cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1453437 [3/3] - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/model/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Wed, 06 Mar 2013 17:20:33 GMT
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -26,17 +26,17 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate a SignedEndorsingEncryptedSupportingToken policy. 
@@ -67,11 +67,7 @@ public class SignedEndorsingEncryptedTok
         setEncryptedResults(encryptedResults);
         
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENDORSING_ENCRYPTED

-                != binding.getTokenType()) {
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -79,14 +75,14 @@ public class SignedEndorsingEncryptedTok
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
 
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }
                 
-                boolean derived = token.isDerivedKeys();
-                setDerived(derived);
+                DerivedKeys derivedKeys = token.getDerivedKeys();
+                setDerived(derivedKeys == DerivedKeys.RequireDerivedKeys);
                 boolean processingFailed = false;
                 if (token instanceof KerberosToken) {
                     if (!processKerberosTokens()) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -26,17 +26,17 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate a SignedEndorsingSupportingToken policy. 
@@ -66,10 +66,7 @@ public class SignedEndorsingTokenPolicyV
         setEncryptedResults(encryptedResults);
 
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENDORSING != binding.getTokenType())
{
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -77,14 +74,14 @@ public class SignedEndorsingTokenPolicyV
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
 
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }
                 
-                boolean derived = token.isDerivedKeys();
-                setDerived(derived);
+                DerivedKeys derivedKeys = token.getDerivedKeys();
+                setDerived(derivedKeys == DerivedKeys.RequireDerivedKeys);
                 boolean processingFailed = false;
                 if (token instanceof KerberosToken) {
                     if (!processKerberosTokens()) {

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -26,17 +26,16 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.KerberosToken;
-import org.apache.cxf.ws.security.policy.model.KeyValueToken;
-import org.apache.cxf.ws.security.policy.model.SamlToken;
-import org.apache.cxf.ws.security.policy.model.SecurityContextToken;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
-import org.apache.cxf.ws.security.policy.model.Token;
-import org.apache.cxf.ws.security.policy.model.UsernameToken;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KerberosToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SecurityContextToken;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
 
 /**
  * Validate SignedSupportingToken policies.
@@ -65,10 +64,7 @@ public class SignedTokenPolicyValidator 
         setEncryptedResults(encryptedResults);
         
         for (AssertionInfo ai : ais) {
-            SupportingToken binding = (SupportingToken)ai.getAssertion();
-            if (SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED != binding.getTokenType())
{
-                continue;
-            }
+            SupportingTokens binding = (SupportingTokens)ai.getAssertion();
             ai.setAsserted(true);
             
             setSignedParts(binding.getSignedParts());
@@ -76,8 +72,8 @@ public class SignedTokenPolicyValidator 
             setSignedElements(binding.getSignedElements());
             setEncryptedElements(binding.getEncryptedElements());
             
-            List<Token> tokens = binding.getTokens();
-            for (Token token : tokens) {
+            List<AbstractToken> tokens = binding.getTokens();
+            for (AbstractToken token : tokens) {
                 if (!isTokenRequired(token, message)) {
                     continue;
                 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SymmetricBindingPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -28,9 +28,9 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.SymmetricBinding;
 
 /**
  * Validate a SymmetricBinding policy.

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -30,10 +30,10 @@ import org.apache.cxf.security.transport
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.Layout;
-import org.apache.cxf.ws.security.policy.model.TransportBinding;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.policy.model.Layout;
+import org.apache.wss4j.policy.model.Layout.LayoutType;
+import org.apache.wss4j.policy.model.TransportBinding;
 
 /**
  * Validate a TransportBinding policy.
@@ -87,8 +87,9 @@ public class TransportBindingPolicyValid
             
             // Check the Layout
             Layout layout = binding.getLayout();
-            boolean timestampFirst = layout.getValue() == SPConstants.Layout.LaxTimestampFirst;
-            boolean timestampLast = layout.getValue() == SPConstants.Layout.LaxTimestampLast;
+            LayoutType layoutType = layout.getLayoutType();
+            boolean timestampFirst = layoutType == LayoutType.LaxTsFirst;
+            boolean timestampLast = layoutType == LayoutType.LaxTsLast;
             if (!validateLayout(timestampFirst, timestampLast, results)) {
                 String error = "Layout does not match the requirements";
                 notAssertPolicy(aim, SP12Constants.LAYOUT, error);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -30,11 +30,13 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.SupportingToken;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
 
 /**
  * Validate a UsernameToken policy.
@@ -59,8 +61,8 @@ public class UsernameTokenPolicyValidato
         WSSecurityUtil.fetchAllActionResults(results, WSConstants.UT_NOPASSWORD, utResults);
         
         for (AssertionInfo ai : ais) {
-            org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy = 
-                (org.apache.cxf.ws.security.policy.model.UsernameToken)ai.getAssertion();
+            org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy = 
+                (org.apache.wss4j.policy.model.UsernameToken)ai.getAssertion();
             ai.setAsserted(true);
 
             if (!isTokenRequired(usernameTokenPolicy, message)) {
@@ -85,32 +87,35 @@ public class UsernameTokenPolicyValidato
      * All UsernameTokens must conform to the policy
      */
     public boolean checkTokens(
-        org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy,
+        org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy,
         AssertionInfo ai,
         List<WSSecurityEngineResult> utResults
     ) {
         for (WSSecurityEngineResult result : utResults) {
             UsernameToken usernameToken = 
                 (UsernameToken)result.get(WSSecurityEngineResult.TAG_USERNAME_TOKEN);
-            if (usernameTokenPolicy.isHashPassword() != usernameToken.isHashed()) {
+            PasswordType passwordType = usernameTokenPolicy.getPasswordType();
+            boolean isHashPassword = passwordType == PasswordType.HashPassword;
+            boolean isNoPassword = passwordType == PasswordType.NoPassword;
+            if (isHashPassword != usernameToken.isHashed()) {
                 ai.setNotAsserted("Password hashing policy not enforced");
                 return false;
             }
-            if (usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword()
!= null)) {
+            if (isNoPassword && (usernameToken.getPassword() != null)) {
                 ai.setNotAsserted("Username Token NoPassword policy not enforced");
                 return false;
-            } else if (!usernameTokenPolicy.isNoPassword() && (usernameToken.getPassword()
== null)
+            } else if (!isNoPassword && (usernameToken.getPassword() == null)
                 && isNonEndorsingSupportingToken(usernameTokenPolicy)) {
                 ai.setNotAsserted("Username Token No Password supplied");
                 return false;
             }
             
-            if (usernameTokenPolicy.isRequireCreated() 
+            if (usernameTokenPolicy.isCreated()
                 && (usernameToken.getCreated() == null || usernameToken.isHashed()))
{
                 ai.setNotAsserted("Username Token Created policy not enforced");
                 return false;
             }
-            if (usernameTokenPolicy.isRequireNonce() 
+            if (usernameTokenPolicy.isNonce() 
                 && (usernameToken.getNonce() == null || usernameToken.isHashed()))
{
                 ai.setNotAsserted("Username Token Nonce policy not enforced");
                 return false;
@@ -124,15 +129,16 @@ public class UsernameTokenPolicyValidato
      * true then the corresponding UsernameToken must have a password element.
      */
     private boolean isNonEndorsingSupportingToken(
-        org.apache.cxf.ws.security.policy.model.UsernameToken usernameTokenPolicy
+        org.apache.wss4j.policy.model.UsernameToken usernameTokenPolicy
     ) {
-        SupportingToken supportingToken = usernameTokenPolicy.getSupportingToken();
-        if (supportingToken != null) {
-            SPConstants.SupportTokenType type = supportingToken.getTokenType();
-            if (type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SUPPORTING
-                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED
-                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_SIGNED_ENCRYPTED
-                || type == SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENCRYPTED) {
+        AbstractSecurityAssertion parentAssertion = usernameTokenPolicy.getParentAssertion();
+        if (parentAssertion instanceof SupportingTokens) {
+            SupportingTokens supportingToken = (SupportingTokens)parentAssertion;
+            String localname = supportingToken.getName().getLocalPart();
+            if (localname.equals(SPConstants.SUPPORTING_TOKENS)
+                || localname.equals(SPConstants.SIGNED_SUPPORTING_TOKENS)
+                || localname.equals(SPConstants.ENCRYPTED_SUPPORTING_TOKENS)
+                || localname.equals(SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS)) {
                 return true;
             }
         }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/WSS11PolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -30,10 +30,10 @@ import org.apache.cxf.message.MessageUti
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.Wss11;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.Wss11;
 
 /**
  * Validate a WSS11 policy.

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java?rev=1453437&r1=1453436&r2=1453437&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
(original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/X509TokenPolicyValidator.java
Wed Mar  6 17:20:32 2013
@@ -29,12 +29,12 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.X509Token;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.BinarySecurity;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.policy.model.X509Token.TokenType;
 
 /**
  * Validate an X509 Token policy.
@@ -74,7 +74,7 @@ public class X509TokenPolicyValidator ex
                 continue;
             }
 
-            if (!checkTokenType(x509TokenPolicy.getTokenVersionAndType(), bstResults)) {
+            if (!checkTokenType(x509TokenPolicy.getTokenType(), bstResults)) {
                 ai.setNotAsserted("An incorrect X.509 Token Type is detected");
                 continue;
             }
@@ -86,7 +86,7 @@ public class X509TokenPolicyValidator ex
      * Check that at least one received token matches the token type.
      */
     private boolean checkTokenType(
-        String requiredVersionAndType,
+        TokenType tokenType,
         List<WSSecurityEngineResult> bstResults
     ) {
         if (bstResults.isEmpty()) {
@@ -94,8 +94,8 @@ public class X509TokenPolicyValidator ex
         }
 
         String requiredType = X509_V3_VALUETYPE;
-        if (SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10.equals(requiredType)
-            || SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11.equals(requiredType)) {
+        if (tokenType == TokenType.WssX509PkiPathV1Token10
+            || tokenType == TokenType.WssX509PkiPathV1Token11) {
             requiredType = PKI_VALUETYPE;
         }
 



Mime
View raw message