether Entropy is returned to the client or not
-     * @param returnEntropy whether Entropy is returned to the client or not
-     */
-    public void setReturnEntropy(boolean returnEntropy) {
-        this.returnEntropy = returnEntropy;
-    }
-
-    /**
-     * Get whether Entropy is returned to the client or not
-     * @return whether Entropy is returned to the client or not
-     */
-    public boolean isReturnEntropy() {
-        return returnEntropy;
-    }
-    
-    /**
-     * Create a token given a TokenProviderParameters
-     */
-    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
-        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
-        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
-        
-        if (tokenParameters.getTokenStore() == null) {
-            LOG.log(Level.FINE, "A cache must be configured to use the SCTProvider");
-            throw new STSException("Can't serialize SCT", STSException.REQUEST_FAILED);
-        }
-
-        SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
-        keyHandler.createSymmetricKey();
-        
-        try {
-            Document doc = DOMUtils.createDocument();
-            SecurityContextToken sct =
-                new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), doc);
-    
-            TokenProviderResponse response = new TokenProviderResponse();
-            response.setToken(sct.getElement());
-            response.setTokenId(sct.getIdentifier());
-            if (returnEntropy) {
-                response.setEntropy(keyHandler.getEntropyBytes());
-            }
-            long keySize = keyHandler.getKeySize();
-            response.setKeySize(keySize);
-            response.setComputedKey(keyHandler.isComputedKey());
-            
-            // putting the secret key into the cache
-            SecurityToken token = new SecurityToken(sct.getIdentifier());
-            token.setSecret(keyHandler.getSecret());
-            token.setPrincipal(tokenParameters.getPrincipal());
-            if (tokenParameters.getRealm() != null) {
-                Properties props = token.getProperties();
-                if (props == null) {
-                    props = new Properties();
-                }
-                props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
-                token.setProperties(props);
-            }
-            if (lifetime > 0) {
-                Integer lifetimeInteger = new Integer(Long.valueOf(lifetime).intValue());
-                tokenParameters.getTokenStore().add(token, lifetimeInteger);
-            } else {
-                tokenParameters.getTokenStore().add(token);
-            }
-            
-            // Create the references
-            TokenReference attachedReference = new TokenReference();
-            attachedReference.setIdentifier(sct.getID());
-            attachedReference.setUseDirectReference(true);
-            attachedReference.setWsseValueType(tokenRequirements.getTokenType());
-            response.setAttachedReference(attachedReference);
-            
-            TokenReference unAttachedReference = new TokenReference();
-            unAttachedReference.setIdentifier(sct.getIdentifier());
-            unAttachedReference.setUseDirectReference(true);
-            unAttachedReference.setWsseValueType(tokenRequirements.getTokenType());
-            response.setUnattachedReference(unAttachedReference);
-            
-            response.setLifetime(lifetime);
-            
-            return response;
-        } catch (Exception e) {
-            LOG.log(Level.WARNING, "", e);
-            throw new STSException("Can't serialize SCT", e, STSException.REQUEST_FAILED);
-        }
-    }
-    
-    /**
-     * Get the Secure Conversation version from the TokenType parameter
-     */
-    private static int getWSCVersion(String tokenType) throws ConversationException {
-        if (tokenType == null) {
-            return ConversationConstants.DEFAULT_VERSION;
-        }
-
-        if (tokenType.startsWith(ConversationConstants.WSC_NS_05_02)) {
-            return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
-        } else if (tokenType.startsWith(ConversationConstants.WSC_NS_05_12)) {
-            return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
-        } else {
-            throw new ConversationException("unsupportedSecConvVersion");
-        }
-    }
-    
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSUtils;
+
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.token.SecurityContextToken;
+
+/**
+ * A TokenProvider implementation that provides a SecurityContextToken.
+ */
+public class SCTProvider implements TokenProvider {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(SCTProvider.class);
+    private boolean returnEntropy = true;
+    private long lifetime = 300L;
+    
+    /**
+     * Return the lifetime of the generated SCT
+     * @return the lifetime of the generated SCT
+     */
+    public long getLifetime() {
+        return lifetime;
+    }
+
+    /**
+     * Set the lifetime of the generated SCT
+     * @param lifetime the lifetime of the generated SCT
+     */
+    public void setLifetime(long lifetime) {
+        this.lifetime = lifetime;
+    }
+
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType.
+     */
+    public boolean canHandleToken(String tokenType) {
+        return canHandleToken(tokenType, null);
+    }
+
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm. The realm is ignored in this 
+     * token provider.
+     */
+    public boolean canHandleToken(String tokenType, String realm) {
+        if (STSUtils.TOKEN_TYPE_SCT_05_02.equals(tokenType) 
+            || STSUtils.TOKEN_TYPE_SCT_05_12.equals(tokenType)) {
+            return true;
+        }
+        return false;
+    }
+        
+    /**
+     * Set whether Entropy is returned to the client or not
+     * @param returnEntropy whether Entropy is returned to the client or not
+     */
+    public void setReturnEntropy(boolean returnEntropy) {
+        this.returnEntropy = returnEntropy;
+    }
+
+    /**
+     * Get whether Entropy is returned to the client or not
+     * @return whether Entropy is returned to the client or not
+     */
+    public boolean isReturnEntropy() {
+        return returnEntropy;
+    }
+    
+    /**
+     * Create a token given a TokenProviderParameters
+     */
+    public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
+        TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
+        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
+        
+        if (tokenParameters.getTokenStore() == null) {
+            LOG.log(Level.FINE, "A cache must be configured to use the SCTProvider");
+            throw new STSException("Can't serialize SCT", STSException.REQUEST_FAILED);
+        }
+
+        SymmetricKeyHandler keyHandler = new SymmetricKeyHandler(tokenParameters);
+        keyHandler.createSymmetricKey();
+        
+        try {
+            Document doc = DOMUtils.createDocument();
+            SecurityContextToken sct =
+                new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), doc);
+    
+            TokenProviderResponse response = new TokenProviderResponse();
+            response.setToken(sct.getElement());
+            response.setTokenId(sct.getIdentifier());
+            if (returnEntropy) {
+                response.setEntropy(keyHandler.getEntropyBytes());
+            }
+            long keySize = keyHandler.getKeySize();
+            response.setKeySize(keySize);
+            response.setComputedKey(keyHandler.isComputedKey());
+            
+            // putting the secret key into the cache
+            SecurityToken token = new SecurityToken(sct.getIdentifier());
+            token.setSecret(keyHandler.getSecret());
+            token.setPrincipal(tokenParameters.getPrincipal());
+            if (tokenParameters.getRealm() != null) {
+                Properties props = token.getProperties();
+                if (props == null) {
+                    props = new Properties();
+                }
+                props.setProperty(STSConstants.TOKEN_REALM, tokenParameters.getRealm());
+                token.setProperties(props);
+            }
+            if (lifetime > 0) {
+                Integer lifetimeInteger = new Integer(Long.valueOf(lifetime).intValue());
+                tokenParameters.getTokenStore().add(token, lifetimeInteger);
+            } else {
+                tokenParameters.getTokenStore().add(token);
+            }
+            
+            // Create the references
+            TokenReference attachedReference = new TokenReference();
+            attachedReference.setIdentifier(sct.getID());
+            attachedReference.setUseDirectReference(true);
+            attachedReference.setWsseValueType(tokenRequirements.getTokenType());
+            response.setAttachedReference(attachedReference);
+            
+            TokenReference unAttachedReference = new TokenReference();
+            unAttachedReference.setIdentifier(sct.getIdentifier());
+            unAttachedReference.setUseDirectReference(true);
+            unAttachedReference.setWsseValueType(tokenRequirements.getTokenType());
+            response.setUnattachedReference(unAttachedReference);
+            
+            response.setLifetime(lifetime);
+            
+            return response;
+        } catch (Exception e) {
+            LOG.log(Level.WARNING, "", e);
+            throw new STSException("Can't serialize SCT", e, STSException.REQUEST_FAILED);
+        }
+    }
+    
+    /**
+     * Get the Secure Conversation version from the TokenType parameter
+     */
+    private static int getWSCVersion(String tokenType) throws ConversationException {
+        if (tokenType == null) {
+            return ConversationConstants.DEFAULT_VERSION;
+        }
+
+        if (tokenType.startsWith(ConversationConstants.WSC_NS_05_02)) {
+            return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
+        } else if (tokenType.startsWith(ConversationConstants.WSC_NS_05_12)) {
+            return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
+        } else {
+            throw new ConversationException("unsupportedSecConvVersion");
+        }
+    }
+    
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SCTProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SamlCallbackHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SubjectProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java Thu Oct 20 16:37:54 2011
@@ -1,150 +1,150 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.sts.STSConstants;
-import org.apache.cxf.sts.STSPropertiesMBean;
-import org.apache.cxf.sts.SignatureProperties;
-import org.apache.cxf.sts.request.Entropy;
-import org.apache.cxf.sts.request.KeyRequirements;
-import org.apache.cxf.ws.security.sts.provider.STSException;
-
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.conversation.dkalgo.P_SHA1;
-import org.apache.ws.security.util.WSSecurityUtil;
-
-/**
- * Some common functionality relating to parsing and generating Symmetric Keys.
- */
-public class SymmetricKeyHandler {
-    
-    private static final Logger LOG = LogUtils.getL7dLogger(SymmetricKeyHandler.class);
-    
-    private int keySize = 256;
-    private Entropy clientEntropy;
-    private byte[] entropyBytes;
-    private byte[] secret;
-    private boolean computedKey;
-    
-    public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
-        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
-        
-        // Test KeySize
-        keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
-        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
-        SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
-        if (keySize < signatureProperties.getMinimumKeySize()
-            || keySize > signatureProperties.getMaximumKeySize()) {
-            keySize = Long.valueOf(signatureProperties.getKeySize()).intValue();
-            LOG.log(
-                Level.WARNING, "Received KeySize of " + keyRequirements.getKeySize() 
-                + " not accepted so defaulting to " + signatureProperties.getKeySize()
-            );
-        }
-
-        // Test Entropy
-        clientEntropy = keyRequirements.getEntropy();
-        if (clientEntropy == null) {
-            LOG.log(Level.WARNING, "A SymmetricKey KeyType is requested, but no client entropy is provided");
-        } else {
-            String binarySecurityType = clientEntropy.getBinarySecretType();
-            byte[] nonce = clientEntropy.getBinarySecretValue();
-            if (!STSConstants.NONCE_TYPE.equals(binarySecurityType)) {
-                LOG.log(Level.WARNING, "The type " + binarySecurityType + " is not supported");
-                throw new STSException(
-                    "No user supplied entropy for SymmetricKey case", STSException.INVALID_REQUEST
-                );
-            }
-            if (nonce == null || (nonce.length < (keySize / 8))) {
-                LOG.log(Level.WARNING, "User Entropy rejected");
-                clientEntropy = null;
-            }
-            String computedKeyAlgorithm = keyRequirements.getComputedKeyAlgorithm();
-            if (!STSConstants.COMPUTED_KEY_PSHA1.equals(computedKeyAlgorithm)) {
-                LOG.log(
-                    Level.WARNING, 
-                    "The computed key algorithm of " + computedKeyAlgorithm + " is not supported"
-                );
-                throw new STSException(
-                    "Computed Key Algorithm not supported", STSException.INVALID_REQUEST
-                );
-            }
-        }
-    }
-
-    /**
-     * Create the Symmetric Key
-     */
-    public void createSymmetricKey() {
-        try {
-            entropyBytes = WSSecurityUtil.generateNonce(keySize / 8);
-            secret = entropyBytes;
-            computedKey = false;
-        } catch (WSSecurityException ex) {
-            LOG.log(Level.WARNING, "", ex);
-            throw new STSException("Error in creating symmetric key", ex, STSException.INVALID_REQUEST);
-        } 
-        if (clientEntropy != null) {
-            byte[] nonce = clientEntropy.getBinarySecretValue();
-            try {
-                P_SHA1 psha1 = new P_SHA1();
-                secret = psha1.createKey(nonce, entropyBytes, 0, keySize / 8);
-                computedKey = true;
-            } catch (ConversationException ex) {
-                LOG.log(Level.WARNING, "", ex);
-                throw new STSException("Error in creating symmetric key", STSException.INVALID_REQUEST);
-            }
-        }
-    }
-    
-    /**
-     * Get the KeySize.
-     */
-    public long getKeySize() {
-        return keySize;
-    }
-    
-    /**
-     * Get the Entropy bytes
-     */
-    public byte[] getEntropyBytes() {
-        return entropyBytes;
-    }
-
-    /**
-     * Get the secret
-     */
-    public byte[] getSecret() {
-        return secret;
-    }
-    
-    /**
-     * Get whether this is a computed key or not
-     */
-    public boolean isComputedKey() {
-        return computedKey;
-    }
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.STSPropertiesMBean;
+import org.apache.cxf.sts.SignatureProperties;
+import org.apache.cxf.sts.request.Entropy;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.ws.security.sts.provider.STSException;
+
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+/**
+ * Some common functionality relating to parsing and generating Symmetric Keys.
+ */
+public class SymmetricKeyHandler {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(SymmetricKeyHandler.class);
+    
+    private int keySize = 256;
+    private Entropy clientEntropy;
+    private byte[] entropyBytes;
+    private byte[] secret;
+    private boolean computedKey;
+    
+    public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
+        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
+        
+        // Test KeySize
+        keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
+        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
+        SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
+        if (keySize < signatureProperties.getMinimumKeySize()
+            || keySize > signatureProperties.getMaximumKeySize()) {
+            keySize = Long.valueOf(signatureProperties.getKeySize()).intValue();
+            LOG.log(
+                Level.WARNING, "Received KeySize of " + keyRequirements.getKeySize() 
+                + " not accepted so defaulting to " + signatureProperties.getKeySize()
+            );
+        }
+
+        // Test Entropy
+        clientEntropy = keyRequirements.getEntropy();
+        if (clientEntropy == null) {
+            LOG.log(Level.WARNING, "A SymmetricKey KeyType is requested, but no client entropy is provided");
+        } else {
+            String binarySecurityType = clientEntropy.getBinarySecretType();
+            byte[] nonce = clientEntropy.getBinarySecretValue();
+            if (!STSConstants.NONCE_TYPE.equals(binarySecurityType)) {
+                LOG.log(Level.WARNING, "The type " + binarySecurityType + " is not supported");
+                throw new STSException(
+                    "No user supplied entropy for SymmetricKey case", STSException.INVALID_REQUEST
+                );
+            }
+            if (nonce == null || (nonce.length < (keySize / 8))) {
+                LOG.log(Level.WARNING, "User Entropy rejected");
+                clientEntropy = null;
+            }
+            String computedKeyAlgorithm = keyRequirements.getComputedKeyAlgorithm();
+            if (!STSConstants.COMPUTED_KEY_PSHA1.equals(computedKeyAlgorithm)) {
+                LOG.log(
+                    Level.WARNING, 
+                    "The computed key algorithm of " + computedKeyAlgorithm + " is not supported"
+                );
+                throw new STSException(
+                    "Computed Key Algorithm not supported", STSException.INVALID_REQUEST
+                );
+            }
+        }
+    }
+
+    /**
+     * Create the Symmetric Key
+     */
+    public void createSymmetricKey() {
+        try {
+            entropyBytes = WSSecurityUtil.generateNonce(keySize / 8);
+            secret = entropyBytes;
+            computedKey = false;
+        } catch (WSSecurityException ex) {
+            LOG.log(Level.WARNING, "", ex);
+            throw new STSException("Error in creating symmetric key", ex, STSException.INVALID_REQUEST);
+        } 
+        if (clientEntropy != null) {
+            byte[] nonce = clientEntropy.getBinarySecretValue();
+            try {
+                P_SHA1 psha1 = new P_SHA1();
+                secret = psha1.createKey(nonce, entropyBytes, 0, keySize / 8);
+                computedKey = true;
+            } catch (ConversationException ex) {
+                LOG.log(Level.WARNING, "", ex);
+                throw new STSException("Error in creating symmetric key", STSException.INVALID_REQUEST);
+            }
+        }
+    }
+    
+    /**
+     * Get the KeySize.
+     */
+    public long getKeySize() {
+        return keySize;
+    }
+    
+    /**
+     * Get the Entropy bytes
+     */
+    public byte[] getEntropyBytes() {
+        return entropyBytes;
+    }
+
+    /**
+     * Get the secret
+     */
+    public byte[] getSecret() {
+        return secret;
+    }
+    
+    /**
+     * Get whether this is a computed key or not
+     */
+    public boolean isComputedKey() {
+        return computedKey;
+    }
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/SymmetricKeyHandler.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java Thu Oct 20 16:37:54 2011
@@ -1,44 +1,44 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * An interface that can provide a security token.
- */
-public interface TokenProvider {
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType
-     */
-    boolean canHandleToken(String tokenType);
-    
-    /**
-     * Return true if this TokenProvider implementation is capable of providing a token
-     * that corresponds to the given TokenType in a given realm
-     */
-    boolean canHandleToken(String tokenType, String realm);
-
-    /**
-     * Create a token given a TokenProviderParameters
-     */
-    TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
-
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+/**
+ * An interface that can provide a security token.
+ */
+public interface TokenProvider {
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType
+     */
+    boolean canHandleToken(String tokenType);
+    
+    /**
+     * Return true if this TokenProvider implementation is capable of providing a token
+     * that corresponds to the given TokenType in a given realm
+     */
+    boolean canHandleToken(String tokenType, String realm);
+
+    /**
+     * Create a token given a TokenProviderParameters
+     */
+    TokenProviderResponse createToken(TokenProviderParameters tokenParameters);
+
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderParameters.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenProviderResponse.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java?rev=1186905&r1=1186904&r2=1186905&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java (original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java Thu Oct 20 16:37:54 2011
@@ -1,114 +1,114 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.sts.token.provider;
-
-/**
- * A class that encapsulates how a token should be referenced
- */
-public class TokenReference {
-
-    private String identifier;
-    private String wsse11TokenType;
-    private String wsseValueType;
-    private boolean useDirectReference;
-    private boolean useKeyIdentifier;
-    
-    /**
-     * Get the identifier associated with this token
-     * @return the identifier associated with this token
-     */
-    public String getIdentifier() {
-        return identifier;
-    }
-    
-    /**
-     * Set the identifier associated with this token
-     * @param identifier the identifier associated with this token
-     */
-    public void setIdentifier(String identifier) {
-        this.identifier = identifier;
-    }
-    
-    /**
-     * Get the wsse11 TokenType attribute
-     * @return the wsse11 TokenType attribute
-     */
-    public String getWsse11TokenType() {
-        return wsse11TokenType;
-    }
-    
-    /**
-     * Set the wsse11 TokenType attribute
-     * @param wsse11TokenType the wsse11 TokenType attribute
-     */
-    public void setWsse11TokenType(String wsse11TokenType) {
-        this.wsse11TokenType = wsse11TokenType;
-    }
-    
-    /**
-     * Get the wsse ValueType attribute
-     * @return the wsse ValueType attribute
-     */
-    public String getWsseValueType() {
-        return wsseValueType;
-    }
-    
-    /**
-     * Set the wsse ValueType attribute
-     * @param wsseValueType the wsse ValueType attribute
-     */
-    public void setWsseValueType(String wsseValueType) {
-        this.wsseValueType = wsseValueType;
-    }
-    
-    /**
-     * Get whether to use direct reference to refer to this token
-     * @return whether to use direct reference to refer to this token
-     */
-    public boolean isUseDirectReference() {
-        return useDirectReference;
-    }
-    
-    /**
-     * Set whether to use direct reference to refer to this token
-     * @param useDirectReference whether to use direct reference to refer to this token
-     */
-    public void setUseDirectReference(boolean useDirectReference) {
-        this.useDirectReference = useDirectReference;
-    }
-    
-    /**
-     * Get whether to use a KeyIdentifier to refer to this token
-     * @return whether to use a KeyIdentifier to refer to this token
-     */
-    public boolean isUseKeyIdentifier() {
-        return useKeyIdentifier;
-    }
-    
-    /**
-     * Set whether to use a KeyIdentifier to refer to this token
-     * @param useKeyIdentifier whether to use a KeyIdentifier to refer to this token
-     */
-    public void setUseKeyIdentifier(boolean useKeyIdentifier) {
-        this.useKeyIdentifier = useKeyIdentifier;
-    }
-    
-    
-}
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.sts.token.provider;
+
+/**
+ * A class that encapsulates how a token should be referenced
+ */
+public class TokenReference {
+
+    private String identifier;
+    private String wsse11TokenType;
+    private String wsseValueType;
+    private boolean useDirectReference;
+    private boolean useKeyIdentifier;
+    
+    /**
+     * Get the identifier associated with this token
+     * @return the identifier associated with this token
+     */
+    public String getIdentifier() {
+        return identifier;
+    }
+    
+    /**
+     * Set the identifier associated with this token
+     * @param identifier the identifier associated with this token
+     */
+    public void setIdentifier(String identifier) {
+        this.identifier = identifier;
+    }
+    
+    /**
+     * Get the wsse11 TokenType attribute
+     * @return the wsse11 TokenType attribute
+     */
+    public String getWsse11TokenType() {
+        return wsse11TokenType;
+    }
+    
+    /**
+     * Set the wsse11 TokenType attribute
+     * @param wsse11TokenType the wsse11 TokenType attribute
+     */
+    public void setWsse11TokenType(String wsse11TokenType) {
+        this.wsse11TokenType = wsse11TokenType;
+    }
+    
+    /**
+     * Get the wsse ValueType attribute
+     * @return the wsse ValueType attribute
+     */
+    public String getWsseValueType() {
+        return wsseValueType;
+    }
+    
+    /**
+     * Set the wsse ValueType attribute
+     * @param wsseValueType the wsse ValueType attribute
+     */
+    public void setWsseValueType(String wsseValueType) {
+        this.wsseValueType = wsseValueType;
+    }
+    
+    /**
+     * Get whether to use direct reference to refer to this token
+     * @return whether to use direct reference to refer to this token
+     */
+    public boolean isUseDirectReference() {
+        return useDirectReference;
+    }
+    
+    /**
+     * Set whether to use direct reference to refer to this token
+     * @param useDirectReference whether to use direct reference to refer to this token
+     */
+    public void setUseDirectReference(boolean useDirectReference) {
+        this.useDirectReference = useDirectReference;
+    }
+    
+    /**
+     * Get whether to use a KeyIdentifier to refer to this token
+     * @return whether to use a KeyIdentifier to refer to this token
+     */
+    public boolean isUseKeyIdentifier() {
+        return useKeyIdentifier;
+    }
+    
+    /**
+     * Set whether to use a KeyIdentifier to refer to this token
+     * @param useKeyIdentifier whether to use a KeyIdentifier to refer to this token
+     */
+    public void setUseKeyIdentifier(boolean useKeyIdentifier) {
+        this.useKeyIdentifier = useKeyIdentifier;
+    }
+    
+    
+}

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/TokenReference.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/CertConstraintsParser.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealm.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/SAMLRealmCodec.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/realm/UsernameTokenRealmCodec.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message