cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1453437 [1/3] - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/model/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Wed, 06 Mar 2013 17:20:33 GMT
Author: coheigea
Date: Wed Mar  6 17:20:32 2013
New Revision: 1453437

URL: http://svn.apache.org/r1453437
Log:
Adding commit that mysteriously disappeared

Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/model/SupportingToken.java Wed Mar  6 17:20:32 2013
@@ -246,7 +246,6 @@ public class SupportingToken extends Tok
     /**
      * @return true if the supporting token should be encrypted
      */
-
     public boolean isEncryptedToken() {
         return type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED
             || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java Wed Mar  6 17:20:32 2013
@@ -27,13 +27,15 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.Binding;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.wss4j.common.crypto.AlgorithmSuite;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
 
 /**
  * Translate any AlgorithmSuite policy that may be operative into a WSS4J AlgorithmSuite object
@@ -46,7 +48,7 @@ public final class AlgorithmSuiteTransla
             return;
         }
         
-        List<org.apache.cxf.ws.security.policy.model.AlgorithmSuite> algorithmSuites = 
+        List<org.apache.wss4j.policy.model.AlgorithmSuite> algorithmSuites = 
             getAlgorithmSuites(getBindings(aim));
         if (!algorithmSuites.isEmpty()) {
             // Translate into WSS4J's AlgorithmSuite class
@@ -57,13 +59,14 @@ public final class AlgorithmSuiteTransla
         // Now look for an AlgorithmSuite for a SAML Assertion
         Collection<AssertionInfo> ais = aim.get(SP12Constants.SAML_TOKEN);
         if (ais != null && !ais.isEmpty()) {
-            List<org.apache.cxf.ws.security.policy.model.AlgorithmSuite> samlAlgorithmSuites
-                = new ArrayList<org.apache.cxf.ws.security.policy.model.AlgorithmSuite>();
+            List<org.apache.wss4j.policy.model.AlgorithmSuite> samlAlgorithmSuites
+                = new ArrayList<org.apache.wss4j.policy.model.AlgorithmSuite>();
             for (AssertionInfo ai : ais) {
                 SamlToken samlToken = (SamlToken)ai.getAssertion();
-                SupportingToken supportingToken = samlToken.getSupportingToken();
-                if (supportingToken != null && supportingToken.getAlgorithmSuite() != null) {
-                    samlAlgorithmSuites.add(supportingToken.getAlgorithmSuite());
+                AbstractSecurityAssertion parentAssertion = samlToken.getParentAssertion();
+                if ((parentAssertion instanceof SupportingTokens)
+                    && ((SupportingTokens)parentAssertion).getAlgorithmSuite() != null) {
+                    samlAlgorithmSuites.add(((SupportingTokens)parentAssertion).getAlgorithmSuite());
                 }
             }
 
@@ -77,11 +80,11 @@ public final class AlgorithmSuiteTransla
      * Translate a list of CXF AlgorithmSuite objects into a single WSS4J AlgorithmSuite object
      */
     private AlgorithmSuite translateAlgorithmSuites(
-        List<org.apache.cxf.ws.security.policy.model.AlgorithmSuite> algorithmSuites
+        List<org.apache.wss4j.policy.model.AlgorithmSuite> algorithmSuites
     ) {
         AlgorithmSuite algorithmSuite = null;
         
-        for (org.apache.cxf.ws.security.policy.model.AlgorithmSuite cxfAlgorithmSuite 
+        for (org.apache.wss4j.policy.model.AlgorithmSuite cxfAlgorithmSuite 
             : algorithmSuites) {
             if (cxfAlgorithmSuite == null) {
                 continue;
@@ -92,40 +95,41 @@ public final class AlgorithmSuiteTransla
                 algorithmSuite = new AlgorithmSuite();
             }
             
+            AlgorithmSuiteType algorithmSuiteType = cxfAlgorithmSuite.getAlgorithmSuiteType();
             // Set asymmetric key lengths
             if (algorithmSuite.getMaximumAsymmetricKeyLength() 
-                < cxfAlgorithmSuite.getMaximumAsymmetricKeyLength()) {
+                < algorithmSuiteType.getMaximumAsymmetricKeyLength()) {
                 algorithmSuite.setMaximumAsymmetricKeyLength(
-                    cxfAlgorithmSuite.getMaximumAsymmetricKeyLength());
+                    algorithmSuiteType.getMaximumAsymmetricKeyLength());
             }
             if (algorithmSuite.getMinimumAsymmetricKeyLength() 
-                > cxfAlgorithmSuite.getMinimumAsymmetricKeyLength()) {
+                > algorithmSuiteType.getMinimumAsymmetricKeyLength()) {
                 algorithmSuite.setMinimumAsymmetricKeyLength(
-                    cxfAlgorithmSuite.getMinimumAsymmetricKeyLength());
+                    algorithmSuiteType.getMinimumAsymmetricKeyLength());
             }
             
             // Set symmetric key lengths
             if (algorithmSuite.getMaximumSymmetricKeyLength() 
-                < cxfAlgorithmSuite.getMaximumSymmetricKeyLength()) {
+                < algorithmSuiteType.getMaximumSymmetricKeyLength()) {
                 algorithmSuite.setMaximumSymmetricKeyLength(
-                    cxfAlgorithmSuite.getMaximumSymmetricKeyLength());
+                    algorithmSuiteType.getMaximumSymmetricKeyLength());
             }
             if (algorithmSuite.getMinimumSymmetricKeyLength() 
-                > cxfAlgorithmSuite.getMinimumSymmetricKeyLength()) {
+                > algorithmSuiteType.getMinimumSymmetricKeyLength()) {
                 algorithmSuite.setMinimumSymmetricKeyLength(
-                    cxfAlgorithmSuite.getMinimumSymmetricKeyLength());
+                    algorithmSuiteType.getMinimumSymmetricKeyLength());
             }
                 
-            algorithmSuite.addEncryptionMethod(cxfAlgorithmSuite.getEncryption());
-            algorithmSuite.addKeyWrapAlgorithm(cxfAlgorithmSuite.getSymmetricKeyWrap());
-            algorithmSuite.addKeyWrapAlgorithm(cxfAlgorithmSuite.getAsymmetricKeyWrap());
+            algorithmSuite.addEncryptionMethod(algorithmSuiteType.getEncryption());
+            algorithmSuite.addKeyWrapAlgorithm(algorithmSuiteType.getSymmetricKeyWrap());
+            algorithmSuite.addKeyWrapAlgorithm(algorithmSuiteType.getAsymmetricKeyWrap());
     
             algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getAsymmetricSignature());
             algorithmSuite.addSignatureMethod(cxfAlgorithmSuite.getSymmetricSignature());
-            algorithmSuite.addDigestAlgorithm(cxfAlgorithmSuite.getDigest());
-            algorithmSuite.addC14nAlgorithm(cxfAlgorithmSuite.getInclusiveC14n());
+            algorithmSuite.addDigestAlgorithm(algorithmSuiteType.getDigest());
+            algorithmSuite.addC14nAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
     
-            algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getInclusiveC14n());
+            algorithmSuite.addTransformAlgorithm(cxfAlgorithmSuite.getC14n().getValue());
             algorithmSuite.addTransformAlgorithm(SPConstants.STRT10);
             algorithmSuite.addTransformAlgorithm(WSConstants.NS_XMLDSIG_ENVELOPED_SIGNATURE);
     
@@ -139,25 +143,25 @@ public final class AlgorithmSuiteTransla
     /**
      * Get all of the WS-SecurityPolicy Bindings that are in operation
      */
-    private List<Binding> getBindings(AssertionInfoMap aim) {
-        List<Binding> bindings = new ArrayList<Binding>();
+    private List<AbstractBinding> getBindings(AssertionInfoMap aim) {
+        List<AbstractBinding> bindings = new ArrayList<AbstractBinding>();
         if (aim != null) {
             Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
             if (ais != null && !ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
-                    bindings.add((Binding)ai.getAssertion());
+                    bindings.add((AbstractBinding)ai.getAssertion());
                 }
             }
             ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
             if (ais != null && !ais.isEmpty()) {     
                 for (AssertionInfo ai : ais) {
-                    bindings.add((Binding)ai.getAssertion());
+                    bindings.add((AbstractBinding)ai.getAssertion());
                 }
             }
             ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
             if (ais != null && !ais.isEmpty()) {     
                 for (AssertionInfo ai : ais) {
-                    bindings.add((Binding)ai.getAssertion());
+                    bindings.add((AbstractBinding)ai.getAssertion());
                 }
             }
         }
@@ -167,12 +171,12 @@ public final class AlgorithmSuiteTransla
     /**
      * Get all of the CXF AlgorithmSuites from the bindings
      */
-    private List<org.apache.cxf.ws.security.policy.model.AlgorithmSuite> getAlgorithmSuites(
-        List<Binding> bindings
+    private List<org.apache.wss4j.policy.model.AlgorithmSuite> getAlgorithmSuites(
+        List<AbstractBinding> bindings
     ) {
-        List<org.apache.cxf.ws.security.policy.model.AlgorithmSuite> algorithmSuites = 
-            new ArrayList<org.apache.cxf.ws.security.policy.model.AlgorithmSuite>();
-        for (Binding binding : bindings) {
+        List<org.apache.wss4j.policy.model.AlgorithmSuite> algorithmSuites = 
+            new ArrayList<org.apache.wss4j.policy.model.AlgorithmSuite>();
+        for (AbstractBinding binding : bindings) {
             if (binding.getAlgorithmSuite() != null) {
                 algorithmSuites.add(binding.getAlgorithmSuite());
             }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Mar  6 17:20:32 2013
@@ -58,14 +58,6 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP11Constants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
-import org.apache.cxf.ws.security.policy.model.Header;
-import org.apache.cxf.ws.security.policy.model.RequiredElements;
-import org.apache.cxf.ws.security.policy.model.RequiredParts;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.AsymmetricBindingPolicyValidator;
@@ -97,6 +89,13 @@ import org.apache.wss4j.dom.handler.Requ
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.message.token.Timestamp;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.RequiredElements;
+import org.apache.wss4j.policy.model.RequiredParts;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
+import org.apache.wss4j.policy.model.Wss11;
 
 /**
  * 
@@ -284,7 +283,7 @@ public class PolicyBasedWSS4JInIntercept
         if (ais != null && !ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 UsernameToken policy = (UsernameToken)ai.getAssertion();
-                if (policy.isNoPassword()) {
+                if (policy.getPasswordType() == PasswordType.NoPassword) {
                     message.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
                 }
             }
@@ -416,29 +415,28 @@ public class PolicyBasedWSS4JInIntercept
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
-                Map<String, String> namespaces = null;
-                List<String> xpaths = null;
-                if (CoverageScope.CONTENT.equals(scope)) {
-                    ContentEncryptedElements p = (ContentEncryptedElements)ai.getAssertion();
-                    namespaces = p.getDeclaredNamespaces();
-                    xpaths = p.getXPathExpressions();
-                } else {
-                    SignedEncryptedElements p = (SignedEncryptedElements)ai.getAssertion();
-                    namespaces = p.getDeclaredNamespaces();
-                    xpaths = p.getXPathExpressions();
-                }
                 
-                if (xpaths != null) {
-                    if (namespaces != null) {
-                        xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+                RequiredElements elements = (RequiredElements)ai.getAssertion();
+                
+                if (elements != null && elements.getXPaths() != null 
+                    && !elements.getXPaths().isEmpty()) {
+                    List<String> expressions = new ArrayList<String>();
+                    for (org.apache.wss4j.policy.model.XPath xPath : elements.getXPaths()) {
+                        expressions.add(xPath.getXPath());
+                    }
+
+                    if (elements.getXPaths().get(0).getPrefixNamespaceMap() != null) {
+                        xpath.setNamespaceContext(
+                            new MapNamespaceContext(elements.getXPaths().get(0).getPrefixNamespaceMap())
+                        );
                     }
                     try {
                         CryptoCoverageUtil.checkCoverage(soapEnvelope, refs,
-                                xpath, xpaths, type, scope);
+                                                         xpath, expressions, type, scope);
                     } catch (WSSecurityException e) {
                         ai.setNotAsserted("No " + type 
-                                + " element found matching one of the XPaths " 
-                                + Arrays.toString(xpaths.toArray()));
+                                          + " element found matching one of the XPaths " 
+                                          + Arrays.toString(expressions.toArray()));
                     }
                 }
             }
@@ -458,7 +456,7 @@ public class PolicyBasedWSS4JInIntercept
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
-                SignedEncryptedParts p = (SignedEncryptedParts)ai.getAssertion();
+                SignedParts p = (SignedParts)ai.getAssertion();
                 
                 if (p.isBody()) {
                     try {
@@ -483,7 +481,7 @@ public class PolicyBasedWSS4JInIntercept
                                 .getNamespace(), h.getName(), type,
                                 CoverageScope.ELEMENT);
                     } catch (WSSecurityException e) {
-                        ai.setNotAsserted(h.getQName() + " not + " + type);
+                        ai.setNotAsserted(h.getNamespace() + ":" + h.getName() + " not + " + type);
                     }
                 }
             }
@@ -788,9 +786,10 @@ public class PolicyBasedWSS4JInIntercept
                 RequiredParts rp = (RequiredParts)ai.getAssertion();
                 ai.setAsserted(true);
                 for (Header h : rp.getHeaders()) {
+                    QName qName = new QName(h.getNamespace(), h.getName());
                     if (header == null 
-                        || DOMUtils.getFirstChildWithName((Element)header, h.getQName()) == null) {
-                        ai.setNotAsserted("No header element of name " + h.getQName() + " found.");
+                        || DOMUtils.getFirstChildWithName((Element)header, qName) == null) {
+                        ai.setNotAsserted("No header element of name " + qName + " found.");
                     }
                 }
             }
@@ -800,23 +799,28 @@ public class PolicyBasedWSS4JInIntercept
             for (AssertionInfo ai : ais) {
                 RequiredElements rp = (RequiredElements)ai.getAssertion();
                 ai.setAsserted(true);
-                Map<String, String> namespaces = rp.getDeclaredNamespaces();
-                XPathFactory factory = XPathFactory.newInstance();
-                for (String expression : rp.getXPathExpressions()) {
-                    XPath xpath = factory.newXPath();
-                    if (namespaces != null) {
-                        xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
-                    }
-                    NodeList list;
-                    try {
-                        list = (NodeList)xpath.evaluate(expression, 
-                                                                 header,
-                                                                 XPathConstants.NODESET);
-                        if (list.getLength() == 0) {
-                            ai.setNotAsserted("No header element matching XPath " + expression + " found.");
+                
+                if (rp != null && rp.getXPaths() != null && !rp.getXPaths().isEmpty()) {
+                    XPathFactory factory = XPathFactory.newInstance();
+                    for (org.apache.wss4j.policy.model.XPath xPath : rp.getXPaths()) {
+                        Map<String, String> namespaces = xPath.getPrefixNamespaceMap();
+                        String expression = xPath.getXPath();
+    
+                        XPath xpath = factory.newXPath();
+                        if (namespaces != null) {
+                            xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+                        }
+                        NodeList list;
+                        try {
+                            list = (NodeList)xpath.evaluate(expression, 
+                                                                     header,
+                                                                     XPathConstants.NODESET);
+                            if (list.getLength() == 0) {
+                                ai.setNotAsserted("No header element matching XPath " + expression + " found.");
+                            }
+                        } catch (XPathExpressionException e) {
+                            ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
                         }
-                    } catch (XPathExpressionException e) {
-                        ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
                     }
                 }
             }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Wed Mar  6 17:20:32 2013
@@ -40,20 +40,20 @@ import org.apache.cxf.phase.Phase;
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.policy.PolicyBuilder;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.Binding;
-import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.TransportBinding;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.AsymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.SymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.TransportBindingHandler;
+import org.apache.neethi.Policy;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.message.WSSecHeader;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AsymmetricBinding;
+import org.apache.wss4j.policy.model.SymmetricBinding;
+import org.apache.wss4j.policy.model.TransportBinding;
 
 public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<SoapMessage> {
     public static final String SECURITY_PROCESSED = PolicyBasedWSS4JOutInterceptor.class.getName() + ".DONE";
@@ -104,32 +104,32 @@ public class PolicyBasedWSS4JOutIntercep
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                Binding transport = null;
+                AbstractBinding transport = null;
                 ais = aim.get(SP12Constants.TRANSPORT_BINDING);
                 if (ais != null) {
                     for (AssertionInfo ai : ais) {
-                        transport = (Binding)ai.getAssertion();
+                        transport = (AbstractBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
                 ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
                 if (ais != null) {
                     for (AssertionInfo ai : ais) {
-                        transport = (Binding)ai.getAssertion();
+                        transport = (AbstractBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
                 ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
                 if (ais != null) {
                     for (AssertionInfo ai : ais) {
-                        transport = (Binding)ai.getAssertion();
+                        transport = (AbstractBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
                 if (transport == null && isRequestor(message)) {
-                    transport = new TransportBinding(SP12Constants.INSTANCE,
-                                                     message.getExchange().getBus()
-                                                         .getExtension(PolicyBuilder.class));
+                    Policy policy = new Policy();
+                    transport = new TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP12,
+                                                     policy);
                 }
                 
                 if (transport != null) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Wed Mar  6 17:20:32 2013
@@ -75,28 +75,6 @@ import org.apache.cxf.ws.policy.PolicyCo
 import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.Binding;
-import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
-import org.apache.cxf.ws.security.policy.model.Header;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.Layout;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.TokenWrapper;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.Wss10;
-import org.apache.cxf.ws.security.policy.model.Wss11;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
@@ -132,6 +110,37 @@ import org.apache.wss4j.dom.message.toke
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
 import org.apache.wss4j.dom.message.token.X509Security;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.AsymmetricBinding;
+import org.apache.wss4j.policy.model.ContentEncryptedElements;
+import org.apache.wss4j.policy.model.EncryptedElements;
+import org.apache.wss4j.policy.model.EncryptedParts;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.Layout;
+import org.apache.wss4j.policy.model.Layout.LayoutType;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
+import org.apache.wss4j.policy.model.SecureConversationToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SignedElements;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.SymmetricBinding;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.Wss10;
+import org.apache.wss4j.policy.model.Wss11;
+import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.policy.model.X509Token.TokenType;
 
 import org.opensaml.common.SAMLVersion;
 
@@ -142,14 +151,14 @@ public abstract class AbstractBindingBui
     public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
     protected static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
     
-    protected SPConstants.ProtectionOrder protectionOrder = 
-        SPConstants.ProtectionOrder.SignBeforeEncrypting;
+    protected AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder = 
+        AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting;
     
     protected final WSSConfig wssConfig;
     protected SOAPMessage saaj;
     protected WSSecHeader secHeader;
     protected AssertionInfoMap aim;
-    protected Binding binding;
+    protected AbstractBinding binding;
     protected SoapMessage message;
     protected WSSecTimestamp timestampEl;
     protected String mainSigId;
@@ -157,10 +166,10 @@ public abstract class AbstractBindingBui
     
     protected Set<WSEncryptionPart> encryptedTokensList = new HashSet<WSEncryptionPart>();
 
-    protected Map<Token, Object> endEncSuppTokMap;
-    protected Map<Token, Object> endSuppTokMap;
-    protected Map<Token, Object> sgndEndEncSuppTokMap;
-    protected Map<Token, Object> sgndEndSuppTokMap;
+    protected Map<AbstractToken, Object> endEncSuppTokMap;
+    protected Map<AbstractToken, Object> endSuppTokMap;
+    protected Map<AbstractToken, Object> sgndEndEncSuppTokMap;
+    protected Map<AbstractToken, Object> sgndEndSuppTokMap;
     
     protected List<byte[]> signatures = new ArrayList<byte[]>();
 
@@ -174,7 +183,7 @@ public abstract class AbstractBindingBui
     
     public AbstractBindingBuilder(
                            WSSConfig config,
-                           Binding binding,
+                           AbstractBinding binding,
                            SOAPMessage saaj,
                            WSSecHeader secHeader,
                            AssertionInfoMap aim,
@@ -416,9 +425,9 @@ public abstract class AbstractBindingBui
             for (AssertionInfo ai : ais) {
                 Layout layout = (Layout)ai.getAssertion();
                 ai.setAsserted(true);
-                if (SPConstants.Layout.LaxTimestampLast == layout.getValue()) {
+                if (layout.getLayoutType() == LayoutType.LaxTsLast) {
                     if (timestamp == null) {
-                        ai.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires a timestamp");
+                        ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires a timestamp");
                     } else {
                         ai.setAsserted(true);
                         Element el = timestamp.getElement();
@@ -427,9 +436,9 @@ public abstract class AbstractBindingBui
                             bottomUpElement = el;
                         }
                     }
-                } else if (SPConstants.Layout.LaxTimestampFirst == layout.getValue()) {
+                } else if (layout.getLayoutType() == LayoutType.LaxTsFirst) {
                     if (timestamp == null) {
-                        ai.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires a timestamp");
+                        ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires a timestamp");
                     } else {
                         addTopDownElement(timestampEl.getElement());
                     }
@@ -448,45 +457,45 @@ public abstract class AbstractBindingBui
             return;
         }
         for (Assertion pa : suppTokens) {
-            if (pa instanceof SupportingToken) {
-                for (Token token : ((SupportingToken)pa).getTokens()) {
+            if (pa instanceof SupportingTokens) {
+                for (AbstractToken token : ((SupportingTokens)pa).getTokens()) {
                     this.policyAsserted(token);
                 }        
             }
         }
     }
     
-    protected Map<Token, Object> handleSupportingTokens(
+    protected Map<AbstractToken, Object> handleSupportingTokens(
         Collection<Assertion> tokens, 
         boolean endorse
     ) throws WSSecurityException {
-        Map<Token, Object> ret = new HashMap<Token, Object>();
+        Map<AbstractToken, Object> ret = new HashMap<AbstractToken, Object>();
         if (tokens != null) {
             for (Assertion pa : tokens) {
-                if (pa instanceof SupportingToken) {
-                    handleSupportingTokens((SupportingToken)pa, endorse, ret);
+                if (pa instanceof SupportingTokens) {
+                    handleSupportingTokens((SupportingTokens)pa, endorse, ret);
                 }
             }
         }
         return ret;
     }
     
-    protected Map<Token, Object> handleSupportingTokens(
-        SupportingToken suppTokens,
+    protected Map<AbstractToken, Object> handleSupportingTokens(
+        SupportingTokens suppTokens,
         boolean endorse
     ) throws WSSecurityException {
-        return handleSupportingTokens(suppTokens, endorse, new HashMap<Token, Object>());
+        return handleSupportingTokens(suppTokens, endorse, new HashMap<AbstractToken, Object>());
     }
     
-    protected Map<Token, Object> handleSupportingTokens(
-        SupportingToken suppTokens, 
+    protected Map<AbstractToken, Object> handleSupportingTokens(
+        SupportingTokens suppTokens, 
         boolean endorse,
-        Map<Token, Object> ret
+        Map<AbstractToken, Object> ret
     ) throws WSSecurityException {
         if (suppTokens == null) {
             return ret;
         }
-        for (Token token : suppTokens.getTokens()) {
+        for (AbstractToken token : suppTokens.getTokens()) {
             if (token instanceof UsernameToken) {
                 handleUsernameTokenSupportingToken(
                     (UsernameToken)token, endorse, suppTokens.isEncryptedToken(), ret
@@ -535,7 +544,7 @@ public abstract class AbstractBindingBui
                         sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
                     }
                     sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
-                    sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
+                    sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
                     
                     Crypto crypto = secToken.getCrypto();
                     String uname = null;
@@ -596,7 +605,7 @@ public abstract class AbstractBindingBui
     }
     
     protected void handleUsernameTokenSupportingToken(
-        UsernameToken token, boolean endorse, boolean encryptedToken, Map<Token, Object> ret
+        UsernameToken token, boolean endorse, boolean encryptedToken, Map<AbstractToken, Object> ret
     ) throws WSSecurityException {
         if (endorse) {
             WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
@@ -650,10 +659,10 @@ public abstract class AbstractBindingBui
         return null;
     }
 
-    protected void addSignatureParts(Map<Token, Object> tokenMap,
+    protected void addSignatureParts(Map<AbstractToken, Object> tokenMap,
                                        List<WSEncryptionPart> sigParts) {
         
-        for (Map.Entry<Token, Object> entry : tokenMap.entrySet()) {
+        for (Map.Entry<AbstractToken, Object> entry : tokenMap.entrySet()) {
             
             Object tempTok = entry.getValue();
             WSEncryptionPart part = null;
@@ -809,7 +818,7 @@ public abstract class AbstractBindingBui
         if (!StringUtils.isEmpty(userName)) {
             WSSecUsernameToken utBuilder = new WSSecUsernameToken(wssConfig);
             // If NoPassword property is set we don't need to set the password
-            if (token.isNoPassword()) {
+            if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
             } else {
@@ -820,7 +829,7 @@ public abstract class AbstractBindingBui
             
                 if (!StringUtils.isEmpty(password)) {
                     // If the password is available then build the token
-                    if (token.isHashPassword()) {
+                    if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
                         utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
                     } else {
                         utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
@@ -832,10 +841,10 @@ public abstract class AbstractBindingBui
                 }
             }
             
-            if (token.isRequireCreated() && !token.isHashPassword()) {
+            if (token.isCreated() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
                 utBuilder.addCreated();
             }
-            if (token.isRequireNonce() && !token.isHashPassword()) {
+            if (token.isNonce() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
                 utBuilder.addNonce();
             }
             
@@ -924,9 +933,10 @@ public abstract class AbstractBindingBui
         info.setAsserted(true);
         
         SAMLCallback samlCallback = new SAMLCallback();
-        if (token.isUseSamlVersion11Profile10() || token.isUseSamlVersion11Profile11()) {
+        SamlTokenType tokenType = token.getSamlTokenType();
+        if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
             samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
-        } else if (token.isUseSamlVersion20Profile11()) {
+        } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
             samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
         }
         SAMLUtil.doSAMLCallback(handler, samlCallback);
@@ -1101,21 +1111,21 @@ public abstract class AbstractBindingBui
         
         boolean isBody = false;
         
-        SignedEncryptedParts parts = null;
-        SignedEncryptedElements elements = null;
+        EncryptedParts parts = null;
+        EncryptedElements elements = null;
         ContentEncryptedElements celements = null;
 
         Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.ENCRYPTED_PARTS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                parts = (SignedEncryptedParts)ai.getAssertion();
+                parts = (EncryptedParts)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
         ais = aim.getAssertionInfo(SP12Constants.ENCRYPTED_ELEMENTS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                elements = (SignedEncryptedElements)ai.getAssertion();
+                elements = (EncryptedElements)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
@@ -1145,10 +1155,8 @@ public abstract class AbstractBindingBui
         return getPartsAndElements(false, 
                                    isBody,
                                    signedParts,
-                                   elements == null ? null : elements.getXPathExpressions(),
-                                   elements == null ? null : elements.getDeclaredNamespaces(),
-                                   celements == null ? null : celements.getXPathExpressions(),
-                                   celements == null ? null : celements.getDeclaredNamespaces());
+                                   elements == null ? null : elements.getXPaths(),
+                                   celements == null ? null : celements.getXPaths());
     }    
     
     public List<WSEncryptionPart> getSignedParts() 
@@ -1156,20 +1164,20 @@ public abstract class AbstractBindingBui
         
         boolean isSignBody = false;
         
-        SignedEncryptedParts parts = null;
-        SignedEncryptedElements elements = null;
+        SignedParts parts = null;
+        SignedElements elements = null;
         
         Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.SIGNED_PARTS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                parts = (SignedEncryptedParts)ai.getAssertion();
+                parts = (SignedParts)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
         ais = aim.getAssertionInfo(SP12Constants.SIGNED_ELEMENTS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                elements = (SignedEncryptedElements)ai.getAssertion();
+                elements = (SignedElements)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
@@ -1192,9 +1200,8 @@ public abstract class AbstractBindingBui
         return getPartsAndElements(true, 
                                    isSignBody,
                                    signedParts,
-                                   elements == null ? null : elements.getXPathExpressions(),
-                                   elements == null ? null : elements.getDeclaredNamespaces(),
-                                   null, null);
+                                   elements == null ? null : elements.getXPaths(),
+                                   null);
     }
 
     /**
@@ -1211,14 +1218,8 @@ public abstract class AbstractBindingBui
      *            provided namespace.
      * @param xpaths
      *            any XPath expressions to sign/encrypt matches
-     * @param namespaces
-     *            namespace prefix to namespace mappings for XPath expressions
-     *            in {@code xpaths}
      * @param contentXpaths
      *            any XPath expressions to content encrypt
-     * @param cnamespaces
-     *            namespace prefix to namespace mappings for XPath expressions
-     *            in {@code contentXpaths}
      * @return a configured list of {@code WSEncryptionPart}s suitable for
      *         processing by WSS4J
      * @throws SOAPException
@@ -1231,10 +1232,8 @@ public abstract class AbstractBindingBui
     public List<WSEncryptionPart> getPartsAndElements(boolean sign, 
                                                     boolean includeBody,
                                                     List<WSEncryptionPart> parts,
-                                                    List<String> xpaths, 
-                                                    Map<String, String> namespaces,
-                                                    List<String> contentXpaths,
-                                                    Map<String, String> cnamespaces) 
+                                                    List<org.apache.wss4j.policy.model.XPath> xpaths, 
+                                                    List<org.apache.wss4j.policy.model.XPath> contentXpaths) 
         throws SOAPException {
         
         List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
@@ -1247,7 +1246,7 @@ public abstract class AbstractBindingBui
         
         // Handle sign/enc elements
         try {
-            result.addAll(this.getElements("Element", xpaths, namespaces, found, sign));
+            result.addAll(this.getElements("Element", xpaths, found, sign));
         } catch (XPathExpressionException e) {
             LOG.log(Level.FINE, e.getMessage(), e);
             // REVISIT
@@ -1255,7 +1254,7 @@ public abstract class AbstractBindingBui
         
         // Handle content encrypted elements
         try {
-            result.addAll(this.getElements("Content", contentXpaths, cnamespaces, found, sign));
+            result.addAll(this.getElements("Content", contentXpaths, found, sign));
         } catch (XPathExpressionException e) {
             LOG.log(Level.FINE, e.getMessage(), e);
             // REVISIT
@@ -1350,9 +1349,6 @@ public abstract class AbstractBindingBui
      *            elements. Either "Content" or "Element".
      * @param xpaths
      *            any XPath expressions to sign/encrypt matches
-     * @param namespaces
-     *            namespace prefix to namespace mappings for XPath expressions
-     *            in {@code xpaths}
      * @param found
      *            a list of elements that have previously been tagged for
      *            signing/encryption. Populated with additional matches found by
@@ -1369,7 +1365,7 @@ public abstract class AbstractBindingBui
      *             model
      */
     protected List<WSEncryptionPart> getElements(String encryptionModifier,
-            List<String> xpaths, Map<String, String> namespaces,
+            List<org.apache.wss4j.policy.model.XPath> xpaths, 
             List<Element> found,
             boolean forceId) throws XPathExpressionException, SOAPException {
         
@@ -1377,13 +1373,13 @@ public abstract class AbstractBindingBui
         
         if (xpaths != null && !xpaths.isEmpty()) {
             XPathFactory factory = XPathFactory.newInstance();
-            for (String expression : xpaths) {
+            for (org.apache.wss4j.policy.model.XPath xPath : xpaths) {
                 XPath xpath = factory.newXPath();
-                if (namespaces != null) {
-                    xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+                if (xPath.getPrefixNamespaceMap() != null) {
+                    xpath.setNamespaceContext(new MapNamespaceContext(xPath.getPrefixNamespaceMap()));
                 }
                
-                NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
+                NodeList list = (NodeList)xpath.evaluate(xPath.getXPath(), saaj.getSOAPPart().getEnvelope(),
                                                XPathConstants.NODESET);
                 for (int x = 0; x < list.getLength(); x++) {
                     Element el = (Element)list.item(x);
@@ -1407,7 +1403,7 @@ public abstract class AbstractBindingBui
                         WSEncryptionPart part = 
                             new WSEncryptionPart(id, encryptionModifier);
                         part.setElement(el);
-                        part.setXpath(expression);
+                        part.setXpath(xPath.getXPath());
                         
                         result.add(part);
                     }
@@ -1418,8 +1414,8 @@ public abstract class AbstractBindingBui
         return result;
     }
     
-    protected WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper wrapper, 
-                                                       Token token) throws WSSecurityException {
+    protected WSSecEncryptedKey getEncryptedKeyBuilder(AbstractTokenWrapper wrapper, 
+                                                       AbstractToken token) throws WSSecurityException {
         WSSecEncryptedKey encrKey = new WSSecEncryptedKey(wssConfig);
         Crypto crypto = getEncryptionCrypto(wrapper);
         message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
@@ -1427,15 +1423,16 @@ public abstract class AbstractBindingBui
         boolean alsoIncludeToken = false;
         // Find out do we also need to include the token as per the Inclusion requirement
         if (token instanceof X509Token 
-            && token.getInclusion() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER
+            && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER
             && encrKey.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE) {
             alsoIncludeToken = true;
         }
         
         String encrUser = setEncryptionUser(encrKey, wrapper, false, crypto);
         
-        encrKey.setSymmetricEncAlgorithm(binding.getAlgorithmSuite().getEncryption());
-        encrKey.setKeyEncAlgo(binding.getAlgorithmSuite().getAsymmetricKeyWrap());
+        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+        encrKey.setSymmetricEncAlgorithm(algType.getEncryption());
+        encrKey.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
         
         encrKey.prepare(saaj.getSOAPPart(), crypto);
         
@@ -1456,13 +1453,13 @@ public abstract class AbstractBindingBui
         return encrKey;
     }
 
-    public Crypto getSignatureCrypto(TokenWrapper wrapper) throws WSSecurityException {
+    public Crypto getSignatureCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException {
         return getCrypto(wrapper, SecurityConstants.SIGNATURE_CRYPTO,
                          SecurityConstants.SIGNATURE_PROPERTIES);
     }
 
 
-    public Crypto getEncryptionCrypto(TokenWrapper wrapper) throws WSSecurityException {
+    public Crypto getEncryptionCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException {
         Crypto crypto = getCrypto(wrapper, SecurityConstants.ENCRYPT_CRYPTO,
                                   SecurityConstants.ENCRYPT_PROPERTIES);
         boolean enableRevocation = MessageUtils.isTrue(
@@ -1488,7 +1485,7 @@ public abstract class AbstractBindingBui
     }
     
     public Crypto getCrypto(
-        TokenWrapper wrapper, 
+        AbstractTokenWrapper wrapper, 
         String cryptoKey, 
         String propKey
     ) throws WSSecurityException {
@@ -1556,7 +1553,7 @@ public abstract class AbstractBindingBui
         return crypto;
     }
     
-    public void setKeyIdentifierType(WSSecBase secBase, TokenWrapper wrapper, Token token) {
+    public void setKeyIdentifierType(WSSecBase secBase, AbstractTokenWrapper wrapper, AbstractToken token) {
         boolean tokenTypeSet = false;
         
         if (token instanceof X509Token) {
@@ -1580,7 +1577,7 @@ public abstract class AbstractBindingBui
         policyAsserted(wrapper);
         
         if (!tokenTypeSet) {
-            if (token.getInclusion() == SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+            if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
                 Wss10 wss = getWss10();
                 policyAsserted(wss);
                 if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
@@ -1597,7 +1594,7 @@ public abstract class AbstractBindingBui
         }
     }
     
-    public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, TokenWrapper token,
+    public String setEncryptionUser(WSSecEncryptedKey encrKeyBuilder, AbstractTokenWrapper token,
                                   boolean sign, Crypto crypto) {
         String encrUser = (String)message.getContextualProperty(sign 
                                                                 ? SecurityConstants.SIGNATURE_USERNAME
@@ -1704,24 +1701,25 @@ public abstract class AbstractBindingBui
         return null;
     }
 
-    private void checkForX509PkiPath(WSSecSignature sig, Token token) {
+    private void checkForX509PkiPath(WSSecSignature sig, AbstractToken token) {
         if (token instanceof X509Token) {
             X509Token x509Token = (X509Token) token;
-            if (x509Token.getTokenVersionAndType().equals(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10)
-                    || x509Token.getTokenVersionAndType().equals(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11)) {
+            TokenType tokenType = x509Token.getTokenType();
+            if (tokenType == TokenType.WssX509PkiPathV1Token10
+                || tokenType == TokenType.WssX509PkiPathV1Token11) {
                 sig.setUseSingleCertificate(false);
             }
         }
     }
     
     protected WSSecSignature getSignatureBuilder(
-        TokenWrapper wrapper, Token token, boolean endorse
+        AbstractTokenWrapper wrapper, AbstractToken token, boolean endorse
     ) throws WSSecurityException {
         return getSignatureBuilder(wrapper, token, false, endorse);
     }
     
     protected WSSecSignature getSignatureBuilder(
-        TokenWrapper wrapper, Token token, boolean attached, boolean endorse
+        AbstractTokenWrapper wrapper, AbstractToken token, boolean attached, boolean endorse
     ) throws WSSecurityException {
         WSSecSignature sig = new WSSecSignature(wssConfig);
         checkForX509PkiPath(sig, token);
@@ -1779,7 +1777,7 @@ public abstract class AbstractBindingBui
             setKeyIdentifierType(sig, wrapper, token);
             // Find out do we also need to include the token as per the Inclusion requirement
             if (token instanceof X509Token 
-                && token.getInclusion() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER
+                && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER
                 && (sig.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE
                     && sig.getKeyIdentifierType() != WSConstants.KEY_VALUE)) {
                 alsoIncludeToken = true;
@@ -1831,8 +1829,9 @@ public abstract class AbstractBindingBui
         String password = getPassword(user, token, WSPasswordCallback.Usage.SIGNATURE);
         sig.setUserInfo(user, password);
         sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
-        sig.setDigestAlgo(binding.getAlgorithmSuite().getDigest());
-        sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
+        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+        sig.setDigestAlgo(algType.getDigest());
+        sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
         sig.setWsConfig(wssConfig);
         try {
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
@@ -1867,11 +1866,11 @@ public abstract class AbstractBindingBui
         bstElement = bstToken.getElement();
     }
     
-    protected void doEndorsedSignatures(Map<Token, Object> tokenMap,
+    protected void doEndorsedSignatures(Map<AbstractToken, Object> tokenMap,
                                         boolean isTokenProtection,
                                         boolean isSigProtect) {
         
-        for (Map.Entry<Token, Object> ent : tokenMap.entrySet()) {
+        for (Map.Entry<AbstractToken, Object> ent : tokenMap.entrySet()) {
             Object tempTok = ent.getValue();
             
             List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
@@ -1907,7 +1906,7 @@ public abstract class AbstractBindingBui
                 }
                 
                 try {
-                    if (ent.getKey().isDerivedKeys()) {
+                    if (ent.getKey().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                         doSymmSignatureDerived(ent.getKey(), token, sigParts, isTokenProtection);
                     } else {
                         doSymmSignature(ent.getKey(), token, sigParts, isTokenProtection);
@@ -1933,7 +1932,7 @@ public abstract class AbstractBindingBui
                     byte[] secret = utBuilder.getDerivedKey();
                     secToken.setSecret(secret);
                     
-                    if (ent.getKey().isDerivedKeys()) {
+                    if (ent.getKey().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                         doSymmSignatureDerived(ent.getKey(), secToken, sigParts, isTokenProtection);
                     } else {
                         doSymmSignature(ent.getKey(), secToken, sigParts, isTokenProtection);
@@ -1946,7 +1945,7 @@ public abstract class AbstractBindingBui
         } 
     }
     
-    private void doSymmSignatureDerived(Token policyToken, SecurityToken tok,
+    private void doSymmSignatureDerived(AbstractToken policyToken, SecurityToken tok,
                                  List<WSEncryptionPart> sigParts, boolean isTokenProtection)
         throws WSSecurityException, ConversationException {
         
@@ -1954,13 +1953,13 @@ public abstract class AbstractBindingBui
         WSSecDKSign dkSign = new WSSecDKSign(wssConfig);  
         
         //Check whether it is security policy 1.2 and use the secure conversation accordingly
-        if (SP12Constants.INSTANCE == policyToken.getSPConstants()) {
+        if (policyToken.getVersion() == SPConstants.SPVersion.SP12) {
             dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
         }
                       
         //Check for whether the token is attached in the message or not
         boolean attached = false;
-        if (includeToken(policyToken.getInclusion())) {
+        if (includeToken(policyToken.getIncludeTokenType())) {
             attached = true;
         }
         
@@ -1975,7 +1974,7 @@ public abstract class AbstractBindingBui
         if (ref != null) {
             ref = cloneElement(ref);
             dkSign.setExternalKey(tok.getSecret(), ref);
-        } else if (!isRequestor() && policyToken.isDerivedKeys()) { 
+        } else if (!isRequestor() && policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) { 
             // If the Encrypted key used to create the derived key is not
             // attached use key identifier as defined in WSS1.1 section
             // 7.7 Encrypted Key reference
@@ -1993,7 +1992,8 @@ public abstract class AbstractBindingBui
 
         //Set the algo info
         dkSign.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
-        dkSign.setDerivedKeyLength(binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
+        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+        dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
         if (tok.getSHA1() != null) {
             //Set the value type of the reference
             dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
@@ -2027,7 +2027,7 @@ public abstract class AbstractBindingBui
         signatures.add(dkSign.getSignatureValue());
     }
     
-    private void doSymmSignature(Token policyToken, SecurityToken tok,
+    private void doSymmSignature(AbstractToken policyToken, SecurityToken tok,
                                          List<WSEncryptionPart> sigParts, boolean isTokenProtection)
         throws WSSecurityException, ConversationException {
         
@@ -2108,7 +2108,7 @@ public abstract class AbstractBindingBui
         Collection<Assertion> sgndSuppTokens = 
             findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         
-        Map<Token, Object> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens, false);           
+        Map<AbstractToken, Object> sigSuppTokMap = this.handleSupportingTokens(sgndSuppTokens, false);           
         
         Collection<Assertion> endSuppTokens = 
             findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
@@ -2121,7 +2121,7 @@ public abstract class AbstractBindingBui
         
         Collection<Assertion> sgndEncryptedSuppTokens 
             = findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        Map<Token, Object> sgndEncSuppTokMap 
+        Map<AbstractToken, Object> sgndEncSuppTokMap 
             = this.handleSupportingTokens(sgndEncryptedSuppTokens, false);
         
         Collection<Assertion> endorsingEncryptedSuppTokens 
@@ -2153,11 +2153,11 @@ public abstract class AbstractBindingBui
         boolean tokenProtect = false;
         boolean sigProtect = false;
         if (binding instanceof AsymmetricBinding) {
-            tokenProtect = ((AsymmetricBinding)binding).isTokenProtection();
-            sigProtect = ((AsymmetricBinding)binding).isSignatureProtection();            
+            tokenProtect = ((AsymmetricBinding)binding).isProtectTokens();
+            sigProtect = ((AsymmetricBinding)binding).isEncryptSignature();            
         } else if (binding instanceof SymmetricBinding) {
-            tokenProtect = ((SymmetricBinding)binding).isTokenProtection();
-            sigProtect = ((SymmetricBinding)binding).isSignatureProtection();            
+            tokenProtect = ((SymmetricBinding)binding).isProtectTokens();
+            sigProtect = ((SymmetricBinding)binding).isEncryptSignature();            
         }
         // Adding the endorsing encrypted supporting tokens to endorsing supporting tokens
         endSuppTokMap.putAll(endEncSuppTokMap);
@@ -2289,17 +2289,17 @@ public abstract class AbstractBindingBui
         return part;
     }
     
-    protected boolean includeToken(SPConstants.IncludeTokenType inclusion) {
-        if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
+    protected boolean includeToken(IncludeTokenType inclusion) {
+        if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
             return true;
         }
         if (isRequestor()) {
-            if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT 
-                || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) {
+            if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT 
+                || inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE) {
                 return true;
             }
         } else {
-            if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+            if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
                 return true;
             }
         }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Wed Mar  6 17:20:32 2013
@@ -38,13 +38,6 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
-import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.TokenWrapper;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -63,6 +56,15 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.WSSecSignature;
 import org.apache.wss4j.dom.message.WSSecTimestamp;
+import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.AsymmetricBinding;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.SamlToken;
 
 /**
  * 
@@ -92,7 +94,8 @@ public class AsymmetricBindingHandler ex
         WSSecTimestamp timestamp = createTimestamp();
         handleLayout(timestamp);
         
-        if (abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
+        if (abinding.getProtectionOrder() 
+            == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
         } else {
             doSignBeforeEncrypt();
@@ -101,13 +104,13 @@ public class AsymmetricBindingHandler ex
 
     private void doSignBeforeEncrypt() {
         try {
-            TokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
+            AbstractTokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
             if (initiatorWrapper == null) {
                 initiatorWrapper = abinding.getInitiatorToken();
             }
             boolean attached = false;
             if (initiatorWrapper != null) {
-                Token initiatorToken = initiatorWrapper.getToken();
+                AbstractToken initiatorToken = initiatorWrapper.getToken();
                 if (initiatorToken instanceof IssuedToken) {
                     SecurityToken secToken = getSecurityToken();
                     if (secToken == null) {
@@ -116,7 +119,7 @@ public class AsymmetricBindingHandler ex
                     } else {
                         policyAsserted(initiatorToken);
                         
-                        if (includeToken(initiatorToken.getInclusion())) {
+                        if (includeToken(initiatorToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             this.addEncryptedKeyElement(cloneElement(el));
                             attached = true;
@@ -125,7 +128,7 @@ public class AsymmetricBindingHandler ex
                 } else if (initiatorToken instanceof SamlToken) {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
                     if (assertionWrapper != null) {
-                        if (includeToken(initiatorToken.getInclusion())) {
+                        if (includeToken(initiatorToken.getIncludeTokenType())) {
                             addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
                             storeAssertionAsSecurityToken(assertionWrapper);
                         }
@@ -150,7 +153,7 @@ public class AsymmetricBindingHandler ex
                 //confirm sig
                 addSignatureConfirmation(sigs);
                 
-                TokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
+                AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
                 if (recipientSignatureToken == null) {
                     recipientSignatureToken = abinding.getRecipientToken();
                 }
@@ -162,7 +165,7 @@ public class AsymmetricBindingHandler ex
             List<WSEncryptionPart> enc = getEncryptedParts();
             
             //Check for signature protection
-            if (abinding.isSignatureProtection()) {
+            if (abinding.isEncryptSignature()) {
                 if (mainSigId != null) {
                     WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
                     sigPart.setElement(bottomUpElement);
@@ -174,7 +177,7 @@ public class AsymmetricBindingHandler ex
             }
             
             //Do encryption
-            TokenWrapper encToken;
+            AbstractTokenWrapper encToken;
             if (isRequestor()) {
                 enc.addAll(encryptedTokensList);
                 encToken = abinding.getRecipientEncryptionToken();
@@ -197,8 +200,8 @@ public class AsymmetricBindingHandler ex
     }
 
     private void doEncryptBeforeSign() {
-        TokenWrapper wrapper;
-        Token encryptionToken = null;
+        AbstractTokenWrapper wrapper;
+        AbstractToken encryptionToken = null;
         if (isRequestor()) {
             wrapper = abinding.getRecipientEncryptionToken();
             if (wrapper == null) {
@@ -212,13 +215,13 @@ public class AsymmetricBindingHandler ex
         }
         encryptionToken = wrapper.getToken();
         
-        TokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
+        AbstractTokenWrapper initiatorWrapper = abinding.getInitiatorSignatureToken();
         if (initiatorWrapper == null) {
             initiatorWrapper = abinding.getInitiatorToken();
         }
         boolean attached = false;
         if (initiatorWrapper != null) {
-            Token initiatorToken = initiatorWrapper.getToken();
+            AbstractToken initiatorToken = initiatorWrapper.getToken();
             if (initiatorToken instanceof IssuedToken) {
                 SecurityToken secToken = getSecurityToken();
                 if (secToken == null) {
@@ -227,7 +230,7 @@ public class AsymmetricBindingHandler ex
                 } else {
                     policyAsserted(initiatorToken);
                     
-                    if (includeToken(initiatorToken.getInclusion())) {
+                    if (includeToken(initiatorToken.getIncludeTokenType())) {
                         Element el = secToken.getToken();
                         this.addEncryptedKeyElement(cloneElement(el));
                         attached = true;
@@ -237,7 +240,7 @@ public class AsymmetricBindingHandler ex
                 try {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
                     if (assertionWrapper != null) {
-                        if (includeToken(initiatorToken.getInclusion())) {
+                        if (includeToken(initiatorToken.getIncludeTokenType())) {
                             addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
                             storeAssertionAsSecurityToken(assertionWrapper);
                         }
@@ -290,7 +293,7 @@ public class AsymmetricBindingHandler ex
                 if ((sigParts.size() > 0) && initiatorWrapper != null && isRequestor()) {
                     doSignature(initiatorWrapper, sigParts, attached);
                 } else if (!isRequestor()) {
-                    TokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
+                    AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
                     if (recipientSignatureToken == null) {
                         recipientSignatureToken = abinding.getRecipientToken(); 
                     }
@@ -313,9 +316,9 @@ public class AsymmetricBindingHandler ex
     }
     
     
-    private void checkForSignatureProtection(Token encryptionToken, WSSecBase encrBase) {
+    private void checkForSignatureProtection(AbstractToken encryptionToken, WSSecBase encrBase) {
         // Check for signature protection
-        if (abinding.isSignatureProtection()) {
+        if (abinding.isEncryptSignature()) {
             List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
 
             // Now encrypt the signature using the above token
@@ -333,7 +336,7 @@ public class AsymmetricBindingHandler ex
                 secondEncrParts.addAll(encryptedTokensList);
             }
 
-            if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()
+            if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys && !secondEncrParts.isEmpty()
                 && encrBase instanceof WSSecDKEncrypt) {
                 try {
                     Element secondRefList 
@@ -359,16 +362,16 @@ public class AsymmetricBindingHandler ex
         }        
     }
     
-    private WSSecBase doEncryption(TokenWrapper recToken,
+    private WSSecBase doEncryption(AbstractTokenWrapper recToken,
                                     List<WSEncryptionPart> encrParts,
                                     boolean externalRef) {
         //Do encryption
         if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
-            Token encrToken = recToken.getToken();
+            AbstractToken encrToken = recToken.getToken();
             policyAsserted(recToken);
             policyAsserted(encrToken);
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
-            if (encrToken.isDerivedKeys()) {
+            if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 try {
                     WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
                     
@@ -380,8 +383,9 @@ public class AsymmetricBindingHandler ex
                     dkEncr.setParts(encrParts);
                     dkEncr.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
                             + WSConstants.ENC_KEY_VALUE_TYPE);
-                    dkEncr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
-                    dkEncr.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength() / 8);
+                    AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
+                    dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
+                    dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
                     dkEncr.prepare(saaj.getSOAPPart());
                     
                     addDerivedKeyElement(dkEncr.getdktElement());
@@ -415,8 +419,9 @@ public class AsymmetricBindingHandler ex
                                 + "Make sure jaxws:client element is configured " 
                                 + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value.");
                     }
-                    encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
-                    encr.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
+                    AlgorithmSuiteType algType = algorithmSuite.getAlgorithmSuiteType();
+                    encr.setSymmetricEncAlgorithm(algType.getEncryption());
+                    encr.setKeyEncAlgo(algType.getAsymmetricKeyWrap());
                     encr.prepare(saaj.getSOAPPart(), crypto);
                     
                     if (encr.getBSTTokenId() != null) {
@@ -445,7 +450,7 @@ public class AsymmetricBindingHandler ex
         return null;
     }    
     
-    private void assertUnusedTokens(TokenWrapper wrapper) {
+    private void assertUnusedTokens(AbstractTokenWrapper wrapper) {
         if (wrapper == null) {
             return;
         }
@@ -467,7 +472,7 @@ public class AsymmetricBindingHandler ex
         }
     }
     
-    private void doSignature(TokenWrapper wrapper, List<WSEncryptionPart> sigParts, boolean attached) 
+    private void doSignature(AbstractTokenWrapper wrapper, List<WSEncryptionPart> sigParts, boolean attached) 
         throws WSSecurityException, SOAPException {
         
         if (!isRequestor()) {
@@ -480,17 +485,17 @@ public class AsymmetricBindingHandler ex
             assertUnusedTokens(abinding.getRecipientSignatureToken());
         }
         
-        Token sigToken = wrapper.getToken();
+        AbstractToken sigToken = wrapper.getToken();
         sigParts.addAll(this.getSignedParts());
         if (sigParts.isEmpty()) {
             // Add the BST to the security header if required
-            if (!attached && includeToken(sigToken.getInclusion())) {
+            if (!attached && includeToken(sigToken.getIncludeTokenType())) {
                 WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, attached, false);
                 sig.prependBSTElementToHeader(secHeader);
             } 
             return;
         }
-        if (sigToken.isDerivedKeys()) {
+        if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             // Set up the encrypted key to use
             setupEncryptedKey(wrapper, sigToken);
             
@@ -500,15 +505,15 @@ public class AsymmetricBindingHandler ex
             // Set the algo info
             dkSign.setSignatureAlgorithm(abinding.getAlgorithmSuite()
                     .getSymmetricSignature());
-            dkSign.setDerivedKeyLength(abinding.getAlgorithmSuite()
-                    .getSignatureDerivedKeyLength() / 8);
+            AlgorithmSuiteType algType = abinding.getAlgorithmSuite().getAlgorithmSuiteType();
+            dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
             dkSign.setCustomValueType(WSConstants.SOAPMESSAGE_NS11 + "#"
                     + WSConstants.ENC_KEY_VALUE_TYPE);
             
             try {
                 dkSign.prepare(saaj.getSOAPPart(), secHeader);
 
-                if (abinding.isTokenProtection()) {
+                if (abinding.isProtectTokens()) {
                     if (bstElement != null) {
                         WSEncryptionPart bstPart = 
                             new WSEncryptionPart(bstElement.getAttributeNS(WSConstants.WSU_NS, "Id"));
@@ -546,7 +551,7 @@ public class AsymmetricBindingHandler ex
             WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, attached, false);
                       
             // This action must occur before sig.prependBSTElementToHeader
-            if (abinding.isTokenProtection()) {
+            if (abinding.isProtectTokens()) {
                 if (sig.getBSTTokenId() != null) {
                     WSEncryptionPart bstPart = 
                         new WSEncryptionPart(sig.getBSTTokenId());
@@ -577,8 +582,8 @@ public class AsymmetricBindingHandler ex
         }
     }
 
-    private void setupEncryptedKey(TokenWrapper wrapper, Token token) throws WSSecurityException {
-        if (!isRequestor() && token.isDerivedKeys()) {
+    private void setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken token) throws WSSecurityException {
+        if (!isRequestor() && token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             //If we already have them, simply return
             if (encryptedKeyId != null && encryptedKeyValue != null) {
                 return;
@@ -651,7 +656,7 @@ public class AsymmetricBindingHandler ex
         return null;
     }
     
-    private void createEncryptedKey(TokenWrapper wrapper, Token token)
+    private void createEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken token)
         throws WSSecurityException {
         //Set up the encrypted key to use
         encrKey = this.getEncryptedKeyBuilder(wrapper, token);



Mime
View raw message