cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1485693 [3/14] - in /cxf/trunk: ./ distribution/src/main/release/samples/sts/src/main/java/demo/wssec/client/ distribution/src/main/release/samples/sts/src/main/java/demo/wssec/server/ distribution/src/main/release/samples/sts/src/main/jav...
Date Thu, 23 May 2013 13:17:32 GMT
Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlEncOutInterceptor.java Thu May 23 13:17:26 2013
@@ -44,17 +44,17 @@ import org.apache.cxf.message.MessageUti
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.common.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
-import org.apache.ws.security.message.token.DOMX509Data;
-import org.apache.ws.security.message.token.DOMX509IssuerSerial;
-import org.apache.ws.security.util.Base64;
-import org.apache.ws.security.util.UUIDGenerator;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.message.token.DOMX509Data;
+import org.apache.wss4j.dom.message.token.DOMX509IssuerSerial;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.xml.security.algorithms.JCEMapper;
 import org.apache.xml.security.encryption.XMLCipher;
 import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.stax.impl.util.IDGenerator;
+import org.apache.xml.security.utils.Base64;
 import org.apache.xml.security.utils.EncryptionConstants;
 
 public class XmlEncOutInterceptor extends AbstractXmlSecOutInterceptor {
@@ -131,12 +131,12 @@ public class XmlEncOutInterceptor extend
                 
                 userName = SecurityUtils.getUserName(crypto, userName);
                 if (StringUtils.isEmpty(userName)) {
-                    throw new WSSecurityException("User name is not available");
+                    throw new Exception("User name is not available");
                 }
                 receiverCert = getReceiverCertificateFromCrypto(crypto, userName);
             }
             if (receiverCert == null) {
-                throw new WSSecurityException("Receiver certificate is not available");
+                throw new Exception("Receiver certificate is not available");
             }
 
             String keyEncAlgo = encProps.getEncryptionKeyTransportAlgo() == null
@@ -156,7 +156,7 @@ public class XmlEncOutInterceptor extend
         Document result = xmlCipher.doFinal(payloadDoc, payloadDoc.getDocumentElement(), false);
         NodeList list = result.getElementsByTagNameNS(WSConstants.ENC_NS, "CipherValue");
         if (list.getLength() != 1) {
-            throw new WSSecurityException("Payload CipherData is missing", null);
+            throw new Exception("Payload CipherData is missing");
         }
         String cipherText = ((Element)list.item(0)).getTextContent().trim();
         Element cipherValue = 
@@ -201,9 +201,7 @@ public class XmlEncOutInterceptor extend
             }
             return keyGen;
         } catch (NoSuchAlgorithmException e) {
-            throw new WSSecurityException(
-                WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e
-            );
+            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_ALGORITHM, e);
         }
     }
     
@@ -222,7 +220,7 @@ public class XmlEncOutInterceptor extend
             String message = "Public key algorithm too weak to encrypt symmetric key";
             LOG.severe(message);
             throw new WSSecurityException(
-                WSSecurityException.FAILURE,
+                WSSecurityException.ErrorCode.FAILURE,
                 "unsupportedKeyTransp",
                 new Object[] {message}
             );
@@ -232,15 +230,15 @@ public class XmlEncOutInterceptor extend
             encryptedEphemeralKey = cipher.doFinal(keyBytes);
         } catch (IllegalStateException ex) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, ex
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, ex
             );
         } catch (IllegalBlockSizeException ex) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, ex
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, ex
             );
         } catch (BadPaddingException ex) {
             throw new WSSecurityException(
-                WSSecurityException.FAILED_ENCRYPTION, null, null, ex
+                WSSecurityException.ErrorCode.FAILED_ENCRYPTION, null, null, ex
             );
         }
        
@@ -258,7 +256,7 @@ public class XmlEncOutInterceptor extend
         
         String encodedKey = Base64Utility.encode(encryptedKey);
         Element encryptedKeyElement = createEncryptedKeyElement(doc, keyEncAlgo, digestAlgo);
-        String encKeyId = "EK-" + UUIDGenerator.getUUID();
+        String encKeyId = IDGenerator.generateID("EK-");
         encryptedKeyElement.setAttributeNS(null, "Id", encKeyId);
                 
         Element keyInfoElement = createKeyInfoElement(doc, cert);
@@ -310,7 +308,7 @@ public class XmlEncOutInterceptor extend
                 data = remoteCert.getEncoded();
             } catch (CertificateEncodingException e) {
                 throw new WSSecurityException(
-                    WSSecurityException.SECURITY_TOKEN_UNAVAILABLE, "encodeError", null, e
+                    WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "encodeError", e
                 );
             }
             Text text = encryptedDataDoc.createTextNode(Base64.encode(data));
@@ -332,7 +330,7 @@ public class XmlEncOutInterceptor extend
             DOMX509Data domX509Data = new DOMX509Data(encryptedDataDoc, domIssuerSerial);
             keyIdentifierNode = domX509Data.getElement();
         } else {
-            throw new WSSecurityException("Unsupported key identifier:" + keyIdType);
+            throw new Exception("Unsupported key identifier:" + keyIdType);
         }
  
         keyInfoElement.appendChild(keyIdentifierNode);

Modified: cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java (original)
+++ cxf/trunk/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java Thu May 23 13:17:26 2013
@@ -39,9 +39,9 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.rs.security.common.CryptoLoader;
 import org.apache.cxf.rs.security.common.SecurityUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.ws.security.WSPasswordCallback;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.xml.security.signature.XMLSignature;
 import org.apache.xml.security.transforms.Transforms;
 import org.apache.xml.security.utils.Constants;
@@ -110,11 +110,11 @@ public class XmlSigOutInterceptor extend
         String user = SecurityUtils.getUserName(message, crypto, userNameKey);
          
         if (StringUtils.isEmpty(user) || SecurityUtils.USE_REQUEST_SIGNATURE_CERT.equals(user)) {
-            throw new WSSecurityException("User name is not available");
+            throw new Exception("User name is not available");
         }
 
         String password = 
-            SecurityUtils.getPassword(message, user, WSPasswordCallback.SIGNATURE, this.getClass());
+            SecurityUtils.getPassword(message, user, WSPasswordCallback.Usage.SIGNATURE, this.getClass());
     
         X509Certificate[] issuerCerts = SecurityUtils.getCertificates(crypto, user);
         
@@ -131,7 +131,7 @@ public class XmlSigOutInterceptor extend
         } catch (Exception ex) {
             String errorMessage = "Private key can not be loaded, user:" + user;
             LOG.severe(errorMessage);
-            throw new WSSecurityException(errorMessage, ex);
+            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
         }
         
         String id = UUID.randomUUID().toString();

Modified: cxf/trunk/rt/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/pom.xml?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/pom.xml (original)
+++ cxf/trunk/rt/security/pom.xml Thu May 23 13:17:26 2013
@@ -44,8 +44,8 @@
            <version>${project.version}</version>
        </dependency>
        <dependency>
-            <groupId>org.apache.ws.security</groupId>
-            <artifactId>wss4j</artifactId>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-dom</artifactId>
             <version>${cxf.wss4j.version}</version>
             <exclusions>
                 <exclusion>

Modified: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java (original)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/AbstractXACMLAuthorizingInterceptor.java Thu May 23 13:17:26 2013
@@ -38,8 +38,8 @@ import org.apache.cxf.phase.AbstractPhas
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.security.LoginSecurityContext;
 import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-import org.apache.ws.security.util.DOM2Writer;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.common.util.DOM2Writer;
 import org.opensaml.xacml.ctx.DecisionType;
 import org.opensaml.xacml.ctx.RequestType;
 import org.opensaml.xacml.ctx.ResponseType;
@@ -62,7 +62,7 @@ public abstract class AbstractXACMLAutho
     
     public AbstractXACMLAuthorizingInterceptor() {
         super(Phase.PRE_INVOKE);
-        OpenSAMLUtil.initSamlEngine();
+        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
     }
     
     public void handleMessage(Message message) throws Fault {

Modified: cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java (original)
+++ cxf/trunk/rt/security/src/main/java/org/apache/cxf/rt/security/xacml/DefaultXACMLRequestBuilder.java Thu May 23 13:17:26 2013
@@ -29,8 +29,8 @@ import org.w3c.dom.Element;
 import org.apache.cxf.interceptor.security.SAMLSecurityContext;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.joda.time.DateTime;
 import org.opensaml.xacml.ctx.ActionType;
 import org.opensaml.xacml.ctx.AttributeType;
@@ -175,7 +175,7 @@ public class DefaultXACMLRequestBuilder 
         if (sc instanceof SAMLSecurityContext) {
             Element assertionElement = ((SAMLSecurityContext)sc).getAssertionElement();
             if (assertionElement != null) {
-                AssertionWrapper wrapper = new AssertionWrapper(assertionElement);
+                SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertionElement);
                 return wrapper.getIssuerString();
             }
         }

Modified: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java (original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/RequestComponentBuilderTest.java Thu May 23 13:17:26 2013
@@ -30,7 +30,7 @@ import javax.xml.parsers.ParserConfigura
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.joda.time.DateTime;
 import org.opensaml.xacml.ctx.ActionType;
 import org.opensaml.xacml.ctx.AttributeType;

Modified: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java (original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/SamlRequestComponentBuilderTest.java Thu May 23 13:17:26 2013
@@ -30,8 +30,7 @@ import javax.xml.parsers.ParserConfigura
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
-
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.opensaml.xacml.ctx.ActionType;
 import org.opensaml.xacml.ctx.AttributeType;
 import org.opensaml.xacml.ctx.AttributeValueType;

Modified: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java (original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLAuthorizingInterceptorTest.java Thu May 23 13:17:26 2013
@@ -29,7 +29,6 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.security.LoginSecurityContext;
 import org.apache.cxf.security.SecurityContext;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 
 
 /**
@@ -38,7 +37,7 @@ import org.apache.ws.security.saml.ext.O
 public class XACMLAuthorizingInterceptorTest extends org.junit.Assert {
     
     static {
-        OpenSAMLUtil.initSamlEngine();
+        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
     }
 
     @org.junit.Test

Modified: cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java (original)
+++ cxf/trunk/rt/security/src/test/java/org/apache/cxf/rt/security/xacml/XACMLRequestBuilderTest.java Thu May 23 13:17:26 2013
@@ -24,7 +24,6 @@ import java.util.Collections;
 
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
-import org.apache.ws.security.saml.ext.OpenSAMLUtil;
 import org.opensaml.xacml.ctx.RequestType;
 
 
@@ -34,7 +33,7 @@ import org.opensaml.xacml.ctx.RequestTyp
 public class XACMLRequestBuilderTest extends org.junit.Assert {
     
     static {
-        OpenSAMLUtil.initSamlEngine();
+        org.apache.wss4j.common.saml.OpenSAMLUtil.initSamlEngine();
     }
 
     @org.junit.Test

Modified: cxf/trunk/rt/ws/security/pom.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/pom.xml?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/pom.xml (original)
+++ cxf/trunk/rt/ws/security/pom.xml Thu May 23 13:17:26 2013
@@ -87,8 +87,8 @@
             <scope>compile</scope>
         </dependency>
         <dependency>
-            <groupId>org.apache.ws.security</groupId>
-            <artifactId>wss4j</artifactId>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-dom</artifactId>
             <version>${cxf.wss4j.version}</version>
             <exclusions>
                 <exclusion>
@@ -102,8 +102,19 @@
             </exclusions>
         </dependency>
         <dependency>
-            <groupId>commons-logging</groupId>
-            <artifactId>commons-logging</artifactId>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-policy</artifactId>
+            <version>${cxf.wss4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-stax</artifactId>
+            <version>${cxf.wss4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.wss4j</groupId>
+            <artifactId>wss4j-ws-security-policy-stax</artifactId>
+            <version>${cxf.wss4j.version}</version>
         </dependency>
 
         <dependency>

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/SecurityConstants.java Thu May 23 13:17:26 2013
@@ -182,6 +182,13 @@ public final class SecurityConstants {
     public static final String VALIDATE_SAML_SUBJECT_CONFIRMATION = 
         "ws-security.validate.saml.subject.conf";
     
+    /**
+     * Whether to enable streaming WS-Security. If set to false (the default), the old DOM
+     * implementation is used. If set to true, the new streaming (StAX) implementation is used.
+     */
+    public static final String ENABLE_STREAMING_SECURITY = 
+        "ws-security.enable.streaming";
+    
     //
     // Non-boolean WS-Security Configuration parameters
     //

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/CacheCleanupListener.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/CacheCleanupListener.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/CacheCleanupListener.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/cache/CacheCleanupListener.java Thu May 23 13:17:26 2013
@@ -29,7 +29,7 @@ import org.apache.cxf.endpoint.ServerLif
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.ws.security.cache.ReplayCache;
+import org.apache.wss4j.common.cache.ReplayCache;
 
 /**
  * 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/kerberos/KerberosClient.java Thu May 23 13:17:26 2013
@@ -30,10 +30,10 @@ import org.apache.cxf.common.logging.Log
 import org.apache.cxf.configuration.Configurable;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.ws.security.WSSConfig;
-import org.apache.ws.security.message.token.KerberosSecurity;
-import org.apache.ws.security.util.Base64;
-import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.utils.Base64;
 
 /**
  * A class that obtains a ticket from a KDC and wraps it in a SecurityToken object.

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/WSSecurityPolicyLoader.java Thu May 23 13:17:26 2013
@@ -20,54 +20,23 @@
 package org.apache.cxf.ws.security.policy;
 
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import javax.xml.namespace.QName;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.injection.NoJSR250Annotations;
 import org.apache.cxf.ws.policy.AssertionBuilderLoader;
 import org.apache.cxf.ws.policy.AssertionBuilderRegistry;
-import org.apache.cxf.ws.policy.PolicyBuilder;
 import org.apache.cxf.ws.policy.PolicyInterceptorProviderLoader;
 import org.apache.cxf.ws.policy.PolicyInterceptorProviderRegistry;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertionBuilder;
-import org.apache.cxf.ws.security.policy.builders.AlgorithmSuiteBuilder;
-import org.apache.cxf.ws.security.policy.builders.AsymmetricBindingBuilder;
-import org.apache.cxf.ws.security.policy.builders.ContentEncryptedElementsBuilder;
-import org.apache.cxf.ws.security.policy.builders.EncryptedElementsBuilder;
-import org.apache.cxf.ws.security.policy.builders.EncryptedPartsBuilder;
-import org.apache.cxf.ws.security.policy.builders.HttpsTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.InitiatorEncryptionTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.InitiatorSignatureTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.InitiatorTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.IssuedTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.KerberosTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.KeyValueTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.LayoutBuilder;
-import org.apache.cxf.ws.security.policy.builders.ProtectionTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.RecipientEncryptionTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.RecipientSignatureTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.RecipientTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.RequiredElementsBuilder;
-import org.apache.cxf.ws.security.policy.builders.RequiredPartsBuilder;
-import org.apache.cxf.ws.security.policy.builders.SamlTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.SecureConversationTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.SecurityContextTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.SignedElementsBuilder;
-import org.apache.cxf.ws.security.policy.builders.SignedPartsBuilder;
-import org.apache.cxf.ws.security.policy.builders.SpnegoContextTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.SupportingTokens12Builder;
-import org.apache.cxf.ws.security.policy.builders.SupportingTokensBuilder;
-import org.apache.cxf.ws.security.policy.builders.SymmetricBindingBuilder;
-import org.apache.cxf.ws.security.policy.builders.TransportBindingBuilder;
-import org.apache.cxf.ws.security.policy.builders.TransportTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.Trust10Builder;
-import org.apache.cxf.ws.security.policy.builders.Trust13Builder;
-import org.apache.cxf.ws.security.policy.builders.UsernameTokenBuilder;
-import org.apache.cxf.ws.security.policy.builders.WSS10Builder;
-import org.apache.cxf.ws.security.policy.builders.WSS11Builder;
-import org.apache.cxf.ws.security.policy.builders.X509TokenBuilder;
+import org.apache.cxf.ws.security.policy.custom.AlgorithmSuiteBuilder;
 import org.apache.cxf.ws.security.policy.interceptors.HttpsTokenInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.IssuedTokenInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider;
@@ -77,6 +46,49 @@ import org.apache.cxf.ws.security.policy
 import org.apache.cxf.ws.security.policy.interceptors.UsernameTokenInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.WSSecurityInterceptorProvider;
 import org.apache.cxf.ws.security.policy.interceptors.WSSecurityPolicyInterceptorProvider;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.xml.XMLPrimitiveAssertionBuilder;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SP13Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.builders.AsymmetricBindingBuilder;
+import org.apache.wss4j.policy.builders.BootstrapPolicyBuilder;
+import org.apache.wss4j.policy.builders.ContentEncryptedElementsBuilder;
+import org.apache.wss4j.policy.builders.EncryptedElementsBuilder;
+import org.apache.wss4j.policy.builders.EncryptedPartsBuilder;
+import org.apache.wss4j.policy.builders.HttpsTokenBuilder;
+import org.apache.wss4j.policy.builders.InitiatorEncryptionTokenBuilder;
+import org.apache.wss4j.policy.builders.InitiatorSignatureTokenBuilder;
+import org.apache.wss4j.policy.builders.InitiatorTokenBuilder;
+import org.apache.wss4j.policy.builders.IssuedTokenBuilder;
+import org.apache.wss4j.policy.builders.KerberosTokenBuilder;
+import org.apache.wss4j.policy.builders.KeyValueTokenBuilder;
+import org.apache.wss4j.policy.builders.LayoutBuilder;
+import org.apache.wss4j.policy.builders.ProtectionTokenBuilder;
+import org.apache.wss4j.policy.builders.RecipientEncryptionTokenBuilder;
+import org.apache.wss4j.policy.builders.RecipientSignatureTokenBuilder;
+import org.apache.wss4j.policy.builders.RecipientTokenBuilder;
+import org.apache.wss4j.policy.builders.RequiredElementsBuilder;
+import org.apache.wss4j.policy.builders.RequiredPartsBuilder;
+import org.apache.wss4j.policy.builders.SamlTokenBuilder;
+import org.apache.wss4j.policy.builders.SecureConversationTokenBuilder;
+import org.apache.wss4j.policy.builders.SecurityContextTokenBuilder;
+import org.apache.wss4j.policy.builders.SignedElementsBuilder;
+import org.apache.wss4j.policy.builders.SignedPartsBuilder;
+import org.apache.wss4j.policy.builders.SpnegoContextTokenBuilder;
+import org.apache.wss4j.policy.builders.SupportingTokensBuilder;
+import org.apache.wss4j.policy.builders.SymmetricBindingBuilder;
+import org.apache.wss4j.policy.builders.TransportBindingBuilder;
+import org.apache.wss4j.policy.builders.TransportTokenBuilder;
+import org.apache.wss4j.policy.builders.Trust10Builder;
+import org.apache.wss4j.policy.builders.Trust13Builder;
+import org.apache.wss4j.policy.builders.UsernameTokenBuilder;
+import org.apache.wss4j.policy.builders.WSS10Builder;
+import org.apache.wss4j.policy.builders.WSS11Builder;
+import org.apache.wss4j.policy.builders.X509TokenBuilder;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
 
 @NoJSR250Annotations
 public final class WSSecurityPolicyLoader implements PolicyInterceptorProviderLoader, AssertionBuilderLoader {
@@ -100,43 +112,42 @@ public final class WSSecurityPolicyLoade
         if (reg == null) {
             return;
         }
-        PolicyBuilder pbuild = bus.getExtension(PolicyBuilder.class);
         reg.registerBuilder(new AlgorithmSuiteBuilder(bus));
-        reg.registerBuilder(new AsymmetricBindingBuilder(pbuild));
+        reg.registerBuilder(new AsymmetricBindingBuilder());
         reg.registerBuilder(new ContentEncryptedElementsBuilder());
         reg.registerBuilder(new EncryptedElementsBuilder());
         reg.registerBuilder(new EncryptedPartsBuilder());
-        reg.registerBuilder(new HttpsTokenBuilder(pbuild));
-        reg.registerBuilder(new InitiatorTokenBuilder(pbuild));
-        reg.registerBuilder(new InitiatorSignatureTokenBuilder(pbuild));
-        reg.registerBuilder(new InitiatorEncryptionTokenBuilder(pbuild));
-        reg.registerBuilder(new IssuedTokenBuilder(pbuild));
+        reg.registerBuilder(new HttpsTokenBuilder());
+        reg.registerBuilder(new InitiatorTokenBuilder());
+        reg.registerBuilder(new InitiatorSignatureTokenBuilder());
+        reg.registerBuilder(new InitiatorEncryptionTokenBuilder());
+        reg.registerBuilder(new IssuedTokenBuilder());
         reg.registerBuilder(new LayoutBuilder());
-        reg.registerBuilder(new ProtectionTokenBuilder(pbuild));
-        reg.registerBuilder(new RecipientTokenBuilder(pbuild));
-        reg.registerBuilder(new RecipientSignatureTokenBuilder(pbuild));
-        reg.registerBuilder(new RecipientEncryptionTokenBuilder(pbuild));
+        reg.registerBuilder(new ProtectionTokenBuilder());
+        reg.registerBuilder(new RecipientTokenBuilder());
+        reg.registerBuilder(new RecipientSignatureTokenBuilder());
+        reg.registerBuilder(new RecipientEncryptionTokenBuilder());
         reg.registerBuilder(new RequiredElementsBuilder());
         reg.registerBuilder(new RequiredPartsBuilder());
-        reg.registerBuilder(new SamlTokenBuilder(pbuild));
-        reg.registerBuilder(new KerberosTokenBuilder(pbuild));
-        reg.registerBuilder(new SecureConversationTokenBuilder(pbuild));
+        reg.registerBuilder(new SamlTokenBuilder());
+        reg.registerBuilder(new KerberosTokenBuilder());
+        reg.registerBuilder(new SecureConversationTokenBuilder());
+        reg.registerBuilder(new BootstrapPolicyBuilder());
         reg.registerBuilder(new SecurityContextTokenBuilder());
         reg.registerBuilder(new SignedElementsBuilder());
         reg.registerBuilder(new SignedPartsBuilder());
-        reg.registerBuilder(new SpnegoContextTokenBuilder(pbuild));
-        reg.registerBuilder(new SupportingTokens12Builder(pbuild));
-        reg.registerBuilder(new SupportingTokensBuilder(pbuild));
-        reg.registerBuilder(new SymmetricBindingBuilder(pbuild));
-        reg.registerBuilder(new TransportBindingBuilder(pbuild, bus));
-        reg.registerBuilder(new TransportTokenBuilder(pbuild));
+        reg.registerBuilder(new SpnegoContextTokenBuilder());
+        reg.registerBuilder(new SupportingTokensBuilder());
+        reg.registerBuilder(new SymmetricBindingBuilder());
+        reg.registerBuilder(new TransportBindingBuilder());
+        reg.registerBuilder(new TransportTokenBuilder());
         reg.registerBuilder(new Trust10Builder());
         reg.registerBuilder(new Trust13Builder());
-        reg.registerBuilder(new UsernameTokenBuilder(pbuild));
+        reg.registerBuilder(new UsernameTokenBuilder());
         reg.registerBuilder(new KeyValueTokenBuilder());
         reg.registerBuilder(new WSS10Builder());
         reg.registerBuilder(new WSS11Builder());
-        reg.registerBuilder(new X509TokenBuilder(pbuild));
+        reg.registerBuilder(new X509TokenBuilder());
         
         //add generic assertions for these known things to prevent warnings
         List<QName> others = Arrays.asList(new QName[] {
@@ -165,14 +176,106 @@ public final class WSSecurityPolicyLoade
             SP11Constants.REQUIRE_INTERNAL_REFERENCE,
             SP12Constants.REQUIRE_ISSUER_SERIAL_REFERENCE,
             SP11Constants.REQUIRE_ISSUER_SERIAL_REFERENCE,
-            new QName(SP12Constants.SP_NS, SP12Constants.ENCRYPT_BEFORE_SIGNING),
-            new QName(SP11Constants.SP_NS, SP11Constants.ENCRYPT_BEFORE_SIGNING),
-            new QName(SP12Constants.SP_NS, SP12Constants.SIGN_BEFORE_ENCRYPTING),
-            new QName(SP11Constants.SP_NS, SP11Constants.SIGN_BEFORE_ENCRYPTING),
+            SP12Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE,
+            SP11Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE,
+            SP12Constants.ENCRYPT_BEFORE_SIGNING,
+            SP11Constants.ENCRYPT_BEFORE_SIGNING,
+            SP12Constants.SIGN_BEFORE_ENCRYPTING,
+            SP11Constants.SIGN_BEFORE_ENCRYPTING,
             SP12Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE,
             SP11Constants.REQUIRE_KEY_IDENTIFIER_REFERENCE,
+            SP12Constants.PROTECT_TOKENS,
+            SP11Constants.PROTECT_TOKENS,
+            SP12Constants.RSA_KEY_VALUE,
+            
+            // Layout
+            SP11Constants.LAX, SP11Constants.LAXTSFIRST, SP11Constants.LAXTSLAST, SP11Constants.STRICT, 
+            SP12Constants.LAX, SP12Constants.LAXTSFIRST, SP12Constants.LAXTSLAST, SP12Constants.STRICT,
+            
+            // UsernameToken
+            SP11Constants.WSS_USERNAME_TOKEN10, SP12Constants.WSS_USERNAME_TOKEN10,  
+            SP11Constants.WSS_USERNAME_TOKEN11, SP12Constants.WSS_USERNAME_TOKEN11,
+            SP12Constants.HASH_PASSWORD, SP12Constants.NO_PASSWORD,
+            SP13Constants.CREATED, SP13Constants.NONCE,
+            
+            SP12Constants.REQUIRE_INTERNAL_REFERENCE, SP11Constants.REQUIRE_INTERNAL_REFERENCE,
+            SP12Constants.REQUIRE_EXTERNAL_REFERNCE, SP11Constants.REQUIRE_EXTERNAL_REFERNCE,
+            
+            // Kerberos
+            new QName(SP11Constants.SP_NS, "WssKerberosV5ApReqToken11"),
+            new QName(SP12Constants.SP_NS, "WssKerberosV5ApReqToken11"),
+            new QName(SP11Constants.SP_NS, "WssGssKerberosV5ApReqToken11"),
+            new QName(SP12Constants.SP_NS, "WssGssKerberosV5ApReqToken11"),
+            
+            // Spnego
+            SP12Constants.MUST_NOT_SEND_AMEND,
+            SP12Constants.MUST_NOT_SEND_CANCEL,
+            SP12Constants.MUST_NOT_SEND_RENEW,            
+            
+            // Backwards compatibility thing
+            new QName("http://schemas.microsoft.com/ws/2005/07/securitypolicy", SPConstants.MUST_NOT_SEND_CANCEL),
+            
+            // SCT
+            SP12Constants.REQUIRE_EXTERNAL_URI_REFERENCE,
+            SP12Constants.SC13_SECURITY_CONTEXT_TOKEN,
+            SP11Constants.SC10_SECURITY_CONTEXT_TOKEN,
+            
+            // WSS10
+            SP12Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER, SP11Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER,
+            SP12Constants.MUST_SUPPORT_REF_ISSUER_SERIAL, SP11Constants.MUST_SUPPORT_REF_ISSUER_SERIAL,
+            SP12Constants.MUST_SUPPORT_REF_EXTERNAL_URI, SP12Constants.MUST_SUPPORT_REF_EXTERNAL_URI,
+            SP12Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN, SP11Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN,
+            
+            // WSS11
+            SP12Constants.MUST_SUPPORT_REF_THUMBPRINT, SP11Constants.MUST_SUPPORT_REF_THUMBPRINT,
+            SP12Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY, SP11Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY,
+            SP12Constants.REQUIRE_SIGNATURE_CONFIRMATION, SP11Constants.REQUIRE_SIGNATURE_CONFIRMATION,
+            
+            // SAML
+            new QName(SP11Constants.SP_NS, "WssSamlV11Token10"),
+            new QName(SP12Constants.SP_NS, "WssSamlV11Token10"),
+            new QName(SP11Constants.SP_NS, "WssSamlV11Token11"),
+            new QName(SP12Constants.SP_NS, "WssSamlV11Token11"),
+            new QName(SP11Constants.SP_NS, "WssSamlV20Token11"),
+            new QName(SP12Constants.SP_NS, "WssSamlV20Token11"),
+            
+            // HTTPs
+            SP12Constants.HTTP_BASIC_AUTHENTICATION,
+            SP12Constants.HTTP_DIGEST_AUTHENTICATION,
+            SP12Constants.REQUIRE_CLIENT_CERTIFICATE,
+            
+            // Trust13
+            SP12Constants.MUST_SUPPORT_CLIENT_CHALLENGE, SP11Constants.MUST_SUPPORT_CLIENT_CHALLENGE,
+            SP12Constants.MUST_SUPPORT_SERVER_CHALLENGE, SP11Constants.MUST_SUPPORT_SERVER_CHALLENGE,
+            SP12Constants.REQUIRE_CLIENT_ENTROPY, SP11Constants.REQUIRE_CLIENT_ENTROPY,
+            SP12Constants.REQUIRE_SERVER_ENTROPY, SP11Constants.REQUIRE_SERVER_ENTROPY,
+            SP12Constants.MUST_SUPPORT_ISSUED_TOKENS, SP11Constants.MUST_SUPPORT_ISSUED_TOKENS,
+            SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION,
+            SP12Constants.REQUIRE_APPLIES_TO,
+            SP13Constants.SCOPE_POLICY_15,
+            SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE,
+            
+        });
+        final Map<QName, Assertion> assertions = new HashMap<QName, Assertion>();
+        for (QName q : others) {
+            assertions.put(q, new PrimitiveAssertion(q));
+        }
+        for (String s : AlgorithmSuite.getSupportedAlgorithmSuiteNames()) {
+            QName q = new QName(SP11Constants.SP_NS, s);
+            assertions.put(q, new PrimitiveAssertion(q));
+            q = new QName(SP12Constants.SP_NS, s);
+            assertions.put(q, new PrimitiveAssertion(q));
+        }
+        reg.registerBuilder(new PrimitiveAssertionBuilder(assertions.keySet()) {
+            public Assertion build(Element element, AssertionBuilderFactory fact) {
+                if (XMLPrimitiveAssertionBuilder.isOptional(element)
+                    || XMLPrimitiveAssertionBuilder.isIgnorable(element)) {
+                    return super.build(element, fact);
+                }
+                QName q = new QName(element.getNamespaceURI(), element.getLocalName());
+                return assertions.get(q);
+            }            
         });
-        reg.registerBuilder(new PrimitiveAssertionBuilder(others));
     }
     
     public void registerProviders() {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/AlgorithmSuiteLoader.java Thu May 23 13:17:26 2013
@@ -18,10 +18,10 @@
  */
 package org.apache.cxf.ws.security.policy.custom;
 
-import org.w3c.dom.Element;
-
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
+import org.apache.cxf.Bus;
+import org.apache.neethi.Policy;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
 
 /**
  * This interface defines a way of retrieving an AlgorithmSuite object from the policy element
@@ -29,6 +29,6 @@ import org.apache.cxf.ws.security.policy
  */
 public interface AlgorithmSuiteLoader {
 
-    AlgorithmSuite getAlgorithmSuite(Element policyElement, SPConstants consts);
+    AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, Policy nestedPolicy);
 
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/custom/DefaultAlgorithmSuiteLoader.java Thu May 23 13:17:26 2013
@@ -18,35 +18,112 @@
  */
 package org.apache.cxf.ws.security.policy.custom;
 
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
 import org.w3c.dom.Element;
 
-import org.apache.cxf.helpers.DOMUtils;
-import org.apache.cxf.ws.security.policy.SPConstants;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
+import org.apache.cxf.Bus;
+import org.apache.cxf.ws.policy.AssertionBuilderRegistry;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
+import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertionBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.builders.xml.XMLPrimitiveAssertionBuilder;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
 
 /**
- * This class retrieves the default AlgorithmSuites.
+ * This class retrieves the default AlgorithmSuites plus the CXF specific GCM AlgorithmSuites.
  */
 public class DefaultAlgorithmSuiteLoader implements AlgorithmSuiteLoader {
     
-    private static final String CXF_CUSTOM_POLICY_NS = 
-         "http://cxf.apache.org/custom/security-policy";
+    public AlgorithmSuite getAlgorithmSuite(Bus bus, SPConstants.SPVersion version, Policy nestedPolicy) {
+        AssertionBuilderRegistry reg = bus.getExtension(AssertionBuilderRegistry.class);
+        if (reg != null) {
+            String ns = "http://cxf.apache.org/custom/security-policy";
+            final Map<QName, Assertion> assertions = new HashMap<QName, Assertion>();
+            QName qName = new QName(ns, "Basic128GCM");
+            assertions.put(qName, new PrimitiveAssertion(qName));
+            qName = new QName(ns, "Basic192GCM");
+            assertions.put(qName, new PrimitiveAssertion(qName));
+            qName = new QName(ns, "Basic256GCM");
+            assertions.put(qName, new PrimitiveAssertion(qName));
+            
+            reg.registerBuilder(new PrimitiveAssertionBuilder(assertions.keySet()) {
+                public Assertion build(Element element, AssertionBuilderFactory fact) {
+                    if (XMLPrimitiveAssertionBuilder.isOptional(element)
+                        || XMLPrimitiveAssertionBuilder.isIgnorable(element)) {
+                        return super.build(element, fact);
+                    }
+                    QName q = new QName(element.getNamespaceURI(), element.getLocalName());
+                    return assertions.get(q);
+                }            
+            });
+        }
+        return new GCMAlgorithmSuite(version, nestedPolicy);
+    }
+    
+    private static class GCMAlgorithmSuite extends AlgorithmSuite {
+
+        GCMAlgorithmSuite(SPConstants.SPVersion version, Policy nestedPolicy) {
+            super(version, nestedPolicy);
+        }
+
+        @Override
+        protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
+            return new GCMAlgorithmSuite(getVersion(), nestedPolicy);
+        }
 
-    public AlgorithmSuite getAlgorithmSuite(Element policyElement, SPConstants consts) {
-        if (policyElement != null) {
-            Element algorithm = DOMUtils.getFirstElement(policyElement);
-            if (algorithm != null) {
-                AlgorithmSuite algorithmSuite = null;
-                if (CXF_CUSTOM_POLICY_NS.equals(algorithm.getNamespaceURI())) {
-                    algorithmSuite = new GCMAlgorithmSuite(consts);
-                } else {
-                    algorithmSuite = new AlgorithmSuite(consts);
-                }
-                algorithmSuite.setAlgorithmSuite(algorithm.getLocalName());
-                return algorithmSuite;
+        @Override
+        protected void parseCustomAssertion(Assertion assertion) {
+            String assertionName = assertion.getName().getLocalPart();
+            String assertionNamespace = assertion.getName().getNamespaceURI();
+            if (!"http://cxf.apache.org/custom/security-policy".equals(assertionNamespace)) {
+                return;
+            }
+
+            if ("Basic128GCM".equals(assertionName)) {
+                setAlgorithmSuiteType(new AlgorithmSuiteType(
+                        "Basic128GCM",
+                        SPConstants.SHA1,
+                        "http://www.w3.org/2009/xmlenc11#aes128-gcm",
+                        SPConstants.KW_AES128,
+                        SPConstants.KW_RSA_OAEP,
+                        SPConstants.P_SHA1_L128,
+                        SPConstants.P_SHA1_L128,
+                        128, 128, 128, 256, 1024, 4096
+                ));
+                getAlgorithmSuiteType().setNamespace(assertionNamespace);
+            } else if ("Basic192GCM".equals(assertionName)) {
+                setAlgorithmSuiteType(new AlgorithmSuiteType(
+                        "Basic192GCM",
+                        SPConstants.SHA1,
+                        "http://www.w3.org/2009/xmlenc11#aes192-gcm",
+                        SPConstants.KW_AES192,
+                        SPConstants.KW_RSA_OAEP,
+                        SPConstants.P_SHA1_L192,
+                        SPConstants.P_SHA1_L192,
+                        192, 192, 192, 256, 1024, 4096));
+                getAlgorithmSuiteType().setNamespace(assertionNamespace);
+            } else if ("Basic256GCM".equals(assertionName)) {
+                setAlgorithmSuiteType(new AlgorithmSuiteType(
+                        "Basic256GCM",
+                        SPConstants.SHA1,
+                        "http://www.w3.org/2009/xmlenc11#aes256-gcm",
+                        SPConstants.KW_AES256,
+                        SPConstants.KW_RSA_OAEP,
+                        SPConstants.P_SHA1_L256,
+                        SPConstants.P_SHA1_L192,
+                        256, 192, 256, 256, 1024, 4096));
+                getAlgorithmSuiteType().setNamespace(assertionNamespace);
             }
         }
-        return null;
     }
 
+
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java Thu May 23 13:17:26 2013
@@ -21,12 +21,16 @@ package org.apache.cxf.ws.security.polic
 
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
+import java.util.logging.Logger;
 
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
@@ -42,15 +46,23 @@ import org.apache.cxf.ws.policy.Abstract
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
-import org.apache.cxf.ws.security.policy.SP11Constants;
-import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.HttpsToken;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.HttpsToken;
+import org.apache.wss4j.stax.impl.securityToken.HttpsSecurityTokenImpl;
+import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
+import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 
 /**
  * 
  */
 public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
     
+    private static final Logger LOG = LogUtils.getL7dLogger(HttpsTokenInterceptorProvider.class);
+    
     private static final long serialVersionUID = -13951002554477036L;
 
     public HttpsTokenInterceptorProvider() {
@@ -79,12 +91,13 @@ public class HttpsTokenInterceptorProvid
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.HTTPS_TOKEN);
-                if (ais == null) {
+                Collection<AssertionInfo> ais = 
+                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.HTTPS_TOKEN);
+                if (ais.isEmpty()) {
                     return;
                 }
                 if (isRequestor(message)) {
-                    assertHttps(ais, message);
+                    assertHttps(aim, ais, message);
                 } else {
                     //server side should be checked on the way in
                     for (AssertionInfo ai : ais) {
@@ -93,7 +106,7 @@ public class HttpsTokenInterceptorProvid
                 }
             }
         }
-        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
+        private void assertHttps(AssertionInfoMap aim, Collection<AssertionInfo> ais, Message message) {
             for (AssertionInfo ai : ais) {
                 HttpsToken token = (HttpsToken)ai.getAssertion();
                 String scheme = (String)message.get("http.scheme");
@@ -101,7 +114,8 @@ public class HttpsTokenInterceptorProvid
                 Map<String, List<String>> headers = getSetProtocolHeaders(message);
                 
                 if ("https".equals(scheme)) {
-                    if (token.isRequireClientCertificate()) {
+                    if (token.getAuthenticationType() 
+                        == HttpsToken.AuthenticationType.RequireClientCertificate) {
                         final MessageTrustDecider orig = message.get(MessageTrustDecider.class);
                         MessageTrustDecider trust = new MessageTrustDecider() {
                             public void establishTrust(String conduitName,
@@ -122,20 +136,25 @@ public class HttpsTokenInterceptorProvid
                             }
                         };
                         message.put(MessageTrustDecider.class, trust);
+                        NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
                     }
-                    if (token.isHttpBasicAuthentication()) {
+                    if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication) {
                         List<String> auth = headers.get("Authorization");
                         if (auth == null || auth.size() == 0 
                             || !auth.get(0).startsWith("Basic")) {
                             ai.setNotAsserted("HttpBasicAuthentication is set, but not being used");
+                        } else {
+                            NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION);
                         }
                     }
-                    if (token.isHttpDigestAuthentication()) {
+                    if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) {
                         List<String> auth = headers.get("Authorization");
                         if (auth == null || auth.size() == 0 
                             || !auth.get(0).startsWith("Digest")) {
                             ai.setNotAsserted("HttpDigestAuthentication is set, but not being used");
-                        }                        
+                        } else {
+                            NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION);
+                        }
                     }
                 } else {
                     ai.setNotAsserted("Not an HTTPs connection");
@@ -157,12 +176,17 @@ public class HttpsTokenInterceptorProvid
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.HTTPS_TOKEN);
-                if (ais == null) {
+                Collection<AssertionInfo> ais = 
+                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.HTTPS_TOKEN);
+                if (ais.isEmpty()) {
                     return;
                 }
                 if (!isRequestor(message)) {
-                    assertHttps(ais, message);
+                    try {
+                        assertHttps(aim, ais, message);
+                    } catch (XMLSecurityException e) {
+                        LOG.fine(e.getMessage());
+                    }
                     // Store the TLS principal on the message context
                     SecurityContext sc = message.get(SecurityContext.class);
                     if (sc == null || sc.getUserPrincipal() == null) {
@@ -182,45 +206,113 @@ public class HttpsTokenInterceptorProvid
                     //client side should be checked on the way out
                     for (AssertionInfo ai : ais) {
                         ai.setAsserted(true);
-                    }                    
+                    }
+                    
+                    NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION);
+                    NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION);
+                    NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
                 }
             }
         }
         
-        private void assertHttps(Collection<AssertionInfo> ais, Message message) {
+        private void assertHttps(
+            AssertionInfoMap aim, 
+            Collection<AssertionInfo> ais, 
+            Message message
+        ) throws XMLSecurityException {
+            List<SecurityEvent> securityEvents = getSecurityEventList(message);
+            AuthorizationPolicy policy = message.get(AuthorizationPolicy.class);
+            
             for (AssertionInfo ai : ais) {
                 boolean asserted = true;
                 HttpsToken token = (HttpsToken)ai.getAssertion();
                 
+                HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
+                
                 Map<String, List<String>> headers = getSetProtocolHeaders(message);                
-                if (token.isHttpBasicAuthentication()) {
+                if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication) {
                     List<String> auth = headers.get("Authorization");
                     if (auth == null || auth.size() == 0 
                         || !auth.get(0).startsWith("Basic")) {
                         asserted = false;
+                    } else {
+                        httpsTokenSecurityEvent.setAuthenticationType(
+                            HttpsTokenSecurityEvent.AuthenticationType.HttpBasicAuthentication
+                        );
+                        HttpsSecurityTokenImpl httpsSecurityToken = 
+                            new HttpsSecurityTokenImpl(true, policy.getUserName());
+                        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
+                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
+                        NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION);
                     }
                 }
-                if (token.isHttpDigestAuthentication()) {
+                if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication) {
                     List<String> auth = headers.get("Authorization");
                     if (auth == null || auth.size() == 0 
                         || !auth.get(0).startsWith("Digest")) {
                         asserted = false;
-                    }                        
+                    } else {
+                        httpsTokenSecurityEvent.setAuthenticationType(
+                            HttpsTokenSecurityEvent.AuthenticationType.HttpDigestAuthentication
+                        );
+                        HttpsSecurityTokenImpl httpsSecurityToken = 
+                            new HttpsSecurityTokenImpl(false, policy.getUserName());
+                        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
+                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
+                        NegotiationUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION);
+                    }
                 }
 
                 TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);                
                 if (tlsInfo != null) {
-                    if (token.isRequireClientCertificate()
-                        && (tlsInfo.getPeerCertificates() == null 
-                            || tlsInfo.getPeerCertificates().length == 0)) {
-                        asserted = false;
+                    if (token.getAuthenticationType() 
+                        == HttpsToken.AuthenticationType.RequireClientCertificate) {
+                        if (tlsInfo.getPeerCertificates() == null 
+                            || tlsInfo.getPeerCertificates().length == 0) {
+                            asserted = false;
+                        } else {
+                            NegotiationUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+                        }
+                    }
+                    
+                    if (tlsInfo.getPeerCertificates() != null && tlsInfo.getPeerCertificates().length > 0) {
+                        httpsTokenSecurityEvent.setAuthenticationType(
+                            HttpsTokenSecurityEvent.AuthenticationType.HttpsClientCertificateAuthentication
+                        );
+                        HttpsSecurityTokenImpl httpsSecurityToken = 
+                            new HttpsSecurityTokenImpl((X509Certificate)tlsInfo.getPeerCertificates()[0]);
+                        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
+                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
+                    } else {
+                        httpsTokenSecurityEvent.setAuthenticationType(
+                            HttpsTokenSecurityEvent.AuthenticationType.HttpsNoAuthentication
+                        );
+                        HttpsSecurityTokenImpl httpsSecurityToken = new HttpsSecurityTokenImpl();
+                        httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
+                        httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
                     }
                 } else {
                     asserted = false;
                 }                
                 
                 ai.setAsserted(asserted);
+                
+                if (asserted) {
+                    securityEvents.add(httpsTokenSecurityEvent);
+                }
+            }
+        }
+        
+        private List<SecurityEvent> getSecurityEventList(Message message) {
+            @SuppressWarnings("unchecked")
+            List<SecurityEvent> securityEvents = 
+                (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName() + ".out");
+            if (securityEvents == null) {
+                securityEvents = new ArrayList<SecurityEvent>();
+                message.getExchange().put(SecurityEvent.class.getName() + ".out", securityEvents);
             }
+            
+            return securityEvents;
         }
         
         private SecurityContext createSecurityContext(final Principal p) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java Thu May 23 13:17:26 2013
@@ -42,11 +42,6 @@ import org.apache.cxf.ws.policy.Abstract
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.policy.SP11Constants;
-import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.IssuedToken;
-import org.apache.cxf.ws.security.policy.model.Trust10;
-import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
@@ -55,15 +50,21 @@ import org.apache.cxf.ws.security.trust.
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JOutInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.IssuedTokenPolicyValidator;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.message.token.BinarySecurity;
-import org.apache.ws.security.saml.SAMLKeyInfo;
-import org.apache.ws.security.saml.ext.AssertionWrapper;
+import org.apache.wss4j.common.saml.SAMLKeyInfo;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.token.BinarySecurity;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.IssuedToken;
+import org.apache.wss4j.policy.model.Trust10;
+import org.apache.wss4j.policy.model.Trust13;
 
 /**
  * 
@@ -136,9 +137,11 @@ public class IssuedTokenInterceptorProvi
         public void handleMessage(Message message) throws Fault {
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
+            
             if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
-                if (ais == null || ais.isEmpty()) {
+                Collection<AssertionInfo> ais = 
+                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN);
+                if (ais.isEmpty()) {
                     return;
                 }
                 if (isRequestor(message)) {
@@ -179,15 +182,17 @@ public class IssuedTokenInterceptorProvi
             }
         }
         private Trust10 getTrust10(AssertionInfoMap aim) {
-            Collection<AssertionInfo> ais = aim.get(SP11Constants.TRUST_10);
-            if (ais == null || ais.isEmpty()) {
+            Collection<AssertionInfo> ais = 
+                NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_10);
+            if (ais.isEmpty()) {
                 return null;
             }
             return (Trust10)ais.iterator().next().getAssertion();
         }
         private Trust13 getTrust13(AssertionInfoMap aim) {
-            Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
-            if (ais == null || ais.isEmpty()) {
+            Collection<AssertionInfo> ais = 
+                NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_13);
+            if (ais.isEmpty()) {
                 return null;
             }
             return (Trust13)ais.iterator().next().getAssertion();
@@ -342,10 +347,9 @@ public class IssuedTokenInterceptorProvi
         ) throws Exception {
             client.setTrust(getTrust10(aim));
             client.setTrust(getTrust13(aim));
-            client.setTemplate(itok.getRstTemplate());
-            Element policy = itok.getPolicy();
-            if (policy != null && policy.getNamespaceURI() != null) {
-                client.setWspNamespace(policy.getNamespaceURI());
+            client.setTemplate(itok.getRequestSecurityTokenTemplate());
+            if (itok.getPolicy() != null && itok.getPolicy().getNamespace() != null) {
+                client.setWspNamespace(itok.getPolicy().getNamespace());
             }
             if (maps != null && maps.getNamespaceURI() != null) {
                 client.setAddressingNamespace(maps.getNamespaceURI());
@@ -402,7 +406,7 @@ public class IssuedTokenInterceptorProvi
                     client.setTrust(getTrust10(aim));
                     client.setTrust(getTrust13(aim));
                     
-                    client.setTemplate(itok.getRstTemplate());
+                    client.setTemplate(itok.getRequestSecurityTokenTemplate());
                     return client.renewSecurityToken(tok);
                 } catch (RuntimeException e) {
                     throw e;
@@ -494,8 +498,9 @@ public class IssuedTokenInterceptorProvi
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.ISSUED_TOKEN);
-                if (ais == null) {
+                Collection<AssertionInfo> ais = 
+                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN);
+                if (ais.isEmpty()) {
                     return;
                 }
                 if (!isRequestor(message)) {
@@ -519,13 +524,14 @@ public class IssuedTokenInterceptorProvi
             AssertionInfoMap aim
         ) {
             List<WSSecurityEngineResult> signedResults = 
-                WSS4JUtils.fetchAllActionResults(rResult.getResults(), WSConstants.SIGN);
+                WSSecurityUtil.fetchAllActionResults(rResult.getResults(), WSConstants.SIGN);
             
             IssuedTokenPolicyValidator issuedValidator = 
                 new IssuedTokenPolicyValidator(signedResults, message);
-            Collection<AssertionInfo> issuedAis = aim.get(SP12Constants.ISSUED_TOKEN);
+            Collection<AssertionInfo> issuedAis = 
+                NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.ISSUED_TOKEN);
 
-            for (AssertionWrapper assertionWrapper : findSamlTokenResults(rResult.getResults())) {
+            for (SamlAssertionWrapper assertionWrapper : findSamlTokenResults(rResult.getResults())) {
                 boolean valid = issuedValidator.validatePolicy(issuedAis, assertionWrapper);
                 if (valid) {
                     SecurityToken token = createSecurityToken(assertionWrapper);
@@ -547,15 +553,15 @@ public class IssuedTokenInterceptorProvi
             }
         }
         
-        private List<AssertionWrapper> findSamlTokenResults(
+        private List<SamlAssertionWrapper> findSamlTokenResults(
             List<WSSecurityEngineResult> wsSecEngineResults
         ) {
-            List<AssertionWrapper> results = new ArrayList<AssertionWrapper>();
+            List<SamlAssertionWrapper> results = new ArrayList<SamlAssertionWrapper>();
             for (WSSecurityEngineResult wser : wsSecEngineResults) {
                 Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
                 if (actInt.intValue() == WSConstants.ST_SIGNED
                     || actInt.intValue() == WSConstants.ST_UNSIGNED) {
-                    results.add((AssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+                    results.add((SamlAssertionWrapper)wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
                 }
             }
             return results;
@@ -575,7 +581,7 @@ public class IssuedTokenInterceptorProvi
         }
         
         private SecurityToken createSecurityToken(
-            AssertionWrapper assertionWrapper
+            SamlAssertionWrapper assertionWrapper
         ) {
             SecurityToken token = new SecurityToken(assertionWrapper.getId());
 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/KerberosTokenInterceptorProvider.java Thu May 23 13:17:26 2013
@@ -37,8 +37,6 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.kerberos.KerberosClient;
 import org.apache.cxf.ws.security.kerberos.KerberosUtils;
-import org.apache.cxf.ws.security.policy.SP11Constants;
-import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
@@ -46,12 +44,15 @@ import org.apache.cxf.ws.security.wss4j.
 import org.apache.cxf.ws.security.wss4j.PolicyBasedWSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.KerberosTokenPolicyValidator;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.message.token.BinarySecurity;
-import org.apache.ws.security.message.token.KerberosSecurity;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.token.BinarySecurity;
+import org.apache.wss4j.dom.message.token.KerberosSecurity;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
 
 /**
  * 
@@ -102,8 +103,9 @@ public class KerberosTokenInterceptorPro
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.KERBEROS_TOKEN);
-                if (ais == null || ais.isEmpty()) {
+                Collection<AssertionInfo> ais = 
+                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN);
+                if (ais.isEmpty()) {
                     return;
                 }
                 if (isRequestor(message)) {
@@ -134,6 +136,9 @@ public class KerberosTokenInterceptorPro
                         ai.setAsserted(true);
                     }                    
                 }
+                
+                NegotiationUtils.assertPolicy(aim, "WssKerberosV5ApReqToken11");
+                NegotiationUtils.assertPolicy(aim, "WssGssKerberosV5ApReqToken11");
             }
         }
         
@@ -150,8 +155,9 @@ public class KerberosTokenInterceptorPro
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim != null) {
-                Collection<AssertionInfo> ais = aim.get(SP12Constants.KERBEROS_TOKEN);
-                if (ais == null) {
+                Collection<AssertionInfo> ais = 
+                    NegotiationUtils.getAllAssertionsByLocalname(aim, SPConstants.KERBEROS_TOKEN);
+                if (ais.isEmpty()) {
                     return;
                 }
                 if (!isRequestor(message)) {
@@ -166,6 +172,9 @@ public class KerberosTokenInterceptorPro
                         ai.setAsserted(true);
                     }                    
                 }
+                
+                NegotiationUtils.assertPolicy(aim, "WssKerberosV5ApReqToken11");
+                NegotiationUtils.assertPolicy(aim, "WssGssKerberosV5ApReqToken11");
             }
         }
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java Thu May 23 13:17:26 2013
@@ -20,9 +20,12 @@
 package org.apache.cxf.ws.security.policy.interceptors;
 
 import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
 
 import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -47,25 +50,26 @@ import org.apache.cxf.ws.policy.Endpoint
 import org.apache.cxf.ws.policy.PolicyEngine;
 import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.policy.SP11Constants;
-import org.apache.cxf.ws.security.policy.SP12Constants;
-import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
-import org.apache.cxf.ws.security.policy.model.Binding;
-import org.apache.cxf.ws.security.policy.model.Trust10;
-import org.apache.cxf.ws.security.policy.model.Trust13;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
 import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.neethi.Assertion;
 import org.apache.neethi.Policy;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityEngineResult;
-import org.apache.ws.security.conversation.ConversationConstants;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.handler.WSHandlerConstants;
-import org.apache.ws.security.handler.WSHandlerResult;
-import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.wss4j.common.derivedKey.ConversationConstants;
+import org.apache.wss4j.common.derivedKey.ConversationException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.dom.handler.WSHandlerResult;
+import org.apache.wss4j.dom.message.token.SecurityContextToken;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.Trust10;
+import org.apache.wss4j.policy.model.Trust13;
 
 /**
  * This is a collection of utility methods for use in negotiation exchanges such as WS-SecureConversation 
@@ -78,19 +82,16 @@ final class NegotiationUtils {
     }
 
     static Trust10 getTrust10(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_10);
-        if (ais == null || ais.isEmpty()) {
-            ais = aim.get(SP11Constants.TRUST_10);
-        }
-        if (ais == null || ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.TRUST_10);
+        if (ais.isEmpty()) {
             return null;
         }
         return (Trust10)ais.iterator().next().getAssertion();
     }
     
     static Trust13 getTrust13(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRUST_13);
-        if (ais == null || ais.isEmpty()) {
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.TRUST_13);
+        if (ais.isEmpty()) {
             return null;
         }
         return (Trust13)ais.iterator().next().getAssertion();
@@ -146,23 +147,24 @@ final class NegotiationUtils {
     }
 
     static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) {
-        Binding transport = null;
-        Collection<AssertionInfo> ais = aim.get(SP12Constants.TRANSPORT_BINDING);
-        if (ais != null) {
+        AbstractBinding transport = null;
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (!ais.isEmpty()) {
             for (AssertionInfo ai : ais) {
-                transport = (Binding)ai.getAssertion();
+                transport = (AbstractBinding)ai.getAssertion();
             }                    
         } else {
-            ais = aim.get(SP12Constants.ASYMMETRIC_BINDING);
-            if (ais != null) {
+            ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+            if (!ais.isEmpty()) {
                 for (AssertionInfo ai : ais) {
-                    transport = (Binding)ai.getAssertion();
+                    transport = (AbstractBinding)ai.getAssertion();
                 }                    
             } else {
-                ais = aim.get(SP12Constants.SYMMETRIC_BINDING);
-                if (ais != null) {
+                ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+                if (!ais.isEmpty()) {
                     for (AssertionInfo ai : ais) {
-                        transport = (Binding)ai.getAssertion();
+                        transport = (AbstractBinding)ai.getAssertion();
                     }                    
                 }
             }
@@ -302,4 +304,48 @@ final class NegotiationUtils {
         return handler;
     }
     
+    static boolean assertPolicy(AssertionInfoMap aim, QName name) {
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(name);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
+    static boolean assertPolicy(AssertionInfoMap aim, String localname) {
+        Collection<AssertionInfo> ais = 
+            NegotiationUtils.getAllAssertionsByLocalname(aim, localname);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }    
+            return true;
+        }
+        return false;
+    }
+    
+    static Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+        
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+            
+        return Collections.emptySet();
+    }
+
 }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSInvoker.java Thu May 23 13:17:26 2013
@@ -44,15 +44,16 @@ import org.apache.cxf.ws.addressing.JAXW
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSUtils;
-import org.apache.ws.security.WSConstants;
-import org.apache.ws.security.WSSecurityException;
-import org.apache.ws.security.conversation.ConversationException;
-import org.apache.ws.security.conversation.dkalgo.P_SHA1;
-import org.apache.ws.security.message.token.Reference;
-import org.apache.ws.security.message.token.SecurityTokenReference;
-import org.apache.ws.security.util.Base64;
-import org.apache.ws.security.util.WSSecurityUtil;
-import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.wss4j.common.derivedKey.ConversationException;
+import org.apache.wss4j.common.derivedKey.P_SHA1;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.WSConstants;
+import org.apache.wss4j.dom.bsp.BSPEnforcer;
+import org.apache.wss4j.dom.message.token.Reference;
+import org.apache.wss4j.dom.message.token.SecurityTokenReference;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
+import org.apache.xml.security.utils.Base64;
 
 /**
  * An abstract Invoker used by the Spnego and SecureConversationInInterceptors.
@@ -169,7 +170,8 @@ abstract class STSInvoker implements Inv
     }
 
     private SecurityToken findCancelToken(Exchange exchange, Element el) throws WSSecurityException {
-        SecurityTokenReference ref = new SecurityTokenReference(DOMUtils.getFirstElement(el));
+        SecurityTokenReference ref = 
+            new SecurityTokenReference(DOMUtils.getFirstElement(el), new BSPEnforcer());
         String uri = ref.getReference().getURI();
         TokenStore store = (TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
                 .getProperty(TokenStore.class.getName());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SamlTokenInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SamlTokenInterceptorProvider.java?rev=1485693&r1=1485692&r2=1485693&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SamlTokenInterceptorProvider.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SamlTokenInterceptorProvider.java Thu May 23 13:17:26 2013
@@ -25,8 +25,9 @@ import java.util.Collection;
 import javax.xml.namespace.QName;
 
 import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
-import org.apache.cxf.ws.security.policy.SP12Constants;
 import org.apache.cxf.ws.security.wss4j.SamlTokenInterceptor;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
 
 /**
  * 
@@ -38,6 +39,7 @@ public class SamlTokenInterceptorProvide
         ASSERTION_TYPES = new ArrayList<QName>();
         
         ASSERTION_TYPES.add(SP12Constants.SAML_TOKEN);
+        ASSERTION_TYPES.add(SP11Constants.SAML_TOKEN);
     }
 
     public SamlTokenInterceptorProvider() {



Mime
View raw message