cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1455556 [2/3] - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/ policy/builders/ policy/interceptors/ policy/model/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Tue, 12 Mar 2013 14:44:33 GMT
Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Tue Mar 12 14:44:31 2013
@@ -89,6 +89,8 @@ import org.apache.wss4j.dom.message.toke
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SP13Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.Header;
 import org.apache.wss4j.policy.model.RequiredElements;
 import org.apache.wss4j.policy.model.RequiredParts;
@@ -155,19 +157,8 @@ public class PolicyBasedWSS4JInIntercept
     private void handleWSS11(AssertionInfoMap aim, SoapMessage message) {
         if (isRequestor(message)) {
             message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "false");
-            Collection<AssertionInfo> ais = aim.get(SP12Constants.WSS11);
-            if (ais != null) {
-                for (AssertionInfo ai : ais) {
-                    Wss11 wss11 = (Wss11)ai.getAssertion();
-                    if (wss11.isRequireSignatureConfirmation()) {
-                        message.put(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
-                        break;
-                    }
-                }
-            }
-            
-            ais = aim.get(SP11Constants.WSS11);
-            if (ais != null) {
+            Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11);
+            if (!ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
                     Wss11 wss11 = (Wss11)ai.getAssertion();
                     if (wss11.isRequireSignatureConfirmation()) {
@@ -189,8 +180,8 @@ public class PolicyBasedWSS4JInIntercept
         return action + " " + val;
     }
     
-    private boolean assertPolicy(AssertionInfoMap aim, QName q) {
-        Collection<AssertionInfo> ais = aim.get(q);
+    private boolean assertPolicy(AssertionInfoMap aim, QName name) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(name);
         if (ais != null && !ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
@@ -199,15 +190,42 @@ public class PolicyBasedWSS4JInIntercept
         }
         return false;
     }
+    
+    private boolean assertPolicy(AssertionInfoMap aim, String localname) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
+    private Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        if (sp11Ais != null && !sp11Ais.isEmpty()) {
+            ais.addAll(sp11Ais);
+        }
+
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+        if (sp12Ais != null && !sp12Ais.isEmpty()) {
+            ais.addAll(sp12Ais);
+        }
+
+        return ais;
+    }
 
     private String checkAsymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.ASYMMETRIC_BINDING);
-        }
-        if (ais == null || ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (ais.isEmpty()) {
             return action;
         }
         
@@ -249,11 +267,9 @@ public class PolicyBasedWSS4JInIntercept
     private String checkTransportBinding(
         AssertionInfoMap aim, String action, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.TRANSPORT_BINDING);
-        }
-        if (ais == null || ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (ais.isEmpty()) {
             return action;
         }
         
@@ -295,20 +311,10 @@ public class PolicyBasedWSS4JInIntercept
     private void checkUsernameToken(
         AssertionInfoMap aim, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
         
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                UsernameToken policy = (UsernameToken)ai.getAssertion();
-                if (policy.getPasswordType() == PasswordType.NoPassword) {
-                    message.put(WSHandlerConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, "true");
-                }
-            }
-        }
-        
-        ais = aim.get(SP11Constants.USERNAME_TOKEN);
-        
-        if (ais != null && !ais.isEmpty()) {
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 UsernameToken policy = (UsernameToken)ai.getAssertion();
                 if (policy.getPasswordType() == PasswordType.NoPassword) {
@@ -321,11 +327,9 @@ public class PolicyBasedWSS4JInIntercept
     private String checkSymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-        if (ais == null) {
-            ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-        }
-        if (ais == null || ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (ais.isEmpty()) {
             return action;
         }
         
@@ -398,8 +402,8 @@ public class PolicyBasedWSS4JInIntercept
             Properties props = getProps(e, propsURL, message);
             if (props == null) {
                 LOG.fine("Cannot find Crypto Encryption properties: " + e);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, 
-                                              "Cannot find Crypto Encryption properties: " + e);
+                Exception ex = new Exception("Cannot find Crypto Encryption properties: " + e);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
             }
             
             encrCrypto = CryptoFactory.getInstance(props);
@@ -421,8 +425,8 @@ public class PolicyBasedWSS4JInIntercept
             Properties props = getProps(s, propsURL, message);
             if (props == null) {
                 LOG.fine("Cannot find Crypto Signature properties: " + s);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, 
-                                              "Cannot find Crypto Signature properties: " + s);
+                Exception ex = new Exception("Cannot find Crypto Signature properties: " + s);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
             }
             
             signCrypto = CryptoFactory.getInstance(props);
@@ -436,14 +440,14 @@ public class PolicyBasedWSS4JInIntercept
     }
     
     private boolean assertXPathTokens(AssertionInfoMap aim, 
-                                   QName name, 
+                                   String name, 
                                    Collection<WSDataRef> refs,
                                    Element soapEnvelope,
                                    CoverageType type,
                                    CoverageScope scope,
                                    final XPath xpath) throws SOAPException {
-        Collection<AssertionInfo> ais = aim.get(name);
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, name);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
                 
@@ -477,14 +481,14 @@ public class PolicyBasedWSS4JInIntercept
 
     
     private boolean assertTokens(AssertionInfoMap aim, 
-                              QName name, 
+                              String name, 
                               Collection<WSDataRef> signed,
                               SoapMessage msg,
                               Element soapHeader,
                               Element soapBody,
                               CoverageType type) throws SOAPException {
-        Collection<AssertionInfo> ais = aim.get(name);
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, name);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
                 SignedParts p = (SignedParts)ai.getAssertion();
@@ -545,18 +549,34 @@ public class PolicyBasedWSS4JInIntercept
             checkUsernameToken(aim, message);
             
             // stuff we can default to asserted and un-assert if a condition isn't met
-            assertPolicy(aim, SP12Constants.KEY_VALUE_TOKEN);
-            assertPolicy(aim, SP11Constants.KEY_VALUE_TOKEN);
-            assertPolicy(aim, SP12Constants.RSA_KEY_VALUE);
-            assertPolicy(aim, SP12Constants.REQUIRE_ISSUER_SERIAL_REFERENCE);
-            assertPolicy(aim, SP11Constants.REQUIRE_ISSUER_SERIAL_REFERENCE);
-            assertPolicy(aim, SP12Constants.REQUIRE_THUMBPRINT_REFERENCE);
-            assertPolicy(aim, SP11Constants.REQUIRE_THUMBPRINT_REFERENCE);
-            assertPolicy(aim, SP12Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
-            assertPolicy(aim, SP11Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
-            assertPolicy(aim, SP12Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE);
-            assertPolicy(aim, SP11Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE);
-
+            assertPolicy(aim, SPConstants.KEY_VALUE_TOKEN);
+            assertPolicy(aim, SPConstants.RSA_KEY_VALUE);
+            assertPolicy(aim, SPConstants.REQUIRE_ISSUER_SERIAL_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_THUMBPRINT_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_KEY_IDENTIFIER_REFERENCE);
+            assertPolicy(aim, SPConstants.REQUIRE_EMBEDDED_TOKEN_REFERENCE);
+            assertPolicy(aim, SPConstants.TRUST_10);
+            assertPolicy(aim, SPConstants.WSS10);
+            
+            // WSS10
+            assertPolicy(aim, SPConstants.WSS10);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
+            assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
+            
+            // Trust 1.3
+            assertPolicy(aim, SPConstants.TRUST_13);
+            assertPolicy(aim, SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE);
+            assertPolicy(aim, SP12Constants.MUST_SUPPORT_SERVER_CHALLENGE);
+            assertPolicy(aim, SP12Constants.REQUIRE_CLIENT_ENTROPY);
+            assertPolicy(aim, SP12Constants.REQUIRE_SERVER_ENTROPY);
+            assertPolicy(aim, SP12Constants.MUST_SUPPORT_ISSUED_TOKENS);
+            assertPolicy(aim, SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION);
+            assertPolicy(aim, SP12Constants.REQUIRE_APPLIES_TO);
+            assertPolicy(aim, SP13Constants.SCOPE_POLICY_15);
+            assertPolicy(aim, SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE);
+            
             message.put(WSHandlerConstants.ACTION, action.trim());
         }
     }
@@ -622,11 +642,6 @@ public class PolicyBasedWSS4JInIntercept
             LOG.fine("Incoming request failed supporting token policy validation");
         }
         
-        // relatively irrelevant stuff from a verification standpoint
-        assertPolicy(aim, SP12Constants.WSS10);
-        assertPolicy(aim, SP12Constants.TRUST_13);
-        assertPolicy(aim, SP11Constants.TRUST_10);
-        
         super.doResults(msg, actor, soapHeader, soapBody, results, utWithCallbacks);
     }
     
@@ -648,17 +663,10 @@ public class PolicyBasedWSS4JInIntercept
         boolean check = true;
         if (!isTransportBinding(aim)) {
             check &= assertTokens(
-                aim, SP12Constants.SIGNED_PARTS, signed, msg, soapHeader, soapBody, CoverageType.SIGNED
+                aim, SPConstants.SIGNED_PARTS, signed, msg, soapHeader, soapBody, CoverageType.SIGNED
             );
             check &= assertTokens(
-                aim, SP11Constants.SIGNED_PARTS, signed, msg, soapHeader, soapBody, CoverageType.SIGNED
-            );
-            check &= assertTokens(
-                aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, soapHeader, soapBody, 
-                CoverageType.ENCRYPTED
-            );
-            check &= assertTokens(
-                aim, SP11Constants.ENCRYPTED_PARTS, encrypted, msg, soapHeader, soapBody, 
+                aim, SPConstants.ENCRYPTED_PARTS, encrypted, msg, soapHeader, soapBody, 
                 CoverageType.ENCRYPTED
             );
         }
@@ -669,17 +677,11 @@ public class PolicyBasedWSS4JInIntercept
             final XPathFactory factory = XPathFactory.newInstance();
             final XPath xpath = factory.newXPath();
             
-            check &= assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, soapEnvelope,
-                    CoverageType.SIGNED, CoverageScope.ELEMENT, xpath);
-            check &= assertXPathTokens(aim, SP11Constants.SIGNED_ELEMENTS, signed, soapEnvelope,
+            check &= assertXPathTokens(aim, SPConstants.SIGNED_ELEMENTS, signed, soapEnvelope,
                     CoverageType.SIGNED, CoverageScope.ELEMENT, xpath);
-            check &= assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, soapEnvelope,
+            check &= assertXPathTokens(aim, SPConstants.ENCRYPTED_ELEMENTS, encrypted, soapEnvelope,
                     CoverageType.ENCRYPTED, CoverageScope.ELEMENT, xpath);
-            check &= assertXPathTokens(aim, SP11Constants.ENCRYPTED_ELEMENTS, encrypted, soapEnvelope,
-                    CoverageType.ENCRYPTED, CoverageScope.ELEMENT, xpath);
-            check &= assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, 
-                    soapEnvelope, CoverageType.ENCRYPTED, CoverageScope.CONTENT, xpath);
-            check &= assertXPathTokens(aim, SP11Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, 
+            check &= assertXPathTokens(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, 
                     soapEnvelope, CoverageType.ENCRYPTED, CoverageScope.CONTENT, xpath);
         }
         
@@ -833,22 +835,8 @@ public class PolicyBasedWSS4JInIntercept
     private boolean assertHeadersExists(AssertionInfoMap aim, SoapMessage msg, Node header) 
         throws SOAPException {
         
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.REQUIRED_PARTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                RequiredParts rp = (RequiredParts)ai.getAssertion();
-                ai.setAsserted(true);
-                for (Header h : rp.getHeaders()) {
-                    QName qName = new QName(h.getNamespace(), h.getName());
-                    if (header == null 
-                        || DOMUtils.getFirstChildWithName((Element)header, qName) == null) {
-                        ai.setNotAsserted("No header element of name " + qName + " found.");
-                    }
-                }
-            }
-        }
-        ais = aim.get(SP11Constants.REQUIRED_PARTS);
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.REQUIRED_PARTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 RequiredParts rp = (RequiredParts)ai.getAssertion();
                 ai.setAsserted(true);
@@ -862,39 +850,8 @@ public class PolicyBasedWSS4JInIntercept
             }
         }
         
-        ais = aim.get(SP12Constants.REQUIRED_ELEMENTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                RequiredElements rp = (RequiredElements)ai.getAssertion();
-                ai.setAsserted(true);
-                
-                if (rp != null && rp.getXPaths() != null && !rp.getXPaths().isEmpty()) {
-                    XPathFactory factory = XPathFactory.newInstance();
-                    for (org.apache.wss4j.policy.model.XPath xPath : rp.getXPaths()) {
-                        Map<String, String> namespaces = xPath.getPrefixNamespaceMap();
-                        String expression = xPath.getXPath();
-    
-                        XPath xpath = factory.newXPath();
-                        if (namespaces != null) {
-                            xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
-                        }
-                        NodeList list;
-                        try {
-                            list = (NodeList)xpath.evaluate(expression, 
-                                                                     header,
-                                                                     XPathConstants.NODESET);
-                            if (list.getLength() == 0) {
-                                ai.setNotAsserted("No header element matching XPath " + expression + " found.");
-                            }
-                        } catch (XPathExpressionException e) {
-                            ai.setNotAsserted("Invalid XPath expression " + expression + " " + e.getMessage());
-                        }
-                    }
-                }
-            }
-        }
-        ais = aim.get(SP11Constants.REQUIRED_ELEMENTS);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(aim, SPConstants.REQUIRED_ELEMENTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 RequiredElements rp = (RequiredElements)ai.getAssertion();
                 ai.setAsserted(true);
@@ -929,25 +886,15 @@ public class PolicyBasedWSS4JInIntercept
     }
 
     private boolean isTransportBinding(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.TRANSPORT_BINDING);
-        }
-        if (ais != null && ais.size() > 0) {
-            ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-            if (ais != null && ais.size() > 0) {
-                return false;
-            }
-            ais = aim.get(SP11Constants.SYMMETRIC_BINDING);
-            if (ais != null && ais.size() > 0) {
-                return false;
-            }
-            ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-            if (ais != null && ais.size() > 0) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (ais.size() > 0) {
+            ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+            if (ais.size() > 0) {
                 return false;
             }
-            ais = aim.get(SP11Constants.ASYMMETRIC_BINDING);
-            if (ais != null && ais.size() > 0) {
+            ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+            if (ais.size() > 0) {
                 return false;
             }
             return true;
@@ -956,25 +903,16 @@ public class PolicyBasedWSS4JInIntercept
     }
     
     private boolean containsXPathPolicy(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ELEMENTS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.SIGNED_ELEMENTS);
-        }
-        if (ais != null && ais.size() > 0) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
+        if (ais.size() > 0) {
             return true;
         }
-        ais = aim.get(SP12Constants.ENCRYPTED_ELEMENTS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.ENCRYPTED_ELEMENTS);
-        }
-        if (ais != null && ais.size() > 0) {
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
+        if (ais.size() > 0) {
             return true;
         }
-        ais = aim.get(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.CONTENT_ENCRYPTED_ELEMENTS);
-        }
-        if (ais != null && ais.size() > 0) {
+        ais = getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
+        if (ais.size() > 0) {
             return true;
         }
         return false;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Tue Mar 12 14:44:31 2013
@@ -20,9 +20,11 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 import java.util.logging.Logger;
 
+import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
@@ -51,6 +53,7 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractBinding;
 import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.SymmetricBinding;
@@ -101,53 +104,32 @@ public class PolicyBasedWSS4JOutIntercep
             boolean mustUnderstand = true;
             String actor = null;
             
-
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
                 AbstractBinding transport = null;
-                ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-                if (ais != null) {
-                    for (AssertionInfo ai : ais) {
-                        transport = (AbstractBinding)ai.getAssertion();
-                        ai.setAsserted(true);
-                    }                    
-                }
-                ais = aim.get(SP11Constants.TRANSPORT_BINDING);
-                if (ais != null) {
-                    for (AssertionInfo ai : ais) {
-                        transport = (AbstractBinding)ai.getAssertion();
-                        ai.setAsserted(true);
-                    }                    
-                }
-                ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-                if (ais != null) {
+                ais = getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+                if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
                         transport = (AbstractBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
-                ais = aim.get(SP11Constants.ASYMMETRIC_BINDING);
-                if (ais != null) {
+                ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+                if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
                         transport = (AbstractBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
-                ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-                if (ais != null) {
-                    for (AssertionInfo ai : ais) {
-                        transport = (AbstractBinding)ai.getAssertion();
-                        ai.setAsserted(true);
-                    }                    
-                }
-                ais = aim.get(SP11Constants.SYMMETRIC_BINDING);
-                if (ais != null) {
+                ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+                if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
                         transport = (AbstractBinding)ai.getAssertion();
                         ai.setAsserted(true);
                     }                    
                 }
+
                 if (transport == null && isRequestor(message)) {
                     Policy policy = new Policy();
                     transport = new TransportBinding(org.apache.wss4j.policy.SPConstants.SPVersion.SP11,
@@ -194,20 +176,14 @@ public class PolicyBasedWSS4JOutIntercep
                     }
                 }
                 
-                ais = aim.get(SP12Constants.WSS10);
-                if (ais != null) {
-                    for (AssertionInfo ai : ais) {
-                        ai.setAsserted(true);
-                    }                    
-                }
-                ais = aim.get(SP11Constants.WSS10);
-                if (ais != null) {
+                ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10);
+                if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
                         ai.setAsserted(true);
                     }                    
                 }
-                ais = aim.get(SP12Constants.WSS11);
-                if (ais != null) {
+                ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10);
+                if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
                         ai.setAsserted(true);
                     }                    
@@ -248,5 +224,23 @@ public class PolicyBasedWSS4JOutIntercep
                 msg.setContextualProperty(WSHandlerConstants.IS_BSP_COMPLIANT, bspCompliant);
             }
         }
+        
+        private Collection<AssertionInfo> getAllAssertionsByLocalname(
+            AssertionInfoMap aim,
+            String localname
+        ) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+            if (sp11Ais != null && !sp11Ais.isEmpty()) {
+                ais.addAll(sp11Ais);
+            }
+
+            Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+            if (sp12Ais != null && !sp12Ais.isEmpty()) {
+                ais.addAll(sp12Ais);
+            }
+
+            return ais;
+        }
     }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/SamlTokenInterceptor.java Tue Mar 12 14:44:31 2013
@@ -65,8 +65,7 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.dom.handler.WSHandlerResult;
 import org.apache.wss4j.dom.processor.SAMLTokenProcessor;
 import org.apache.wss4j.dom.validate.Validator;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
@@ -114,8 +113,7 @@ public class SamlTokenInterceptor extend
                                 break;
                             }
                         }
-                        assertTokens(message, SP12Constants.SAML_TOKEN, signed);
-                        assertTokens(message, SP11Constants.SAML_TOKEN, signed);
+                        assertTokens(message, SPConstants.SAML_TOKEN, signed);
                         
                         Principal principal = 
                             (Principal)samlResults.get(0).get(WSSecurityEngineResult.TAG_PRINCIPAL);
@@ -179,11 +177,7 @@ public class SamlTokenInterceptor extend
     }
 
     protected AbstractToken assertTokens(SoapMessage message) {
-        AbstractToken token = assertTokens(message, SP12Constants.SAML_TOKEN, true);
-        if (token == null) {
-            token = assertTokens11(message, SP11Constants.SAML_TOKEN, true);
-        }
-        return token;
+        return assertTokens(message, SPConstants.SAML_TOKEN, true);
     }
 
     protected void addToken(SoapMessage message) {
@@ -195,13 +189,8 @@ public class SamlTokenInterceptor extend
             SamlAssertionWrapper wrapper = addSamlToken(tok, message);
             if (wrapper == null) {
                 AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-                Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.SAML_TOKEN);
-                for (AssertionInfo ai : ais) {
-                    if (ai.isAsserted()) {
-                        ai.setAsserted(false);
-                    }
-                }
-                ais = aim.getAssertionInfo(SP11Constants.SAML_TOKEN);
+                Collection<AssertionInfo> ais = 
+                    getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
                 for (AssertionInfo ai : ais) {
                     if (ai.isAsserted()) {
                         ai.setAsserted(false);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Tue Mar 12 14:44:31 2013
@@ -57,8 +57,6 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.processor.UsernameTokenProcessor;
 import org.apache.wss4j.dom.validate.Validator;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
 import org.apache.wss4j.policy.model.SupportingTokens;
@@ -190,20 +188,9 @@ public class UsernameTokenInterceptor ex
     }
     
     private boolean isAllowNoPassword(AssertionInfoMap aim) throws WSSecurityException {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.USERNAME_TOKEN);
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
 
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                UsernameToken policy = (UsernameToken)ai.getAssertion();
-                if (policy.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
-                    return true;
-                }
-            }
-        }
-        
-        ais = aim.get(SP11Constants.USERNAME_TOKEN);
-
-        if (ais != null && !ais.isEmpty()) {
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 UsernameToken policy = (UsernameToken)ai.getAssertion();
                 if (policy.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
@@ -240,12 +227,7 @@ public class UsernameTokenInterceptor ex
     }
     
     protected UsernameToken assertTokens(SoapMessage message) {
-        UsernameToken usernameToken = 
-            (UsernameToken)assertTokens(message, SP12Constants.USERNAME_TOKEN, true);
-        if (usernameToken == null) {
-            usernameToken = (UsernameToken)assertTokens11(message, SP11Constants.USERNAME_TOKEN, true);
-        }
-        return usernameToken;
+        return (UsernameToken)assertTokens(message, SPConstants.USERNAME_TOKEN, true);
     }
     
     private UsernameToken assertTokens(
@@ -254,10 +236,7 @@ public class UsernameTokenInterceptor ex
         boolean signed
     ) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
-        if (ais == null) {
-            ais = aim.getAssertionInfo(SP11Constants.USERNAME_TOKEN);
-        }
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
         UsernameToken tok = null;
         for (AssertionInfo ai : ais) {
             tok = (UsernameToken)ai.getAssertion();
@@ -273,20 +252,12 @@ public class UsernameTokenInterceptor ex
                 ai.setAsserted(true);         
             }
         }
-        ais = aim.getAssertionInfo(SP12Constants.SUPPORTING_TOKENS);
-        for (AssertionInfo ai : ais) {
-            ai.setAsserted(true);
-        }
-        ais = aim.getAssertionInfo(SP11Constants.SUPPORTING_TOKENS);
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
         for (AssertionInfo ai : ais) {
             ai.setAsserted(true);
         }
         if (signed || isTLSInUse(message)) {
-            ais = aim.getAssertionInfo(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
-            ais = aim.getAssertionInfo(SP11Constants.SIGNED_SUPPORTING_TOKENS);
+            ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
             }
@@ -317,13 +288,8 @@ public class UsernameTokenInterceptor ex
             addUsernameToken(message, tok);
         if (utBuilder == null) {
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-            Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.USERNAME_TOKEN);
-            for (AssertionInfo ai : ais) {
-                if (ai.isAsserted()) {
-                    ai.setAsserted(false);
-                }
-            }
-            ais = aim.getAssertionInfo(SP11Constants.USERNAME_TOKEN);
+            Collection<AssertionInfo> ais = 
+                getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
             for (AssertionInfo ai : ais) {
                 if (ai.isAsserted()) {
                     ai.setAsserted(false);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Tue Mar 12 14:44:31 2013
@@ -285,13 +285,27 @@ public abstract class AbstractBindingBui
         return MessageUtils.isRequestor(message);
     }
     
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(String localname) {
+        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        if (sp11Ais != null && !sp11Ais.isEmpty()) {
+            ais.addAll(sp11Ais);
+        }
+        
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+        if (sp12Ais != null && !sp12Ais.isEmpty()) {
+            ais.addAll(sp12Ais);
+        }
+        
+        return ais;
+    }
+    
     protected void policyNotAsserted(Assertion assertion, Exception reason) {
         if (assertion == null) {
             return;
         }
         LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
-        Collection<AssertionInfo> ais;
-        ais = aim.get(assertion.getName());
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 if (ai.getAssertion() == assertion) {
@@ -309,8 +323,7 @@ public abstract class AbstractBindingBui
             return;
         }
         LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
-        Collection<AssertionInfo> ais;
-        ais = aim.get(assertion.getName());
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 if (ai.getAssertion() == assertion) {
@@ -328,8 +341,7 @@ public abstract class AbstractBindingBui
             return;
         }
         LOG.log(Level.FINE, "Asserting " + assertion.getName());
-        Collection<AssertionInfo> ais;
-        ais = aim.get(assertion.getName());
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
         if (ais != null) {
             for (AssertionInfo ai : ais) {
                 if (ai.getAssertion() == assertion) {
@@ -396,11 +408,8 @@ public abstract class AbstractBindingBui
     }
     
     protected WSSecTimestamp createTimestamp() {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.INCLUDE_TIMESTAMP);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.INCLUDE_TIMESTAMP);
-        }
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.INCLUDE_TIMESTAMP);
+        if (!ais.isEmpty()) {
             Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
             int ttl = 300;  //default is 300 seconds
             if (o instanceof Number) {
@@ -422,11 +431,8 @@ public abstract class AbstractBindingBui
     }
     
     protected WSSecTimestamp handleLayout(WSSecTimestamp timestamp) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.LAYOUT);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.LAYOUT);
-        }
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.LAYOUT);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 Layout layout = (Layout)ai.getAssertion();
                 ai.setAsserted(true);
@@ -1120,45 +1126,24 @@ public abstract class AbstractBindingBui
         EncryptedElements elements = null;
         ContentEncryptedElements celements = null;
 
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.ENCRYPTED_PARTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                parts = (EncryptedParts)ai.getAssertion();
-                ai.setAsserted(true);
-            }            
-        }
-        ais = aim.getAssertionInfo(SP11Constants.ENCRYPTED_PARTS);
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.ENCRYPTED_PARTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 parts = (EncryptedParts)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
         
-        ais = aim.getAssertionInfo(SP12Constants.ENCRYPTED_ELEMENTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                elements = (EncryptedElements)ai.getAssertion();
-                ai.setAsserted(true);
-            }            
-        }
-        ais = aim.getAssertionInfo(SP11Constants.ENCRYPTED_ELEMENTS);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.ENCRYPTED_ELEMENTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 elements = (EncryptedElements)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
         
-        ais = aim.getAssertionInfo(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                celements = (ContentEncryptedElements)ai.getAssertion();
-                ai.setAsserted(true);
-            }            
-        }
-        ais = aim.getAssertionInfo(SP11Constants.CONTENT_ENCRYPTED_ELEMENTS);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 celements = (ContentEncryptedElements)ai.getAssertion();
                 ai.setAsserted(true);
@@ -1195,30 +1180,16 @@ public abstract class AbstractBindingBui
         SignedParts parts = null;
         SignedElements elements = null;
         
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.SIGNED_PARTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                parts = (SignedParts)ai.getAssertion();
-                ai.setAsserted(true);
-            }            
-        }
-        ais = aim.getAssertionInfo(SP11Constants.SIGNED_PARTS);
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 parts = (SignedParts)ai.getAssertion();
                 ai.setAsserted(true);
             }            
         }
         
-        ais = aim.getAssertionInfo(SP12Constants.SIGNED_ELEMENTS);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                elements = (SignedElements)ai.getAssertion();
-                ai.setAsserted(true);
-            }            
-        }
-        ais = aim.getAssertionInfo(SP11Constants.SIGNED_ELEMENTS);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ELEMENTS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 elements = (SignedElements)ai.getAssertion();
                 ai.setAsserted(true);
@@ -1729,31 +1700,19 @@ public abstract class AbstractBindingBui
     }
     
     protected Wss10 getWss10() {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.WSS10);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }
-        ais = aim.getAssertionInfo(SP12Constants.WSS11);
-        if (ais != null) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.WSS10);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 return (Wss10)ai.getAssertion();
             }            
         }
         
-        ais = aim.getAssertionInfo(SP11Constants.WSS10);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.WSS10);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 return (Wss10)ai.getAssertion();
             }            
         }  
-        ais = aim.getAssertionInfo(SP11Constants.WSS11);
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }
         
         return null;
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Tue Mar 12 14:44:31 2013
@@ -950,21 +950,13 @@ public class SymmetricBindingHandler ext
     }
     
     private boolean hasSignedPartsOrElements() {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.SIGNED_PARTS);
-        if (ais != null && ais.size() > 0) {
-            return true;
-        }
-        ais = aim.getAssertionInfo(SP11Constants.SIGNED_PARTS);
-        if (ais != null && ais.size() > 0) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
+        if (ais.size() > 0) {
             return true;
         }
         
-        ais = aim.getAssertionInfo(SP12Constants.SIGNED_ELEMENTS);
-        if (ais != null && ais.size() > 0) {
-            return true;
-        }
-        ais = aim.getAssertionInfo(SP11Constants.SIGNED_ELEMENTS);
-        if (ais != null && ais.size() > 0) {
+        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ELEMENTS);
+        if (ais.size() > 0) {
             return true;
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Tue Mar 12 14:44:31 2013
@@ -55,8 +55,6 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecTimestamp;
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -169,11 +167,8 @@ public class TransportBindingHandler ext
     private void handleNonEndorsingSupportingTokens() throws Exception {
         Collection<AssertionInfo> ais;
         
-        ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.SIGNED_SUPPORTING_TOKENS);
-        }
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
                 if (sgndSuppTokens != null) {
@@ -183,11 +178,8 @@ public class TransportBindingHandler ext
             }
         }
         
-        ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        }
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
                 if (sgndSuppTokens != null) {
@@ -197,11 +189,8 @@ public class TransportBindingHandler ext
             }
         }
         
-        ais = aim.get(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.ENCRYPTED_SUPPORTING_TOKENS);
-        }
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 SupportingTokens encrSuppTokens = (SupportingTokens)ai.getAssertion();
                 if (encrSuppTokens != null) {
@@ -211,11 +200,8 @@ public class TransportBindingHandler ext
             }
         }
         
-        ais = aim.get(SP12Constants.SUPPORTING_TOKENS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.SUPPORTING_TOKENS);
-        }
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion();
                 if (suppTokens != null && suppTokens.getTokens() != null 
@@ -233,11 +219,8 @@ public class TransportBindingHandler ext
     private void handleEndorsingSupportingTokens() throws Exception {
         Collection<AssertionInfo> ais;
         
-        ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        }
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             SupportingTokens sgndSuppTokens = null;
             for (AssertionInfo ai : ais) {
                 sgndSuppTokens = (SupportingTokens)ai.getAssertion();
@@ -250,11 +233,8 @@ public class TransportBindingHandler ext
             }
         }
         
-        ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-        if (ais == null) {
-            ais = aim.get(SP11Constants.ENDORSING_SUPPORTING_TOKENS);
-        }
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.ENDORSING_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             SupportingTokens endSuppTokens = null;
             for (AssertionInfo ai : ais) {
                 endSuppTokens = (SupportingTokens)ai.getAssertion();
@@ -267,8 +247,8 @@ public class TransportBindingHandler ext
                 }
             }
         }
-        ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             SupportingTokens endSuppTokens = null;
             for (AssertionInfo ai : ais) {
                 endSuppTokens = (SupportingTokens)ai.getAssertion();
@@ -281,8 +261,8 @@ public class TransportBindingHandler ext
                 }
             }
         }
-        ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null) {
+        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
             SupportingTokens endSuppTokens = null;
             for (AssertionInfo ai : ais) {
                 endSuppTokens = (SupportingTokens)ai.getAssertion();
@@ -400,8 +380,9 @@ public class TransportBindingHandler ext
         SecurityToken secTok = getSecurityToken();
         if (secTok == null) {
             LOG.fine("The retrieved SecurityToken was null");
+            Exception ex = new Exception("The retrieved SecurityToken was null");
             throw new WSSecurityException(
-                WSSecurityException.ErrorCode.FAILURE, "The retrieved SecurityToken was null"
+                WSSecurityException.ErrorCode.FAILURE, ex
             );
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.List;
 
 import javax.xml.namespace.QName;
@@ -411,6 +412,17 @@ public abstract class AbstractBindingPol
         }
     }
     
+    protected boolean assertPolicy(AssertionInfoMap aim, String localname) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
     protected boolean assertPolicy(AssertionInfoMap aim, QName q) {
         Collection<AssertionInfo> ais = aim.get(q);
         if (ais != null && !ais.isEmpty()) {
@@ -430,4 +442,22 @@ public abstract class AbstractBindingPol
             }    
         }
     }
+    
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        if (sp11Ais != null && !sp11Ais.isEmpty()) {
+            ais.addAll(sp11Ais);
+        }
+
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+        if (sp12Ais != null && !sp12Ais.isEmpty()) {
+            ais.addAll(sp12Ais);
+        }
+
+        return ais;
+    }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
 import java.util.Collection;
+import java.util.HashSet;
 
 import javax.xml.namespace.QName;
 
@@ -27,6 +28,8 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
 import org.apache.wss4j.policy.model.AbstractToken;
 
@@ -62,9 +65,9 @@ public abstract class AbstractTokenPolic
         }
     }
     
-    protected boolean assertPolicy(AssertionInfoMap aim, QName q) {
-        Collection<AssertionInfo> ais = aim.get(q);
-        if (ais != null && !ais.isEmpty()) {
+    protected boolean assertPolicy(AssertionInfoMap aim, QName name) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(name);
+        if (aim != null && !ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
             }    
@@ -72,4 +75,33 @@ public abstract class AbstractTokenPolic
         }
         return false;
     }
+    
+    protected boolean assertPolicy(AssertionInfoMap aim, String localname) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        if (sp11Ais != null && !sp11Ais.isEmpty()) {
+            ais.addAll(sp11Ais);
+        }
+
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+        if (sp12Ais != null && !sp12Ais.isEmpty()) {
+            ais.addAll(sp12Ais);
+        }
+
+        return ais;
+    }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AsymmetricBindingPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -30,8 +30,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractTokenWrapper;
 import org.apache.wss4j.policy.model.AsymmetricBinding;
@@ -50,13 +49,8 @@ public class AsymmetricBindingPolicyVali
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults);
-        }
-        
-        ais = aim.get(SP11Constants.ASYMMETRIC_BINDING);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (!ais.isEmpty()) {
             parsePolicies(aim, ais, message, soapBody, results, signedResults, encryptedResults);
         }
         
@@ -174,6 +168,9 @@ public class AsymmetricBindingPolicyVali
             ai.setNotAsserted("Message fails the DerivedKeys requirement");
             return false;
         }
+        assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS);
+        assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS);
+        assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS);
 
         return true;
     }
@@ -192,6 +189,9 @@ public class AsymmetricBindingPolicyVali
             ai.setNotAsserted("Message fails the DerivedKeys requirement");
             return false;
         }
+        assertPolicy(aim, SPConstants.REQUIRE_DERIVED_KEYS);
+        assertPolicy(aim, SPConstants.REQUIRE_IMPLIED_DERIVED_KEYS);
+        assertPolicy(aim, SPConstants.REQUIRE_EXPLICIT_DERIVED_KEYS);
 
         return true;
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/ConcreteSupportingTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KerberosToken;
@@ -54,18 +53,13 @@ public class ConcreteSupportingTokenPoli
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-        
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EncryptedTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KerberosToken;
@@ -54,18 +53,13 @@ public class EncryptedTokenPolicyValidat
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-        
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingEncryptedTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -56,18 +55,14 @@ public class EndorsingEncryptedTokenPoli
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-        
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/EndorsingTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -56,18 +55,14 @@ public class EndorsingTokenPolicyValidat
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.ENDORSING_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/KerberosTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -25,8 +25,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.message.token.KerberosSecurity;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.KerberosToken.ApReqTokenType;
 
@@ -48,13 +47,8 @@ public class KerberosTokenPolicyValidato
         AssertionInfoMap aim,
         KerberosSecurity kerberosToken
     ) {
-        Collection<AssertionInfo> krbAis = aim.get(SP12Constants.KERBEROS_TOKEN);
-        if (krbAis != null && !krbAis.isEmpty()) {
-            parsePolicies(krbAis, kerberosToken);
-        }
-        
-        krbAis = aim.get(SP11Constants.KERBEROS_TOKEN);
-        if (krbAis != null && !krbAis.isEmpty()) {
+        Collection<AssertionInfo> krbAis = getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN);
+        if (!krbAis.isEmpty()) {
             parsePolicies(krbAis, kerberosToken);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SamlTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -37,8 +37,7 @@ import org.apache.wss4j.common.saml.Saml
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
 import org.opensaml.common.SAMLVersion;
@@ -61,13 +60,8 @@ public class SamlTokenPolicyValidator ex
         body = soapBody;
         signed = signedResults;
         
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SAML_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(aim, ais, message, results, signedResults);
-        }
-        
-        ais = aim.get(SP11Constants.SAML_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
+        if (!ais.isEmpty()) {
             parsePolicies(aim, ais, message, results, signedResults);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SecurityContextTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -31,8 +31,7 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.SecurityContextToken;
 
 /**
@@ -48,16 +47,12 @@ public class SecurityContextTokenPolicyV
         List<WSSecurityEngineResult> results,
         List<WSSecurityEngineResult> signedResults
     ) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SECURITY_CONTEXT_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SECURITY_CONTEXT_TOKEN);
+        if (!ais.isEmpty()) {
             parsePolicies(ais, message, results);
         }
         
-        ais = aim.get(SP11Constants.SECURITY_CONTEXT_TOKEN);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message, results);
-        }
-
         return true;
     }
     

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEncryptedTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KerberosToken;
@@ -55,18 +54,14 @@ public class SignedEncryptedTokenPolicyV
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-        
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingEncryptedTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -57,18 +56,14 @@ public class SignedEndorsingEncryptedTok
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-        
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {                       
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {                       
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedEndorsingTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
 import org.apache.wss4j.policy.model.IssuedToken;
@@ -56,18 +55,14 @@ public class SignedEndorsingTokenPolicyV
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
 
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
             parsePolicies(ais, message);
         }
         

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java?rev=1455556&r1=1455555&r2=1455556&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/SignedTokenPolicyValidator.java Tue Mar 12 14:44:31 2013
@@ -26,8 +26,7 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KerberosToken;
@@ -54,18 +53,14 @@ public class SignedTokenPolicyValidator 
         List<WSSecurityEngineResult> signedResults,
         List<WSSecurityEngineResult> encryptedResults
     ) {
-        setMessage(message);
-        setResults(results);
-        setSignedResults(signedResults);
-        setEncryptedResults(encryptedResults);
-        
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
-            parsePolicies(ais, message);
-        }
-        
-        ais = aim.get(SP11Constants.SIGNED_SUPPORTING_TOKENS);
-        if (ais != null && !ais.isEmpty()) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            setMessage(message);
+            setResults(results);
+            setSignedResults(signedResults);
+            setEncryptedResults(encryptedResults);
+            
             parsePolicies(ais, message);
         }
         



Mime
View raw message