cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1205374 - in /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: ./ policyvalidators/
Date Wed, 23 Nov 2011 11:50:23 GMT
Author: coheigea
Date: Wed Nov 23 11:50:23 2011
New Revision: 1205374

URL: http://svn.apache.org/viewvc?rev=1205374&view=rev
Log:
Tidying up the binding policy validators a bit more.

Added:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/BindingPolicyValidator.java
Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1205374&r1=1205373&r2=1205374&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed Nov 23 11:50:23 2011
@@ -66,6 +66,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.AsymmetricBindingPolicyValidator;
+import org.apache.cxf.ws.security.wss4j.policyvalidators.BindingPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.EncryptedTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingEncryptedTokenPolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.EndorsingTokenPolicyValidator;
@@ -457,7 +458,7 @@ public class PolicyBasedWSS4JInIntercept
         }
         
         if (check) {
-            check = checkBindingCoverage(aim, msg, results, signedResults);
+            check = checkBindingCoverage(aim, msg, soapBody, results, signedResults, encryptResults);
         }
 
         if (check) {
@@ -549,22 +550,30 @@ public class PolicyBasedWSS4JInIntercept
     private boolean checkBindingCoverage(
         AssertionInfoMap aim, 
         SoapMessage msg,
+        Element soapBody,
         List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         boolean check = true;
         
-        TransportBindingPolicyValidator transportValidator = 
-            new TransportBindingPolicyValidator(msg, results, signedResults);
-        check &= transportValidator.validatePolicy(aim);
+        BindingPolicyValidator transportValidator = new TransportBindingPolicyValidator();
+        check &= 
+            transportValidator.validatePolicy(
+                aim, msg, soapBody, results, signedResults, encryptedResults
+            );
             
-        SymmetricBindingPolicyValidator symmetricValidator = 
-            new SymmetricBindingPolicyValidator(msg, results, signedResults);
-        check &= symmetricValidator.validatePolicy(aim);
-
-        AsymmetricBindingPolicyValidator asymmetricValidator = 
-            new AsymmetricBindingPolicyValidator(msg, results, signedResults);
-        check &= asymmetricValidator.validatePolicy(aim);
+        BindingPolicyValidator symmetricValidator = new SymmetricBindingPolicyValidator();
+        check &= 
+            symmetricValidator.validatePolicy(
+                aim, msg, soapBody, results, signedResults, encryptedResults
+            );
+
+        BindingPolicyValidator asymmetricValidator = new AsymmetricBindingPolicyValidator();
+        check &= 
+            asymmetricValidator.validatePolicy(
+                aim, msg, soapBody, results, signedResults, encryptedResults
+            );
         
         return check;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1205374&r1=1205373&r2=1205374&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
Wed Nov 23 11:50:23 2011
@@ -51,12 +51,10 @@ import org.apache.ws.security.util.WSSec
 /**
  * Some abstract functionality for validating a security binding.
  */
-public abstract class AbstractBindingPolicyValidator {
+public abstract class AbstractBindingPolicyValidator implements BindingPolicyValidator {
     
     private static final QName SIG_QNAME = new QName(WSConstants.SIG_NS, WSConstants.SIG_LN);
     
-    protected List<WSSecurityEngineResult> results;
-    
     /**
      * Validate a Timestamp
      * @param includeTimestamp whether a Timestamp must be included or not
@@ -68,6 +66,7 @@ public abstract class AbstractBindingPol
     protected boolean validateTimestamp(
         boolean includeTimestamp,
         boolean transportBinding,
+        List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults,
         Message message
     ) {
@@ -131,7 +130,8 @@ public abstract class AbstractBindingPol
      */
     protected boolean validateLayout(
         boolean laxTimestampFirst,
-        boolean laxTimestampLast
+        boolean laxTimestampLast,
+        List<WSSecurityEngineResult> results
     ) {
         if (laxTimestampFirst) {
             if (results.isEmpty()) {
@@ -162,6 +162,7 @@ public abstract class AbstractBindingPol
         SymmetricAsymmetricBindingBase binding, 
         AssertionInfo ai,
         AssertionInfoMap aim,
+        List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults,
         Message message
     ) {
@@ -172,7 +173,7 @@ public abstract class AbstractBindingPol
         }
         
         // Check the IncludeTimestamp
-        if (!validateTimestamp(binding.isIncludeTimestamp(), false, signedResults, message))
{
+        if (!validateTimestamp(binding.isIncludeTimestamp(), false, results, signedResults,
message)) {
             String error = "Received Timestamp does not match the requirements";
             notAssertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP, error);
             ai.setNotAsserted(error);
@@ -184,7 +185,7 @@ public abstract class AbstractBindingPol
         Layout layout = binding.getLayout();
         boolean timestampFirst = layout.getValue() == SPConstants.Layout.LaxTimestampFirst;
         boolean timestampLast = layout.getValue() == SPConstants.Layout.LaxTimestampLast;
-        if (!validateLayout(timestampFirst, timestampLast)) {
+        if (!validateLayout(timestampFirst, timestampLast, results)) {
             String error = "Layout does not match the requirements";
             notAssertPolicy(aim, SP12Constants.LAYOUT, error);
             ai.setNotAsserted(error);
@@ -201,7 +202,7 @@ public abstract class AbstractBindingPol
         }
         
         // Check whether the signatures were encrypted or not
-        if (binding.isSignatureProtection() && !isSignatureEncrypted()) {
+        if (binding.isSignatureProtection() && !isSignatureEncrypted(results)) {
             ai.setNotAsserted("The signature is not protected");
             return false;
         }
@@ -212,13 +213,17 @@ public abstract class AbstractBindingPol
     /**
      * Check the Protection Order of the binding
      */
-    protected boolean checkProtectionOrder(SymmetricAsymmetricBindingBase binding, AssertionInfo
ai) {
+    protected boolean checkProtectionOrder(
+        SymmetricAsymmetricBindingBase binding, 
+        AssertionInfo ai,
+        List<WSSecurityEngineResult> results
+    ) {
         if (binding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning)
{
-            if (!binding.isSignatureProtection() && isSignedBeforeEncrypted()) {
+            if (!binding.isSignatureProtection() && isSignedBeforeEncrypted(results))
{
                 ai.setNotAsserted("Not encrypted before signed");
                 return false;
             }
-        } else if (isEncryptedBeforeSigned()) {
+        } else if (isEncryptedBeforeSigned(results)) {
             ai.setNotAsserted("Not signed before encrypted");
             return false;
         }
@@ -229,7 +234,7 @@ public abstract class AbstractBindingPol
      * Check to see if a signature was applied before encryption.
      * Note that results are stored in the reverse order.
      */
-    private boolean isSignedBeforeEncrypted() {
+    private boolean isSignedBeforeEncrypted(List<WSSecurityEngineResult> results) {
         boolean signed = false;
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
@@ -255,7 +260,7 @@ public abstract class AbstractBindingPol
      * Check to see if encryption was applied before signature.
      * Note that results are stored in the reverse order.
      */
-    private boolean isEncryptedBeforeSigned() {
+    private boolean isEncryptedBeforeSigned(List<WSSecurityEngineResult> results) {
         boolean encrypted = false;
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
@@ -307,13 +312,13 @@ public abstract class AbstractBindingPol
     /**
      * Check whether all Signature (and SignatureConfirmation) elements were encrypted
      */
-    protected boolean isSignatureEncrypted() {
+    protected boolean isSignatureEncrypted(List<WSSecurityEngineResult> results) {
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.SIGN
                 || actInt.intValue() == WSConstants.SC) {
                 String sigId = (String)result.get(WSSecurityEngineResult.TAG_ID);
-                if (sigId == null || !isIdEncrypted(sigId)) {
+                if (sigId == null || !isIdEncrypted(sigId, results)) {
                     return false;
                 }
             }
@@ -324,7 +329,7 @@ public abstract class AbstractBindingPol
     /**
      * Return true if the given id was encrypted
      */
-    private boolean isIdEncrypted(String sigId) {
+    private boolean isIdEncrypted(String sigId, List<WSSecurityEngineResult> results)
{
         for (WSSecurityEngineResult wser : results) {
             Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.ENCR) {

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1205374&r1=1205373&r2=1205374&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
Wed Nov 23 11:50:23 2011
@@ -20,11 +20,11 @@
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
 import java.security.cert.X509Certificate;
-
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -40,56 +40,44 @@ import org.apache.ws.security.WSSecurity
  */
 public class AsymmetricBindingPolicyValidator extends AbstractBindingPolicyValidator {
     
-    private List<WSSecurityEngineResult> signedResults;
-    private List<WSSecurityEngineResult> encryptedResults;
-    private Message message;
-    private boolean hasDerivedKeys;
-
-    public AsymmetricBindingPolicyValidator(
+    public boolean validatePolicy(
+        AssertionInfoMap aim,
         Message message,
+        Element soapBody,
         List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
-        this.message = message;
-        this.results = results;
-        this.signedResults = signedResults;
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
+        if (ais == null || ais.isEmpty()) {                       
+            return true;
+        }
         
-        // Store the encryption results and whether we have any derived key results
-        encryptedResults = new ArrayList<WSSecurityEngineResult>();
+        boolean hasDerivedKeys = false;
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.DKT) {
                 hasDerivedKeys = true;
-            } else if (actInt.intValue() == WSConstants.ENCR) {
-                encryptedResults.add(result);
+                break;
             }
         }
-    }
-    
-    public boolean validatePolicy(
-        AssertionInfoMap aim
-    ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
         
         for (AssertionInfo ai : ais) {
             AsymmetricBinding binding = (AsymmetricBinding)ai.getAssertion();
             ai.setAsserted(true);
 
             // Check the protection order
-            if (!checkProtectionOrder(binding, ai)) {
+            if (!checkProtectionOrder(binding, ai, results)) {
                 return false;
             }
             
             // Check various properties of the binding
-            if (!checkProperties(binding, ai, aim, signedResults, message)) {
+            if (!checkProperties(binding, ai, aim, results, signedResults, message)) {
                 return false;
             }
             
             // Check various tokens of the binding
-            if (!checkTokens(binding, ai, aim)) {
+            if (!checkTokens(binding, ai, aim, hasDerivedKeys, signedResults, encryptedResults))
{
                 return false;
             }
         }
@@ -103,7 +91,10 @@ public class AsymmetricBindingPolicyVali
     private boolean checkTokens(
         AsymmetricBinding binding, 
         AssertionInfo ai,
-        AssertionInfoMap aim
+        AssertionInfoMap aim,
+        boolean hasDerivedKeys,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         if (binding.getInitiatorToken() != null) {
             Token token = binding.getInitiatorToken().getToken();

Added: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/BindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/BindingPolicyValidator.java?rev=1205374&view=auto
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/BindingPolicyValidator.java
(added)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/BindingPolicyValidator.java
Wed Nov 23 11:50:23 2011
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyvalidators;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.message.Message;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.ws.security.WSSecurityEngineResult;
+
+/**
+ * Validate a WS-SecurityPolicy corresponding to a binding.
+ */
+public interface BindingPolicyValidator {
+    
+    /**
+     * Validate a particular policy from the AssertionInfoMap argument. Return true if the
policy is valid.
+     */
+    boolean validatePolicy(
+        AssertionInfoMap aim, 
+        Message message,
+        Element soapBody,
+        List<WSSecurityEngineResult> results,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
+    );
+}

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java?rev=1205374&r1=1205373&r2=1205374&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
Wed Nov 23 11:50:23 2011
@@ -19,10 +19,11 @@
 
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
-import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -36,56 +37,44 @@ import org.apache.ws.security.WSSecurity
  */
 public class SymmetricBindingPolicyValidator extends AbstractBindingPolicyValidator {
     
-    private List<WSSecurityEngineResult> signedResults;
-    private List<WSSecurityEngineResult> encryptedResults;
-    private Message message;
-    private boolean hasDerivedKeys;
-
-    public SymmetricBindingPolicyValidator(
+    public boolean validatePolicy(
+        AssertionInfoMap aim,
         Message message,
+        Element soapBody,
         List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
-        this.message = message;
-        this.results = results;
-        this.signedResults = signedResults;
+        Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
+        if (ais == null || ais.isEmpty()) {                       
+            return true;
+        }
         
-        // Store the encryption results and whether we have any derived key results
-        encryptedResults = new ArrayList<WSSecurityEngineResult>();
+        boolean hasDerivedKeys = false;
         for (WSSecurityEngineResult result : results) {
             Integer actInt = (Integer)result.get(WSSecurityEngineResult.TAG_ACTION);
             if (actInt.intValue() == WSConstants.DKT) {
                 hasDerivedKeys = true;
-            } else if (actInt.intValue() == WSConstants.ENCR) {
-                encryptedResults.add(result);
+                break;
             }
         }
-    }
-    
-    public boolean validatePolicy(
-        AssertionInfoMap aim
-    ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-        if (ais == null || ais.isEmpty()) {                       
-            return true;
-        }
         
         for (AssertionInfo ai : ais) {
             SymmetricBinding binding = (SymmetricBinding)ai.getAssertion();
             ai.setAsserted(true);
 
             // Check the protection order
-            if (!checkProtectionOrder(binding, ai)) {
+            if (!checkProtectionOrder(binding, ai, results)) {
                 return false;
             }
             
             // Check various properties of the binding
-            if (!checkProperties(binding, ai, aim, signedResults, message)) {
+            if (!checkProperties(binding, ai, aim, results, signedResults, message)) {
                 return false;
             }
             
             // Check various tokens of the binding
-            if (!checkTokens(binding, ai, aim)) {
+            if (!checkTokens(binding, ai, aim, hasDerivedKeys, signedResults, encryptedResults))
{
                 return false;
             }
         }
@@ -99,7 +88,10 @@ public class SymmetricBindingPolicyValid
     private boolean checkTokens(
         SymmetricBinding binding, 
         AssertionInfo ai,
-        AssertionInfoMap aim
+        AssertionInfoMap aim,
+        boolean hasDerivedKeys,
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         if (binding.getEncryptionToken() != null) {
             assertPolicy(aim, binding.getEncryptionToken());

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1205374&r1=1205373&r2=1205374&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Wed Nov 23 11:50:23 2011
@@ -22,6 +22,8 @@ package org.apache.cxf.ws.security.wss4j
 import java.util.Collection;
 import java.util.List;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.security.transport.TLSSessionInfo;
@@ -38,21 +40,13 @@ import org.apache.ws.security.WSSecurity
  */
 public class TransportBindingPolicyValidator extends AbstractBindingPolicyValidator {
     
-    private List<WSSecurityEngineResult> signedResults;
-    private Message message;
-
-    public TransportBindingPolicyValidator(
+    public boolean validatePolicy(
+        AssertionInfoMap aim,
         Message message,
+        Element soapBody,
         List<WSSecurityEngineResult> results,
-        List<WSSecurityEngineResult> signedResults
-    ) {
-        this.message = message;
-        this.results = results;
-        this.signedResults = signedResults;
-    }
-    
-    public boolean validatePolicy(
-        AssertionInfoMap aim
+        List<WSSecurityEngineResult> signedResults,
+        List<WSSecurityEngineResult> encryptedResults
     ) {
         Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
         if (ais == null || ais.isEmpty()) {                       
@@ -84,7 +78,7 @@ public class TransportBindingPolicyValid
             }
             
             // Check the IncludeTimestamp
-            if (!validateTimestamp(binding.isIncludeTimestamp(), true, signedResults, message))
{
+            if (!validateTimestamp(binding.isIncludeTimestamp(), true, results, signedResults,
message)) {
                 String error = "Received Timestamp does not match the requirements";
                 notAssertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP, error);
                 ai.setNotAsserted(error);
@@ -96,7 +90,7 @@ public class TransportBindingPolicyValid
             Layout layout = binding.getLayout();
             boolean timestampFirst = layout.getValue() == SPConstants.Layout.LaxTimestampFirst;
             boolean timestampLast = layout.getValue() == SPConstants.Layout.LaxTimestampLast;
-            if (!validateLayout(timestampFirst, timestampLast)) {
+            if (!validateLayout(timestampFirst, timestampLast, results)) {
                 String error = "Layout does not match the requirements";
                 notAssertPolicy(aim, SP12Constants.LAYOUT, error);
                 ai.setNotAsserted(error);



Mime
View raw message