cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1211923 - in /cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/ policy/builders/ policy/interceptors/ policy/model/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Thu, 08 Dec 2011 14:53:03 GMT
Author: coheigea
Date: Thu Dec  8 14:53:02 2011
New Revision: 1211923

URL: http://svn.apache.org/viewvc?rev=1211923&view=rev
Log:
[WSS-3960] - Patch for InitiatorSignatureToken Support in WS-Policy definition
 - Patch applied (with some minor modifications), thanks.
 - I added a systest.

Added:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorSignatureTokenBuilder.java
      - copied unchanged from r1211875, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/InitiatorSignatureTokenBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorSignatureToken.java
      - copied unchanged from r1211875, cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/InitiatorSignatureToken.java
Modified:
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP11Constants.java
Thu Dec  8 14:53:02 2011
@@ -177,6 +177,9 @@ public final class SP11Constants extends
 
     public static final QName INITIATOR_TOKEN = new QName(SP11Constants.SP_NS,
             SPConstants.INITIATOR_TOKEN , SP11Constants.SP_PREFIX);
+    
+    public static final QName INITIATOR_SIGNATURE_TOKEN = new QName(SP11Constants.SP_NS,
+            SPConstants.INITIATOR_SIGNATURE_TOKEN , SP11Constants.SP_PREFIX);
 
     public static final QName RECIPIENT_TOKEN = new QName(SP11Constants.SP_NS,
             SPConstants.RECIPIENT_TOKEN , SP11Constants.SP_PREFIX);
@@ -342,6 +345,9 @@ public final class SP11Constants extends
     public QName getInitiatorToken() {
         return INITIATOR_TOKEN;
     }
+    public QName getInitiatorSignatureToken() {
+        return INITIATOR_SIGNATURE_TOKEN;
+    }
     public QName getIssuedToken() {
         return ISSUED_TOKEN;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SP12Constants.java
Thu Dec  8 14:53:02 2011
@@ -213,7 +213,10 @@ public final class SP12Constants extends
 
     public static final QName INITIATOR_TOKEN = new QName(SP12Constants.SP_NS,
             SPConstants.INITIATOR_TOKEN , SP12Constants.SP_PREFIX);
-
+    
+    public static final QName INITIATOR_SIGNATURE_TOKEN = new QName(SP12Constants.SP_NS,
+            SPConstants.INITIATOR_SIGNATURE_TOKEN , SP12Constants.SP_PREFIX);
+        
     public static final QName RECIPIENT_TOKEN = new QName(SP12Constants.SP_NS,
             SPConstants.RECIPIENT_TOKEN , SP12Constants.SP_PREFIX);
 
@@ -401,6 +404,9 @@ public final class SP12Constants extends
     public QName getInitiatorToken() {
         return INITIATOR_TOKEN;
     }
+    public QName getInitiatorSignatureToken() {
+        return INITIATOR_SIGNATURE_TOKEN;
+    }
     public QName getIssuedToken() {
         return ISSUED_TOKEN;
     }

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/SPConstants.java
Thu Dec  8 14:53:02 2011
@@ -171,9 +171,9 @@ public abstract class SPConstants {
     
     public static final String INITIATOR_TOKEN = "InitiatorToken";
     
-    public static final String RECIPIENT_TOKEN = "RecipientToken";
-    
+    public static final String INITIATOR_SIGNATURE_TOKEN = "InitiatorSignatureToken";
     
+    public static final String RECIPIENT_TOKEN = "RecipientToken";
     
     public static final String SUPPORTING_TOKENS = "SupportingTokens";
     
@@ -439,6 +439,7 @@ public abstract class SPConstants {
     public abstract QName getEncryptionToken();
     public abstract QName getHttpsToken();
     public abstract QName getInitiatorToken();
+    public abstract QName getInitiatorSignatureToken();
     public abstract QName getIssuedToken();
     public abstract QName getIncludeToken();
     public abstract QName getLayout();

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
Thu Dec  8 14:53:02 2011
@@ -38,6 +38,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.builders.EncryptedElementsBuilder;
 import org.apache.cxf.ws.security.policy.builders.EncryptedPartsBuilder;
 import org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder;
+import org.apache.cxf.ws.security.policy.builders.InitiatorSignatureTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.InitiatorTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.IssuedTokenBuilder;
 import org.apache.cxf.ws.security.policy.builders.KerberosTokenBuilder;
@@ -100,6 +101,7 @@ public final class WSSecurityPolicyLoade
         reg.registerBuilder(new EncryptedPartsBuilder());
         reg.registerBuilder(new HttpsTokenBuilder(pbuild));
         reg.registerBuilder(new InitiatorTokenBuilder(pbuild));
+        reg.registerBuilder(new InitiatorSignatureTokenBuilder(pbuild));
         reg.registerBuilder(new IssuedTokenBuilder(pbuild));
         reg.registerBuilder(new LayoutBuilder());
         reg.registerBuilder(new ProtectionTokenBuilder(pbuild));

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/builders/AsymmetricBindingBuilder.java
Thu Dec  8 14:53:02 2011
@@ -32,6 +32,7 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.SPConstants;
 import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.InitiatorSignatureToken;
 import org.apache.cxf.ws.security.policy.model.InitiatorToken;
 import org.apache.cxf.ws.security.policy.model.Layout;
 import org.apache.cxf.ws.security.policy.model.RecipientToken;
@@ -93,7 +94,10 @@ public class AsymmetricBindingBuilder im
             
             if (SPConstants.INITIATOR_TOKEN.equals(name.getLocalPart())) {
                 asymmetricBinding.setInitiatorToken((InitiatorToken)assertion);
-
+                
+            } else if (SPConstants.INITIATOR_SIGNATURE_TOKEN.equals(name.getLocalPart()))
{
+                asymmetricBinding.setInitiatorSignatureToken((InitiatorSignatureToken)assertion);
+                
             } else if (SPConstants.RECIPIENT_TOKEN.equals(name.getLocalPart())) {
                 asymmetricBinding.setRecipientToken((RecipientToken)assertion);
 

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
Thu Dec  8 14:53:02 2011
@@ -48,6 +48,7 @@ public class WSSecurityPolicyInterceptor
         ASSERTION_TYPES.add(SP12Constants.SIGNATURE_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);            
         ASSERTION_TYPES.add(SP12Constants.INITIATOR_TOKEN);
+        ASSERTION_TYPES.add(SP12Constants.INITIATOR_SIGNATURE_TOKEN);
         ASSERTION_TYPES.add(SP12Constants.RECIPIENT_TOKEN);   
         ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
         ASSERTION_TYPES.add(SP12Constants.REQUIRED_PARTS);

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/AsymmetricBinding.java
Thu Dec  8 14:53:02 2011
@@ -35,6 +35,8 @@ import org.apache.neethi.PolicyComponent
 public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
 
     private InitiatorToken initiatorToken;
+    
+    private InitiatorSignatureToken initiatorSignatureToken;
 
     private RecipientToken recipientToken;
 
@@ -55,6 +57,20 @@ public class AsymmetricBinding extends S
     public void setInitiatorToken(InitiatorToken initiatorToken) {
         this.initiatorToken = initiatorToken;
     }
+    
+    /**
+     * @return Returns the initiatorToken.
+     */
+    public InitiatorSignatureToken getInitiatorSignatureToken() {
+        return initiatorSignatureToken;
+    }
+
+    /**
+     * @param initiatorToken The initiatorToken to set.
+     */
+    public void setInitiatorSignatureToken(InitiatorSignatureToken initiatorSignatureToken)
{
+        this.initiatorSignatureToken = initiatorSignatureToken;
+    }
 
     /**
      * @return Returns the recipientToken.
@@ -95,6 +111,9 @@ public class AsymmetricBinding extends S
         if (getInitiatorToken() != null) {
             all.addPolicyComponent(getInitiatorToken());
         }
+        if (getInitiatorSignatureToken() != null) {
+            all.addPolicyComponent(getInitiatorSignatureToken());
+        }
         if (getRecipientToken() != null) {
             all.addPolicyComponent(getRecipientToken());
         }
@@ -145,13 +164,22 @@ public class AsymmetricBinding extends S
         writer.writeStartElement(pPrefix, SPConstants.POLICY.getLocalPart(), SPConstants.POLICY
             .getNamespaceURI());
 
-        if (initiatorToken == null) {
-            throw new RuntimeException("InitiatorToken is not set");
+        if (initiatorToken == null && initiatorSignatureToken == null) {
+            throw new RuntimeException("InitiatorToken or InitiatorSignatureToken is not
set");
         }
 
-        // <sp:InitiatorToken>
-        initiatorToken.serialize(writer);
-        // </sp:InitiatorToken>
+        if (initiatorToken != null) {
+            // <sp:InitiatorToken>
+            initiatorToken.serialize(writer);
+            // </sp:InitiatorToken>
+        }
+        
+        if (initiatorSignatureToken != null) {
+            // <sp:InitiatorSignatureToken>
+            initiatorSignatureToken.serialize(writer);
+            // </sp:InitiatorSignatureToken>
+        }
+        
 
         if (recipientToken == null) {
             throw new RuntimeException("RecipientToken is not set");

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Thu Dec  8 14:53:02 2011
@@ -102,6 +102,9 @@ public class AsymmetricBindingHandler ex
     private void doSignBeforeEncrypt() {
         try {
             TokenWrapper initiatorWrapper = abinding.getInitiatorToken();
+            if (initiatorWrapper == null) {
+                initiatorWrapper = abinding.getInitiatorSignatureToken();
+            }
             boolean attached = false;
             if (initiatorWrapper != null) {
                 Token initiatorToken = initiatorWrapper.getToken();
@@ -141,7 +144,7 @@ public class AsymmetricBindingHandler ex
                 }
 
                 addSupportingTokens(sigs);
-                doSignature(sigs, attached);
+                doSignature(initiatorWrapper, sigs, attached);
                 doEndorse();
             } else {
                 //confirm sig
@@ -153,9 +156,8 @@ public class AsymmetricBindingHandler ex
                         convertToEncryptionPart(timestampEl.getElement());
                     sigs.add(timestampPart);
                 }
-
                 addSignatureConfirmation(sigs);
-                doSignature(sigs, attached);
+                doSignature(abinding.getRecipientToken(), sigs, attached);
             }
 
             List<WSEncryptionPart> enc = getEncryptedParts();
@@ -194,10 +196,16 @@ public class AsymmetricBindingHandler ex
             wrapper = abinding.getRecipientToken();
         } else {
             wrapper = abinding.getInitiatorToken();
+            if (wrapper == null) {
+                wrapper = abinding.getInitiatorSignatureToken();
+            }
         }
         encryptionToken = wrapper.getToken();
         
         TokenWrapper initiatorWrapper = abinding.getInitiatorToken();
+        if (initiatorWrapper == null) {
+            initiatorWrapper = abinding.getInitiatorSignatureToken();
+        }
         boolean attached = false;
         if (initiatorWrapper != null) {
             Token initiatorToken = initiatorWrapper.getToken();
@@ -268,17 +276,16 @@ public class AsymmetricBindingHandler ex
                 addSignatureConfirmation(sigParts);
             }
             
-            if ((sigParts.size() > 0 
-                    && isRequestor()
-                    && abinding.getInitiatorToken() != null) 
-                || (!isRequestor() && abinding.getRecipientToken() != null)) {
-                try {
-                    doSignature(sigParts, attached);
-                } catch (WSSecurityException ex) {
-                    throw new Fault(ex);
-                } catch (SOAPException ex) {
-                    throw new Fault(ex);
+            try {
+                if ((sigParts.size() > 0) && initiatorWrapper != null &&
isRequestor()) {
+                    doSignature(initiatorWrapper, sigParts, attached);
+                } else if (!isRequestor() && abinding.getRecipientToken() != null)
{
+                    doSignature(abinding.getRecipientToken(), sigParts, attached);
                 }
+            } catch (WSSecurityException ex) {
+                throw new Fault(ex);
+            } catch (SOAPException ex) {
+                throw new Fault(ex);
             }
 
             if (isRequestor()) {
@@ -412,31 +419,36 @@ public class AsymmetricBindingHandler ex
     }    
     
     private void assertUnusedTokens(TokenWrapper wrapper) {
+        if (wrapper == null) {
+            return;
+        }
         Collection<AssertionInfo> ais = aim.getAssertionInfo(wrapper.getName());
-        for (AssertionInfo ai : ais) {
-            if (ai.getAssertion() == wrapper) {
-                ai.setAsserted(true);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == wrapper) {
+                    ai.setAsserted(true);
+                }
             }
         }
         ais = aim.getAssertionInfo(wrapper.getToken().getName());
-        for (AssertionInfo ai : ais) {
-            if (ai.getAssertion() == wrapper.getToken()) {
-                ai.setAsserted(true);
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == wrapper.getToken()) {
+                    ai.setAsserted(true);
+                }
             }
         }
     }
     
-    private void doSignature(List<WSEncryptionPart> sigParts, boolean attached) 
+    private void doSignature(TokenWrapper wrapper, List<WSEncryptionPart> sigParts,
boolean attached) 
         throws WSSecurityException, SOAPException {
-        Token sigToken = null;
-        TokenWrapper wrapper = null;
-        if (isRequestor()) {
-            wrapper = abinding.getInitiatorToken();
-        } else {
-            wrapper = abinding.getRecipientToken();
+        
+        if (!isRequestor()) {
             assertUnusedTokens(abinding.getInitiatorToken());
+            assertUnusedTokens(abinding.getInitiatorSignatureToken());
         }
-        sigToken = wrapper.getToken();
+        
+        Token sigToken = wrapper.getToken();
         sigParts.addAll(this.getSignedParts());
         if (sigParts.isEmpty()) {
             // Add the BST to the security header if required

Modified: cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1211923&r1=1211922&r2=1211923&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
Thu Dec  8 14:53:02 2011
@@ -123,6 +123,33 @@ public class AsymmetricBindingPolicyVali
                 return false;
             }
         }
+        if (binding.getInitiatorSignatureToken() != null) {
+            Token token = binding.getInitiatorSignatureToken().getToken();
+            if (token instanceof X509Token) {
+                boolean foundCert = false;
+                for (WSSecurityEngineResult result : signedResults) {
+                    X509Certificate cert = 
+                        (X509Certificate)result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+                    if (cert != null) {
+                        foundCert = true;
+                        break;
+                    }
+                }
+                if (!foundCert && !signedResults.isEmpty()) {
+                    String error = "An X.509 certificate was not used for the initiator signature
token";
+                    notAssertPolicy(aim, binding.getInitiatorSignatureToken().getName(),
error);
+                    ai.setNotAsserted(error);
+                    return false;
+                }
+            }
+            assertPolicy(aim, binding.getInitiatorSignatureToken());
+            if (!checkDerivedKeys(
+                binding.getInitiatorSignatureToken(), hasDerivedKeys, signedResults, encryptedResults
+            )) {
+                ai.setNotAsserted("Message fails the DerivedKeys requirement");
+                return false;
+            }
+        }
         if (binding.getRecipientToken() != null) {
             assertPolicy(aim, binding.getRecipientToken());
             if (!checkDerivedKeys(



Mime
View raw message