cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1534146 - /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/
Date Mon, 21 Oct 2013 13:32:50 GMT
Author: coheigea
Date: Mon Oct 21 13:32:50 2013
New Revision: 1534146

URL: http://svn.apache.org/r1534146
Log:
Consolidated some common code between DOM + StAX WS-Security code

Added:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Mon Oct 21 13:32:50 2013
@@ -25,7 +25,6 @@ import java.net.URL;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -57,7 +56,6 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJUtils;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.endpoint.Endpoint;
@@ -71,7 +69,6 @@ import org.apache.cxf.service.model.Endp
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyConstants;
-import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
@@ -151,7 +148,7 @@ import org.opensaml.common.SAMLVersion;
 /**
  * 
  */
-public abstract class AbstractBindingBuilder {
+public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandler {
     public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
     protected static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
     
@@ -163,7 +160,6 @@ public abstract class AbstractBindingBui
     protected WSSecHeader secHeader;
     protected AssertionInfoMap aim;
     protected AbstractBinding binding;
-    protected SoapMessage message;
     protected WSSecTimestamp timestampEl;
     protected String mainSigId;
     protected List<WSEncryptionPart> sigConfList;
@@ -192,12 +188,12 @@ public abstract class AbstractBindingBui
                            WSSecHeader secHeader,
                            AssertionInfoMap aim,
                            SoapMessage message) {
+        super(message);
         this.wssConfig = config;
         this.binding = binding;
         this.aim = aim;
         this.secHeader = secHeader;
         this.saaj = saaj;
-        this.message = message;
         message.getExchange().put(WSHandlerConstants.SEND_SIGV, signatures);
     }
     
@@ -284,116 +280,6 @@ public abstract class AbstractBindingBui
         topDownElement = el;
     }
     
-    protected boolean isRequestor() {
-        return MessageUtils.isRequestor(message);
-    }
-    
-    protected Collection<AssertionInfo> getAllAssertionsByLocalname(String localname) {
-        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        
-        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
-            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
-            if (sp11Ais != null) {
-                ais.addAll(sp11Ais);
-            }
-            if (sp12Ais != null) {
-                ais.addAll(sp12Ais);
-            }
-            return ais;
-        }
-            
-        return Collections.emptySet();
-    }
-    
-    protected void policyNotAsserted(Assertion assertion, Exception reason) {
-        if (assertion == null) {
-            return;
-        }
-        if (LOG.isLoggable(Level.FINE)) {
-            LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
-        }
-        Collection<AssertionInfo> ais = aim.get(assertion.getName());
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                if (ai.getAssertion() == assertion) {
-                    ai.setNotAsserted(reason.getMessage());
-                }
-            }
-        }
-        if (!assertion.isOptional()) {
-            throw new PolicyException(new Message(reason.getMessage(), LOG), reason);
-        }
-    }
-    
-    protected void policyNotAsserted(Assertion assertion, String reason) {
-        if (assertion == null) {
-            return;
-        }
-        if (LOG.isLoggable(Level.FINE)) {
-            LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
-        }
-        Collection<AssertionInfo> ais = aim.get(assertion.getName());
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                if (ai.getAssertion() == assertion) {
-                    ai.setNotAsserted(reason);
-                }
-            }
-        }
-        if (!assertion.isOptional()) {
-            throw new PolicyException(new Message(reason, LOG));
-        }
-    }
-    
-    protected void policyAsserted(Assertion assertion) {
-        if (assertion == null) {
-            return;
-        }
-        if (LOG.isLoggable(Level.FINE)) {
-            LOG.log(Level.FINE, "Asserting " + assertion.getName());
-        }
-        Collection<AssertionInfo> ais = aim.get(assertion.getName());
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                if (ai.getAssertion() == assertion) {
-                    ai.setAsserted(true);
-                }
-            }
-        }
-    }
-    
-    protected void policyAsserted(QName n) {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
-        }
-    }
-    
-    protected void policyAsserted(String localname) {
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(localname);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
-        }
-    }
-    
-    protected Collection<Assertion> findAndAssertPolicy(QName n) {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
-        if (ais != null && !ais.isEmpty()) {
-            List<Assertion> p = new ArrayList<Assertion>(ais.size());
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-                p.add(ai.getAssertion());
-            }
-            return p;
-        }
-        return null;
-    } 
-    
     protected final Map<Object, Crypto> getCryptoCache() {
         EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
         synchronized (info) {
@@ -445,7 +331,9 @@ public abstract class AbstractBindingBui
                         ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires a timestamp");
                     } else {
                         ai.setAsserted(true);
-                        policyAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST);
+                        assertPolicy(
+                            new QName(layout.getName().getNamespaceURI(), 
+                                      SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
                         Element el = timestamp.getElement();
                         secHeader.getSecurityHeader().appendChild(el);
                         if (bottomUpElement == null) {
@@ -457,14 +345,18 @@ public abstract class AbstractBindingBui
                         ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires a timestamp");
                     } else {
                         addTopDownElement(timestampEl.getElement());
-                        policyAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST);
+                        assertPolicy(
+                             new QName(layout.getName().getNamespaceURI(), 
+                                       SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
                     }
                 } else if (timestampEl != null) {
                     addTopDownElement(timestampEl.getElement());
                 }
                 
-                policyAsserted(SPConstants.LAYOUT_LAX);
-                policyAsserted(SPConstants.LAYOUT_STRICT);
+                assertPolicy(
+                    new QName(layout.getName().getNamespaceURI(), SPConstants.LAYOUT_LAX));
+                assertPolicy(
+                    new QName(layout.getName().getNamespaceURI(), SPConstants.LAYOUT_STRICT));
             }                    
         } else if (timestampEl != null) {
             addTopDownElement(timestampEl.getElement());
@@ -479,7 +371,7 @@ public abstract class AbstractBindingBui
         for (Assertion pa : suppTokens) {
             if (pa instanceof SupportingTokens) {
                 for (AbstractToken token : ((SupportingTokens)pa).getTokens()) {
-                    this.policyAsserted(token);
+                    this.assertPolicy(token);
                 }        
             }
         }
@@ -664,21 +556,6 @@ public abstract class AbstractBindingBui
         return (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
     }
 
-    protected SecurityToken getSecurityToken() {
-        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
-        if (st == null) {
-            String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
-            if (id != null) {
-                st = getTokenStore().getToken(id);
-            }
-        }
-        if (st != null) {
-            getTokenStore().add(st);
-            return st;
-        }
-        return null;
-    }
-
     protected void addSignatureParts(Map<AbstractToken, Object> tokenMap,
                                        List<WSEncryptionPart> sigParts) {
         
@@ -835,7 +712,8 @@ public abstract class AbstractBindingBui
             if (token.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
                 utBuilder.setUserInfo(userName, null);
                 utBuilder.setPasswordType(null);
-                policyAsserted(SPConstants.NO_PASSWORD);
+                assertPolicy(
+                     new QName(token.getName().getNamespaceURI(), SPConstants.NO_PASSWORD));
             } else {
                 String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
                 if (StringUtils.isEmpty(password)) {
@@ -846,7 +724,9 @@ public abstract class AbstractBindingBui
                     // If the password is available then build the token
                     if (token.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
                         utBuilder.setPasswordType(WSConstants.PASSWORD_DIGEST);
-                        policyAsserted(SPConstants.HASH_PASSWORD);
+                        assertPolicy(
+                            new QName(token.getName().getNamespaceURI(), 
+                                      SPConstants.HASH_PASSWORD));
                     } else {
                         utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
                     }
@@ -859,16 +739,18 @@ public abstract class AbstractBindingBui
             
             if (token.isCreated() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
                 utBuilder.addCreated();
-                policyAsserted(SP13Constants.CREATED);
+                assertPolicy(SP13Constants.CREATED);
             }
             if (token.isNonce() && token.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
                 utBuilder.addNonce();
-                policyAsserted(SP13Constants.NONCE);
+                assertPolicy(SP13Constants.NONCE);
             }
             
             info.setAsserted(true);
-            policyAsserted(SPConstants.USERNAME_TOKEN10);
-            policyAsserted(SPConstants.USERNAME_TOKEN11);
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), SPConstants.USERNAME_TOKEN10));
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), SPConstants.USERNAME_TOKEN11));
             return utBuilder;
         } else {
             policyNotAsserted(token, "No username available");
@@ -909,8 +791,10 @@ public abstract class AbstractBindingBui
             }
             
             info.setAsserted(true);
-            policyAsserted(SPConstants.USERNAME_TOKEN10);
-            policyAsserted(SPConstants.USERNAME_TOKEN11);
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), SPConstants.USERNAME_TOKEN10));
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), SPConstants.USERNAME_TOKEN11));
             return utBuilder;
         } else {
             policyNotAsserted(token, "No username available");
@@ -973,11 +857,14 @@ public abstract class AbstractBindingBui
         SamlTokenType tokenType = token.getSamlTokenType();
         if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
             samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
-            policyAsserted("WssSamlV11Token10");
-            policyAsserted("WssSamlV11Token11");
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), "WssSamlV11Token10"));
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), "WssSamlV11Token11"));
         } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
             samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
-            policyAsserted("WssSamlV20Token11");
+            assertPolicy(
+                new QName(token.getName().getNamespaceURI(), "WssSamlV20Token11"));
         }
         SAMLUtil.doSAMLCallback(handler, samlCallback);
         SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
@@ -1634,13 +1521,13 @@ public abstract class AbstractBindingBui
             tokenTypeSet = true;
         }
         
-        policyAsserted(token);
-        policyAsserted(wrapper);
+        assertPolicy(token);
+        assertPolicy(wrapper);
         
         if (!tokenTypeSet) {
             if (token.getIncludeTokenType() == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
                 Wss10 wss = getWss10();
-                policyAsserted(wss);
+                assertPolicy(wss);
                 if (wss == null || wss.isMustSupportRefKeyIdentifier()) {
                     secBase.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
                 } else if (wss.isMustSupportRefIssuerSerial()) {
@@ -1744,24 +1631,6 @@ public abstract class AbstractBindingBui
         return null;
     }
     
-    protected Wss10 getWss10() {
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.WSS10);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }
-        
-        ais = getAllAssertionsByLocalname(SPConstants.WSS11);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }  
-        
-        return null;
-    }
-
     private void checkForX509PkiPath(WSSecSignature sig, AbstractToken token) {
         if (token instanceof X509Token) {
             X509Token x509Token = (X509Token) token;
@@ -1786,8 +1655,8 @@ public abstract class AbstractBindingBui
         checkForX509PkiPath(sig, token);
         boolean alsoIncludeToken = false;
         if (token instanceof IssuedToken || token instanceof SamlToken) {
-            policyAsserted(token);
-            policyAsserted(wrapper);
+            assertPolicy(token);
+            assertPolicy(wrapper);
             SecurityToken securityToken = getSecurityToken();
             String tokenType = securityToken.getTokenType();
             
@@ -2020,7 +1889,7 @@ public abstract class AbstractBindingBui
                       
         //Check for whether the token is attached in the message or not
         boolean attached = false;
-        if (includeToken(policyToken.getIncludeTokenType())) {
+        if (isTokenRequired(policyToken.getIncludeTokenType())) {
             attached = true;
         }
         
@@ -2296,7 +2165,8 @@ public abstract class AbstractBindingBui
             }
         }
         
-        policyAsserted(SPConstants.REQUIRE_SIGNATURE_CONFIRMATION);
+        assertPolicy(
+            new QName(wss10.getName().getNamespaceURI(), SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
     }
     
     /**
@@ -2364,22 +2234,4 @@ public abstract class AbstractBindingBui
         return part;
     }
     
-    protected boolean includeToken(IncludeTokenType inclusion) {
-        if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
-            return true;
-        }
-        if (isRequestor()) {
-            if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT 
-                || inclusion == IncludeTokenType.INCLUDE_TOKEN_ONCE) {
-                return true;
-            }
-        } else {
-            if (inclusion == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
-                return true;
-            }
-        }
-        return false;
-    }
-    
-    
 }

Added: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java?rev=1534146&view=auto
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java (added)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -0,0 +1,388 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j.policyhandlers;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.binding.soap.SoapMessage;
+import org.apache.cxf.common.i18n.Message;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.MessageUtils;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
+import org.apache.cxf.ws.policy.PolicyException;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
+import org.apache.neethi.Assertion;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
+import org.apache.wss4j.policy.model.AbstractBinding;
+import org.apache.wss4j.policy.model.AlgorithmSuite;
+import org.apache.wss4j.policy.model.AlgorithmSuite.AlgorithmSuiteType;
+import org.apache.wss4j.policy.model.Trust10;
+import org.apache.wss4j.policy.model.Trust13;
+import org.apache.wss4j.policy.model.Wss10;
+import org.apache.wss4j.policy.model.Wss11;
+import org.apache.xml.security.utils.Base64;
+
+/**
+ * Some common functionality to be shared between the two binding handlers (DOM + StAX)
+ */
+public abstract class AbstractCommonBindingHandler {
+    private static final Logger LOG = LogUtils.getL7dLogger(AbstractCommonBindingHandler.class);
+    protected final SoapMessage message;
+    
+    public AbstractCommonBindingHandler(
+        SoapMessage msg
+    ) {
+        this.message = msg;
+    }
+
+    protected void policyNotAsserted(Assertion assertion, String reason) {
+        if (assertion == null) {
+            return;
+        }
+        LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == assertion) {
+                    ai.setNotAsserted(reason);
+                }
+            }
+        }
+        if (!assertion.isOptional()) {
+            throw new PolicyException(new Message(reason, LOG));
+        }
+    }
+    
+    protected void policyNotAsserted(Assertion assertion, Exception reason) {
+        if (assertion == null) {
+            return;
+        }
+        if (LOG.isLoggable(Level.FINE)) {
+            LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
+        }
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == assertion) {
+                    ai.setNotAsserted(reason.getMessage());
+                }
+            }
+        }
+        if (!assertion.isOptional()) {
+            throw new PolicyException(new Message(reason.getMessage(), LOG), reason);
+        }
+    }
+    
+    protected void assertAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> algorithmSuiteAis = aim.get(algorithmSuite.getName());
+        for (AssertionInfo ai : algorithmSuiteAis) {
+            ai.setAsserted(true);
+        }
+        
+        AlgorithmSuiteType algorithmSuiteType = algorithmSuite.getAlgorithmSuiteType();
+        String namespace = algorithmSuiteType.getNamespace();
+        if (namespace != null) {
+            Collection<AssertionInfo> algAis = 
+                aim.get(new QName(namespace, algorithmSuiteType.getName()));
+            if (algAis != null) {
+                for (AssertionInfo algAi : algAis) {
+                    algAi.setAsserted(true);
+                }
+            }
+        }
+    }
+    
+    protected void assertWSSProperties(String namespace) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> wss10Ais = aim.get(new QName(namespace, SPConstants.WSS10));
+        if (wss10Ais != null) {
+            for (AssertionInfo ai : wss10Ais) {
+                ai.setAsserted(true);
+                Wss10 wss10 = (Wss10)ai.getAssertion();
+                assertWSS10Properties(wss10);
+            }
+        }
+        
+        Collection<AssertionInfo> wss11Ais = aim.get(new QName(namespace, SPConstants.WSS11));
+        if (wss11Ais != null) {
+            for (AssertionInfo ai : wss11Ais) {
+                ai.setAsserted(true);
+                Wss11 wss11 = (Wss11)ai.getAssertion();
+                assertWSS10Properties(wss11);
+                
+                if (wss11.isMustSupportRefThumbprint()) {
+                    assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_THUMBPRINT));
+                }
+                if (wss11.isMustSupportRefEncryptedKey()) {
+                    assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ENCRYPTED_KEY));
+                }
+                if (wss11.isRequireSignatureConfirmation()) {
+                    assertPolicy(new QName(namespace, SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
+                }
+            }
+        }
+    }
+    
+    private void assertWSS10Properties(Wss10 wss10) {
+        String namespace = wss10.getName().getNamespaceURI();
+        if (wss10.isMustSupportRefEmbeddedToken()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN));
+        }
+        if (wss10.isMustSupportRefKeyIdentifier()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER));
+        }
+        if (wss10.isMustSupportRefIssuerSerial()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL));
+        }
+        if (wss10.isMustSupportRefExternalURI()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI));
+        }
+    }
+    
+    protected void assertTrustProperties(String namespace) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> trust10Ais = aim.get(new QName(namespace, SPConstants.TRUST_10));
+        if (trust10Ais != null) {
+            for (AssertionInfo ai : trust10Ais) {
+                ai.setAsserted(true);
+                Trust10 trust10 = (Trust10)ai.getAssertion();
+                assertTrust10Properties(trust10);
+            }
+        }
+        
+        Collection<AssertionInfo> trust13Ais = aim.get(new QName(namespace, SPConstants.TRUST_13));
+        if (trust13Ais != null) {
+            for (AssertionInfo ai : trust13Ais) {
+                ai.setAsserted(true);
+                Trust13 trust13 = (Trust13)ai.getAssertion();
+                assertTrust10Properties(trust13);
+                
+                if (trust13.isRequireRequestSecurityTokenCollection()) {
+                    assertPolicy(new QName(namespace, SPConstants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION));
+                }
+                if (trust13.isRequireAppliesTo()) {
+                    assertPolicy(new QName(namespace, SPConstants.REQUIRE_APPLIES_TO));
+                }
+                if (trust13.isScopePolicy15()) {
+                    assertPolicy(new QName(namespace, SPConstants.SCOPE_POLICY_15));
+                }
+                if (trust13.isMustSupportInteractiveChallenge()) {
+                    assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_INTERACTIVE_CHALLENGE));
+                }
+            }
+        }
+    }
+    
+    private void assertTrust10Properties(Trust10 trust10) {
+        String namespace = trust10.getName().getNamespaceURI();
+        if (trust10.isMustSupportClientChallenge()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE));
+        }
+        if (trust10.isMustSupportIssuedTokens()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_ISSUED_TOKENS));
+        }
+        if (trust10.isMustSupportServerChallenge()) {
+            assertPolicy(new QName(namespace, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE));
+        }
+        if (trust10.isRequireClientEntropy()) {
+            assertPolicy(new QName(namespace, SPConstants.REQUIRE_CLIENT_ENTROPY));
+        }
+        if (trust10.isRequireServerEntropy()) {
+            assertPolicy(new QName(namespace, SPConstants.REQUIRE_SERVER_ENTROPY));
+        }
+    }
+    
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(String localname) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        return getAllAssertionsByLocalname(aim, localname);
+    }
+    
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim,
+        String localname
+    ) {
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
+
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+
+        return Collections.emptySet();
+    }
+
+    protected SoapMessage getMessage() {
+        return message;
+    }
+    
+    protected static String getSHA1(byte[] input) {
+        try {
+            byte[] digestBytes = WSSecurityUtil.generateDigest(input);
+            return Base64.encode(digestBytes);
+        } catch (WSSecurityException e) {
+            //REVISIT
+        }
+        return null;
+    }
+    
+    protected AbstractBinding getBinding(AssertionInfoMap aim) {
+        Collection<AssertionInfo> ais = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (ais != null && ais.size() > 0) {
+            return (AbstractBinding)ais.iterator().next().getAssertion();
+        }
+        
+        return null;
+    }
+    
+    protected boolean isRequestor() {
+        return MessageUtils.isRequestor(message);
+    }
+    
+    protected boolean isTokenRequired(IncludeTokenType includeToken) {
+        if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
+            return false;
+        } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
+            return true;
+        } else {
+            boolean initiator = MessageUtils.isRequestor(message);
+            if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
+                || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
+                return true;
+            } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
+                return true;
+            }
+            return false;
+        }
+    }
+    
+    protected Wss10 getWss10() {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                return (Wss10)ai.getAssertion();
+            }            
+        }
+        
+        ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11);
+        if (!ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                return (Wss10)ai.getAssertion();
+            }            
+        }  
+        
+        return null;
+    }
+    
+    protected SecurityToken getSecurityToken() {
+        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
+        if (st == null) {
+            String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
+            if (id != null) {
+                st = WSS4JUtils.getTokenStore(message).getToken(id);
+            }
+        }
+        if (st != null) {
+            WSS4JUtils.getTokenStore(message).add(st);
+            return st;
+        }
+        return null;
+    }
+    
+    protected Collection<Assertion> findAndAssertPolicy(QName n) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
+        if (ais != null && !ais.isEmpty()) {
+            List<Assertion> p = new ArrayList<Assertion>(ais.size());
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+                p.add(ai.getAssertion());
+            }
+            return p;
+        }
+        return null;
+    } 
+    
+    protected void assertPolicy(QName n) {
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
+        if (ais != null && !ais.isEmpty()) {
+            for (AssertionInfo ai : ais) {
+                ai.setAsserted(true);
+            }
+        }
+    } 
+    
+    protected void assertPolicy(Assertion assertion) {
+        if (assertion == null) {
+            return;
+        }
+        if (LOG.isLoggable(Level.FINE)) {
+            LOG.log(Level.FINE, "Asserting " + assertion.getName());
+        }
+        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
+        Collection<AssertionInfo> ais = aim.get(assertion.getName());
+        if (ais != null) {
+            for (AssertionInfo ai : ais) {
+                if (ai.getAssertion() == assertion) {
+                    ai.setAsserted(true);
+                }
+            }
+        }
+    }
+    
+}

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -24,14 +24,11 @@ import java.security.Key;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.logging.Level;
-import java.util.logging.Logger;
 
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.callback.Callback;
@@ -41,18 +38,15 @@ import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 
 import org.w3c.dom.Element;
+
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.i18n.Message;
-import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
-import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
-import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.neethi.Assertion;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
@@ -62,7 +56,6 @@ import org.apache.wss4j.common.saml.bean
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.util.KeyUtils;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -108,14 +101,12 @@ import org.apache.xml.security.stax.secu
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
-import org.apache.xml.security.utils.Base64;
 import org.opensaml.common.SAMLVersion;
 
 /**
  * 
  */
-public abstract class AbstractStaxBindingHandler {
-    private static final Logger LOG = LogUtils.getL7dLogger(AbstractStaxBindingHandler.class);
+public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHandler {
     protected boolean timestampAdded;
     protected boolean signatureConfirmationAdded;
     protected Set<SecurePart> encryptedTokensList = new HashSet<SecurePart>();
@@ -127,15 +118,14 @@ public abstract class AbstractStaxBindin
     protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
     
     private final Map<String, Object> properties;
-    private final SoapMessage message;
     
     public AbstractStaxBindingHandler(
         Map<String, Object> properties, 
         SoapMessage msg,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
     ) {
+        super(msg);
         this.properties = properties;
-        this.message = msg;
         this.outboundTokens = outboundTokens;
     }
 
@@ -489,29 +479,11 @@ public abstract class AbstractStaxBindin
                            encryptedKeySecurityTokenProvider);
     }
     
-    protected void policyNotAsserted(Assertion assertion, String reason) {
-        if (assertion == null) {
-            return;
-        }
-        LOG.log(Level.FINE, "Not asserting " + assertion.getName() + ": " + reason);
-        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = aim.get(assertion.getName());
-        if (ais != null) {
-            for (AssertionInfo ai : ais) {
-                if (ai.getAssertion() == assertion) {
-                    ai.setNotAsserted(reason);
-                }
-            }
-        }
-        if (!assertion.isOptional()) {
-            throw new PolicyException(new Message(reason, LOG));
-        }
-    }
-    
     protected void configureTimestamp(AssertionInfoMap aim) {
         AbstractBinding binding = getBinding(aim);
         if (binding != null && binding.isIncludeTimestamp()) {
             timestampAdded = true;
+            assertPolicy(new QName(binding.getName().getNamespaceURI(), SPConstants.INCLUDE_TIMESTAMP));
         }
     }
     
@@ -520,6 +492,12 @@ public abstract class AbstractStaxBindin
         Layout layout = null;
         for (AssertionInfo ai : ais) {
             layout = (Layout)ai.getAssertion();
+            Collection<AssertionInfo> layoutTypeAis = aim.get(layout.getName());
+            if (layoutTypeAis != null) {
+                for (AssertionInfo layoutAi : layoutTypeAis) {
+                    layoutAi.setAsserted(true);
+                }
+            }
             ai.setAsserted(true);
         }
         
@@ -546,76 +524,10 @@ public abstract class AbstractStaxBindin
         }
     }
 
-    protected AbstractBinding getBinding(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        return null;
-    }
-    
-    protected boolean isRequestor() {
-        return MessageUtils.isRequestor(message);
-    }
-    
-    protected boolean isTokenRequired(IncludeTokenType includeToken) {
-        if (includeToken == IncludeTokenType.INCLUDE_TOKEN_NEVER) {
-            return false;
-        } else if (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
-            return true;
-        } else {
-            boolean initiator = MessageUtils.isRequestor(message);
-            if (initiator && (includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT
-                || includeToken == IncludeTokenType.INCLUDE_TOKEN_ONCE)) {
-                return true;
-            } else if (!initiator && includeToken == IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR) {
-                return true;
-            }
-            return false;
-        }
-    }
-    
-    protected Collection<AssertionInfo> getAllAssertionsByLocalname(
-        AssertionInfoMap aim,
-        String localname
-    ) {
-        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-
-        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null && !sp12Ais.isEmpty())) {
-            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
-            if (sp11Ais != null) {
-                ais.addAll(sp11Ais);
-            }
-            if (sp12Ais != null) {
-                ais.addAll(sp12Ais);
-            }
-            return ais;
-        }
-
-        return Collections.emptySet();
-    }
-
     protected Map<String, Object> getProperties() {
         return properties;
     }
 
-    protected SoapMessage getMessage() {
-        return message;
-    }
-    
     protected void configureSignature(
         AbstractTokenWrapper wrapper, AbstractToken token, boolean attached
     ) throws WSSecurityException {
@@ -703,25 +615,6 @@ public abstract class AbstractStaxBindin
         return "IssuerSerial";
     }
     
-    protected Wss10 getWss10() {
-        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(aim, SPConstants.WSS10);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.WSS11);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }  
-        
-        return null;
-    }
-    
     protected Map<AbstractToken, SecurePart> handleSupportingTokens(
         Collection<Assertion> tokens, 
         boolean signed,
@@ -888,36 +781,6 @@ public abstract class AbstractStaxBindin
         }
     }
     
-    protected SecurityToken getSecurityToken() {
-        SecurityToken st = (SecurityToken)message.getContextualProperty(SecurityConstants.TOKEN);
-        if (st == null) {
-            String id = (String)message.getContextualProperty(SecurityConstants.TOKEN_ID);
-            if (id != null) {
-                st = WSS4JUtils.getTokenStore(message).getToken(id);
-            }
-        }
-        if (st != null) {
-            WSS4JUtils.getTokenStore(message).add(st);
-            return st;
-        }
-        return null;
-    }
-
-    
-    protected Collection<Assertion> findAndAssertPolicy(QName n) {
-        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
-        if (ais != null && !ais.isEmpty()) {
-            List<Assertion> p = new ArrayList<Assertion>(ais.size());
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-                p.add(ai.getAssertion());
-            }
-            return p;
-        }
-        return null;
-    } 
-    
     protected void addSupportingTokens() throws Exception {
         
         Collection<Assertion> sgndSuppTokens = 
@@ -1184,16 +1047,6 @@ public abstract class AbstractStaxBindin
         }
     }
     
-    private static String getSHA1(byte[] input) {
-        try {
-            byte[] digestBytes = WSSecurityUtil.generateDigest(input);
-            return Base64.encode(digestBytes);
-        } catch (WSSecurityException e) {
-            //REVISIT
-        }
-        return null;
-    }
-    
     protected org.apache.xml.security.stax.securityToken.SecurityToken 
     findInboundSecurityToken(SecurityEventConstants.Event event) throws XMLSecurityException {
         @SuppressWarnings("unchecked")

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -28,11 +28,11 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.xml.crypto.dsig.Reference;
+import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Element;
-
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.helpers.CastUtils;
@@ -68,7 +68,6 @@ import org.apache.wss4j.policy.model.Alg
 import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.SamlToken;
-
 import org.opensaml.common.SAMLVersion;
 
 /**
@@ -102,11 +101,19 @@ public class AsymmetricBindingHandler ex
         if (abinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
-            policyAsserted(SPConstants.ENCRYPT_BEFORE_SIGNING);
+            assertPolicy(
+                new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
         } else {
             doSignBeforeEncrypt();
-            policyAsserted(SPConstants.SIGN_BEFORE_ENCRYPTING);
+            assertPolicy(
+                new QName(abinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
         }
+        
+        assertAlgorithmSuite(abinding.getAlgorithmSuite());
+        assertWSSProperties(abinding.getName().getNamespaceURI());
+        assertTrustProperties(abinding.getName().getNamespaceURI());
+        assertPolicy(
+            new QName(abinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
     }
 
     private void doSignBeforeEncrypt() {
@@ -124,9 +131,9 @@ public class AsymmetricBindingHandler ex
                         policyNotAsserted(initiatorToken, "Security token is not found or expired");
                         return;
                     } else {
-                        policyAsserted(initiatorToken);
+                        assertPolicy(initiatorToken);
                         
-                        if (includeToken(initiatorToken.getIncludeTokenType())) {
+                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             this.addEncryptedKeyElement(cloneElement(el));
                             attached = true;
@@ -135,11 +142,11 @@ public class AsymmetricBindingHandler ex
                 } else if (initiatorToken instanceof SamlToken && isRequestor()) {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
                     if (assertionWrapper != null) {
-                        if (includeToken(initiatorToken.getIncludeTokenType())) {
+                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                             addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
                             storeAssertionAsSecurityToken(assertionWrapper);
                         }
-                        policyAsserted(initiatorToken);
+                        assertPolicy(initiatorToken);
                     }
                 } else if (initiatorToken instanceof SamlToken) {
                     String tokenId = getSAMLToken();
@@ -187,7 +194,8 @@ public class AsymmetricBindingHandler ex
                 if (sigConfList != null && !sigConfList.isEmpty()) {
                     enc.addAll(sigConfList);
                 }
-                policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
+                assertPolicy(
+                    new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
             }
             
             //Do encryption
@@ -244,9 +252,9 @@ public class AsymmetricBindingHandler ex
                     policyNotAsserted(initiatorToken, "Security token is not found or expired");
                     return;
                 } else {
-                    policyAsserted(initiatorToken);
+                    assertPolicy(initiatorToken);
                     
-                    if (includeToken(initiatorToken.getIncludeTokenType())) {
+                    if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                         Element el = secToken.getToken();
                         this.addEncryptedKeyElement(cloneElement(el));
                         attached = true;
@@ -256,11 +264,11 @@ public class AsymmetricBindingHandler ex
                 try {
                     SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)initiatorToken);
                     if (assertionWrapper != null) {
-                        if (includeToken(initiatorToken.getIncludeTokenType())) {
+                        if (isTokenRequired(initiatorToken.getIncludeTokenType())) {
                             addSupportingElement(assertionWrapper.toDOM(saaj.getSOAPPart()));
                             storeAssertionAsSecurityToken(assertionWrapper);
                         }
-                        policyAsserted(initiatorToken);
+                        assertPolicy(initiatorToken);
                     }
                 } catch (Exception e) {
                     String reason = e.getMessage();
@@ -354,7 +362,8 @@ public class AsymmetricBindingHandler ex
         
         // Check for signature protection
         if (abinding.isEncryptSignature()) {
-            policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
+            assertPolicy(
+                new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
 
             // Now encrypt the signature using the above token
             if (mainSigId != null) {
@@ -415,8 +424,8 @@ public class AsymmetricBindingHandler ex
         //Do encryption
         if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
             AbstractToken encrToken = recToken.getToken();
-            policyAsserted(recToken);
-            policyAsserted(encrToken);
+            assertPolicy(recToken);
+            assertPolicy(encrToken);
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 try {
@@ -556,7 +565,7 @@ public class AsymmetricBindingHandler ex
         sigParts.addAll(this.getSignedParts());
         if (sigParts.isEmpty()) {
             // Add the BST to the security header if required
-            if (!attached && includeToken(sigToken.getIncludeTokenType())) {
+            if (!attached && isTokenRequired(sigToken.getIncludeTokenType())) {
                 WSSecSignature sig = getSignatureBuilder(wrapper, sigToken, attached, false);
                 sig.prependBSTElementToHeader(secHeader);
             } 
@@ -581,7 +590,8 @@ public class AsymmetricBindingHandler ex
                 dkSign.prepare(saaj.getSOAPPart(), secHeader);
 
                 if (abinding.isProtectTokens()) {
-                    policyAsserted(SPConstants.PROTECT_TOKENS);
+                    assertPolicy(
+                        new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
                     if (bstElement != null) {
                         WSEncryptionPart bstPart = 
                             new WSEncryptionPart(bstElement.getAttributeNS(WSConstants.WSU_NS, "Id"));
@@ -621,7 +631,8 @@ public class AsymmetricBindingHandler ex
                       
             // This action must occur before sig.prependBSTElementToHeader
             if (abinding.isProtectTokens()) {
-                policyAsserted(SPConstants.PROTECT_TOKENS);
+                assertPolicy(
+                    new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
                 if (sig.getBSTTokenId() != null) {
                     WSEncryptionPart bstPart = 
                         new WSEncryptionPart(sig.getBSTTokenId());

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -38,6 +38,7 @@ import org.apache.cxf.ws.security.tokens
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
@@ -90,11 +91,20 @@ public class StaxAsymmetricBindingHandle
         if (abinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
+            assertPolicy(
+                new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
         } else {
             doSignBeforeEncrypt();
+            assertPolicy(
+                new QName(abinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
         }
         
         configureLayout(aim);
+        assertAlgorithmSuite(abinding.getAlgorithmSuite());
+        assertWSSProperties(abinding.getName().getNamespaceURI());
+        assertTrustProperties(abinding.getName().getNamespaceURI());
+        assertPolicy(
+            new QName(abinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
     }
 
     private void doSignBeforeEncrypt() {
@@ -175,6 +185,8 @@ public class StaxAsymmetricBindingHandle
                         new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
                     enc.add(securePart);
                 }
+                assertPolicy(
+                    new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
             }
             
             //Do encryption
@@ -274,6 +286,8 @@ public class StaxAsymmetricBindingHandle
                             new SecurePart(WSSConstants.TAG_wsse11_SignatureConfirmation, Modifier.Element);
                         encrParts.add(securePart);
                     }
+                    assertPolicy(
+                        new QName(abinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                 }
                 
                 doEncryption(wrapper, encrParts, true);
@@ -424,6 +438,11 @@ public class StaxAsymmetricBindingHandle
             config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
         }
         
+        if (abinding.isProtectTokens()) {
+            assertPolicy(
+                new QName(abinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
+        }
+        
         config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
         config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
         

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -124,8 +124,12 @@ public class StaxSymmetricBindingHandler
         if (sbinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
+            assertPolicy(
+                new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
         } else {
             doSignBeforeEncrypt();
+            assertPolicy(
+                new QName(sbinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
         }
         
         if (!isRequestor()) {
@@ -133,6 +137,11 @@ public class StaxSymmetricBindingHandler
         }
         
         configureLayout(aim);
+        assertAlgorithmSuite(sbinding.getAlgorithmSuite());
+        assertWSSProperties(sbinding.getName().getNamespaceURI());
+        assertTrustProperties(sbinding.getName().getNamespaceURI());
+        assertPolicy(
+            new QName(sbinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
     }
     
     private void doEncryptBeforeSign() {
@@ -225,6 +234,8 @@ public class StaxSymmetricBindingHandler
                     SecurePart part = 
                         new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
                     encrParts.add(part);
+                    assertPolicy(
+                        new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                 }
                 
                 doEncryption(encryptionWrapper, encrParts, true);
@@ -369,6 +380,8 @@ public class StaxSymmetricBindingHandler
                 SecurePart part = 
                     new SecurePart(new QName(WSSConstants.NS_DSIG, "Signature"), Modifier.Element);
                 enc.add(part);
+                assertPolicy(
+                    new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
             }
             
             //Do encryption
@@ -530,8 +543,12 @@ public class StaxSymmetricBindingHandler
         }
         
         AbstractToken sigToken = wrapper.getToken();
-        if (sbinding.isProtectTokens() && (sigToken instanceof X509Token) && isRequestor()) {
-            parts += "{Element}{" + WSSConstants.NS_XMLENC + "}EncryptedKey;";
+        if (sbinding.isProtectTokens()) {
+            if ((sigToken instanceof X509Token) && isRequestor()) {
+                parts += "{Element}{" + WSSConstants.NS_XMLENC + "}EncryptedKey;";
+            }
+            assertPolicy(
+                new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
         }
         
         config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -110,6 +110,9 @@ public class StaxTransportBindingHandler
         }
         
         configureLayout(aim);
+        assertAlgorithmSuite(tbinding.getAlgorithmSuite());
+        assertWSSProperties(tbinding.getName().getNamespaceURI());
+        assertTrustProperties(tbinding.getName().getNamespaceURI());
     }
     
     /**

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -26,6 +26,7 @@ import java.util.List;
 import java.util.logging.Level;
 
 import javax.xml.crypto.dsig.Reference;
+import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPMessage;
 
 import org.w3c.dom.Document;
@@ -60,7 +61,6 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecTimestamp;
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
@@ -76,7 +76,6 @@ import org.apache.wss4j.policy.model.Spn
 import org.apache.wss4j.policy.model.SymmetricBinding;
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -123,14 +122,19 @@ public class SymmetricBindingHandler ext
         if (sbinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
-            policyAsserted(SPConstants.ENCRYPT_BEFORE_SIGNING);
+            assertPolicy(
+                new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_BEFORE_SIGNING));
         } else {
             doSignBeforeEncrypt();
-            policyAsserted(SPConstants.SIGN_BEFORE_ENCRYPTING);
+            assertPolicy(
+                new QName(sbinding.getName().getNamespaceURI(), SPConstants.SIGN_BEFORE_ENCRYPTING));
         }
-        //REVIST - what to do with these policies?
-        policyAsserted(SPConstants.TRUST_10);
-        policyAsserted(SPConstants.TRUST_13);
+        
+        assertAlgorithmSuite(sbinding.getAlgorithmSuite());
+        assertWSSProperties(sbinding.getName().getNamespaceURI());
+        assertTrustProperties(sbinding.getName().getNamespaceURI());
+        assertPolicy(
+            new QName(sbinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
     }
     
     private void initializeTokens()  {
@@ -200,7 +204,7 @@ public class SymmetricBindingHandler ext
     
                 boolean attached = false;
                 
-                if (includeToken(encryptionToken.getIncludeTokenType())) {
+                if (isTokenRequired(encryptionToken.getIncludeTokenType())) {
                     Element el = tok.getToken();
                     this.addEncryptedKeyElement(cloneElement(el));
                     attached = true;
@@ -253,7 +257,8 @@ public class SymmetricBindingHandler ext
                         if (sigConfList != null && !sigConfList.isEmpty()) {
                             secondEncrParts.addAll(sigConfList);
                         }
-                        policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
+                        assertPolicy(
+                            new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
                     }
                     
                     if (isRequestor()) {
@@ -320,7 +325,7 @@ public class SymmetricBindingHandler ext
                 policyNotAsserted(sigAbstractTokenWrapper, "No signature token id");
                 return;
             } else {
-                policyAsserted(sigAbstractTokenWrapper);
+                assertPolicy(sigAbstractTokenWrapper);
             }
             if (sigTok == null) {
                 sigTok = tokenStore.getToken(sigTokId);
@@ -330,7 +335,7 @@ public class SymmetricBindingHandler ext
             //}
             
             boolean tokIncluded = true;
-            if (includeToken(sigToken.getIncludeTokenType())) {
+            if (isTokenRequired(sigToken.getIncludeTokenType())) {
                 Element el = sigTok.getToken();
                 sigTokElem = cloneElement(el);
                 this.addEncryptedKeyElement(sigTokElem);
@@ -388,7 +393,8 @@ public class SymmetricBindingHandler ext
                 if (sigConfList != null && !sigConfList.isEmpty()) {
                     enc.addAll(sigConfList);
                 }
-                policyAsserted(SPConstants.ENCRYPT_SIGNATURE);
+                assertPolicy(
+                    new QName(sbinding.getName().getNamespaceURI(), SPConstants.ENCRYPT_SIGNATURE));
             }
             
             if (isRequestor()) {
@@ -517,8 +523,8 @@ public class SymmetricBindingHandler ext
         //Do encryption
         if (recToken != null && recToken.getToken() != null && encrParts.size() > 0) {
             AbstractToken encrToken = recToken.getToken();
-            policyAsserted(recToken);
-            policyAsserted(encrToken);
+            assertPolicy(recToken);
+            assertPolicy(encrToken);
             AlgorithmSuite algorithmSuite = sbinding.getAlgorithmSuite();
             if (encrToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
                 return doEncryptionDerived(recToken, encrTok, encrToken,
@@ -631,7 +637,7 @@ public class SymmetricBindingHandler ext
         
         //Check for whether the token is attached in the message or not
         boolean attached = false;
-        if (includeToken(policyToken.getIncludeTokenType())) {
+        if (isTokenRequired(policyToken.getIncludeTokenType())) {
             attached = true;
         }
         
@@ -722,7 +728,8 @@ public class SymmetricBindingHandler ext
                 }
             }
             sigs.add(new WSEncryptionPart(sigTokId));
-            policyAsserted(SPConstants.PROTECT_TOKENS);
+            assertPolicy(
+                new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
         }
         
         dkSign.setParts(sigs);
@@ -829,7 +836,8 @@ public class SymmetricBindingHandler ext
                       
             if (included && sbinding.isProtectTokens()) {
                 sigs.add(new WSEncryptionPart(sigTokId));
-                policyAsserted(SPConstants.PROTECT_TOKENS);
+                assertPolicy(
+                    new QName(sbinding.getName().getNamespaceURI(), SPConstants.PROTECT_TOKENS));
             }
             
             sig.setCustomTokenId(sigTokId);
@@ -972,17 +980,6 @@ public class SymmetricBindingHandler ext
         return null;
     }
     
-    private String getSHA1(byte[] input) {
-        try {
-            byte[] digestBytes = WSSecurityUtil.generateDigest(input);
-            return Base64.encode(digestBytes);
-        } catch (WSSecurityException e) {
-            LOG.log(Level.FINE, e.getMessage(), e);
-            //REVISIT
-        }
-        return null;
-    }
-    
     private boolean hasSignedPartsOrElements() {
         Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
         if (ais.size() > 0) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1534146&r1=1534145&r2=1534146&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java Mon Oct 21 13:32:50 2013
@@ -103,7 +103,7 @@ public class TransportBindingHandler ext
             } else if (token instanceof IssuedToken || token instanceof KerberosToken) {
                 SecurityToken secTok = getSecurityToken();
                 
-                if (includeToken(token.getIncludeTokenType())) {
+                if (isTokenRequired(token.getIncludeTokenType())) {
                     //Add the token
                     addEncryptedKeyElement(cloneElement(secTok.getToken()));
                 }
@@ -140,9 +140,9 @@ public class TransportBindingHandler ext
                             policyNotAsserted(transportToken, "No transport token id");
                             return;
                         } else {
-                            policyAsserted(transportToken);
+                            assertPolicy(transportToken);
                         }
-                        if (includeToken(transportToken.getIncludeTokenType())) {
+                        if (isTokenRequired(transportToken.getIncludeTokenType())) {
                             Element el = secToken.getToken();
                             addEncryptedKeyElement(cloneElement(el));
                         } 
@@ -160,6 +160,10 @@ public class TransportBindingHandler ext
             LOG.log(Level.FINE, e.getMessage(), e);
             throw new Fault(e);
         }
+        
+        assertAlgorithmSuite(tbinding.getAlgorithmSuite());
+        assertWSSProperties(tbinding.getName().getNamespaceURI());
+        assertTrustProperties(tbinding.getName().getNamespaceURI());
     }
     
     /**
@@ -387,7 +391,7 @@ public class TransportBindingHandler ext
             );
         }
         
-        if (includeToken(token.getIncludeTokenType())) {
+        if (isTokenRequired(token.getIncludeTokenType())) {
             //Add the token
             Element el = cloneElement(secTok.getToken());
             //if (securityTok != null) {



Mime
View raw message