cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1453437 [2/3] - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/model/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Wed, 06 Mar 2013 17:20:33 GMT
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Wed Mar  6 17:20:32 2013
@@ -37,20 +37,6 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.policy.SP11Constants;
-import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SpnegoContextToken;
-import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.TokenWrapper;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.crypto.Crypto;
@@ -75,6 +61,23 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.SecureConversationToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SpnegoContextToken;
+import org.apache.wss4j.policy.model.SymmetricBinding;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 import org.apache.xml.security.utils.Base64;
 
 /**
@@ -96,14 +99,14 @@ public class SymmetricBindingHandler ext
         protectionOrder = binding.getProtectionOrder();
     }
     
-    private TokenWrapper getSignatureToken() {
+    private AbstractTokenWrapper getSignatureToken() {
         if (sbinding.getProtectionToken() != null) {
             return sbinding.getProtectionToken();
         }
         return sbinding.getSignatureToken();
     }
     
-    private TokenWrapper getEncryptionToken() {
+    private AbstractTokenWrapper getEncryptionToken() {
         if (sbinding.getProtectionToken() != null) {
             return sbinding.getProtectionToken();
         }
@@ -119,7 +122,8 @@ public class SymmetricBindingHandler ext
             initializeTokens();
         }
         
-        if (sbinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
+        if (sbinding.getProtectionOrder() 
+            == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
         } else {
             doSignBeforeEncrypt();
@@ -147,8 +151,8 @@ public class SymmetricBindingHandler ext
     
     private void doEncryptBeforeSign() {
         try {
-            TokenWrapper encryptionWrapper = getEncryptionToken();
-            Token encryptionToken = encryptionWrapper.getToken();
+            AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
+            AbstractToken encryptionToken = encryptionWrapper.getToken();
             List<WSEncryptionPart> encrParts = getEncryptedParts();
             List<WSEncryptionPart> sigParts = getSignedParts();
             
@@ -196,7 +200,7 @@ public class SymmetricBindingHandler ext
     
                 boolean attached = false;
                 
-                if (includeToken(encryptionToken.getInclusion())) {
+                if (includeToken(encryptionToken.getIncludeTokenType())) {
                     Element el = tok.getToken();
                     this.addEncryptedKeyElement(cloneElement(el));
                     attached = true;
@@ -234,12 +238,12 @@ public class SymmetricBindingHandler ext
                 }
                 
                 //Check for signature protection and encryption of UsernameToken
-                if (sbinding.isSignatureProtection() 
+                if (sbinding.isEncryptSignature() 
                     || encryptedTokensList.size() > 0 && isRequestor()) {
                     List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
                     
                     //Now encrypt the signature using the above token
-                    if (sbinding.isSignatureProtection()) {
+                    if (sbinding.isEncryptSignature()) {
                         if (this.mainSigId != null) {
                             WSEncryptionPart sigPart = 
                                 new WSEncryptionPart(this.mainSigId, "Element");
@@ -257,7 +261,8 @@ public class SymmetricBindingHandler ext
                     
                     Element secondRefList = null;
                     
-                    if (encryptionToken.isDerivedKeys() && !secondEncrParts.isEmpty()) {
+                    if (encryptionToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys 
+                        && !secondEncrParts.isEmpty()) {
                         secondRefList = ((WSSecDKEncrypt)encr).encryptForExternalRef(null, 
                                 secondEncrParts);
                         this.addDerivedKeyElement(secondRefList);
@@ -276,9 +281,8 @@ public class SymmetricBindingHandler ext
     }
     
     private void doSignBeforeEncrypt() {
-        TokenWrapper sigTokenWrapper = getSignatureToken();
-        Token sigToken = sigTokenWrapper.getToken();
-        
+        AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
+        AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
         
         String sigTokId = null;
         Element sigTokElem = null;
@@ -294,7 +298,7 @@ public class SymmetricBindingHandler ext
                     sigTok = getSecurityToken();
                 } else if (sigToken instanceof X509Token) {
                     if (isRequestor()) {
-                        sigTokId = setupEncryptedKey(sigTokenWrapper, sigToken);
+                        sigTokId = setupEncryptedKey(sigAbstractTokenWrapper, sigToken);
                     } else {
                         sigTokId = getEncryptedKey();
                     }
@@ -311,10 +315,10 @@ public class SymmetricBindingHandler ext
             }
             
             if (sigTok == null && StringUtils.isEmpty(sigTokId)) {
-                policyNotAsserted(sigTokenWrapper, "No signature token id");
+                policyNotAsserted(sigAbstractTokenWrapper, "No signature token id");
                 return;
             } else {
-                policyAsserted(sigTokenWrapper);
+                policyAsserted(sigAbstractTokenWrapper);
             }
             if (sigTok == null) {
                 sigTok = tokenStore.getToken(sigTokId);
@@ -324,7 +328,7 @@ public class SymmetricBindingHandler ext
             //}
             
             boolean tokIncluded = true;
-            if (includeToken(sigToken.getInclusion())) {
+            if (includeToken(sigToken.getIncludeTokenType())) {
                 Element el = sigTok.getToken();
                 sigTokElem = cloneElement(el);
                 this.addEncryptedKeyElement(sigTokElem);
@@ -346,7 +350,7 @@ public class SymmetricBindingHandler ext
             if (isRequestor()) {
                 addSupportingTokens(sigs);
                 if (!sigs.isEmpty()) {
-                    signatures.add(doSignature(sigs, sigTokenWrapper, sigToken, sigTok, tokIncluded));
+                    signatures.add(doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded));
                 }
                 doEndorse();
             } else {
@@ -354,13 +358,13 @@ public class SymmetricBindingHandler ext
                 assertSupportingTokens(sigs);
                 addSignatureConfirmation(sigs);
                 if (!sigs.isEmpty()) {
-                    doSignature(sigs, sigTokenWrapper, sigToken, sigTok, tokIncluded);
+                    doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded);
                 }
             }
 
             //Encryption
-            TokenWrapper encrTokenWrapper = getEncryptionToken();
-            Token encrToken = encrTokenWrapper.getToken();
+            AbstractTokenWrapper encrAbstractTokenWrapper = getEncryptionToken();
+            AbstractToken encrToken = encrAbstractTokenWrapper.getToken();
             SecurityToken encrTok = null;
             if (sigToken.equals(encrToken)) {
                 //Use the same token
@@ -373,7 +377,7 @@ public class SymmetricBindingHandler ext
             List<WSEncryptionPart> enc = getEncryptedParts();
             
             //Check for signature protection
-            if (sbinding.isSignatureProtection()) {
+            if (sbinding.isEncryptSignature()) {
                 if (mainSigId != null) {
                     WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId, "Element");
                     sigPart.setElement(bottomUpElement);
@@ -387,7 +391,7 @@ public class SymmetricBindingHandler ext
             if (isRequestor()) {
                 enc.addAll(encryptedTokensList);
             }
-            doEncryption(encrTokenWrapper,
+            doEncryption(encrAbstractTokenWrapper,
                          encrTok,
                          tokIncluded,
                          enc,
@@ -397,15 +401,15 @@ public class SymmetricBindingHandler ext
         }
     }
     
-    private WSSecBase doEncryptionDerived(TokenWrapper recToken,
+    private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
                                           SecurityToken encrTok,
-                                          Token encrToken,
+                                          AbstractToken encrToken,
                                           boolean attached,
                                           List<WSEncryptionPart> encrParts,
                                           boolean atEnd) {
         try {
             WSSecDKEncrypt dkEncr = new WSSecDKEncrypt(wssConfig);
-            if (recToken.getToken().getSPConstants() == SP12Constants.INSTANCE) {
+            if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP12) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_12);
             }
 
@@ -473,9 +477,9 @@ public class SymmetricBindingHandler ext
                 }
             }
             
-            dkEncr.setSymmetricEncAlgorithm(sbinding.getAlgorithmSuite().getEncryption());
-            dkEncr.setDerivedKeyLength(sbinding.getAlgorithmSuite()
-                                           .getEncryptionDerivedKeyLength() / 8);
+            AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+            dkEncr.setSymmetricEncAlgorithm(algType.getEncryption());
+            dkEncr.setDerivedKeyLength(algType.getEncryptionDerivedKeyLength() / 8);
             dkEncr.prepare(saaj.getSOAPPart());
             Element encrDKTokenElem = null;
             encrDKTokenElem = dkEncr.getdktElement();
@@ -493,18 +497,18 @@ public class SymmetricBindingHandler ext
         return null;
     }
     
-    private WSSecBase doEncryption(TokenWrapper recToken,
+    private WSSecBase doEncryption(AbstractTokenWrapper recToken,
                                    SecurityToken encrTok,
                                    boolean attached,
                                    List<WSEncryptionPart> encrParts,
                                    boolean atEnd) {
         //Do encryption
         if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
-            Token encrToken = recToken.getToken();
+            AbstractToken encrToken = recToken.getToken();
             policyAsserted(recToken);
             policyAsserted(encrToken);
             AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
-            if (encrToken.isDerivedKeys()) {
+            if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 return doEncryptionDerived(recToken, encrTok, encrToken,
                                            attached, encrParts, atEnd);
             } else {
@@ -540,7 +544,7 @@ public class SymmetricBindingHandler ext
                     
                     encr.setDocument(saaj.getSOAPPart());
                     encr.setEncryptSymmKey(false);
-                    encr.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
+                    encr.setSymmetricEncAlgorithm(algorithmSuite.getAlgorithmSuiteType().getEncryption());
                     
                     if (encrToken instanceof IssuedToken || encrToken instanceof SpnegoContextToken) {
                         //Setting the AttachedReference or the UnattachedReference according to the flag
@@ -602,19 +606,19 @@ public class SymmetricBindingHandler ext
     }    
     
     private byte[] doSignatureDK(List<WSEncryptionPart> sigs,
-                               TokenWrapper policyTokenWrapper, 
-                               Token policyToken, 
+                               AbstractTokenWrapper policyAbstractTokenWrapper, 
+                               AbstractToken policyToken, 
                                SecurityToken tok,
                                boolean included) throws WSSecurityException {
         Document doc = saaj.getSOAPPart();
         WSSecDKSign dkSign = new WSSecDKSign(wssConfig);
-        if (policyTokenWrapper.getToken().getSPConstants() == SP12Constants.INSTANCE) {
+        if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP12) {
             dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
         }
         
         //Check for whether the token is attached in the message or not
         boolean attached = false;
-        if (includeToken(policyToken.getInclusion())) {
+        if (includeToken(policyToken.getIncludeTokenType())) {
             attached = true;
         }
         
@@ -628,7 +632,8 @@ public class SymmetricBindingHandler ext
         
         if (ref != null) {
             dkSign.setExternalKey(tok.getSecret(), cloneElement(ref));
-        } else if (!isRequestor() && policyToken.isDerivedKeys() && tok.getSHA1() != null) {            
+        } else if (!isRequestor() && policyToken.getDerivedKeys() 
+            == DerivedKeys.RequireDerivedKeys && tok.getSHA1() != null) {            
             // If the Encrypted key used to create the derived key is not
             // attached use key identifier as defined in WSS1.1 section
             // 7.7 Encrypted Key reference
@@ -652,7 +657,8 @@ public class SymmetricBindingHandler ext
 
         //Set the algo info
         dkSign.setSignatureAlgorithm(sbinding.getAlgorithmSuite().getSymmetricSignature());
-        dkSign.setDerivedKeyLength(sbinding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
+        AlgorithmSuiteType algType = sbinding.getAlgorithmSuite().getAlgorithmSuiteType();
+        dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
         if (tok.getSHA1() != null) {
             //Set the value type of the reference
             String tokenType = tok.getTokenType();
@@ -683,7 +689,7 @@ public class SymmetricBindingHandler ext
             throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
         }
         
-        if (sbinding.isTokenProtection()) {
+        if (sbinding.isProtectTokens()) {
             String sigTokId = tok.getId();
             if (included) {
                 sigTokId = tok.getWsuId();
@@ -718,12 +724,12 @@ public class SymmetricBindingHandler ext
     }
     
     private byte[] doSignature(List<WSEncryptionPart> sigs,
-                             TokenWrapper policyTokenWrapper, 
-                             Token policyToken, 
+                             AbstractTokenWrapper policyAbstractTokenWrapper, 
+                             AbstractToken policyToken, 
                              SecurityToken tok,
                              boolean included) throws WSSecurityException {
-        if (policyToken.isDerivedKeys()) {
-            return doSignatureDK(sigs, policyTokenWrapper, policyToken, tok, included);
+        if (policyToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+            return doSignatureDK(sigs, policyAbstractTokenWrapper, policyToken, tok, included);
         } else {
             WSSecSignature sig = new WSSecSignature(wssConfig);
             // If a EncryptedKeyToken is used, set the correct value type to
@@ -792,7 +798,7 @@ public class SymmetricBindingHandler ext
                 sigTokId = tok.getId();
             }
                       
-            if (included && sbinding.isTokenProtection()) {
+            if (included && sbinding.isProtectTokens()) {
                 sigs.add(new WSEncryptionPart(sigTokId));
             }
             
@@ -803,7 +809,7 @@ public class SymmetricBindingHandler ext
             if (sbinding.getProtectionToken() != null) {
                 crypto = getEncryptionCrypto(sbinding.getProtectionToken());
             } else {
-                crypto = getSignatureCrypto(policyTokenWrapper);
+                crypto = getSignatureCrypto(policyAbstractTokenWrapper);
             }
             this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
             sig.prepare(saaj.getSOAPPart(), crypto, secHeader);
@@ -823,7 +829,7 @@ public class SymmetricBindingHandler ext
         }
     }
 
-    private String setupEncryptedKey(TokenWrapper wrapper, Token sigToken) throws WSSecurityException {
+    private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException {
         WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(wrapper, sigToken);
         String id = encrKey.getId();
         byte[] secret = encrKey.getEphemeralKey();

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Wed Mar  6 17:20:32 2013
@@ -33,31 +33,12 @@ import javax.xml.xpath.XPathExpressionEx
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
-import org.apache.cxf.ws.security.policy.model.Header;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
-import org.apache.cxf.ws.security.policy.model.SpnegoContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.TokenWrapper;
-import org.apache.cxf.ws.security.policy.model.TransportBinding;
-import org.apache.cxf.ws.security.policy.model.TransportToken;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.derivedKey.ConversationConstants;
@@ -75,6 +56,26 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecTimestamp;
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecureConversationToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SignedElements;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.SpnegoContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.TransportBinding;
+import org.apache.wss4j.policy.model.TransportToken;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;;
 
 /**
  * 
@@ -92,9 +93,9 @@ public class TransportBindingHandler ext
         this.tbinding = binding;
     }
     
-    private void addSignedSupportingTokens(SupportingToken sgndSuppTokens) 
+    private void addSignedSupportingTokens(SupportingTokens sgndSuppTokens) 
         throws Exception {
-        for (Token token : sgndSuppTokens.getTokens()) {
+        for (AbstractToken token : sgndSuppTokens.getTokens()) {
             if (token instanceof UsernameToken) {
                 WSSecUsernameToken utBuilder = addUsernameToken((UsernameToken)token);
                 if (utBuilder != null) {
@@ -104,7 +105,7 @@ public class TransportBindingHandler ext
             } else if (token instanceof IssuedToken || token instanceof KerberosToken) {
                 SecurityToken secTok = getSecurityToken();
                 
-                if (includeToken(token.getInclusion())) {
+                if (includeToken(token.getIncludeTokenType())) {
                     //Add the token
                     addEncryptedKeyElement(cloneElement(secTok.getToken()));
                 }
@@ -134,7 +135,7 @@ public class TransportBindingHandler ext
             if (this.isRequestor()) {
                 TransportToken transportTokenWrapper = tbinding.getTransportToken();
                 if (transportTokenWrapper != null) {
-                    Token transportToken = transportTokenWrapper.getToken();
+                    AbstractToken transportToken = transportTokenWrapper.getToken();
                     if (transportToken instanceof IssuedToken) {
                         SecurityToken secToken = getSecurityToken();
                         if (secToken == null) {
@@ -143,7 +144,7 @@ public class TransportBindingHandler ext
                         } else {
                             policyAsserted(transportToken);
                         }
-                        if (includeToken(transportToken.getInclusion())) {
+                        if (includeToken(transportToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             addEncryptedKeyElement(cloneElement(el));
                         } 
@@ -170,7 +171,7 @@ public class TransportBindingHandler ext
         ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                SupportingToken sgndSuppTokens = (SupportingToken)ai.getAssertion();
+                SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
                 if (sgndSuppTokens != null) {
                     addSignedSupportingTokens(sgndSuppTokens);
                 }
@@ -181,7 +182,7 @@ public class TransportBindingHandler ext
         ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                SupportingToken sgndSuppTokens = (SupportingToken)ai.getAssertion();
+                SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
                 if (sgndSuppTokens != null) {
                     addSignedSupportingTokens(sgndSuppTokens);
                 }
@@ -192,7 +193,7 @@ public class TransportBindingHandler ext
         ais = aim.get(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                SupportingToken encrSuppTokens = (SupportingToken)ai.getAssertion();
+                SupportingTokens encrSuppTokens = (SupportingTokens)ai.getAssertion();
                 if (encrSuppTokens != null) {
                     addSignedSupportingTokens(encrSuppTokens);
                 }
@@ -203,7 +204,7 @@ public class TransportBindingHandler ext
         ais = aim.get(SP12Constants.SUPPORTING_TOKENS);
         if (ais != null) {
             for (AssertionInfo ai : ais) {
-                SupportingToken suppTokens = (SupportingToken)ai.getAssertion();
+                SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion();
                 if (suppTokens != null && suppTokens.getTokens() != null 
                     && suppTokens.getTokens().size() > 0) {
                     handleSupportingTokens(suppTokens, false);
@@ -221,13 +222,13 @@ public class TransportBindingHandler ext
         
         ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
         if (ais != null) {
-            SupportingToken sgndSuppTokens = null;
+            SupportingTokens sgndSuppTokens = null;
             for (AssertionInfo ai : ais) {
-                sgndSuppTokens = (SupportingToken)ai.getAssertion();
+                sgndSuppTokens = (SupportingTokens)ai.getAssertion();
                 ai.setAsserted(true);
             }
             if (sgndSuppTokens != null) {
-                for (Token token : sgndSuppTokens.getTokens()) {
+                for (AbstractToken token : sgndSuppTokens.getTokens()) {
                     handleEndorsingToken(token, sgndSuppTokens);
                 }
             }
@@ -235,42 +236,42 @@ public class TransportBindingHandler ext
         
         ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
         if (ais != null) {
-            SupportingToken endSuppTokens = null;
+            SupportingTokens endSuppTokens = null;
             for (AssertionInfo ai : ais) {
-                endSuppTokens = (SupportingToken)ai.getAssertion();
+                endSuppTokens = (SupportingTokens)ai.getAssertion();
                 ai.setAsserted(true);
             } 
             
             if (endSuppTokens != null) {
-                for (Token token : endSuppTokens.getTokens()) {
+                for (AbstractToken token : endSuppTokens.getTokens()) {
                     handleEndorsingToken(token, endSuppTokens);
                 }
             }
         }
         ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         if (ais != null) {
-            SupportingToken endSuppTokens = null;
+            SupportingTokens endSuppTokens = null;
             for (AssertionInfo ai : ais) {
-                endSuppTokens = (SupportingToken)ai.getAssertion();
+                endSuppTokens = (SupportingTokens)ai.getAssertion();
                 ai.setAsserted(true);
             } 
             
             if (endSuppTokens != null) {
-                for (Token token : endSuppTokens.getTokens()) {
+                for (AbstractToken token : endSuppTokens.getTokens()) {
                     handleEndorsingToken(token, endSuppTokens);
                 }
             }
         }
         ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
         if (ais != null) {
-            SupportingToken endSuppTokens = null;
+            SupportingTokens endSuppTokens = null;
             for (AssertionInfo ai : ais) {
-                endSuppTokens = (SupportingToken)ai.getAssertion();
+                endSuppTokens = (SupportingTokens)ai.getAssertion();
                 ai.setAsserted(true);
             } 
             
             if (endSuppTokens != null) {
-                for (Token token : endSuppTokens.getTokens()) {
+                for (AbstractToken token : endSuppTokens.getTokens()) {
                     handleEndorsingToken(token, endSuppTokens);
                 }
             }
@@ -278,7 +279,7 @@ public class TransportBindingHandler ext
     }
     
     private void handleEndorsingToken(
-        Token token, SupportingToken wrapper
+        AbstractToken token, SupportingTokens wrapper
     ) throws Exception {
         if (token instanceof IssuedToken
             || token instanceof SecureConversationToken
@@ -314,7 +315,7 @@ public class TransportBindingHandler ext
     }
     
 
-    private byte[] doX509TokenSignature(Token token, SupportingToken wrapper) 
+    private byte[] doX509TokenSignature(AbstractToken token, SupportingTokens wrapper) 
         throws Exception {
         
         Document doc = saaj.getSOAPPart();
@@ -322,7 +323,7 @@ public class TransportBindingHandler ext
         List<WSEncryptionPart> sigParts = 
             signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
         
-        if (token.isDerivedKeys()) {
+        if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(wrapper, token);
             
             Element bstElem = encrKey.getBinarySecurityTokenElement();
@@ -333,9 +334,10 @@ public class TransportBindingHandler ext
             
             WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
             
-            dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
+            dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
             dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
-            dkSig.setDerivedKeyLength(binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
+            AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+            dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
             
             dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
             
@@ -372,7 +374,7 @@ public class TransportBindingHandler ext
     }
 
     private byte[] doIssuedTokenSignature(
-        Token token, SupportingToken wrapper
+        AbstractToken token, SupportingTokens wrapper
     ) throws Exception {
         boolean tokenIncluded = false;
         // Get the issued token
@@ -384,7 +386,7 @@ public class TransportBindingHandler ext
             );
         }
         
-        if (includeToken(token.getInclusion())) {
+        if (includeToken(token.getIncludeTokenType())) {
             //Add the token
             Element el = cloneElement(secTok.getToken());
             //if (securityTok != null) {
@@ -400,7 +402,7 @@ public class TransportBindingHandler ext
         List<WSEncryptionPart> sigParts = 
                 signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
         
-        if (token.isDerivedKeys()) {
+        if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
             return doDerivedKeySignature(tokenIncluded, secTok, token, sigParts);
         } else {
             return doSignature(tokenIncluded, secTok, token, wrapper, sigParts);
@@ -410,7 +412,7 @@ public class TransportBindingHandler ext
     private byte[] doDerivedKeySignature(
         boolean tokenIncluded,
         SecurityToken secTok,
-        Token token,
+        AbstractToken token,
         List<WSEncryptionPart> sigParts
     ) throws Exception {
         //Do Signature with derived keys
@@ -437,8 +439,9 @@ public class TransportBindingHandler ext
 
         // Set the algo info
         dkSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
-        dkSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength() / 8);
-        if (token.getSPConstants() == SP12Constants.INSTANCE) {
+        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+        dkSign.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
+        if (token.getVersion() == SPConstants.SPVersion.SP12) {
             dkSign.setWscVersion(ConversationConstants.VERSION_05_12);
         }
         Document doc = saaj.getSOAPPart();
@@ -458,8 +461,8 @@ public class TransportBindingHandler ext
     private byte[] doSignature(
         boolean tokenIncluded,
         SecurityToken secTok,
-        Token token,
-        TokenWrapper wrapper,
+        AbstractToken token,
+        SupportingTokens wrapper,
         List<WSEncryptionPart> sigParts
     ) throws Exception {
         WSSecSignature sig = new WSSecSignature(wssConfig);
@@ -532,7 +535,7 @@ public class TransportBindingHandler ext
             sig.setSecretKey(secTok.getSecret());
             sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
         }
-        sig.setSigCanonicalization(binding.getAlgorithmSuite().getInclusiveC14n());
+        sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
 
         Document doc = saaj.getSOAPPart();
         sig.prepare(doc, crypto, secHeader);
@@ -556,8 +559,8 @@ public class TransportBindingHandler ext
      * Identifies the portions of the message to be signed/encrypted.
      */
     private List<WSEncryptionPart> signPartsAndElements(
-        SignedEncryptedParts signedParts,
-        SignedEncryptedElements signedElements
+        SignedParts signedParts,
+        SignedElements signedElements
     ) throws SOAPException {
         
         List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
@@ -595,8 +598,7 @@ public class TransportBindingHandler ext
             try {
                 result.addAll(
                     this.getElements(
-                        "Element", signedElements.getXPathExpressions(), 
-                        signedElements.getDeclaredNamespaces(), found, true
+                        "Element", signedElements.getXPaths(), found, true
                     )
                 );
             } catch (XPathExpressionException e) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -33,21 +33,23 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.EncryptionToken;
-import org.apache.cxf.ws.security.policy.model.Layout;
-import org.apache.cxf.ws.security.policy.model.ProtectionToken;
-import org.apache.cxf.ws.security.policy.model.SignatureToken;
-import org.apache.cxf.ws.security.policy.model.SymmetricAsymmetricBindingBase;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.TokenWrapper;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.neethi.Assertion;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.Timestamp;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
+import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding.ProtectionOrder;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.EncryptionToken;
+import org.apache.wss4j.policy.model.Layout;
+import org.apache.wss4j.policy.model.Layout.LayoutType;
+import org.apache.wss4j.policy.model.ProtectionToken;
+import org.apache.wss4j.policy.model.SignatureToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Some abstract functionality for validating a security binding.
@@ -163,7 +165,7 @@ public abstract class AbstractBindingPol
      * Check various properties set in the policy of the binding
      */
     protected boolean checkProperties(
-        SymmetricAsymmetricBindingBase binding, 
+        AbstractSymmetricAsymmetricBinding binding, 
         AssertionInfo ai,
         AssertionInfoMap aim,
         List<WSSecurityEngineResult> results,
@@ -187,8 +189,9 @@ public abstract class AbstractBindingPol
         
         // Check the Layout
         Layout layout = binding.getLayout();
-        boolean timestampFirst = layout.getValue() == SPConstants.Layout.LaxTimestampFirst;
-        boolean timestampLast = layout.getValue() == SPConstants.Layout.LaxTimestampLast;
+        LayoutType layoutType = layout.getLayoutType();
+        boolean timestampFirst = layoutType == LayoutType.LaxTsFirst;
+        boolean timestampLast = layoutType == LayoutType.LaxTsLast;
         if (!validateLayout(timestampFirst, timestampLast, results)) {
             String error = "Layout does not match the requirements";
             notAssertPolicy(aim, SP12Constants.LAYOUT, error);
@@ -198,7 +201,7 @@ public abstract class AbstractBindingPol
         assertPolicy(aim, SP12Constants.LAYOUT);
         
         // Check the EntireHeaderAndBodySignatures property
-        if (binding.isEntireHeadersAndBodySignatures()
+        if (binding.isOnlySignEntireHeadersAndBody()
             && !validateEntireHeaderAndBodySignatures(signedResults)) {
             String error = "OnlySignEntireHeadersAndBody does not match the requirements";
             ai.setNotAsserted(error);
@@ -206,7 +209,7 @@ public abstract class AbstractBindingPol
         }
         
         // Check whether the signatures were encrypted or not
-        if (binding.isSignatureProtection() && !isSignatureEncrypted(results)) {
+        if (binding.isProtectTokens() && !isSignatureEncrypted(results)) {
             ai.setNotAsserted("The signature is not protected");
             return false;
         }
@@ -218,12 +221,13 @@ public abstract class AbstractBindingPol
      * Check the Protection Order of the binding
      */
     protected boolean checkProtectionOrder(
-        SymmetricAsymmetricBindingBase binding, 
+        AbstractSymmetricAsymmetricBinding binding, 
         AssertionInfo ai,
         List<WSSecurityEngineResult> results
     ) {
-        if (binding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
-            if (!binding.isSignatureProtection() && isSignedBeforeEncrypted(results)) {
+        ProtectionOrder protectionOrder = binding.getProtectionOrder();
+        if (protectionOrder == ProtectionOrder.SignBeforeEncrypting) {
+            if (!binding.isProtectTokens() && isSignedBeforeEncrypted(results)) {
                 ai.setNotAsserted("Not encrypted before signed");
                 return false;
             }
@@ -290,14 +294,15 @@ public abstract class AbstractBindingPol
      * Check the derived key requirement.
      */
     protected boolean checkDerivedKeys(
-        TokenWrapper tokenWrapper, 
+        AbstractTokenWrapper tokenWrapper, 
         boolean hasDerivedKeys,
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Token token = tokenWrapper.getToken();
+        AbstractToken token = tokenWrapper.getToken();
+        boolean isDerivedKeys = token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys;
         // If derived keys are not required then just return
-        if (!(token instanceof X509Token && token.isDerivedKeys())) {
+        if (!(token instanceof X509Token && isDerivedKeys)) {
             return true;
         }
         if (tokenWrapper instanceof EncryptionToken 

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -24,12 +24,12 @@ import java.util.List;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
-import org.apache.cxf.ws.security.policy.model.Token;
 import org.apache.cxf.ws.security.wss4j.SAMLUtils;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractToken;
 
 /**
  * Some abstract functionality for validating SAML Assertions
@@ -43,10 +43,10 @@ public abstract class AbstractSamlPolicy
      * @return true if the token is required
      */
     protected boolean isTokenRequired(
-        Token token,
+        AbstractToken token,
         Message message
     ) {
-        IncludeTokenType inclusion = token.getInclusion();
+        IncludeTokenType inclusion = token.getIncludeTokenType();
         if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
             return false;
         } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSupportingTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -45,9 +45,6 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.security.transport.TLSSessionInfo;
-import org.apache.cxf.ws.security.policy.model.Header;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
-import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
@@ -58,6 +55,12 @@ import org.apache.wss4j.dom.message.toke
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
 import org.apache.wss4j.dom.message.token.PKIPathSecurity;
 import org.apache.wss4j.dom.message.token.X509Security;
+import org.apache.wss4j.policy.model.EncryptedElements;
+import org.apache.wss4j.policy.model.EncryptedParts;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.RequiredElements;
+import org.apache.wss4j.policy.model.SignedElements;
+import org.apache.wss4j.policy.model.SignedParts;
 
 /**
  * A base class to use to validate various SupportingToken policies.
@@ -79,10 +82,10 @@ public abstract class AbstractSupporting
     private boolean encrypted;
     private boolean derived;
     private boolean endorsed; 
-    private SignedEncryptedElements signedElements;
-    private SignedEncryptedElements encryptedElements;
-    private SignedEncryptedParts signedParts;
-    private SignedEncryptedParts encryptedParts;
+    private SignedElements signedElements;
+    private EncryptedElements encryptedElements;
+    private SignedParts signedParts;
+    private EncryptedParts encryptedParts;
 
     /**
      * Set the list of UsernameToken results
@@ -621,7 +624,7 @@ public abstract class AbstractSupporting
      * Validate the SignedParts or EncryptedParts policies
      */
     private boolean validateSignedEncryptedParts(
-        SignedEncryptedParts parts,
+        SignedParts parts,
         boolean content,
         List<WSSecurityEngineResult> protResults,
         List<WSSecurityEngineResult> tokenResults
@@ -701,7 +704,7 @@ public abstract class AbstractSupporting
      * Validate SignedElements or EncryptedElements policies
      */
     private boolean validateSignedEncryptedElements(
-        SignedEncryptedElements elements,
+        RequiredElements elements,
         boolean content,
         List<WSSecurityEngineResult> protResults,
         List<WSSecurityEngineResult> tokenResults
@@ -710,15 +713,18 @@ public abstract class AbstractSupporting
             return true;
         }
         
-        Map<String, String> namespaces = elements.getDeclaredNamespaces();
-        List<String> xpaths = elements.getXPathExpressions();
+        List<org.apache.wss4j.policy.model.XPath> xpaths = elements.getXPaths();
+        
+        //Map<String, String> namespaces = elements.getDeclaredNamespaces();
+        //List<String> xpaths = elements.getXPathExpressions();
         
         if (xpaths != null) {
             SOAPMessage soapMessage = message.getContent(SOAPMessage.class);
             Element soapEnvelope = soapMessage.getSOAPPart().getDocumentElement();
             
-            for (String xPath : xpaths) {
-                if (!checkXPathResult(soapEnvelope, xPath, namespaces, protResults, tokenResults)) {
+            for (org.apache.wss4j.policy.model.XPath xPath : xpaths) {
+                if (!checkXPathResult(soapEnvelope, xPath.getXPath(), xPath.getPrefixNamespaceMap(), 
+                                      protResults, tokenResults)) {
                     return false;
                 }
             }
@@ -823,19 +829,19 @@ public abstract class AbstractSupporting
         this.timestamp = timestamp;
     }
 
-    public void setSignedElements(SignedEncryptedElements signedElements) {
+    public void setSignedElements(SignedElements signedElements) {
         this.signedElements = signedElements;
     }
 
-    public void setEncryptedElements(SignedEncryptedElements encryptedElements) {
+    public void setEncryptedElements(EncryptedElements encryptedElements) {
         this.encryptedElements = encryptedElements;
     }
 
-    public void setSignedParts(SignedEncryptedParts signedParts) {
+    public void setSignedParts(SignedParts signedParts) {
         this.signedParts = signedParts;
     }
 
-    public void setEncryptedParts(SignedEncryptedParts encryptedParts) {
+    public void setEncryptedParts(EncryptedParts encryptedParts) {
         this.encryptedParts = encryptedParts;
     }
     

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -21,8 +21,8 @@ package org.apache.cxf.ws.security.wss4j
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.ws.security.policy.SPConstants.IncludeTokenType;
-import org.apache.cxf.ws.security.policy.model.Token;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractToken;
 
 /**
  * Some abstract functionality for validating a Security Token.
@@ -36,10 +36,10 @@ public abstract class AbstractTokenPolic
      * @return true if the token is required
      */
     protected boolean isTokenRequired(
-        Token token,
+        AbstractToken token,
         Message message
     ) {
-        IncludeTokenType inclusion = token.getInclusion();
+        IncludeTokenType inclusion = token.getIncludeTokenType();
         if (inclusion == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
             return false;
         } else if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AlgorithmSuitePolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -28,12 +28,13 @@ import java.util.List;
 
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSDerivedKeyTokenPrincipal;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.transform.STRTransform;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
 
 /**
  * Validate a WSSecurityEngineResult corresponding to the processing of a Signature, EncryptedKey or
@@ -85,7 +86,7 @@ public class AlgorithmSuitePolicyValidat
         }
         String c14nMethod = 
             (String)result.get(WSSecurityEngineResult.TAG_CANONICALIZATION_METHOD);
-        if (!algorithmPolicy.getInclusiveC14n().equals(c14nMethod)) {
+        if (!algorithmPolicy.getC14n().getValue().equals(c14nMethod)) {
             ai.setNotAsserted(
                 "The c14n method does not match the requirement"
             );
@@ -113,9 +114,10 @@ public class AlgorithmSuitePolicyValidat
         AlgorithmSuite algorithmPolicy,
         AssertionInfo ai
     ) {
+        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
         for (WSDataRef dataRef : dataRefs) {
             String digestMethod = dataRef.getDigestAlgorithm();
-            if (!algorithmPolicy.getDigest().equals(digestMethod)) {
+            if (!algorithmSuiteType.getDigest().equals(digestMethod)) {
                 ai.setNotAsserted(
                     "The digest method does not match the requirement"
                 );
@@ -129,7 +131,7 @@ public class AlgorithmSuitePolicyValidat
                 return false;
             }
             for (String transformAlgorithm : transformAlgorithms) {
-                if (!(algorithmPolicy.getInclusiveC14n().equals(transformAlgorithm)
+                if (!(algorithmPolicy.getC14n().getValue().equals(transformAlgorithm)
                     || STRTransform.TRANSFORM_URI.equals(transformAlgorithm))) {
                     ai.setNotAsserted("The transform algorithms do not match the requirement");
                     return false;
@@ -147,11 +149,12 @@ public class AlgorithmSuitePolicyValidat
         AlgorithmSuite algorithmPolicy,
         AssertionInfo ai
     ) {
+        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
         String transportMethod = 
             (String)result.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_TRANSPORT_METHOD);
         if (transportMethod != null 
-            && !algorithmPolicy.getSymmetricKeyWrap().equals(transportMethod)
-            && !algorithmPolicy.getAsymmetricKeyWrap().equals(transportMethod)) {
+            && !algorithmSuiteType.getSymmetricKeyWrap().equals(transportMethod)
+            && !algorithmSuiteType.getAsymmetricKeyWrap().equals(transportMethod)) {
             ai.setNotAsserted(
                 "The Key transport method does not match the requirement"
             );
@@ -163,7 +166,7 @@ public class AlgorithmSuitePolicyValidat
         if (dataRefs != null) {
             for (WSDataRef dataRef : dataRefs) {
                 String encryptionAlgorithm = dataRef.getAlgorithm();
-                if (!algorithmPolicy.getEncryption().equals(encryptionAlgorithm)) {
+                if (!algorithmSuiteType.getEncryption().equals(encryptionAlgorithm)) {
                     ai.setNotAsserted(
                         "The encryption algorithm does not match the requirement"
                     );
@@ -199,11 +202,12 @@ public class AlgorithmSuitePolicyValidat
             return false;
         }
         
+        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
         byte[] secret = (byte[])result.get(WSSecurityEngineResult.TAG_SECRET);
         if (signature) {
             Principal principal = (Principal)result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
             if (principal instanceof WSDerivedKeyTokenPrincipal) {
-                int requiredLength = algorithmPolicy.getSignatureDerivedKeyLength();
+                int requiredLength = algorithmSuiteType.getSignatureDerivedKeyLength();
                 if (secret == null || secret.length != (requiredLength / 8)) {
                     ai.setNotAsserted(
                         "The signature derived key length does not match the requirement"
@@ -211,16 +215,16 @@ public class AlgorithmSuitePolicyValidat
                     return false;
                 }
             } else if (secret != null 
-                && (secret.length < (algorithmPolicy.getMinimumSymmetricKeyLength() / 8)
-                    || secret.length > (algorithmPolicy.getMaximumSymmetricKeyLength() / 8))) {
+                && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8)
+                    || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
                 ai.setNotAsserted(
                     "The symmetric key length does not match the requirement"
                 );
                 return false;
             }
         } else if (secret != null 
-            && (secret.length < (algorithmPolicy.getMinimumSymmetricKeyLength() / 8)
-                || secret.length > (algorithmPolicy.getMaximumSymmetricKeyLength() / 8))) {
+            && (secret.length < (algorithmSuiteType.getMinimumSymmetricKeyLength() / 8)
+                || secret.length > (algorithmSuiteType.getMaximumSymmetricKeyLength() / 8))) {
             ai.setNotAsserted(
                 "The symmetric key length does not match the requirement"
             );
@@ -238,10 +242,11 @@ public class AlgorithmSuitePolicyValidat
         AlgorithmSuite algorithmPolicy,
         AssertionInfo ai
     ) {
+        AlgorithmSuiteType algorithmSuiteType = algorithmPolicy.getAlgorithmSuiteType();
         if (publicKey instanceof RSAPublicKey) {
             int modulus = ((RSAPublicKey)publicKey).getModulus().bitLength();
-            if (modulus < algorithmPolicy.getMinimumAsymmetricKeyLength()
-                || modulus > algorithmPolicy.getMaximumAsymmetricKeyLength()) {
+            if (modulus < algorithmSuiteType.getMinimumAsymmetricKeyLength()
+                || modulus > algorithmSuiteType.getMaximumAsymmetricKeyLength()) {
                 ai.setNotAsserted(
                     "The asymmetric key length does not match the requirement"
                 );
@@ -249,8 +254,8 @@ public class AlgorithmSuitePolicyValidat
             }
         } else if (publicKey instanceof DSAPublicKey) {
             int length = ((DSAPublicKey)publicKey).getParams().getP().bitLength();
-            if (length < algorithmPolicy.getMinimumAsymmetricKeyLength()
-                || length > algorithmPolicy.getMaximumAsymmetricKeyLength()) {
+            if (length < algorithmSuiteType.getMinimumAsymmetricKeyLength()
+                || length > algorithmSuiteType.getMaximumAsymmetricKeyLength()) {
                 ai.setNotAsserted(
                     "The asymmetric key length does not match the requirement"
                 );

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -29,12 +29,12 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.TokenWrapper;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.AsymmetricBinding;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate an AsymmetricBinding policy.
@@ -128,7 +128,7 @@ public class AsymmetricBindingPolicyVali
     }
     
     private boolean checkInitiatorTokens(
-        TokenWrapper wrapper, 
+        AbstractTokenWrapper wrapper, 
         AsymmetricBinding binding, 
         AssertionInfo ai,
         AssertionInfoMap aim, 
@@ -136,7 +136,7 @@ public class AsymmetricBindingPolicyVali
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults) {
 
-        Token token = wrapper.getToken();
+        AbstractToken token = wrapper.getToken();
         if (token instanceof X509Token) {
             boolean foundCert = false;
             for (WSSecurityEngineResult result : signedResults) {
@@ -164,7 +164,7 @@ public class AsymmetricBindingPolicyVali
     }
 
     private boolean checkRecipientTokens(
-        TokenWrapper wrapper, 
+        AbstractTokenWrapper wrapper, 
         AsymmetricBinding binding, 
         AssertionInfo ai,
         AssertionInfoMap aim, 

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -26,17 +26,16 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate SupportingToken policies.
@@ -65,10 +64,7 @@ public class ConcreteSupportingTokenPoli
         setEncryptedResults(encryptedResults);
         
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING != binding.getTokenType()) {
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -76,8 +72,8 @@ public class ConcreteSupportingTokenPoli
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
             
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -26,17 +26,16 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate an EncryptedSupportingToken policy. 
@@ -65,10 +64,7 @@ public class EncryptedTokenPolicyValidat
         setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED != binding.getTokenType()) {
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -76,8 +72,8 @@ public class EncryptedTokenPolicyValidat
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
 
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -26,17 +26,17 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate an EndorsingEncryptedSupportingToken policy. 
@@ -66,11 +66,7 @@ public class EndorsingEncryptedTokenPoli
         setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENDORSING_ENCRYPTED 
-                != binding.getTokenType()) {
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -78,14 +74,14 @@ public class EndorsingEncryptedTokenPoli
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
 
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }
                 
-                boolean derived = token.isDerivedKeys();
-                setDerived(derived);
+                DerivedKeys derivedKeys = token.getDerivedKeys();
+                setDerived(derivedKeys == DerivedKeys.RequireDerivedKeys);
                 boolean processingFailed = false;
                 if (token instanceof KerberosToken) {
                     if (!processKerberosTokens()) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -26,17 +26,17 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate an EndorsingSupportingToken policy. 
@@ -66,10 +66,7 @@ public class EndorsingTokenPolicyValidat
         setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENDORSING != binding.getTokenType()) {
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -77,14 +74,14 @@ public class EndorsingTokenPolicyValidat
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
             
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }
                 
-                boolean derived = token.isDerivedKeys();
-                setDerived(derived);
+                DerivedKeys derivedKeys = token.getDerivedKeys();
+                setDerived(derivedKeys == DerivedKeys.RequireDerivedKeys);
                 boolean processingFailed = false;
                 if (token instanceof KerberosToken) {
                     if (!processKerberosTokens()) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -29,12 +29,12 @@ import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
 import org.apache.wss4j.common.saml.SAMLKeyInfo;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
+import org.apache.wss4j.policy.model.IssuedToken;
 
 import org.opensaml.common.SAMLVersion;
 
@@ -79,7 +79,7 @@ public class IssuedTokenPolicyValidator 
                 continue;
             }
 
-            Element template = issuedToken.getRstTemplate();
+            Element template = issuedToken.getRequestSecurityTokenTemplate();
             if (template != null && !checkIssuedTokenTemplate(template, assertionWrapper)) {
                 ai.setNotAsserted("Error in validating the IssuedToken policy");
                 continue;
@@ -130,7 +130,7 @@ public class IssuedTokenPolicyValidator 
                 return false;
             }
 
-            Element template = issuedToken.getRstTemplate();
+            Element template = issuedToken.getRequestSecurityTokenTemplate();
             if (template != null && !checkIssuedTokenTemplate(template, binarySecurityToken)) {
                 ai.setNotAsserted("Error in validating the IssuedToken policy");
                 return false;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -25,8 +25,9 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KerberosToken.ApReqTokenType;
 
 /**
  * Validate a WSSecurityEngineResult corresponding to the processing of a Kerberos Token
@@ -66,14 +67,13 @@ public class KerberosTokenPolicyValidato
     }
     
     private boolean checkToken(KerberosToken kerberosTokenPolicy, KerberosSecurity kerberosToken) {
-        boolean isV5ApReq = kerberosTokenPolicy.isV5ApReqToken11();
-        boolean isGssV5ApReq = kerberosTokenPolicy.isGssV5ApReqToken11();
+        ApReqTokenType apReqTokenType = kerberosTokenPolicy.getApReqTokenType();
 
-        if (isV5ApReq && kerberosToken.isV5ApReq()) {
+        if (apReqTokenType == ApReqTokenType.WssKerberosV5ApReqToken11 
+            && kerberosToken.isV5ApReq()) {
             return true;
-        } else if (isGssV5ApReq && kerberosToken.isGssV5ApReq()) {
-            return true;
-        } else if (!(isV5ApReq || isGssV5ApReq)) {
+        } else if (apReqTokenType == ApReqTokenType.WssGssKerberosV5ApReqToken11 
+            && kerberosToken.isGssV5ApReq()) {
             return true;
         }
         return false;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -31,12 +31,13 @@ import org.apache.cxf.security.transport
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
 import org.apache.cxf.ws.security.wss4j.SAMLUtils;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
 import org.opensaml.common.SAMLVersion;
 
 /**
@@ -132,11 +133,12 @@ public class SamlTokenPolicyValidator ex
      * Check the policy version against the received assertion
      */
     private boolean checkVersion(SamlToken samlToken, SamlAssertionWrapper assertionWrapper) {
-        if ((samlToken.isUseSamlVersion11Profile10()
-            || samlToken.isUseSamlVersion11Profile11())
+        SamlTokenType samlTokenType = samlToken.getSamlTokenType();
+        if ((samlTokenType == SamlTokenType.WssSamlV11Token10
+            || samlTokenType == SamlTokenType.WssSamlV11Token11)
             && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_11) {
             return false;
-        } else if (samlToken.isUseSamlVersion20Profile11()
+        } else if (samlTokenType == SamlTokenType.WssSamlV20Token11
             && assertionWrapper.getSamlVersion() != SAMLVersion.VERSION_20) {
             return false;
         }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -29,10 +29,10 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.SecurityContextToken;
 
 /**
  * Validate a SecurityContextToken policy.

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java Wed Mar  6 17:20:32 2013
@@ -26,17 +26,16 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate a SignedEncryptedSupportingToken policy. 
@@ -66,10 +65,7 @@ public class SignedEncryptedTokenPolicyV
         setEncryptedResults(encryptedResults);
         
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED != binding.getTokenType()) {
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -77,8 +73,8 @@ public class SignedEncryptedTokenPolicyV
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
 
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }



Mime
View raw message