cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1484509 - in /cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: PolicyBasedWSS4JStaxOutInterceptor.java policyhandlers/AbstractStaxBindingHandler.java policyhandlers/StaxTransportBindingHandler.java
Date Mon, 20 May 2013 16:00:35 GMT
Author: coheigea
Date: Mon May 20 16:00:35 2013
New Revision: 1484509

URL: http://svn.apache.org/r1484509
Log:
Added initial attempt at configuring SecurityPolicy for the transport binding outbound

Added:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Modified:
    cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java

Modified: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1484509&r1=1484508&r2=1484509&view=diff
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (original)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Mon May 20 16:00:35 2013
@@ -26,7 +26,6 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Map;
 import java.util.Properties;
 import java.util.logging.Logger;
 
@@ -44,19 +43,14 @@ import org.apache.cxf.service.model.Endp
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxTransportBindingHandler;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
-import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
-import org.apache.wss4j.policy.model.AbstractBinding;
-import org.apache.wss4j.policy.model.UsernameToken;
-import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
 
 /**
  * 
@@ -332,13 +326,6 @@ public class PolicyBasedWSS4JStaxOutInte
         return signCrypto;
     }
     
-    private void configureActions(
-        AssertionInfoMap aim, SoapMessage message
-    ) throws WSSecurityException {
-        configureUsernameToken(aim, message);
-        configureTimestamp(aim, message);
-    }
-    
     @Override
     protected void configureProperties(SoapMessage msg) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -346,110 +333,13 @@ public class PolicyBasedWSS4JStaxOutInte
         checkSymmetricBinding(aim, msg);
         checkTransportBinding(aim, msg);
         
-        configureActions(aim, msg);
-        
-        super.configureProperties(msg);
-    }
-    
-    private void configureUsernameToken(
-        AssertionInfoMap aim, SoapMessage message
-    ) throws WSSecurityException {
-        Map<String, Object> config = getProperties();
-                                  
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
-        if (ais != null && ais.size() > 0) {
-            UsernameToken usernameToken = (UsernameToken)ais.iterator().next().getAssertion();
-            IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
-            if (!isTokenRequired(includeToken, message)) {
-                return;
-            }
-            
-            // Action
-            if (config.containsKey(ConfigurationConstants.ACTION)) {
-                String action = (String)config.get(ConfigurationConstants.ACTION);
-                config.put(ConfigurationConstants.ACTION, 
-                           action + " " + ConfigurationConstants.USERNAME_TOKEN);
-            } else {
-                config.put(ConfigurationConstants.ACTION, 
-                           ConfigurationConstants.USERNAME_TOKEN);
-            }
-
-            // Password Type
-            PasswordType passwordType = usernameToken.getPasswordType();
-            if (passwordType == PasswordType.HashPassword) {
-                config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
-            } else if (passwordType == PasswordType.NoPassword) {
-                config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
-            } else {
-                config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
-            }
-            
-            // Nonce + Created
-            if (usernameToken.isNonce()) {
-                config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
-            }
-            if (usernameToken.isCreated()) {
-                config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
-            }
-        }
-    }
-    
-    private void configureTimestamp(
-        AssertionInfoMap aim, SoapMessage message
-    ) throws WSSecurityException {
-        Map<String, Object> config = getProperties();
-        
-        AbstractBinding binding = getBinding(aim);
-        if (binding != null && binding.isIncludeTimestamp()) {
-            // Action
-            if (config.containsKey(ConfigurationConstants.ACTION)) {
-                String action = (String)config.get(ConfigurationConstants.ACTION);
-                config.put(ConfigurationConstants.ACTION, 
-                           action + " " + ConfigurationConstants.TIMESTAMP);
-            } else {
-                config.put(ConfigurationConstants.ACTION, 
-                           ConfigurationConstants.TIMESTAMP);
-            }
-        }
-    }
-
-    private AbstractBinding getBinding(
-        AssertionInfoMap aim
-    ) throws WSSecurityException {
         Collection<AssertionInfo> ais = 
             getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
+        if (!ais.isEmpty()) {
+            new StaxTransportBindingHandler(getProperties(), msg).handleBinding();
         }
         
-        ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        return null;
+        super.configureProperties(msg);
     }
     
-    private boolean isTokenRequired(IncludeTokenType includeToken, SoapMessage soapMessage) {
-        if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
-            return false;
-        } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
-            return true;
-        } else {
-            boolean initiator = MessageUtils.isRequestor(soapMessage);
-            if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
-                || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
-                return true;
-            } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
-                return true;
-            }
-            return false;
-        }
-    }
 }

Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1484509&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Mon May 20 16:00:35 2013
@@ -0,0 +1,627 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.classloader.ClassLoaderUtils;
+import org.apache.cxf.common.i18n.Message;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.neethi.Assertion;
+import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.AbstractTokenWrapper;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.Layout;
+import org.apache.wss4j.policy.model.Layout.LayoutType;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.UsernameToken.PasswordType;
+import org.apache.wss4j.policy.model.Wss10;
+import org.apache.wss4j.policy.model.Wss11;
+import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.policy.model.X509Token.TokenType;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.xml.security.stax.ext.SecurePart;
+import org.apache.xml.security.stax.ext.SecurePart.Modifier;
+
+/**
+ * 
+ */
+public abstract class AbstractStaxBindingHandler {
+    private static final Logger LOG = LogUtils.getL7dLogger(AbstractStaxBindingHandler.class);
+    protected boolean timestampAdded;
+    protected Set<SecurePart> encryptedTokensList = new HashSet<SecurePart>();
+    private final Map<String, Object> properties;
+    private final SoapMessage message;
+    
+    public AbstractStaxBindingHandler(Map<String, Object> properties, SoapMessage msg) {
+        this.properties = properties;
+        this.message = msg;
+    }
+
+    protected SecurePart addUsernameToken(UsernameToken usernameToken) {
+        IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
+        if (!isTokenRequired(includeToken)) {
+            return null;
+        }
+
+        Map<String, Object> config = getProperties();
+        
+        // Action
+        if (config.containsKey(ConfigurationConstants.ACTION)) {
+            String action = (String)config.get(ConfigurationConstants.ACTION);
+            config.put(ConfigurationConstants.ACTION, 
+                       action + " " + ConfigurationConstants.USERNAME_TOKEN);
+        } else {
+            config.put(ConfigurationConstants.ACTION, 
+                       ConfigurationConstants.USERNAME_TOKEN);
+        }
+
+        // Password Type
+        PasswordType passwordType = usernameToken.getPasswordType();
+        if (passwordType == PasswordType.HashPassword) {
+            config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+        } else if (passwordType == PasswordType.NoPassword) {
+            config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
+        } else {
+            config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+        }
+
+        // Nonce + Created
+        if (usernameToken.isNonce()) {
+            config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+        }
+        if (usernameToken.isCreated()) {
+            config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+        }
+        
+        return new SecurePart(WSSConstants.TAG_wsse_UsernameToken, Modifier.Element);
+    }
+    
+    protected SecurePart addSamlToken(SamlToken token) throws WSSecurityException {
+        IncludeTokenType includeToken = token.getIncludeTokenType();
+        if (!isTokenRequired(includeToken)) {
+            return null;
+        }
+        
+        Map<String, Object> config = getProperties();
+        
+        //
+        // Get the SAML CallbackHandler
+        //
+        Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
+    
+        CallbackHandler handler = null;
+        if (o instanceof CallbackHandler) {
+            handler = (CallbackHandler)o;
+        } else if (o instanceof String) {
+            try {
+                handler = (CallbackHandler)ClassLoaderUtils
+                    .loadClass((String)o, this.getClass()).newInstance();
+            } catch (Exception e) {
+                handler = null;
+            }
+        }
+        if (handler == null) {
+            policyNotAsserted(token, "No SAML CallbackHandler available");
+            return null;
+        }
+        config.put(ConfigurationConstants.SAML_CALLBACK_REF, handler);
+        
+        // Action
+        boolean selfSignAssertion = 
+            MessageUtils.getContextualBoolean(
+                message, SecurityConstants.SELF_SIGN_SAML_ASSERTION, false
+            );
+        String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+        if (selfSignAssertion) {
+            samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
+        }
+        
+        if (config.containsKey(ConfigurationConstants.ACTION)) {
+            String action = (String)config.get(ConfigurationConstants.ACTION);
+            config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
+        } else {
+            config.put(ConfigurationConstants.ACTION, samlAction);
+        }
+        
+        // TODO -> Set SAML Type from policy?
+        QName qname = WSSConstants.TAG_saml2_Assertion;
+        SamlTokenType tokenType = token.getSamlTokenType();
+        if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
+            qname = WSSConstants.TAG_saml_Assertion;
+        }
+        
+        return new SecurePart(qname, Modifier.Element);
+    }
+    
+    protected void policyNotAsserted(Assertion assertion, String reason) {
+        if (assertion == null) {
+            return;
+        }
+        LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == assertion) {
+                    ai.setNotAsserted(reason);
+                }
+            }
+        }
+        if (!assertion.isOptional()) {
+            throw new PolicyException(new Message(reason, LOG));
+        }
+    }
+    
+    protected void configureTimestamp(AssertionInfoMap aim) {
+        Map<String, Object> config = getProperties();
+        
+        AbstractBinding binding = getBinding(aim);
+        if (binding != null && binding.isIncludeTimestamp()) {
+            // Action
+            if (config.containsKey(ConfigurationConstants.ACTION)) {
+                String action = (String)config.get(ConfigurationConstants.ACTION);
+                config.put(ConfigurationConstants.ACTION, 
+                           action + " " + ConfigurationConstants.TIMESTAMP);
+            } else {
+                config.put(ConfigurationConstants.ACTION, 
+                           ConfigurationConstants.TIMESTAMP);
+            }
+            
+            timestampAdded = true;
+        }
+    }
+    
+    protected void configureLayout(AssertionInfoMap aim) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.LAYOUT);
+        for (AssertionInfo ai : ais) {
+            Layout layout = (Layout)ai.getAssertion();
+            ai.setAsserted(true);
+            if (layout.getLayoutType() == LayoutType.LaxTsLast) {
+                // TODO re-order action list
+            } else if (layout.getLayoutType() == LayoutType.LaxTsFirst) {
+                // TODO re-order action list
+            }
+        }
+    }
+
+    protected AbstractBinding getBinding(AssertionInfoMap aim) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
+        
+        return null;
+    }
+    
+    protected boolean isRequestor() {
+        return MessageUtils.isRequestor(message);
+    }
+    
+    protected boolean isTokenRequired(IncludeTokenType includeToken) {
+        if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+            return false;
+        } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
+            return true;
+        } else {
+            boolean initiator = MessageUtils.isRequestor(message);
+            if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+                || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
+                return true;
+            } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+                return true;
+            }
+            return false;
+        }
+    }
+    
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+
+        return Collections.emptySet();
+    }
+
+    protected Map<String, Object> getProperties() {
+        return properties;
+    }
+
+    protected SoapMessage getMessage() {
+        return message;
+    }
+    
+    protected void configureSignature(
+        AbstractTokenWrapper wrapper, AbstractToken token, boolean attached
+    ) throws WSSecurityException {
+        Map<String, Object> config = getProperties();
+        
+        if (token instanceof X509Token) {
+            X509Token x509Token = (X509Token) token;
+            TokenType tokenType = x509Token.getTokenType();
+            if (tokenType == TokenType.WssX509PkiPathV1Token10
+                || tokenType == TokenType.WssX509PkiPathV1Token11) {
+                config.put(ConfigurationConstants.USE_SINGLE_CERTIFICATE, "false");
+            }
+        }
+        
+        // boolean alsoIncludeToken = false;
+        /* TODO if (token instanceof IssuedToken || token instanceof SamlToken) {
+            SecurityToken securityToken = getSecurityToken();
+            String tokenType = securityToken.getTokenType();
+
+            Element ref;
+            if (attached) {
+                ref = securityToken.getAttachedReference();
+            } else {
+                ref = securityToken.getUnattachedReference();
+            }
+
+            if (ref != null) {
+                SecurityTokenReference secRef = 
+                    new SecurityTokenReference(cloneElement(ref), new BSPEnforcer());
+                sig.setSecurityTokenReference(secRef);
+                sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+            } else {
+                int type = attached ? WSConstants.CUSTOM_SYMM_SIGNING 
+                    : WSConstants.CUSTOM_SYMM_SIGNING_DIRECT;
+                if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML_NS.equals(tokenType)) {
+                    sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                    || WSConstants.SAML2_NS.equals(tokenType)) {
+                    sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                } else {
+                    sig.setCustomTokenValueType(tokenType);
+                    sig.setKeyIdentifierType(type);
+                }
+            }
+
+            String sigTokId;
+            if (attached) {
+                sigTokId = securityToken.getWsuId();
+                if (sigTokId == null) {
+                    sigTokId = securityToken.getId();                    
+                }
+                if (sigTokId.startsWith("#")) {
+                    sigTokId = sigTokId.substring(1);
+                }
+            } else {
+                sigTokId = securityToken.getId();
+            }
+
+            sig.setCustomTokenId(sigTokId);
+        } else {
+        */
+        config.put(ConfigurationConstants.SIG_KEY_ID, getKeyIdentifierType(wrapper, token));
+        /*
+         * TODO
+        // Find out do we also need to include the token as per the Inclusion requirement
+        if (token instanceof X509Token 
+            && token.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER
+            && (sig.getKeyIdentifierType() != WSConstants.BST_DIRECT_REFERENCE
+            && sig.getKeyIdentifierType() != WSConstants.KEY_VALUE)) {
+            alsoIncludeToken = true;
+        }
+        */
+        // }
+
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        AbstractBinding binding = getBinding(aim);
+        config.put(ConfigurationConstants.SIG_ALGO, 
+                   binding.getAlgorithmSuite().getAsymmetricSignature());
+        AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+        config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
+        // sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+        //if (alsoIncludeToken) {
+        //    includeToken(user, crypto, sig);
+        //}
+    }
+    
+    private String getKeyIdentifierType(AbstractTokenWrapper wrapper, AbstractToken token) {
+
+        String identifier = null;
+        if (token instanceof X509Token) {
+            X509Token x509Token = (X509Token)token;
+            if (x509Token.isRequireIssuerSerialReference()) {
+                identifier = "IssuerSerial";
+            } else if (x509Token.isRequireKeyIdentifierReference()) {
+                identifier = "SKIKeyIdentifier";
+            } else if (x509Token.isRequireThumbprintReference()) {
+                identifier = "Thumbprint";
+            }
+        } else if (token instanceof KeyValueToken) {
+            identifier = "KeyValue";
+        }
+        
+        if (identifier != null) {
+            return identifier;
+        }
+
+        if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+            Wss10 wss = getWss10();
+            if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
+                return "SKIKeyIdentifier";
+            } else if (wss.isMustSupportRefIssuerSerial()) {
+                return "IssuerSerial";
+            } else if (wss instanceof Wss11
+                && ((Wss11) wss).isMustSupportRefThumbprint()) {
+                return "Thumbprint";
+            }
+        } else {
+            return "DirectReference";
+        }
+        
+        return "IssuerSerial";
+    }
+    
+    protected Wss10 getWss10() {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                return (Wss10)ai.getAssertion();
+            }            
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                return (Wss10)ai.getAssertion();
+            }            
+        }  
+        
+        return null;
+    }
+    
+    protected Map<AbstractToken, Object> handleSupportingTokens(
+        Collection<Assertion> tokens, 
+        boolean endorse
+    ) throws WSSecurityException {
+        Map<AbstractToken, Object> ret = new HashMap<AbstractToken, Object>();
+        if (tokens != null) {
+            for (Assertion pa : tokens) {
+                if (pa instanceof SupportingTokens) {
+                    handleSupportingTokens((SupportingTokens)pa, endorse, ret);
+                }
+            }
+        }
+        return ret;
+    }
+                                                            
+    protected Map<AbstractToken, Object> handleSupportingTokens(
+        SupportingTokens suppTokens,
+        boolean endorse
+    ) throws WSSecurityException {
+        return handleSupportingTokens(suppTokens, endorse, new HashMap<AbstractToken, Object>());
+    }
+                                                            
+    protected Map<AbstractToken, Object> handleSupportingTokens(
+        SupportingTokens suppTokens, 
+        boolean endorse,
+        Map<AbstractToken, Object> ret
+    ) throws WSSecurityException {
+        if (suppTokens == null) {
+            return ret;
+        }
+        for (AbstractToken token : suppTokens.getTokens()) {
+            if (token instanceof UsernameToken) {
+                handleUsernameTokenSupportingToken(
+                    (UsernameToken)token, endorse, suppTokens.isEncryptedToken(), ret
+                );
+            /* TODO else if (isRequestor() 
+                && (token instanceof IssuedToken
+                    || token instanceof SecureConversationToken
+                    || token instanceof SecurityContextToken
+                    || token instanceof KerberosToken)) {
+                //ws-trust/ws-sc stuff.......
+                SecurityToken secToken = getSecurityToken();
+                if (secToken == null) {
+                    policyNotAsserted(token, "Could not find IssuedToken");
+                }
+                Element clone = cloneElement(secToken.getToken());
+                secToken.setToken(clone);
+                addSupportingElement(clone);
+
+                String id = secToken.getId();
+                if (id != null && id.charAt(0) == '#') {
+                    id = id.substring(1);
+                }
+                if (suppTokens.isEncryptedToken()) {
+                    WSEncryptionPart part = new WSEncryptionPart(id, "Element");
+                    part.setElement(clone);
+                    encryptedTokensList.add(part);
+                }
+
+                if (secToken.getX509Certificate() == null) {  
+                    ret.put(token, new WSSecurityTokenHolder(wssConfig, secToken));
+                } else {
+                    WSSecSignature sig = new WSSecSignature(wssConfig);                    
+                    sig.setX509Certificate(secToken.getX509Certificate());
+                    sig.setCustomTokenId(id);
+                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
+                    String tokenType = secToken.getTokenType();
+                    if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML_NS.equals(tokenType)) {
+                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                    } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
+                        || WSConstants.SAML2_NS.equals(tokenType)) {
+                        sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
+                    } else if (tokenType != null) {
+                        sig.setCustomTokenValueType(tokenType);
+                    } else {
+                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+                    }
+                    sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
+                    sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+
+                    Crypto crypto = secToken.getCrypto();
+                    String uname = null;
+                    try {
+                        uname = crypto.getX509Identifier(secToken.getX509Certificate());
+                    } catch (WSSecurityException e1) {
+                        LOG.log(Level.FINE, e1.getMessage(), e1);
+                        throw new Fault(e1);
+                    }
+
+                    String password = getPassword(uname, token, WSPasswordCallback.Usage.SIGNATURE);
+                    sig.setUserInfo(uname, password);
+                    try {
+                        sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
+                    } catch (WSSecurityException e) {
+                        LOG.log(Level.FINE, e.getMessage(), e);
+                        throw new Fault(e);
+                    }
+
+                    ret.put(token, sig);                
+                }
+
+            } */
+            } else if (token instanceof X509Token || token instanceof KeyValueToken) {
+                configureSignature(suppTokens, token, false);
+                if (suppTokens.isEncryptedToken()) {
+                    SecurePart part = 
+                        new SecurePart(WSSConstants.TAG_wsse_BinarySecurityToken, Modifier.Element);
+                    encryptedTokensList.add(part);
+                }
+                ret.put(token, new SecurePart(WSSConstants.TAG_dsig_Signature, Modifier.Element));
+            } else if (token instanceof SamlToken) {
+                SecurePart securePart = addSamlToken((SamlToken)token);
+                if (securePart != null) {
+                    ret.put(token, securePart);
+                    if (suppTokens.isEncryptedToken()) {
+                        encryptedTokensList.add(securePart);
+                    }
+                }
+            }
+        }
+        return ret;
+    }
+
+    protected void handleUsernameTokenSupportingToken(
+         UsernameToken token, boolean endorse, boolean encryptedToken, Map<AbstractToken, Object> ret
+    ) throws WSSecurityException {
+        if (endorse) {
+            /* TODO
+            WSSecUsernameToken utBuilder = addDKUsernameToken(token, true);
+            if (utBuilder != null) {
+                utBuilder.prepare(saaj.getSOAPPart());
+                addSupportingElement(utBuilder.getUsernameTokenElement());
+                ret.put(token, utBuilder);
+                if (encryptedToken) {
+                    WSEncryptionPart part = new WSEncryptionPart(utBuilder.getId(), "Element");
+                    part.setElement(utBuilder.getUsernameTokenElement());
+                    encryptedTokensList.add(part);
+                }
+            }
+            */
+        } else {
+            SecurePart securePart = addUsernameToken(token);
+            if (securePart != null) {
+                ret.put(token, securePart);
+                //WebLogic and WCF always encrypt these
+                //See:  http://e-docs.bea.com/wls/docs103/webserv_intro/interop.html
+                //encryptedTokensIdList.add(utBuilder.getId());
+                if (encryptedToken
+                    || MessageUtils.getContextualBoolean(message, 
+                                                         SecurityConstants.ALWAYS_ENCRYPT_UT,
+                                                         true)) {
+                    encryptedTokensList.add(securePart);
+                }
+            }
+        }
+    }
+    
+    protected void addSignatureConfirmation(List<SecurePart> sigParts) {
+        Wss10 wss10 = getWss10();
+        
+        if (!(wss10 instanceof Wss11) 
+            || !((Wss11)wss10).isRequireSignatureConfirmation()) {
+            //If we don't require sig confirmation simply go back :-)
+            return;
+        }
+        
+        // Enable SignatureConfirmation
+        Map<String, Object> config = getProperties();
+        config.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+        
+        if (sigParts != null) {
+            SecurePart securePart = 
+                new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
+            sigParts.add(securePart);
+        }
+    }
+}

Added: cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1484509&view=auto
==============================================================================
--- cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (added)
+++ cxf/branches/wss4j2.0-port/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Mon May 20 16:00:35 2013
@@ -0,0 +1,362 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.soap.SOAPException;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractToken;
+import org.apache.wss4j.policy.model.Header;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.KeyValueToken;
+import org.apache.wss4j.policy.model.SamlToken;
+import org.apache.wss4j.policy.model.SignedElements;
+import org.apache.wss4j.policy.model.SignedParts;
+import org.apache.wss4j.policy.model.SupportingTokens;
+import org.apache.wss4j.policy.model.TransportBinding;
+import org.apache.wss4j.policy.model.TransportToken;
+import org.apache.wss4j.policy.model.UsernameToken;
+import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.stax.ext.WSSConstants;
+
+/**
+ * 
+ */
+public class StaxTransportBindingHandler extends AbstractStaxBindingHandler {
+    
+    private static final Logger LOG = LogUtils.getL7dLogger(StaxTransportBindingHandler.class);
+
+    public StaxTransportBindingHandler(Map<String, Object> properties, SoapMessage msg) {
+        super(properties, msg);
+    }
+    
+    public void handleBinding() {
+        AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
+        configureTimestamp(aim);
+        configureLayout(aim);
+        
+        if (this.isRequestor()) {
+            TransportBinding binding = (TransportBinding)getBinding(aim);
+            TransportToken token = binding.getTransportToken();
+            if (token.getToken() instanceof IssuedToken) {
+                // TODO
+            }
+            
+            try {
+                handleNonEndorsingSupportingTokens(aim);
+                handleEndorsingSupportingTokens(aim);
+            } catch (Exception e) {
+                LOG.log(Level.FINE, e.getMessage(), e);
+                throw new Fault(e);
+            }
+        } else {
+            addSignatureConfirmation(null);
+        }
+    }
+    
+    /**
+     * Handle the non-endorsing supporting tokens
+     */
+    private void handleNonEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception {
+        Collection<AssertionInfo> ais;
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
+                if (sgndSuppTokens != null) {
+                    addSignedSupportingTokens(sgndSuppTokens);
+                }
+                ai.setAsserted(true);
+            }
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                SupportingTokens sgndSuppTokens = (SupportingTokens)ai.getAssertion();
+                if (sgndSuppTokens != null) {
+                    addSignedSupportingTokens(sgndSuppTokens);
+                }
+                ai.setAsserted(true);
+            }
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                SupportingTokens encrSuppTokens = (SupportingTokens)ai.getAssertion();
+                if (encrSuppTokens != null) {
+                    addSignedSupportingTokens(encrSuppTokens);
+                }
+                ai.setAsserted(true);
+            }
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion();
+                if (suppTokens != null && suppTokens.getTokens() != null 
+                    && suppTokens.getTokens().size() > 0) {
+                    handleSupportingTokens(suppTokens, false);
+                }
+                ai.setAsserted(true);
+            }
+        }
+    }
+    
+    private void addSignedSupportingTokens(SupportingTokens sgndSuppTokens) 
+        throws Exception {
+        for (AbstractToken token : sgndSuppTokens.getTokens()) {
+            if (token instanceof UsernameToken) {
+                addUsernameToken((UsernameToken)token);
+            /*TODO 
+              else if (token instanceof IssuedToken || token instanceof KerberosToken) {
+                SecurityToken secTok = getSecurityToken();
+                
+                if (includeToken(token.getIncludeTokenType())) {
+                    //Add the token
+                    addEncryptedKeyElement(cloneElement(secTok.getToken()));
+                }
+            } */
+            } else if (token instanceof SamlToken) {
+                addSamlToken((SamlToken)token);
+            } else {
+                //REVISIT - not supported for signed.  Exception?
+            }
+        }
+        
+    }
+    
+    /**
+     * Handle the endorsing supporting tokens
+     */
+    private void handleEndorsingSupportingTokens(AssertionInfoMap aim) throws Exception {
+        Collection<AssertionInfo> ais;
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            SupportingTokens sgndSuppTokens = null;
+            for (AssertionInfo ai : ais) {
+                sgndSuppTokens = (SupportingTokens)ai.getAssertion();
+                ai.setAsserted(true);
+            }
+            if (sgndSuppTokens != null) {
+                for (AbstractToken token : sgndSuppTokens.getTokens()) {
+                    handleEndorsingToken(token, sgndSuppTokens);
+                }
+            }
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            SupportingTokens endSuppTokens = null;
+            for (AssertionInfo ai : ais) {
+                endSuppTokens = (SupportingTokens)ai.getAssertion();
+                ai.setAsserted(true);
+            } 
+            
+            if (endSuppTokens != null) {
+                for (AbstractToken token : endSuppTokens.getTokens()) {
+                    handleEndorsingToken(token, endSuppTokens);
+                }
+            }
+        }
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            SupportingTokens endSuppTokens = null;
+            for (AssertionInfo ai : ais) {
+                endSuppTokens = (SupportingTokens)ai.getAssertion();
+                ai.setAsserted(true);
+            } 
+            
+            if (endSuppTokens != null) {
+                for (AbstractToken token : endSuppTokens.getTokens()) {
+                    handleEndorsingToken(token, endSuppTokens);
+                }
+            }
+        }
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
+        if (!ais.isEmpty()) {
+            SupportingTokens endSuppTokens = null;
+            for (AssertionInfo ai : ais) {
+                endSuppTokens = (SupportingTokens)ai.getAssertion();
+                ai.setAsserted(true);
+            } 
+            
+            if (endSuppTokens != null) {
+                for (AbstractToken token : endSuppTokens.getTokens()) {
+                    handleEndorsingToken(token, endSuppTokens);
+                }
+            }
+        }
+    }
+    
+    private void handleEndorsingToken(
+        AbstractToken token, SupportingTokens wrapper
+    ) throws Exception {
+        /* TODO if (token instanceof IssuedToken
+            || token instanceof SecureConversationToken
+            || token instanceof SecurityContextToken
+            || token instanceof KerberosToken
+            || token instanceof SpnegoContextToken) {
+            addSig(doIssuedTokenSignature(token, wrapper));
+        } else */ 
+        if (token instanceof X509Token
+            || token instanceof KeyValueToken) {
+            doX509TokenSignature(token, wrapper);
+        } /* TODO else if (token instanceof SamlToken) {
+            SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
+            assertionWrapper.toDOM(saaj.getSOAPPart());
+            storeAssertionAsSecurityToken(assertionWrapper);
+            addSig(doIssuedTokenSignature(token, wrapper));
+        } TODO else if (token instanceof UsernameToken) {
+            // Create a UsernameToken object for derived keys and store the security token
+            WSSecUsernameToken usernameToken = addDKUsernameToken((UsernameToken)token, true);
+            String id = usernameToken.getId();
+            byte[] secret = usernameToken.getDerivedKey();
+
+            Date created = new Date();
+            Date expires = new Date();
+            expires.setTime(created.getTime() + 300000);
+            SecurityToken tempTok = 
+                new SecurityToken(id, usernameToken.getUsernameTokenElement(), created, expires);
+            tempTok.setSecret(secret);
+            getTokenStore().add(tempTok);
+            message.setContextualProperty(SecurityConstants.TOKEN_ID, tempTok.getId());
+            
+            addSig(doIssuedTokenSignature(token, wrapper));
+        }*/
+    }
+    
+    private void doX509TokenSignature(AbstractToken token, SupportingTokens wrapper) 
+        throws Exception {
+        
+        signPartsAndElements(wrapper.getSignedParts(), wrapper.getSignedElements());
+        
+        // Action
+        Map<String, Object> config = getProperties();
+        if (config.containsKey(ConfigurationConstants.ACTION)) {
+            String action = (String)config.get(ConfigurationConstants.ACTION);
+            config.put(ConfigurationConstants.ACTION, 
+                       action + " " + ConfigurationConstants.SIGNATURE);
+        } else {
+            config.put(ConfigurationConstants.ACTION, 
+                       ConfigurationConstants.SIGNATURE);
+        }
+        
+        /*TODO if (token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
+            WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(wrapper, token);
+            
+            Element bstElem = encrKey.getBinarySecurityTokenElement();
+            if (bstElem != null) {
+                addTopDownElement(bstElem);
+            }
+            encrKey.appendToHeader(secHeader);
+            
+            WSSecDKSign dkSig = new WSSecDKSign(wssConfig);
+            
+            dkSig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
+            dkSig.setSignatureAlgorithm(binding.getAlgorithmSuite().getSymmetricSignature());
+            AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
+            dkSig.setDerivedKeyLength(algType.getSignatureDerivedKeyLength() / 8);
+            
+            dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+            
+            dkSig.prepare(doc, secHeader);
+            
+            dkSig.setParts(sigParts);
+            List<Reference> referenceList = dkSig.addReferencesToSign(sigParts, secHeader);
+            
+            //Do signature
+            dkSig.appendDKElementToHeader(secHeader);
+            dkSig.computeSignature(referenceList, false, null);
+            
+            return dkSig.getSignatureValue();
+        } else {*/
+        configureSignature(wrapper, token, false);
+        // }
+    }
+    
+    /**
+     * Identifies the portions of the message to be signed/encrypted.
+     */
+    private void signPartsAndElements(
+        SignedParts signedParts,
+        SignedElements signedElements
+    ) throws SOAPException {
+        Map<String, Object> properties = getProperties();
+        String parts = "";
+        if (properties.containsKey(ConfigurationConstants.SIGNATURE_PARTS)) {
+            parts = (String)properties.get(ConfigurationConstants.SIGNATURE_PARTS);
+            if (!parts.endsWith(";")) {
+                parts += ";";
+            }
+        }
+        
+        // Add timestamp
+        if (timestampAdded) {
+            parts += "{Element}{" + WSSConstants.NS_WSU10 + "}Timestamp;";
+        }
+
+        // Add SignedParts
+        if (signedParts != null) {
+            if (signedParts.isBody()) {
+                parts += "{Element}{" + WSSConstants.NS_SOAP11 + "}Body;";
+            }
+            
+            for (Header head : signedParts.getHeaders()) {
+                parts += "{Element}{" +  head.getNamespace() + "}" + head.getName() + ";";
+            }
+        }
+        /*
+         * TODO
+        if (signedElements != null) {
+            // Handle SignedElements
+            try {
+                result.addAll(
+                    this.getElements(
+                        "Element", signedElements.getXPaths(), found, true
+                    )
+                );
+            } catch (XPathExpressionException e) {
+                LOG.log(Level.FINE, e.getMessage(), e);
+                // REVISIT
+            }
+        }
+        */
+        
+        properties.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
+    }
+
+
+}



Mime
View raw message