cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1535747 - in /cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j: ./ policyhandlers/
Date Fri, 25 Oct 2013 14:13:30 GMT
Author: coheigea
Date: Fri Oct 25 14:13:29 2013
New Revision: 1535747

URL: http://svn.apache.org/r1535747
Log:
Some security refactoring

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
Fri Oct 25 14:13:29 2013
@@ -55,6 +55,9 @@ import org.apache.wss4j.dom.handler.WSHa
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AsymmetricBinding;
+import org.apache.wss4j.policy.model.SymmetricBinding;
+import org.apache.wss4j.policy.model.TransportBinding;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
@@ -144,12 +147,6 @@ public class PolicyBasedWSS4JStaxOutInte
     private void checkAsymmetricBinding(
         AssertionInfoMap aim, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (ais.isEmpty()) {
-            return;
-        }
-        
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
         if (s == null) {
             s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
@@ -184,12 +181,6 @@ public class PolicyBasedWSS4JStaxOutInte
     private void checkTransportBinding(
         AssertionInfoMap aim, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (ais.isEmpty()) {
-            return;
-        }
-        
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
         if (s == null) {
             s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
@@ -224,12 +215,6 @@ public class PolicyBasedWSS4JStaxOutInte
     private void checkSymmetricBinding(
         AssertionInfoMap aim, SoapMessage message
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (ais.isEmpty()) {
-            return;
-        }
-        
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
         if (s == null) {
             s = message.getContextualProperty(SecurityConstants.SIGNATURE_PROPERTIES);
@@ -341,21 +326,39 @@ public class PolicyBasedWSS4JStaxOutInte
         SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>>
outboundTokens
     ) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
-        checkAsymmetricBinding(aim, msg);
-        checkSymmetricBinding(aim, msg);
-        checkTransportBinding(aim, msg);
+        
+        Collection<AssertionInfo> asymAis = 
+            getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (!asymAis.isEmpty()) {
+            checkAsymmetricBinding(aim, msg);
+        }
+        
+        Collection<AssertionInfo> symAis = 
+            getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (!symAis.isEmpty()) {
+            checkSymmetricBinding(aim, msg);
+        }
+        
+        Collection<AssertionInfo> transAis = 
+            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (!transAis.isEmpty()) {
+            checkTransportBinding(aim, msg);
+        }
         
         super.configureProperties(msg, outboundTokens);
         
-        if (!getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING).isEmpty()) {
-            new StaxTransportBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
-        } else if (!getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING).isEmpty())
{
-            new StaxAsymmetricBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
-        } else if (!getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING).isEmpty())
{
-            new StaxSymmetricBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
+        if (!transAis.isEmpty()) {
+            TransportBinding binding = (TransportBinding)transAis.iterator().next().getAssertion();
+            new StaxTransportBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+        } else if (!asymAis.isEmpty()) {
+            AsymmetricBinding binding = (AsymmetricBinding)asymAis.iterator().next().getAssertion();
+            new StaxAsymmetricBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+        } else if (!symAis.isEmpty()) {
+            SymmetricBinding binding = (SymmetricBinding)symAis.iterator().next().getAssertion();
+            new StaxSymmetricBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
         } else {
             // Fall back to Transport Binding
-            new StaxTransportBindingHandler(getProperties(), msg, outboundTokens).handleBinding();
+            new StaxTransportBindingHandler(getProperties(), msg, null, outboundTokens).handleBinding();
         }
         
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Fri Oct 25 14:13:29 2013
@@ -128,7 +128,6 @@ import org.apache.wss4j.policy.model.Hea
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.KerberosToken;
 import org.apache.wss4j.policy.model.KeyValueToken;
-import org.apache.wss4j.policy.model.Layout;
 import org.apache.wss4j.policy.model.Layout.LayoutType;
 import org.apache.wss4j.policy.model.SamlToken;
 import org.apache.wss4j.policy.model.SamlToken.SamlTokenType;
@@ -298,8 +297,7 @@ public abstract class AbstractBindingBui
     }
     
     protected WSSecTimestamp createTimestamp() {
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.INCLUDE_TIMESTAMP);
-        if (!ais.isEmpty()) {
+        if (binding.isIncludeTimestamp()) {
             Object o = message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
             int ttl = 300;  //default is 300 seconds
             if (o instanceof Number) {
@@ -313,6 +311,8 @@ public abstract class AbstractBindingBui
             timestampEl = new WSSecTimestamp(wssConfig);
             timestampEl.setTimeToLive(ttl);
             timestampEl.prepare(saaj.getSOAPPart());
+            
+            Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.INCLUDE_TIMESTAMP);
             for (AssertionInfo ai : ais) {
                 ai.setAsserted(true);
             }                    
@@ -321,63 +321,52 @@ public abstract class AbstractBindingBui
     }
     
     protected WSSecTimestamp handleLayout(WSSecTimestamp timestamp) {
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.LAYOUT);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                Layout layout = (Layout)ai.getAssertion();
-                ai.setAsserted(true);
-                if (layout.getLayoutType() == LayoutType.LaxTsLast) {
-                    if (timestamp == null) {
-                        ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires
a timestamp");
-                    } else {
-                        ai.setAsserted(true);
-                        assertPolicy(
-                            new QName(layout.getName().getNamespaceURI(), 
-                                      SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
-                        Element el = timestamp.getElement();
-                        secHeader.getSecurityHeader().appendChild(el);
-                        if (bottomUpElement == null) {
-                            bottomUpElement = el;
-                        }
-                    }
-                } else if (layout.getLayoutType() == LayoutType.LaxTsFirst) {
-                    if (timestamp == null) {
-                        ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires
a timestamp");
-                    } else {
-                        addTopDownElement(timestampEl.getElement());
-                        assertPolicy(
-                             new QName(layout.getName().getNamespaceURI(), 
-                                       SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
+        if (binding.getLayout() != null) {
+            Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.LAYOUT);
+            AssertionInfo ai = null;
+            for (AssertionInfo layoutAi : ais) {
+                layoutAi.setAsserted(true);
+                ai = layoutAi;
+            }   
+            
+            if (binding.getLayout().getLayoutType() == LayoutType.LaxTsLast) {
+                if (timestamp == null) {
+                    ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_LAST + " requires
a timestamp");
+                } else {
+                    ai.setAsserted(true);
+                    assertPolicy(
+                        new QName(binding.getLayout().getName().getNamespaceURI(), 
+                                  SPConstants.LAYOUT_LAX_TIMESTAMP_LAST));
+                    Element el = timestamp.getElement();
+                    secHeader.getSecurityHeader().appendChild(el);
+                    if (bottomUpElement == null) {
+                        bottomUpElement = el;
                     }
-                } else if (timestampEl != null) {
+                }
+            } else if (binding.getLayout().getLayoutType() == LayoutType.LaxTsFirst) {
+                if (timestamp == null) {
+                    ai.setNotAsserted(SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST + " requires
a timestamp");
+                } else {
                     addTopDownElement(timestampEl.getElement());
+                    assertPolicy(
+                         new QName(binding.getLayout().getName().getNamespaceURI(), 
+                                   SPConstants.LAYOUT_LAX_TIMESTAMP_FIRST));
                 }
-                
-                assertPolicy(
-                    new QName(layout.getName().getNamespaceURI(), SPConstants.LAYOUT_LAX));
-                assertPolicy(
-                    new QName(layout.getName().getNamespaceURI(), SPConstants.LAYOUT_STRICT));
-            }                    
+            } else if (timestampEl != null) {
+                addTopDownElement(timestampEl.getElement());
+            }
+            
+            assertPolicy(
+                new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_LAX));
+            assertPolicy(
+                new QName(binding.getLayout().getName().getNamespaceURI(), SPConstants.LAYOUT_STRICT));
         } else if (timestampEl != null) {
             addTopDownElement(timestampEl.getElement());
         }
         return timestamp;
     }
     
-    protected void assertSupportingTokens(Collection<Assertion> suppTokens) {
-        if (suppTokens == null) {
-            return;
-        }
-        for (Assertion pa : suppTokens) {
-            if (pa instanceof SupportingTokens) {
-                for (AbstractToken token : ((SupportingTokens)pa).getTokens()) {
-                    this.assertPolicy(token);
-                }        
-            }
-        }
-    }
-    
-    protected Map<AbstractToken, Object> handleSupportingTokens(
+    private Map<AbstractToken, Object> handleSupportingTokens(
         Collection<Assertion> tokens, 
         boolean endorse
     ) throws WSSecurityException {
@@ -393,13 +382,6 @@ public abstract class AbstractBindingBui
     }
     
     protected Map<AbstractToken, Object> handleSupportingTokens(
-        SupportingTokens suppTokens,
-        boolean endorse
-    ) throws WSSecurityException {
-        return handleSupportingTokens(suppTokens, endorse, new HashMap<AbstractToken,
Object>());
-    }
-    
-    protected Map<AbstractToken, Object> handleSupportingTokens(
         SupportingTokens suppTokens, 
         boolean endorse,
         Map<AbstractToken, Object> ret
@@ -408,16 +390,18 @@ public abstract class AbstractBindingBui
             return ret;
         }
         for (AbstractToken token : suppTokens.getTokens()) {
+            assertToken(token);
+            if (!isTokenRequired(token.getIncludeTokenType())) {
+                continue;
+            }
             if (token instanceof UsernameToken) {
                 handleUsernameTokenSupportingToken(
                     (UsernameToken)token, endorse, suppTokens.isEncryptedToken(), ret
                 );
-            } else if (isRequestor() 
-                && (token instanceof IssuedToken
+            } else if (token instanceof IssuedToken
                     || token instanceof SecureConversationToken
                     || token instanceof SecurityContextToken
-                    || token instanceof KerberosToken)) {
-                assertToken(token);
+                    || token instanceof KerberosToken) {
                 //ws-trust/ws-sc stuff.......
                 SecurityToken secToken = getSecurityToken();
                 if (secToken == null) {
@@ -483,7 +467,6 @@ public abstract class AbstractBindingBui
             } else if (token instanceof X509Token) {
                 //We have to use a cert
                 //Prepare X509 signature
-                assertToken(token);
                 WSSecSignature sig = getSignatureBuilder(suppTokens, token, endorse);
                 Element bstElem = sig.getBinarySecurityTokenElement();
                 if (bstElem != null) {
@@ -495,7 +478,6 @@ public abstract class AbstractBindingBui
                 }
                 ret.put(token, sig);
             } else if (token instanceof KeyValueToken) {
-                assertToken(token);
                 WSSecSignature sig = getSignatureBuilder(suppTokens, token, endorse);
                 if (suppTokens.isEncryptedToken()) {
                     WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
@@ -697,7 +679,7 @@ public abstract class AbstractBindingBui
 
     protected WSSecUsernameToken addUsernameToken(UsernameToken token) {
         assertToken(token);
-        if (!isRequestor()) {
+        if (!isTokenRequired(token.getIncludeTokenType())) {
             return null;
         }
         
@@ -755,7 +737,7 @@ public abstract class AbstractBindingBui
     
     protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, boolean useMac)
{
         assertToken(token);
-        if (!isRequestor()) {
+        if (!isTokenRequired(token.getIncludeTokenType())) {
             return null;
         }
         
@@ -791,7 +773,7 @@ public abstract class AbstractBindingBui
     
     protected SamlAssertionWrapper addSamlToken(SamlToken token) throws WSSecurityException
{
         assertToken(token);
-        if (!isRequestor()) {
+        if (!isTokenRequired(token.getIncludeTokenType())) {
             return null;
         }
         
@@ -1999,22 +1981,6 @@ public abstract class AbstractBindingBui
         signatures.add(sig.getSignatureValue());
     }
     
-    protected void assertSupportingTokens(List<WSEncryptionPart> sigs) {
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP11Constants.SIGNED_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP11Constants.ENDORSING_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP11Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants
-                                                       .SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP11Constants.SUPPORTING_TOKENS));
-        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS));
-    }
-    
     protected void addSupportingTokens(List<WSEncryptionPart> sigs) throws WSSecurityException
{
         
         Collection<Assertion> sgndSuppTokens = 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -47,7 +47,6 @@ import org.apache.wss4j.policy.SP12Const
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
-import org.apache.wss4j.policy.model.AbstractBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractTokenWrapper;
 import org.apache.wss4j.policy.model.AlgorithmSuite;
@@ -447,26 +446,6 @@ public abstract class AbstractCommonBind
         return null;
     }
     
-    protected AbstractBinding getBinding(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = 
-            getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        ais = getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (ais != null && ais.size() > 0) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        
-        return null;
-    }
-    
     protected boolean isRequestor() {
         return MessageUtils.isRequestor(message);
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -118,14 +118,17 @@ public abstract class AbstractStaxBindin
     protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
     
     private final Map<String, Object> properties;
+    private AbstractBinding binding;
     
     public AbstractStaxBindingHandler(
         Map<String, Object> properties, 
         SoapMessage msg,
+        AbstractBinding binding,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
     ) {
         super(msg);
         this.properties = properties;
+        this.binding = binding;
         this.outboundTokens = outboundTokens;
     }
 
@@ -484,7 +487,6 @@ public abstract class AbstractStaxBindin
     }
     
     protected void configureTimestamp(AssertionInfoMap aim) {
-        AbstractBinding binding = getBinding(aim);
         if (binding != null && binding.isIncludeTimestamp()) {
             timestampAdded = true;
             assertPolicy(new QName(binding.getName().getNamespaceURI(), SPConstants.INCLUDE_TIMESTAMP));
@@ -548,9 +550,6 @@ public abstract class AbstractStaxBindin
             }
         }
         
-        AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        AbstractBinding binding = getBinding(aim);
-        
         config.put(ConfigurationConstants.SIG_KEY_ID, getKeyIdentifierType(wrapper, token));
 
         // Find out do we also need to include the token as per the Inclusion requirement
@@ -655,6 +654,11 @@ public abstract class AbstractStaxBindin
             return ret;
         }
         for (AbstractToken token : suppTokens.getTokens()) {
+            assertToken(token);
+            if (!isTokenRequired(token.getIncludeTokenType())) {
+                continue;
+            }
+            
             if (token instanceof UsernameToken) {
                 handleUsernameTokenSupportingToken(
                     (UsernameToken)token, endorse, suppTokens.isEncryptedToken(), ret
@@ -664,70 +668,9 @@ public abstract class AbstractStaxBindin
                     || token instanceof SecureConversationToken
                     || token instanceof SecurityContextToken
                     || token instanceof KerberosToken)) {
-                //ws-trust/ws-sc stuff.......
-                SecurityToken secToken = getSecurityToken();
-                if (secToken == null) {
-                    policyNotAsserted(token, "Could not find IssuedToken");
-                }
-                Element clone = cloneElement(secToken.getToken());
-                secToken.setToken(clone);
-                addSupportingElement(clone);
-
-                String id = secToken.getId();
-                if (id != null && id.charAt(0) == '#') {
-                    id = id.substring(1);
-                }
-                if (suppTokens.isEncryptedToken()) {
-                    WSEncryptionPart part = new WSEncryptionPart(id, "Element");
-                    part.setElement(clone);
-                    encryptedTokensList.add(part);
-                }
-
-                if (secToken.getX509Certificate() == null) {  
-                    ret.put(token, new WSSecurityTokenHolder(wssConfig, secToken));
-                } else {
-                    WSSecSignature sig = new WSSecSignature(wssConfig);                 
  
-                    sig.setX509Certificate(secToken.getX509Certificate());
-                    sig.setCustomTokenId(id);
-                    sig.setKeyIdentifierType(WSConstants.CUSTOM_KEY_IDENTIFIER);
-                    String tokenType = secToken.getTokenType();
-                    if (WSConstants.WSS_SAML_TOKEN_TYPE.equals(tokenType)
-                        || WSConstants.SAML_NS.equals(tokenType)) {
-                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                    } else if (WSConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType)
-                        || WSConstants.SAML2_NS.equals(tokenType)) {
-                        sig.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
-                    } else if (tokenType != null) {
-                        sig.setCustomTokenValueType(tokenType);
-                    } else {
-                        sig.setCustomTokenValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
-                    }
-                    sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
-                    sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
-
-                    Crypto crypto = secToken.getCrypto();
-                    String uname = null;
-                    try {
-                        uname = crypto.getX509Identifier(secToken.getX509Certificate());
-                    } catch (WSSecurityException e1) {
-                        LOG.log(Level.FINE, e1.getMessage(), e1);
-                        throw new Fault(e1);
-                    }
-
-                    String password = getPassword(uname, token, WSPasswordCallback.Usage.SIGNATURE);
-                    sig.setUserInfo(uname, password);
-                    try {
-                        sig.prepare(saaj.getSOAPPart(), secToken.getCrypto(), secHeader);
-                    } catch (WSSecurityException e) {
-                        LOG.log(Level.FINE, e.getMessage(), e);
-                        throw new Fault(e);
-                    }
-
-                    ret.put(token, sig);                
-                }
 
             } */
-            } else if (isRequestor() && token instanceof IssuedToken) {
+            } else if (token instanceof IssuedToken) {
                 SecurityToken sigTok = getSecurityToken();
                 SecurePart securePart = addIssuedToken((IssuedToken)token, sigTok, signed,
endorse);
                 if (securePart != null) {
@@ -736,7 +679,7 @@ public abstract class AbstractStaxBindin
                         encryptedTokensList.add(securePart);
                     }
                 }
-            } else if (isRequestor() && token instanceof KerberosToken) {
+            } else if (token instanceof KerberosToken) {
                 SecurePart securePart = addKerberosToken((KerberosToken)token, signed, endorse,
false);
                 if (securePart != null) {
                     ret.put(token, securePart);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -327,16 +327,13 @@ public class AsymmetricBindingHandler ex
             sigParts.add(timestampPart);
         }
 
-        if (isRequestor()) {
-            try {
-                addSupportingTokens(sigParts);
-            } catch (WSSecurityException ex) {
-                LOG.log(Level.FINE, ex.getMessage(), ex);
-                policyNotAsserted(encryptionToken, ex);
-            }
-        } else {
-            addSignatureConfirmation(sigParts);
+        try {
+            addSupportingTokens(sigParts);
+        } catch (WSSecurityException ex) {
+            LOG.log(Level.FINE, ex.getMessage(), ex);
+            policyNotAsserted(encryptionToken, ex);
         }
+        addSignatureConfirmation(sigParts);
 
         try {
             if (sigParts.size() > 0) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -71,16 +71,17 @@ public class StaxAsymmetricBindingHandle
     public StaxAsymmetricBindingHandler(
         Map<String, Object> properties, 
         SoapMessage msg,
+        AsymmetricBinding abinding,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
     ) {
-        super(properties, msg, outboundTokens);
+        super(properties, msg, abinding, outboundTokens);
         this.message = msg;
+        this.abinding = abinding;
     }
     
     public void handleBinding() {
         AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
         configureTimestamp(aim);
-        abinding = (AsymmetricBinding)getBinding(aim);
         assertPolicy(abinding.getName());
         
         String asymSignatureAlgorithm = 
@@ -154,7 +155,6 @@ public class StaxAsymmetricBindingHandle
             
             if (isRequestor() && initiatorWrapper != null) {
                 doSignature(initiatorWrapper, sigs);
-                //doEndorse();
             } else if (!isRequestor()) {
                 //confirm sig
                 addSignatureConfirmation(sigs);
@@ -286,9 +286,10 @@ public class StaxAsymmetricBindingHandle
                 throw new Fault(ex);
             }
             
+            addSupportingTokens();
+            
             if (encryptionToken != null && encrParts.size() > 0) {
                 if (isRequestor()) {
-                    addSupportingTokens();
                     encrParts.addAll(encryptedTokensList);
                 } else {
                     addSignatureConfirmation(sigParts);
@@ -311,14 +312,14 @@ public class StaxAsymmetricBindingHandle
                 doEncryption(wrapper, encrParts, true);
             }
             
+            if (timestampAdded) {
+                SecurePart part = 
+                    new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
+                sigParts.add(part);
+            }
+            
             if (sigParts.size() > 0) {
-                if (timestampAdded) {
-                    SecurePart part = 
-                        new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
-                    sigParts.add(part);
-                }
-                
-                if ((sigParts.size() > 0) && initiatorWrapper != null &&
isRequestor()) {
+                if (initiatorWrapper != null && isRequestor()) {
                     doSignature(initiatorWrapper, sigParts);
                 } else if (!isRequestor()) {
                     AbstractTokenWrapper recipientSignatureToken = abinding.getRecipientSignatureToken();
@@ -331,10 +332,6 @@ public class StaxAsymmetricBindingHandle
                         doSignature(recipientSignatureToken, sigParts);
                     }
                 }
-    
-                //if (isRequestor()) {
-                //    doEndorse();
-                //}
             }
         } catch (Exception e) {
             String reason = e.getMessage();

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -81,10 +81,12 @@ public class StaxSymmetricBindingHandler
     public StaxSymmetricBindingHandler(
         Map<String, Object> properties, 
         SoapMessage msg,
+        SymmetricBinding sbinding,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
     ) {
-        super(properties, msg, outboundTokens);
+        super(properties, msg, sbinding, outboundTokens);
         this.message = msg;
+        this.sbinding = sbinding;
     }
     
     private AbstractTokenWrapper getSignatureToken() {
@@ -104,7 +106,6 @@ public class StaxSymmetricBindingHandler
     public void handleBinding() {
         AssertionInfoMap aim = getMessage().get(AssertionInfoMap.class);
         configureTimestamp(aim);
-        sbinding = (SymmetricBinding)getBinding(aim);
         assertPolicy(sbinding.getName());
         
         String asymSignatureAlgorithm = 
@@ -155,8 +156,6 @@ public class StaxSymmetricBindingHandler
             assertTokenWrapper(encryptionWrapper);
             AbstractToken encryptionToken = encryptionWrapper.getToken();
 
-            //The encryption token can be an IssuedToken or a 
-            //SecureConversationToken
             String tokenId = null;
             SecurityToken tok = null;
             if (encryptionToken instanceof KerberosToken) {
@@ -228,9 +227,10 @@ public class StaxSymmetricBindingHandler
                 throw new Fault(ex);
             }
             
+            addSupportingTokens();
+            
             if (encryptionToken != null && encrParts.size() > 0) {
                 if (isRequestor()) {
-                    addSupportingTokens();
                     encrParts.addAll(encryptedTokensList);
                 } else {
                     addSignatureConfirmation(sigParts);
@@ -246,27 +246,25 @@ public class StaxSymmetricBindingHandler
                 }
                 
                 doEncryption(encryptionWrapper, encrParts, true);
-                if (timestampAdded) {
-                    SecurePart part = 
-                        new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
-                    sigParts.add(part);
-                }
-                sigParts.addAll(this.getSignedParts());
+            }
+            
+            if (timestampAdded) {
+                SecurePart part = 
+                    new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);
+                sigParts.add(part);
+            }
+            sigParts.addAll(this.getSignedParts());
                 
+            if (sigParts.size() > 0) {
                 AbstractTokenWrapper sigAbstractTokenWrapper = getSignatureToken();
                 AbstractToken sigToken = sigAbstractTokenWrapper.getToken();
-                if ((sigParts.size() > 0) && sigAbstractTokenWrapper != null &&
isRequestor()) {
+                if (sigAbstractTokenWrapper != null && isRequestor()) {
                     doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
                 } else if (!isRequestor()) {
                     addSignatureConfirmation(sigParts);
-                    if (!sigParts.isEmpty()) {
-                        doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
-                    }
+                    doSignature(sigAbstractTokenWrapper, sigToken, tok, sigParts);
                 }
     
-                //if (isRequestor()) {
-                //    doEndorse();
-                //}
             }
         } catch (RuntimeException ex) {
             throw ex;
@@ -355,21 +353,17 @@ public class StaxSymmetricBindingHandler
             }
             sigs.addAll(this.getSignedParts());
 
-            if (isRequestor()) {
-                if (!sigs.isEmpty()) {
-                    doSignature(sigAbstractTokenWrapper, sigToken, sigTok, sigs);
-                }
-                // doEndorse();
-            } else {
+            if (!isRequestor()) {
                 addSignatureConfirmation(sigs);
-                if (!sigs.isEmpty()) {
-                    doSignature(sigAbstractTokenWrapper, sigToken, sigTok, sigs);
-                }
             }
             
+            if (!sigs.isEmpty()) {
+                doSignature(sigAbstractTokenWrapper, sigToken, sigTok, sigs);
+            }
+            
+            addSupportingTokens();
+            
             if (isRequestor()) {
-                addSupportingTokens();
-                
                 Map<String, Object> config = getProperties();
                 if (config.containsKey(ConfigurationConstants.ACTION)) {
                     String action = (String)config.get(ConfigurationConstants.ACTION);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -37,8 +37,9 @@ import org.apache.cxf.ws.policy.Assertio
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
-import org.apache.cxf.ws.security.wss4j.policyhandlers.AbstractStaxBindingHandler.TokenStoreCallbackHandler;
 import org.apache.wss4j.common.ConfigurationConstants;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -75,9 +76,11 @@ public class StaxTransportBindingHandler
     public StaxTransportBindingHandler(
         Map<String, Object> properties, 
         SoapMessage msg,
+        TransportBinding tbinding,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
     ) {
-        super(properties, msg, outboundTokens);
+        super(properties, msg, tbinding, outboundTokens);
+        this.tbinding = tbinding;
     }
     
     public void handleBinding() {
@@ -85,7 +88,6 @@ public class StaxTransportBindingHandler
         configureTimestamp(aim);
         
         if (this.isRequestor()) {
-            tbinding = (TransportBinding)getBinding(aim);
             if (tbinding != null) {
                 assertPolicy(tbinding.getName());
                 String asymSignatureAlgorithm = 
@@ -128,6 +130,10 @@ public class StaxTransportBindingHandler
             assertWSSProperties(tbinding.getName().getNamespaceURI());
             assertTrustProperties(tbinding.getName().getNamespaceURI());
         }
+        assertPolicy(SP12Constants.SIGNED_PARTS);
+        assertPolicy(SP11Constants.SIGNED_PARTS);
+        assertPolicy(SP12Constants.ENCRYPTED_PARTS);
+        assertPolicy(SP11Constants.ENCRYPTED_PARTS);
     }
     
     /**

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -115,11 +115,6 @@ public class SymmetricBindingHandler ext
         handleLayout(timestamp);
         assertPolicy(sbinding.getName());
         
-        if (isRequestor()) {
-            //Setup required tokens
-            initializeTokens();
-        }
-        
         if (sbinding.getProtectionOrder() 
             == AbstractSymmetricAsymmetricBinding.ProtectionOrder.EncryptBeforeSigning) {
             doEncryptBeforeSign();
@@ -138,22 +133,6 @@ public class SymmetricBindingHandler ext
             new QName(sbinding.getName().getNamespaceURI(), SPConstants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY));
     }
     
-    private void initializeTokens()  {
-        //Setting up encryption token and signature token
-        /*
-        Token sigTok = getSignatureToken().getToken();
-        //Token encrTok = getEncryptionToken().getToken();
-        
-        if (sigTok instanceof IssuedToken) {
-            //IssuedToken issuedToken = (IssuedToken)sigTok;
-            
-            //REVISIT - WS-Trust STS token retrieval
-        } else if (sigTok instanceof SecureConversationToken) {
-            //REVISIT - SecureConversation token retrieval
-        }
-        */
-    }
-    
     private void doEncryptBeforeSign() {
         try {
             AbstractTokenWrapper encryptionWrapper = getEncryptionToken();
@@ -206,7 +185,6 @@ public class SymmetricBindingHandler ext
                 }
     
                 boolean attached = false;
-                
                 if (isTokenRequired(encryptionToken.getIncludeTokenType())) {
                     Element el = tok.getToken();
                     this.addEncryptedKeyElement(cloneElement(el));
@@ -227,9 +205,8 @@ public class SymmetricBindingHandler ext
                     sigParts.add(timestampPart);        
                 }
                 
-                if (isRequestor()) {
-                    this.addSupportingTokens(sigParts);
-                } else {
+                addSupportingTokens(sigParts);
+                if (!isRequestor()) {
                     addSignatureConfirmation(sigParts);
                 }
                 
@@ -359,15 +336,14 @@ public class SymmetricBindingHandler ext
                 sigs.add(timestampPart);        
             }
 
+            addSupportingTokens(sigs);
             if (isRequestor()) {
-                addSupportingTokens(sigs);
                 if (!sigs.isEmpty()) {
                     signatures.add(doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok,
tokIncluded));
                 }
                 doEndorse();
             } else {
                 //confirm sig
-                assertSupportingTokens(sigs);
                 addSignatureConfirmation(sigs);
                 if (!sigs.isEmpty()) {
                     doSignature(sigs, sigAbstractTokenWrapper, sigToken, sigTok, tokIncluded);

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java?rev=1535747&r1=1535746&r2=1535747&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
(original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
Fri Oct 25 14:13:29 2013
@@ -22,6 +22,7 @@ package org.apache.cxf.ws.security.wss4j
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.List;
 import java.util.logging.Level;
 
@@ -54,6 +55,8 @@ import org.apache.wss4j.dom.message.WSSe
 import org.apache.wss4j.dom.message.WSSecTimestamp;
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractToken;
 import org.apache.wss4j.policy.model.AbstractToken.DerivedKeys;
@@ -173,6 +176,10 @@ public class TransportBindingHandler ext
             assertWSSProperties(tbinding.getName().getNamespaceURI());
             assertTrustProperties(tbinding.getName().getNamespaceURI());
         }
+        assertPolicy(SP12Constants.SIGNED_PARTS);
+        assertPolicy(SP11Constants.SIGNED_PARTS);
+        assertPolicy(SP12Constants.ENCRYPTED_PARTS);
+        assertPolicy(SP11Constants.ENCRYPTED_PARTS);
     }
     
     /**
@@ -220,7 +227,7 @@ public class TransportBindingHandler ext
                 SupportingTokens suppTokens = (SupportingTokens)ai.getAssertion();
                 if (suppTokens != null && suppTokens.getTokens() != null 
                     && suppTokens.getTokens().size() > 0) {
-                    handleSupportingTokens(suppTokens, false);
+                    handleSupportingTokens(suppTokens, false, new HashMap<AbstractToken,
Object>());
                 }
                 ai.setAsserted(true);
             }



Mime
View raw message