cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1455925 - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security: policy/ policy/interceptors/ wss4j/ wss4j/policyhandlers/ wss4j/policyvalidators/
Date Wed, 13 Mar 2013 13:12:57 GMT
Author: coheigea
Date: Wed Mar 13 13:12:56 2013
New Revision: 1455925

URL: http://svn.apache.org/r1455925
Log:
Fixed some more failing tests

Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java Wed Mar 13 13:12:56 2013
@@ -226,9 +226,9 @@ public final class WSSecurityPolicyLoade
             new QName(SP12Constants.SP_NS, "WssSamlV20Token11"),
             
             // HTTPs
-            SP12Constants.HTTP_BASIC_AUTHENTICATION, SP11Constants.HTTP_BASIC_AUTHENTICATION,
-            SP12Constants.HTTP_DIGEST_AUTHENTICATION, SP11Constants.HTTP_DIGEST_AUTHENTICATION,
-            SP12Constants.REQUIRE_CLIENT_CERTIFICATE, SP11Constants.REQUIRE_CLIENT_CERTIFICATE,
+            SP12Constants.HTTP_BASIC_AUTHENTICATION,
+            SP12Constants.HTTP_DIGEST_AUTHENTICATION,
+            SP12Constants.REQUIRE_CLIENT_CERTIFICATE,
             
             // Trust13
             SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE, SP11Constants.MUST_SUPPORT_CLIENT_CHALLENGE,

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Wed Mar 13 13:12:56 2013
@@ -86,7 +86,7 @@ public class HttpsTokenInterceptorProvid
                     return;
                 }
                 if (isRequestor(message)) {
-                    assertHttps(ais, message);
+                    assertHttps(aim, ais, message);
                 } else {
                     //server side should be checked on the way in
                     for (AssertionInfo ai : ais) {
@@ -95,7 +95,7 @@ public class HttpsTokenInterceptorProvid
                 }
             }
         }
-        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
+        private void assertHttps(AssertionInfoMap aim, Collection<AssertionInfo> ais, Message message) {
             for (AssertionInfo ai : ais) {
                 HttpsToken token = (HttpsToken)ai.getAssertion();
                 String scheme = (String)message.get("http.scheme");
@@ -125,12 +125,15 @@ public class HttpsTokenInterceptorProvid
                             }
                         };
                         message.put(MessageTrustDecider.class, trust);
+                        NegotiationUtils.assertPolicy(aim, SP12Constants.REQUIRE_CLIENT_CERTIFICATE);
                     }
                     if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication) {
                         List<String> auth = headers.get("Authorization");
                         if (auth == null || auth.size() == 0 
                             || !auth.get(0).startsWith("Basic")) {
                             ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
+                        } else {
+                            NegotiationUtils.assertPolicy(aim, SP12Constants.HTTP_BASIC_AUTHENTICATION);
                         }
                     }
                     if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) {
@@ -138,7 +141,9 @@ public class HttpsTokenInterceptorProvid
                         if (auth == null || auth.size() == 0 
                             || !auth.get(0).startsWith("Digest")) {
                             ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
-                        }                        
+                        } else {
+                            NegotiationUtils.assertPolicy(aim, SP12Constants.HTTP_DIGEST_AUTHENTICATION);
+                        }
                     }
                 } else {
                     ai.setNotAsserted("Not an HTTPs connection");
@@ -166,7 +171,7 @@ public class HttpsTokenInterceptorProvid
                     return;
                 }
                 if (!isRequestor(message)) {
-                    assertHttps(ais, message);
+                    assertHttps(aim, ais, message);
                     // Store the TLS principal on the message context
                     SecurityContext sc = message.get(SecurityContext.class);
                     if (sc == null || sc.getUserPrincipal() == null) {
@@ -191,7 +196,7 @@ public class HttpsTokenInterceptorProvid
             }
         }
         
-        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
+        private void assertHttps(AssertionInfoMap aim, Collection<AssertionInfo> ais, Message message) {
             for (AssertionInfo ai : ais) {
                 boolean asserted = true;
                 HttpsToken token = (HttpsToken)ai.getAssertion();
@@ -202,6 +207,8 @@ public class HttpsTokenInterceptorProvid
                     if (auth == null || auth.size() == 0 
                         || !auth.get(0).startsWith("Basic")) {
                         asserted = false;
+                    } else {
+                        NegotiationUtils.assertPolicy(aim, SP12Constants.HTTP_BASIC_AUTHENTICATION);
                     }
                 }
                 if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) {
@@ -209,7 +216,9 @@ public class HttpsTokenInterceptorProvid
                     if (auth == null || auth.size() == 0 
                         || !auth.get(0).startsWith("Digest")) {
                         asserted = false;
-                    }                        
+                    } else {
+                        NegotiationUtils.assertPolicy(aim, SP12Constants.HTTP_DIGEST_AUTHENTICATION);
+                    }
                 }
 
                 TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);                
@@ -219,6 +228,8 @@ public class HttpsTokenInterceptorProvid
                         && (tlsInfo.getPeerCertificates() == null 
                             || tlsInfo.getPeerCertificates().length == 0)) {
                         asserted = false;
+                    } else {
+                        NegotiationUtils.assertPolicy(aim, SP12Constants.REQUIRE_CLIENT_CERTIFICATE);
                     }
                 } else {
                     asserted = false;

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java Wed Mar 13 13:12:56 2013
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 
@@ -295,22 +296,48 @@ final class NegotiationUtils {
         return handler;
     }
     
+    static boolean assertPolicy(AssertionInfoMap aim, QName name) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(name);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
+    static boolean assertPolicy(AssertionInfoMap aim, String localname) {
+        Collection<AssertionInfo> ais = 
+            NegotiationUtils.getAllAssertionsByLocalname(aim, localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
     static Collection<AssertionInfo> getAllAssertionsByLocalname(
         AssertionInfoMap aim,
         String localname
     ) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
         }
-
-        return ais;
+            
+        return Collections.emptySet();
     }
 
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractTokenInterceptor.java Wed Mar 13 13:12:56 2013
@@ -111,49 +111,62 @@ public abstract class AbstractTokenInter
     
     protected abstract AbstractToken assertTokens(SoapMessage message);
     
+    protected boolean assertPolicy(AssertionInfoMap aim, String localname) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
+    protected boolean assertPolicy(AssertionInfoMap aim, QName name) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(name);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
     protected Collection<AssertionInfo> getAllAssertionsByLocalname(
         AssertionInfoMap aim,
         String localname
     ) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-        
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
-        }
         
-        return ais;
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+            
+        return Collections.emptySet();
     }
     
     protected AbstractToken assertTokens(SoapMessage message, String localname, boolean signed) {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(new QName(SP11Constants.SP_NS, localname));
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, localname);
         AbstractToken tok = null;
         for (AssertionInfo ai : ais) {
             tok = (AbstractToken)ai.getAssertion();
             ai.setAsserted(true);                
         }
         
-        ais = aim.getAssertionInfo(new QName(SP12Constants.SP_NS, localname));
-        for (AssertionInfo ai : ais) {
-            tok = (AbstractToken)ai.getAssertion();
-            ai.setAsserted(true);                
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
-        for (AssertionInfo ai : ais) {
-            ai.setAsserted(true);
-        }
+        assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
         
         if (signed || isTLSInUse(message)) {
-            ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
+            assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
         }
         return tok;
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AlgorithmSuiteTranslater.java Wed Mar 13 13:12:56 2013
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 
@@ -193,18 +194,21 @@ public final class AlgorithmSuiteTransla
         AssertionInfoMap aim,
         String localname
     ) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
         }
-
-        return ais;
+            
+        return Collections.emptySet();
     }
 
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Mar 13 13:12:56 2013
@@ -25,6 +25,7 @@ import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -206,18 +207,21 @@ public class PolicyBasedWSS4JInIntercept
         AssertionInfoMap aim,
         String localname
     ) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
         }
-
-        return ais;
+            
+        return Collections.emptySet();
     }
 
     private String checkAsymmetricBinding(

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java Wed Mar 13 13:12:56 2013
@@ -229,18 +229,21 @@ public class PolicyBasedWSS4JOutIntercep
             AssertionInfoMap aim,
             String localname
         ) {
-            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
             Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-            if (sp11Ais != null && !sp11Ais.isEmpty()) {
-                ais.addAll(sp11Ais);
-            }
-
             Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-            if (sp12Ais != null && !sp12Ais.isEmpty()) {
-                ais.addAll(sp12Ais);
+            
+            if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+                Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+                if (sp11Ais != null) {
+                    ais.addAll(sp11Ais);
+                }
+                if (sp12Ais != null) {
+                    ais.addAll(sp12Ais);
+                }
+                return ais;
             }
-
-            return ais;
+                
+            return Collections.emptySet();
         }
     }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/UsernameTokenInterceptor.java Wed Mar 13 13:12:56 2013
@@ -57,6 +57,7 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.processor.UsernameTokenProcessor;
 import org.apache.wss4j.dom.validate.Validator;
+import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
 import org.apache.wss4j.policy.model.SupportingTokens;
@@ -227,6 +228,14 @@ public class UsernameTokenInterceptor ex
     }
     
     protected UsernameToken assertTokens(SoapMessage message) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
+        assertPolicy(aim, SPConstants.HASH_PASSWORD);
+        assertPolicy(aim, SPConstants.NO_PASSWORD);
+        assertPolicy(aim, SP13Constants.NONCE);
+        assertPolicy(aim, SP13Constants.CREATED);
+
         return (UsernameToken)assertTokens(message, SPConstants.USERNAME_TOKEN, true);
     }
     
@@ -240,27 +249,41 @@ public class UsernameTokenInterceptor ex
         UsernameToken tok = null;
         for (AssertionInfo ai : ais) {
             tok = (UsernameToken)ai.getAssertion();
-            if (princ != null 
-                && (tok.getPasswordType() == UsernameToken.PasswordType.HashPassword) 
-                != princ.isPasswordDigest()) {
+            ai.setAsserted(true);
+            if ((tok.getPasswordType() == UsernameToken.PasswordType.HashPassword)
+                && (princ == null || !princ.isPasswordDigest())) {
                 ai.setNotAsserted("Password hashing policy not enforced");
-            } else if (princ != null && tok.getPasswordType() != UsernameToken.PasswordType.NoPassword 
-                && (princ.getPassword() == null)
-                && isNonEndorsingSupportingToken(tok)) {
+            } else {
+                assertPolicy(aim, SPConstants.HASH_PASSWORD);
+            }
+            
+            if ((tok.getPasswordType() == UsernameToken.PasswordType.NoPassword)
+                && isNonEndorsingSupportingToken(tok)
+                && (princ == null || princ.getPassword() == null)) {
                 ai.setNotAsserted("Username Token No Password supplied");
             } else {
-                ai.setAsserted(true);         
+                assertPolicy(aim, SPConstants.NO_PASSWORD);
+            }
+            
+            if (tok.isCreated() && princ.getCreatedTime() == null) {
+                ai.setNotAsserted("No Created Time");
+            } else {
+                assertPolicy(aim, SP13Constants.CREATED);
+            }
+            
+            if (tok.isNonce() && princ.getNonce() == null) {
+                ai.setNotAsserted("No Nonce");
+            } else {
+                assertPolicy(aim, SP13Constants.NONCE);
             }
         }
-        ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
-        for (AssertionInfo ai : ais) {
-            ai.setAsserted(true);
-        }
+        
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
+        assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
+        assertPolicy(aim, SPConstants.SUPPORTING_TOKENS);
+
         if (signed || isTLSInUse(message)) {
-            ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
+            assertPolicy(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
         }
         return tok;
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Wed Mar 13 13:12:56 2013
@@ -25,6 +25,7 @@ import java.net.URL;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -111,6 +112,7 @@ import org.apache.wss4j.dom.message.toke
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
 import org.apache.wss4j.policy.model.AbstractBinding;
@@ -286,18 +288,21 @@ public abstract class AbstractBindingBui
     }
     
     protected Collection<AssertionInfo> getAllAssertionsByLocalname(String localname) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-        
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
-        }
         
-        return ais;
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+            
+        return Collections.emptySet();
     }
     
     protected void policyNotAsserted(Assertion assertion, Exception reason) {
@@ -360,6 +365,15 @@ public abstract class AbstractBindingBui
         }
     }
     
+    protected void policyAsserted(String localname) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }
+        }
+    }
+    
     protected Collection<Assertion> findAndAssertPolicy(QName n) {
         Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
         if (ais != null && !ais.isEmpty()) {
@@ -441,6 +455,7 @@ public abstract class AbstractBindingBui
                         ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires a timestamp");
                     } else {
                         ai.setAsserted(true);
+                        policyAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
                         Element el = timestamp.getElement();
                         secHeader.getSecurityHeader().appendChild(el);
                         if (bottomUpElement == null) {
@@ -452,10 +467,14 @@ public abstract class AbstractBindingBui
                         ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires a timestamp");
                     } else {
                         addTopDownElement(timestampEl.getElement());
+                        policyAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
                     }
                 } else if (timestampEl != null) {
                     addTopDownElement(timestampEl.getElement());
                 }
+                
+                policyAsserted(SPConstants.LAYOUT_LAX);
+                policyAsserted(SPConstants.LAYOUT_STRICT);
             }                    
         } else if (timestampEl != null) {
             addTopDownElement(timestampEl.getElement());
@@ -832,6 +851,7 @@ public abstract class AbstractBindingBui
             if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
+                policyAsserted(SPConstants.NO_PASSWORD);
             } else {
                 String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
                 if (StringUtils.isEmpty(password)) {
@@ -841,7 +861,8 @@ public abstract class AbstractBindingBui
                 if (!StringUtils.isEmpty(password)) {
                     // If the password is available then build the token
                     if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
-                        utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);  
+                        utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
+                        policyAsserted(SPConstants.HASH_PASSWORD);
                     } else {
                         utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
                     }
@@ -854,12 +875,16 @@ public abstract class AbstractBindingBui
             
             if (token.isCreated() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
                 utBuilder.addCreated();
+                policyAsserted(SP13Constants.CREATED);
             }
             if (token.isNonce() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
                 utBuilder.addNonce();
+                policyAsserted(SP13Constants.NONCE);
             }
             
             info.setAsserted(true);
+            policyAsserted(SPConstants.USERNAME_TOKEN10);
+            policyAsserted(SPConstants.USERNAME_TOKEN11);
             return utBuilder;
         } else {
             policyNotAsserted(token, "No username available");
@@ -900,6 +925,8 @@ public abstract class AbstractBindingBui
             }
             
             info.setAsserted(true);
+            policyAsserted(SPConstants.USERNAME_TOKEN10);
+            policyAsserted(SPConstants.USERNAME_TOKEN11);
             return utBuilder;
         } else {
             policyNotAsserted(token, "No username available");
@@ -2248,6 +2275,8 @@ public abstract class AbstractBindingBui
                 sigConfList.add(part);
             }
         }
+        
+        policyAsserted(SPConstants.REQUIRE_SIGNATURE_CONFIRMATION);
     }
     
     /**

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Wed Mar 13 13:12:56 2013
@@ -56,6 +56,7 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.WSSecSignature;
 import org.apache.wss4j.dom.message.WSSecTimestamp;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -97,8 +98,10 @@ public class AsymmetricBindingHandler ex
         if (abinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
+            policyAsserted(SPConstants.ENCRYPT_BEFORE_SIGNING);
         } else {
             doSignBeforeEncrypt();
+            policyAsserted(SPConstants.SIGN_BEFORE_ENCRYPTING);
         }
     }
 
@@ -174,6 +177,7 @@ public class AsymmetricBindingHandler ex
                 if (sigConfList != null && !sigConfList.isEmpty()) {
                     enc.addAll(sigConfList);
                 }
+                policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
             }
             
             //Do encryption
@@ -319,6 +323,7 @@ public class AsymmetricBindingHandler ex
     private void checkForSignatureProtection(AbstractToken encryptionToken, WSSecBase encrBase) {
         // Check for signature protection
         if (abinding.isEncryptSignature()) {
+            policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
             List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
 
             // Now encrypt the signature using the above token
@@ -514,6 +519,7 @@ public class AsymmetricBindingHandler ex
                 dkSign.prepare(saaj.getSOAPPart(), secHeader);
 
                 if (abinding.isProtectTokens()) {
+                    policyAsserted(SPConstants.PROTECT_TOKENS);
                     if (bstElement != null) {
                         WSEncryptionPart bstPart = 
                             new WSEncryptionPart(bstElement.getAttributeNS(WSConstants.WSU_NS, "Id"));
@@ -552,6 +558,7 @@ public class AsymmetricBindingHandler ex
                       
             // This action must occur before sig.prependBSTElementToHeader
             if (abinding.isProtectTokens()) {
+                policyAsserted(SPConstants.PROTECT_TOKENS);
                 if (sig.getBSTTokenId() != null) {
                     WSEncryptionPart bstPart = 
                         new WSEncryptionPart(sig.getBSTTokenId());

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Wed Mar 13 13:12:56 2013
@@ -61,8 +61,6 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
@@ -125,12 +123,14 @@ public class SymmetricBindingHandler ext
         if (sbinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
+            policyAsserted(SPConstants.ENCRYPT_BEFORE_SIGNING);
         } else {
             doSignBeforeEncrypt();
+            policyAsserted(SPConstants.SIGN_BEFORE_ENCRYPTING);
         }
         //REVIST - what to do with these policies?
-        policyAsserted(SP11Constants.TRUST_10);
-        policyAsserted(SP12Constants.TRUST_13);
+        policyAsserted(SPConstants.TRUST_10);
+        policyAsserted(SPConstants.TRUST_13);
     }
     
     private void initializeTokens()  {
@@ -253,6 +253,7 @@ public class SymmetricBindingHandler ext
                         if (sigConfList != null && !sigConfList.isEmpty()) {
                             secondEncrParts.addAll(sigConfList);
                         }
+                        policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
                     }
                     
                     if (isRequestor()) {
@@ -385,6 +386,7 @@ public class SymmetricBindingHandler ext
                 if (sigConfList != null && !sigConfList.isEmpty()) {
                     enc.addAll(sigConfList);
                 }
+                policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
             }
             
             if (isRequestor()) {
@@ -700,6 +702,7 @@ public class SymmetricBindingHandler ext
                 }
             }
             sigs.add(new WSEncryptionPart(sigTokId));
+            policyAsserted(SPConstants.PROTECT_TOKENS);
         }
         
         dkSign.setParts(sigs);
@@ -799,6 +802,7 @@ public class SymmetricBindingHandler ext
                       
             if (included && sbinding.isProtectTokens()) {
                 sigs.add(new WSEncryptionPart(sigTokId));
+                policyAsserted(SPConstants.PROTECT_TOKENS);
             }
             
             sig.setCustomTokenId(sigTokId);

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractBindingPolicyValidator.java Wed Mar 13 13:12:56 2013
@@ -21,6 +21,7 @@ package org.apache.cxf.ws.security.wss4j
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 
@@ -210,10 +211,10 @@ public abstract class AbstractBindingPol
             return false;
         }
         assertPolicy(aim, layout);
-        assertPolicy(aim, SP12Constants.LAX);
-        assertPolicy(aim, SP12Constants.STRICT);
-        assertPolicy(aim, SP11Constants.LAX);
-        assertPolicy(aim, SP11Constants.STRICT);
+        assertPolicy(aim, SPConstants.LAYOUT_LAX);
+        assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
+        assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
+        assertPolicy(aim, SPConstants.LAYOUT_STRICT);
         
         // Check the EntireHeaderAndBodySignatures property
         if (binding.isOnlySignEntireHeadersAndBody()
@@ -225,10 +226,11 @@ public abstract class AbstractBindingPol
         assertPolicy(aim, SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY);
         
         // Check whether the signatures were encrypted or not
-        if (binding.isProtectTokens() && !isSignatureEncrypted(results)) {
+        if (binding.isEncryptSignature() && !isSignatureEncrypted(results)) {
             ai.setNotAsserted("The signature is not protected");
             return false;
         }
+        assertPolicy(aim, SPConstants.ENCRYPT_SIGNATURE);
         assertPolicy(aim, SPConstants.PROTECT_TOKENS);
         
         return true;
@@ -447,17 +449,20 @@ public abstract class AbstractBindingPol
         AssertionInfoMap aim,
         String localname
     ) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
         }
-
-        return ais;
+            
+        return Collections.emptySet();
     }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractTokenPolicyValidator.java Wed Mar 13 13:12:56 2013
@@ -20,6 +20,7 @@
 package org.apache.cxf.ws.security.wss4j.policyvalidators;
 
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 
 import javax.xml.namespace.QName;
@@ -91,17 +92,20 @@ public abstract class AbstractTokenPolic
         AssertionInfoMap aim,
         String localname
     ) {
-        Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
         Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            ais.addAll(sp11Ais);
-        }
-
         Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            ais.addAll(sp12Ais);
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
         }
-
-        return ais;
+            
+        return Collections.emptySet();
     }
 }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/TransportBindingPolicyValidator.java Wed Mar 13 13:12:56 2013
@@ -108,12 +108,10 @@ public class TransportBindingPolicyValid
             // Check the IncludeTimestamp
             if (!validateTimestamp(binding.isIncludeTimestamp(), true, results, signedResults, message)) {
                 String error = "Received Timestamp does not match the requirements";
-                notAssertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP, error);
                 ai.setNotAsserted(error);
                 continue;
             }
-            assertPolicy(aim, SP12Constants.INCLUDE_TIMESTAMP);
-            assertPolicy(aim, SP11Constants.INCLUDE_TIMESTAMP);
+            assertPolicy(aim, SPConstants.INCLUDE_TIMESTAMP);
             
             // Check the Layout
             Layout layout = binding.getLayout();
@@ -127,10 +125,10 @@ public class TransportBindingPolicyValid
                 continue;
             }
             assertPolicy(aim, binding.getLayout());
-            assertPolicy(aim, SP12Constants.LAX);
-            assertPolicy(aim, SP12Constants.STRICT);
-            assertPolicy(aim, SP11Constants.LAX);
-            assertPolicy(aim, SP11Constants.STRICT);
+            assertPolicy(aim, SPConstants.LAYOUT_LAX);
+            assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
+            assertPolicy(aim, SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
+            assertPolicy(aim, SPConstants.LAYOUT_STRICT);
         }
 
     }

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java?rev=1455925&r1=1455924&r2=1455925&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/UsernameTokenPolicyValidator.java Wed Mar 13 13:12:56 2013
@@ -23,8 +23,6 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 
-import javax.xml.namespace.QName;
-
 import org.w3c.dom.Element;
 
 import org.apache.cxf.message.Message;
@@ -34,7 +32,6 @@ import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
 import org.apache.wss4j.dom.message.token.UsernameToken;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
-import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
@@ -58,12 +55,12 @@ public class UsernameTokenPolicyValidato
         if (!ais.isEmpty()) {
             parsePolicies(ais, message, results);
             
-            assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.CREATED));
-            assertPolicy(aim, new QName(SP13Constants.SP_NS, SP12Constants.NONCE));
+            assertPolicy(aim, SP13Constants.CREATED);
+            assertPolicy(aim, SP13Constants.NONCE);
             assertPolicy(aim, SPConstants.NO_PASSWORD);
             assertPolicy(aim, SPConstants.HASH_PASSWORD);
-            assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN10);
-            assertPolicy(aim, SP12Constants.WSS_USERNAME_TOKEN11);
+            assertPolicy(aim, SPConstants.USERNAME_TOKEN10);
+            assertPolicy(aim, SPConstants.USERNAME_TOKEN11);
         }
         
         return true;



Mime
View raw message