cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1548603 [1/3] - in /cxf/trunk/rt/ws/security/src: main/java/org/apache/cxf/ws/security/wss4j/ main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/ test/java/org/apache/cxf/ws/security/wss4j/ test/java/org/apache/cxf/ws/security/wss4j...
Date Fri, 06 Dec 2013 17:17:20 GMT
Author: coheigea
Date: Fri Dec  6 17:17:19 2013
New Revision: 1548603

URL: http://svn.apache.org/r1548603
Log:
Largish refactor of streaming security configuration

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/DOMToStaxRoundTripTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageCheckerTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripActionTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxRoundTripTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMEncryptionIdentifierTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMRoundTripTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/StaxToDOMSignatureIdentifierTest.java
    cxf/trunk/rt/ws/security/src/test/java/org/apache/cxf/ws/security/wss4j/saml/StaxToDOMSamlTest.java

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java Fri Dec  6 17:17:19 2013
@@ -58,6 +58,7 @@ import org.apache.wss4j.common.crypto.Pa
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 
@@ -75,111 +76,89 @@ public abstract class AbstractWSS4JStaxI
 
     private Map<String, Object> properties = new ConcurrentHashMap<String, Object>();
     private Map<String, Crypto> cryptos = new ConcurrentHashMap<String, Crypto>();
-    private WSSSecurityProperties securityProperties;
+    private WSSSecurityProperties userSecurityProperties;
     private Set<String> before = new HashSet<String>();
     private Set<String> after = new HashSet<String>();
     private String phase;
     private String id;
     
-    public AbstractWSS4JStaxInterceptor() {
+    public AbstractWSS4JStaxInterceptor(WSSSecurityProperties securityProperties) {
         super();
         id = getClass().getName();
+        userSecurityProperties = securityProperties;
     }
     
     public AbstractWSS4JStaxInterceptor(Map<String, Object> properties) {
-        this();
-        this.properties.putAll(properties);
+        super();
+        id = getClass().getName();
+        this.properties = properties;
+    }
+
+    protected WSSSecurityProperties createSecurityProperties() {
+        if (userSecurityProperties != null) {
+            return new WSSSecurityProperties(userSecurityProperties);
+        } else {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            ConfigurationConverter.parseActions(properties, securityProperties);
+            ConfigurationConverter.parseUserProperties(properties, securityProperties);
+            ConfigurationConverter.parseCallback(properties, securityProperties);
+            ConfigurationConverter.parseBooleanProperties(properties, securityProperties);
+            ConfigurationConverter.parseNonBooleanProperties(properties, securityProperties);
+            return securityProperties;
+        }
     }
     
-    protected void translateProperties(SoapMessage msg) {
+    protected void translateProperties(SoapMessage msg, WSSSecurityProperties securityProperties) {
         String bspCompliant = (String)msg.getContextualProperty(SecurityConstants.IS_BSP_COMPLIANT);
         if (bspCompliant != null) {
-            if (securityProperties != null) {
-                securityProperties.setDisableBSPEnforcement(Boolean.valueOf(bspCompliant));
-            } else {
-                properties.put(ConfigurationConstants.IS_BSP_COMPLIANT, bspCompliant);
-            }
+            securityProperties.setDisableBSPEnforcement(!Boolean.valueOf(bspCompliant));
         }
+        
         String futureTTL = 
             (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_FUTURE_TTL);
         if (futureTTL != null) {
-            if (securityProperties != null) {
-                securityProperties.setTimeStampFutureTTL(Integer.parseInt(futureTTL));
-            } else {
-                properties.put(ConfigurationConstants.TTL_FUTURE_TIMESTAMP, futureTTL);
-            }
+            securityProperties.setTimeStampFutureTTL(Integer.parseInt(futureTTL));
         }
+        
         String ttl = 
             (String)msg.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
         if (ttl != null) {
-            if (securityProperties != null) {
-                securityProperties.setTimestampTTL(Integer.parseInt(ttl));
-            } else {
-                properties.put(ConfigurationConstants.TTL_TIMESTAMP, ttl);
-            }
+            securityProperties.setTimestampTTL(Integer.parseInt(ttl));
         }
         
         String utFutureTTL = 
             (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_FUTURE_TTL);
         if (utFutureTTL != null) {
-            if (securityProperties != null) {
-                securityProperties.setUtFutureTTL(Integer.parseInt(utFutureTTL));
-            } else {
-                properties.put(ConfigurationConstants.TTL_FUTURE_USERNAMETOKEN, utFutureTTL);
-            }
+            securityProperties.setUtFutureTTL(Integer.parseInt(utFutureTTL));
         }
+        
         String utTTL = 
             (String)msg.getContextualProperty(SecurityConstants.USERNAMETOKEN_TTL);
         if (utTTL != null) {
-            if (securityProperties != null) {
-                securityProperties.setUtTTL(Integer.parseInt(utTTL));
-            } else {
-                properties.put(ConfigurationConstants.TTL_USERNAMETOKEN, utTTL);
-            }
+            securityProperties.setUtTTL(Integer.parseInt(utTTL));
         }
         
         String certConstraints = 
             (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
         if (certConstraints != null) {
-            if (securityProperties != null) {
-                securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
-            } else {
-                properties.put(ConfigurationConstants.SIG_SUBJECT_CERT_CONSTRAINTS, certConstraints);
-            }
+            securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
         }
         
         // Now set SAML SenderVouches + Holder Of Key requirements
         String validateSAMLSubjectConf = 
             (String)msg.getContextualProperty(SecurityConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION);
         if (validateSAMLSubjectConf != null) {
-            if (securityProperties != null) {
-                securityProperties.setValidateSamlSubjectConfirmation(Boolean.valueOf(validateSAMLSubjectConf));
-            } else {
-                properties.put(ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, 
-                               validateSAMLSubjectConf);
-            }
+            securityProperties.setValidateSamlSubjectConfirmation(Boolean.valueOf(validateSAMLSubjectConf));
         }
         
         String actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
         if (actor != null) {
-            if (securityProperties != null) {
-                securityProperties.setActor(actor);
-            } else {
-                properties.put(ConfigurationConstants.ACTOR, actor);
-            }
+            securityProperties.setActor(actor);
         }
         
         boolean mustUnderstand = 
             MessageUtils.getContextualBoolean(msg, SecurityConstants.MUST_UNDERSTAND, true);
-        if (properties != null) {
-            properties.put(ConfigurationConstants.MUST_UNDERSTAND, Boolean.toString(mustUnderstand));
-        }
-        
-        PasswordEncryptor passwordEncryptor = 
-            (PasswordEncryptor)msg.getContextualProperty(SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE);
-        if (passwordEncryptor != null && securityProperties == null) {
-            properties.put(ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE, passwordEncryptor);
-        }
+        securityProperties.setMustUnderstand(mustUnderstand);
     }
     
     private  Collection<Pattern> convertCertConstraints(String certConstraints) {
@@ -200,7 +179,9 @@ public abstract class AbstractWSS4JStaxI
         return null;
     }
     
-    protected void configureCallbackHandler(SoapMessage soapMessage) throws WSSecurityException {
+    protected void configureCallbackHandler(
+        SoapMessage soapMessage, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
         Object o = soapMessage.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
         if (o instanceof String) {
             try {
@@ -228,13 +209,7 @@ public abstract class AbstractWSS4JStaxI
         }
         
         if (o instanceof CallbackHandler) {
-            Map<String, Object> config = getProperties();
-            
-            if (securityProperties != null) {
-                securityProperties.setCallbackHandler((CallbackHandler)o);
-            } else {
-                config.put(ConfigurationConstants.PW_CALLBACK_REF, (CallbackHandler)o);
-            }
+            securityProperties.setCallbackHandler((CallbackHandler)o);
         }
     }
     
@@ -323,14 +298,6 @@ public abstract class AbstractWSS4JStaxI
         return MessageUtils.isRequestor(message);
     }
 
-    public WSSSecurityProperties getSecurityProperties() {
-        return securityProperties;
-    }
-
-    public void setSecurityProperties(WSSSecurityProperties securityProperties) {
-        this.securityProperties = securityProperties;
-    }  
-    
     /**
      * Load a Crypto instance. Firstly, it tries to use the cryptoPropertyRefId tag to retrieve
      * a Crypto object via a custom reference Id. Failing this, it tries to load the crypto 
@@ -339,7 +306,8 @@ public abstract class AbstractWSS4JStaxI
     protected Crypto loadCrypto(
         SoapMessage soapMessage,
         String cryptoPropertyFile,
-        String cryptoPropertyRefId
+        String cryptoPropertyRefId,
+        WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Crypto crypto = null;
         
@@ -354,7 +322,7 @@ public abstract class AbstractWSS4JStaxI
                 if (obj instanceof Properties) {
                     crypto = CryptoFactory.getInstance((Properties)obj, 
                                                        getClassLoader(),
-                                                       getPasswordEncryptor(soapMessage));
+                                                       getPasswordEncryptor(soapMessage, securityProperties));
                     cryptos.put(refId, crypto);
                 } else if (obj instanceof Crypto) {
                     crypto = (Crypto)obj;
@@ -376,7 +344,7 @@ public abstract class AbstractWSS4JStaxI
             if (propFile != null) {
                 crypto = cryptos.get(propFile);
                 if (crypto == null) {
-                    crypto = loadCryptoFromPropertiesFile(soapMessage, propFile);
+                    crypto = loadCryptoFromPropertiesFile(soapMessage, propFile, securityProperties);
                     cryptos.put(propFile, crypto);
                 }
                 if (crypto == null) {
@@ -392,7 +360,7 @@ public abstract class AbstractWSS4JStaxI
     }
     
     protected Crypto loadCryptoFromPropertiesFile(
-        SoapMessage soapMessage, String propFilename
+        SoapMessage soapMessage, String propFilename, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         ClassLoaderHolder orig = null;
         try {
@@ -413,7 +381,7 @@ public abstract class AbstractWSS4JStaxI
                     props.load(in);
                     in.close();
                     return CryptoFactory.getInstance(props, getClassLoader(), 
-                                                     getPasswordEncryptor(soapMessage));
+                                                     getPasswordEncryptor(soapMessage, securityProperties));
                 }
             } catch (Exception e) {
                 //ignore
@@ -426,7 +394,9 @@ public abstract class AbstractWSS4JStaxI
         }
     }
     
-    protected PasswordEncryptor getPasswordEncryptor(SoapMessage soapMessage) {
+    protected PasswordEncryptor getPasswordEncryptor(
+        SoapMessage soapMessage, WSSSecurityProperties securityProperties
+    ) {
         PasswordEncryptor passwordEncryptor = 
             (PasswordEncryptor)soapMessage.getContextualProperty(
                 SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE
@@ -434,13 +404,12 @@ public abstract class AbstractWSS4JStaxI
         if (passwordEncryptor != null) {
             return passwordEncryptor;
         }
-        
-        CallbackHandler callbackHandler = null;
-        if (securityProperties != null) {
-            callbackHandler = securityProperties.getCallbackHandler();
-        } else {
+
+        CallbackHandler callbackHandler = securityProperties.getCallbackHandler();
+        if (callbackHandler == null) {
             callbackHandler = (CallbackHandler)getProperties().get(ConfigurationConstants.PW_CALLBACK_REF);
         }
+
         if (callbackHandler != null) {
             return new JasyptPasswordEncryptor(callbackHandler);
         }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java Fri Dec  6 17:17:19 2013
@@ -159,7 +159,7 @@ public class PolicyBasedWSS4JStaxInInter
     }
 
     private void checkAsymmetricBinding(
-        AssertionInfoMap aim, SoapMessage message
+        AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Collection<AssertionInfo> ais = 
             getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
@@ -176,12 +176,12 @@ public class PolicyBasedWSS4JStaxInInter
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
         Crypto signCrypto = null;
         if (e != null && e.equals(s)) {
             signCrypto = encrCrypto;
         } else {
-            signCrypto = getSignatureCrypto(s, message);
+            signCrypto = getSignatureCrypto(s, message, securityProperties);
         }
         
         if (signCrypto != null) {
@@ -199,7 +199,7 @@ public class PolicyBasedWSS4JStaxInInter
     }
     
     private void checkTransportBinding(
-        AssertionInfoMap aim, SoapMessage message
+        AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws XMLSecurityException {
         boolean transportPolicyInEffect = 
             !getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING).isEmpty();
@@ -235,12 +235,12 @@ public class PolicyBasedWSS4JStaxInInter
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
 
-        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
         Crypto signCrypto = null;
         if (e != null && e.equals(s)) {
             signCrypto = encrCrypto;
         } else {
-            signCrypto = getSignatureCrypto(s, message);
+            signCrypto = getSignatureCrypto(s, message, securityProperties);
         }
 
         if (signCrypto != null) {
@@ -270,7 +270,7 @@ public class PolicyBasedWSS4JStaxInInter
     }
     
     private void checkSymmetricBinding(
-        AssertionInfoMap aim, SoapMessage message
+        AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Collection<AssertionInfo> ais = 
             getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
@@ -287,12 +287,12 @@ public class PolicyBasedWSS4JStaxInInter
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
         Crypto signCrypto = null;
         if (e != null && e.equals(s)) {
             signCrypto = encrCrypto;
         } else {
-            signCrypto = getSignatureCrypto(s, message);
+            signCrypto = getSignatureCrypto(s, message, securityProperties);
         }
         
         if (isRequestor(message)) {
@@ -334,7 +334,9 @@ public class PolicyBasedWSS4JStaxInInter
         }
     }
     
-    private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException {
+    private Crypto getEncryptionCrypto(
+        Object e, SoapMessage message, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
         Crypto encrCrypto = null;
         if (e instanceof Crypto) {
             encrCrypto = (Crypto)e;
@@ -349,7 +351,7 @@ public class PolicyBasedWSS4JStaxInInter
             
             encrCrypto = CryptoFactory.getInstance(props, 
                                                    Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message));
+                                                   getPasswordEncryptor(message, securityProperties));
 
             EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
             synchronized (info) {
@@ -359,7 +361,9 @@ public class PolicyBasedWSS4JStaxInInter
         return encrCrypto;
     }
     
-    private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
+    private Crypto getSignatureCrypto(
+        Object s, SoapMessage message, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
         Crypto signCrypto = null;
         if (s instanceof Crypto) {
             signCrypto = (Crypto)s;
@@ -374,7 +378,7 @@ public class PolicyBasedWSS4JStaxInInter
             
             signCrypto = CryptoFactory.getInstance(props,
                                                    Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message));
+                                                   getPasswordEncryptor(message, securityProperties));
 
             EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
             synchronized (info) {
@@ -385,11 +389,13 @@ public class PolicyBasedWSS4JStaxInInter
     }
     
     @Override
-    protected void configureProperties(SoapMessage msg) throws XMLSecurityException {
+    protected void configureProperties(
+        SoapMessage msg, WSSSecurityProperties securityProperties
+    ) throws XMLSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
-        checkAsymmetricBinding(aim, msg);
-        checkSymmetricBinding(aim, msg);
-        checkTransportBinding(aim, msg);
+        checkAsymmetricBinding(aim, msg, securityProperties);
+        checkSymmetricBinding(aim, msg, securityProperties);
+        checkTransportBinding(aim, msg, securityProperties);
         
         // Allow for setting non-standard asymmetric signature algorithms
         String asymSignatureAlgorithm = 
@@ -405,14 +411,14 @@ public class PolicyBasedWSS4JStaxInInter
             }
         }
         
-        super.configureProperties(msg);
+        super.configureProperties(msg, securityProperties);
     }
     
     /**
      * Is a Nonce Cache required, i.e. are we expecting a UsernameToken 
      */
     @Override
-    protected boolean isNonceCacheRequired(SoapMessage msg) {
+    protected boolean isNonceCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
             Collection<AssertionInfo> ais = 
@@ -430,7 +436,7 @@ public class PolicyBasedWSS4JStaxInInter
      * Is a Timestamp cache required, i.e. are we expecting a Timestamp 
      */
     @Override
-    protected boolean isTimestampCacheRequired(SoapMessage msg) {
+    protected boolean isTimestampCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
             Collection<AssertionInfo> ais = 
@@ -448,7 +454,7 @@ public class PolicyBasedWSS4JStaxInInter
      * Is a SAML Cache required, i.e. are we expecting a SAML Token 
      */
     @Override
-    protected boolean isSamlCacheRequired(SoapMessage msg) {
+    protected boolean isSamlCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
             Collection<AssertionInfo> ais = 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java Fri Dec  6 17:17:19 2013
@@ -58,6 +58,7 @@ import org.apache.wss4j.policy.SPConstan
 import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.SymmetricBinding;
 import org.apache.wss4j.policy.model.TransportBinding;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
 import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 
@@ -145,7 +146,7 @@ public class PolicyBasedWSS4JStaxOutInte
     }
 
     private void checkAsymmetricBinding(
-        AssertionInfoMap aim, SoapMessage message
+        AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
         if (s == null) {
@@ -156,12 +157,12 @@ public class PolicyBasedWSS4JStaxOutInte
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
         Crypto signCrypto = null;
         if (e != null && e.equals(s)) {
             signCrypto = encrCrypto;
         } else {
-            signCrypto = getSignatureCrypto(s, message);
+            signCrypto = getSignatureCrypto(s, message, securityProperties);
         }
         
         if (signCrypto != null) {
@@ -179,7 +180,7 @@ public class PolicyBasedWSS4JStaxOutInte
     }
     
     private void checkTransportBinding(
-        AssertionInfoMap aim, SoapMessage message
+        AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
         if (s == null) {
@@ -190,12 +191,12 @@ public class PolicyBasedWSS4JStaxOutInte
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
         Crypto signCrypto = null;
         if (e != null && e.equals(s)) {
             signCrypto = encrCrypto;
         } else {
-            signCrypto = getSignatureCrypto(s, message);
+            signCrypto = getSignatureCrypto(s, message, securityProperties);
         }
         
         if (signCrypto != null) {
@@ -213,7 +214,7 @@ public class PolicyBasedWSS4JStaxOutInte
     }
     
     private void checkSymmetricBinding(
-        AssertionInfoMap aim, SoapMessage message
+        AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Object s = message.getContextualProperty(SecurityConstants.SIGNATURE_CRYPTO);
         if (s == null) {
@@ -224,12 +225,12 @@ public class PolicyBasedWSS4JStaxOutInte
             e = message.getContextualProperty(SecurityConstants.ENCRYPT_PROPERTIES);
         }
         
-        Crypto encrCrypto = getEncryptionCrypto(e, message);
+        Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
         Crypto signCrypto = null;
         if (e != null && e.equals(s)) {
             signCrypto = encrCrypto;
         } else {
-            signCrypto = getSignatureCrypto(s, message);
+            signCrypto = getSignatureCrypto(s, message, securityProperties);
         }
         
         if (isRequestor(message)) {
@@ -271,7 +272,9 @@ public class PolicyBasedWSS4JStaxOutInte
         }
     }
     
-    private Crypto getEncryptionCrypto(Object e, SoapMessage message) throws WSSecurityException {
+    private Crypto getEncryptionCrypto(
+        Object e, SoapMessage message, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
         Crypto encrCrypto = null;
         if (e instanceof Crypto) {
             encrCrypto = (Crypto)e;
@@ -286,7 +289,7 @@ public class PolicyBasedWSS4JStaxOutInte
             
             encrCrypto = CryptoFactory.getInstance(props,
                                                    Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message));
+                                                   getPasswordEncryptor(message, securityProperties));
 
             EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
             synchronized (info) {
@@ -296,7 +299,9 @@ public class PolicyBasedWSS4JStaxOutInte
         return encrCrypto;
     }
     
-    private Crypto getSignatureCrypto(Object s, SoapMessage message) throws WSSecurityException {
+    private Crypto getSignatureCrypto(
+        Object s, SoapMessage message, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
         Crypto signCrypto = null;
         if (s instanceof Crypto) {
             signCrypto = (Crypto)s;
@@ -311,7 +316,7 @@ public class PolicyBasedWSS4JStaxOutInte
             
             signCrypto = CryptoFactory.getInstance(props,
                                                    Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message));
+                                                   getPasswordEncryptor(message, securityProperties));
 
             EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
             synchronized (info) {
@@ -323,42 +328,43 @@ public class PolicyBasedWSS4JStaxOutInte
     
     @Override
     protected void configureProperties(
-        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens,
+        WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         
         Collection<AssertionInfo> asymAis = 
             getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
         if (!asymAis.isEmpty()) {
-            checkAsymmetricBinding(aim, msg);
+            checkAsymmetricBinding(aim, msg, securityProperties);
         }
         
         Collection<AssertionInfo> symAis = 
             getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
         if (!symAis.isEmpty()) {
-            checkSymmetricBinding(aim, msg);
+            checkSymmetricBinding(aim, msg, securityProperties);
         }
         
         Collection<AssertionInfo> transAis = 
             getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
         if (!transAis.isEmpty()) {
-            checkTransportBinding(aim, msg);
+            checkTransportBinding(aim, msg, securityProperties);
         }
         
-        super.configureProperties(msg, outboundTokens);
+        super.configureProperties(msg, outboundTokens, securityProperties);
         
         if (!transAis.isEmpty()) {
             TransportBinding binding = (TransportBinding)transAis.iterator().next().getAssertion();
-            new StaxTransportBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+            new StaxTransportBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
         } else if (!asymAis.isEmpty()) {
             AsymmetricBinding binding = (AsymmetricBinding)asymAis.iterator().next().getAssertion();
-            new StaxAsymmetricBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+            new StaxAsymmetricBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
         } else if (!symAis.isEmpty()) {
             SymmetricBinding binding = (SymmetricBinding)symAis.iterator().next().getAssertion();
-            new StaxSymmetricBindingHandler(getProperties(), msg, binding, outboundTokens).handleBinding();
+            new StaxSymmetricBindingHandler(securityProperties, msg, binding, outboundTokens).handleBinding();
         } else {
             // Fall back to Transport Binding
-            new StaxTransportBindingHandler(getProperties(), msg, null, outboundTokens).handleBinding();
+            new StaxTransportBindingHandler(securityProperties, msg, null, outboundTokens).handleBinding();
         }
         
     }

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxActionInInterceptor.java Fri Dec  6 17:17:19 2013
@@ -31,6 +31,7 @@ import org.apache.cxf.phase.Phase;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants;
 import org.apache.xml.security.stax.securityEvent.SecurityEvent;
 import org.apache.xml.security.stax.securityEvent.SecurityEventConstants.Event;
 
@@ -44,9 +45,9 @@ public class StaxActionInInterceptor ext
     private static final Logger LOG = 
         LogUtils.getL7dLogger(StaxActionInInterceptor.class);
                                                             
-    private final List<String> inActions;
+    private final List<XMLSecurityConstants.Action> inActions;
     
-    public StaxActionInInterceptor(List<String> inActions) {
+    public StaxActionInInterceptor(List<XMLSecurityConstants.Action> inActions) {
         super(Phase.PRE_PROTOCOL);
         this.inActions = inActions;
         this.getBefore().add(StaxSecurityContextInInterceptor.class.getName());
@@ -55,7 +56,7 @@ public class StaxActionInInterceptor ext
     @Override
     public void handleMessage(SoapMessage soapMessage) throws Fault {
         
-        if (inActions == null || inActions.isEmpty()) {
+        if (inActions == null || inActions.size() == 0) {
             return;
         }
         
@@ -70,16 +71,16 @@ public class StaxActionInInterceptor ext
             throw createSoapFault(soapMessage.getVersion(), ex);
         }
         
-        for (String action : inActions) {
+        for (XMLSecurityConstants.Action action : inActions) {
             Event requiredEvent = null;
-            if (WSSConstants.TIMESTAMP.getName().equals(action)) {
+            if (WSSConstants.TIMESTAMP.equals(action)) {
                 requiredEvent = WSSecurityEventConstants.Timestamp;
-            } else if (WSSConstants.USERNAMETOKEN.getName().equals(action)) {
+            } else if (WSSConstants.USERNAMETOKEN.equals(action)) {
                 requiredEvent = WSSecurityEventConstants.UsernameToken;
-            } else if (WSSConstants.SIGNATURE.getName().equals(action)) {
+            } else if (WSSConstants.SIGNATURE.equals(action)) {
                 requiredEvent = WSSecurityEventConstants.SignatureValue;
-            } else if (WSSConstants.SAML_TOKEN_SIGNED.getName().equals(action)
-                || WSSConstants.SAML_TOKEN_UNSIGNED.getName().equals(action)) {
+            } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action)
+                || WSSConstants.SAML_TOKEN_UNSIGNED.equals(action)) {
                 requiredEvent = WSSecurityEventConstants.SamlToken;
             }
             
@@ -91,7 +92,7 @@ public class StaxActionInInterceptor ext
                 throw createSoapFault(soapMessage.getVersion(), ex);
             }
             
-            if (WSSConstants.ENCRYPT.getName().equals(action)) {
+            if (WSSConstants.ENCRYPT.equals(action)) {
                 boolean foundEncryptionPart = 
                     isEventInResults(WSSecurityEventConstants.EncryptedPart, incomingSecurityEventList);
                 if (!foundEncryptionPart) {

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java Fri Dec  6 17:17:19 2013
@@ -19,7 +19,6 @@
 package org.apache.cxf.ws.security.wss4j;
 
 import java.io.IOException;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
@@ -66,26 +65,16 @@ public class WSS4JStaxInInterceptor exte
     
     private static final Logger LOG = LogUtils.getL7dLogger(WSS4JStaxInInterceptor.class);
     
-    private List<String> actions;
-    
     public WSS4JStaxInInterceptor(WSSSecurityProperties securityProperties) {
-        super();
+        super(securityProperties);
         setPhase(Phase.POST_STREAM);
         getAfter().add(StaxInInterceptor.class.getName());
-        setSecurityProperties(securityProperties);
     }
     
     public WSS4JStaxInInterceptor(Map<String, Object> props) {
         super(props);
         setPhase(Phase.POST_STREAM);
         getAfter().add(StaxInInterceptor.class.getName());
-        if (props != null && props.containsKey(ConfigurationConstants.ACTION)) {
-            Object actionObject = props.get(ConfigurationConstants.ACTION);
-            if (actionObject instanceof String) {
-                String[] actionArray = ((String)actionObject).split(" ");
-                this.actions = Arrays.asList(actionArray);
-            }
-        }
     }
 
     public final boolean isGET(SoapMessage message) {
@@ -111,25 +100,20 @@ public class WSS4JStaxInInterceptor exte
 
         soapMessage.getInterceptorChain().add(new StaxSecurityContextInInterceptor());
         
-        if (actions != null && !actions.isEmpty()) {
-            soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(actions));
-        }
-        
         try {
             @SuppressWarnings("unchecked")
             List<SecurityEvent> requestSecurityEvents = 
                 (List<SecurityEvent>) soapMessage.getExchange().get(SecurityEvent.class.getName() + ".out");
             
-            translateProperties(soapMessage);
-            configureCallbackHandler(soapMessage);
-            configureProperties(soapMessage);
+            WSSSecurityProperties secProps = createSecurityProperties();
+            translateProperties(soapMessage, secProps);
+            configureCallbackHandler(soapMessage, secProps);
+            configureProperties(soapMessage, secProps);
             
             InboundWSSec inboundWSSec = null;
-            WSSSecurityProperties secProps = null;
-            if (getSecurityProperties() != null) {
-                secProps = getSecurityProperties();
-            } else {
-                secProps = ConfigurationConverter.convert(getProperties());
+            
+            if (secProps.getActions() != null && secProps.getActions().size() > 0) {
+                soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(secProps.getActions()));
             }
             
             if (secProps.getAttachmentCallbackHandler() == null) {
@@ -187,99 +171,67 @@ public class WSS4JStaxInInterceptor exte
         return Collections.singletonList(securityEventListener);
     }
     
-    protected void configureProperties(SoapMessage msg) throws XMLSecurityException {
-        WSSSecurityProperties securityProperties = getSecurityProperties();
-        Map<String, Object> config = getProperties();
+    protected void configureProperties(
+        SoapMessage msg, WSSSecurityProperties securityProperties
+    ) throws XMLSecurityException {
         
         // Configure replay caching
         ReplayCache nonceCache = null;
-        if (isNonceCacheRequired(msg)) {
+        if (isNonceCacheRequired(msg, securityProperties)) {
             nonceCache = WSS4JUtils.getReplayCache(
                 msg, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE
             );
         }
         if (nonceCache == null) {
-            if (config != null) {
-                config.put(ConfigurationConstants.ENABLE_NONCE_CACHE, "false");
-                config.remove(ConfigurationConstants.NONCE_CACHE_INSTANCE);
-            } else {
-                securityProperties.setEnableNonceReplayCache(false);
-                securityProperties.setNonceReplayCache(null);
-            }
+            securityProperties.setEnableNonceReplayCache(false);
+            securityProperties.setNonceReplayCache(null);
         } else {
-            if (config != null) {
-                config.put(ConfigurationConstants.ENABLE_NONCE_CACHE, "true");
-                config.put(ConfigurationConstants.NONCE_CACHE_INSTANCE, nonceCache);
-            } else {
-                securityProperties.setEnableNonceReplayCache(true);
-                securityProperties.setNonceReplayCache(nonceCache);
-            }
+            securityProperties.setEnableNonceReplayCache(true);
+            securityProperties.setNonceReplayCache(nonceCache);
         }
         
         ReplayCache timestampCache = null;
-        if (isTimestampCacheRequired(msg)) {
+        if (isTimestampCacheRequired(msg, securityProperties)) {
             timestampCache = WSS4JUtils.getReplayCache(
                 msg, SecurityConstants.ENABLE_TIMESTAMP_CACHE, SecurityConstants.TIMESTAMP_CACHE_INSTANCE
             );
         }
         if (timestampCache == null) {
-            if (config != null) {
-                config.put(ConfigurationConstants.ENABLE_TIMESTAMP_CACHE, "false");
-                config.remove(ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE);
-            } else {
-                securityProperties.setEnableTimestampReplayCache(false);
-                securityProperties.setTimestampReplayCache(null);
-            }
+            securityProperties.setEnableTimestampReplayCache(false);
+            securityProperties.setTimestampReplayCache(null);
         } else {
-            if (config != null) {
-                config.put(ConfigurationConstants.ENABLE_TIMESTAMP_CACHE, "true");
-                config.put(ConfigurationConstants.TIMESTAMP_CACHE_INSTANCE, timestampCache);
-            } else {
-                securityProperties.setEnableTimestampReplayCache(true);
-                securityProperties.setTimestampReplayCache(timestampCache);
-            }
+            securityProperties.setEnableTimestampReplayCache(true);
+            securityProperties.setTimestampReplayCache(timestampCache);
         }
         
         ReplayCache samlCache = null;
-        if (isSamlCacheRequired(msg)) {
+        if (isSamlCacheRequired(msg, securityProperties)) {
             samlCache = WSS4JUtils.getReplayCache(
                 msg, SecurityConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, 
                 SecurityConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE
             );
         }
         if (samlCache == null) {
-            if (config != null) {
-                config.put(ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, "false");
-                config.remove(ConfigurationConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE);
-            } else {
-                securityProperties.setEnableSamlOneTimeUseReplayCache(false);
-                securityProperties.setSamlOneTimeUseReplayCache(null);
-            }
+            securityProperties.setEnableSamlOneTimeUseReplayCache(false);
+            securityProperties.setSamlOneTimeUseReplayCache(null);
         } else {
-            if (config != null) {
-                config.put(ConfigurationConstants.ENABLE_SAML_ONE_TIME_USE_CACHE, "true");
-                config.put(ConfigurationConstants.SAML_ONE_TIME_USE_CACHE_INSTANCE, samlCache);
-            } else {
-                securityProperties.setEnableSamlOneTimeUseReplayCache(true);
-                securityProperties.setSamlOneTimeUseReplayCache(samlCache);
-            }
+            securityProperties.setEnableSamlOneTimeUseReplayCache(true);
+            securityProperties.setSamlOneTimeUseReplayCache(samlCache);
         }
         
         boolean enableRevocation = 
             MessageUtils.isTrue(msg.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
-        if (securityProperties != null) {
-            securityProperties.setEnableRevocation(enableRevocation);
-        } else {
-            config.put(ConfigurationConstants.ENABLE_REVOCATION, Boolean.toString(enableRevocation));
-        }
+        securityProperties.setEnableRevocation(enableRevocation);
         
         // Crypto loading only applies for Map
+        Map<String, Object> config = getProperties();
         if (config != null) {
             Crypto sigVerCrypto = 
                 loadCrypto(
                     msg,
                     ConfigurationConstants.SIG_VER_PROP_FILE,
-                    ConfigurationConstants.SIG_VER_PROP_REF_ID
+                    ConfigurationConstants.SIG_VER_PROP_REF_ID,
+                    securityProperties
                 );
             if (sigVerCrypto == null) {
                 // Fall back to using the Signature properties for verification
@@ -287,7 +239,8 @@ public class WSS4JStaxInInterceptor exte
                     loadCrypto(
                         msg,
                         ConfigurationConstants.SIG_PROP_FILE,
-                        ConfigurationConstants.SIG_PROP_REF_ID
+                        ConfigurationConstants.SIG_PROP_REF_ID,
+                        securityProperties
                     );
             }
             if (sigVerCrypto != null) {
@@ -299,31 +252,28 @@ public class WSS4JStaxInInterceptor exte
                 loadCrypto(
                     msg,
                     ConfigurationConstants.DEC_PROP_FILE,
-                    ConfigurationConstants.DEC_PROP_REF_ID
+                    ConfigurationConstants.DEC_PROP_REF_ID,
+                    securityProperties
                 );
             if (decCrypto != null) {
                 config.put(ConfigurationConstants.DEC_PROP_REF_ID, "RefId-" + decCrypto.hashCode());
                 config.put("RefId-" + decCrypto.hashCode(), decCrypto);
             }
+            ConfigurationConverter.parseCrypto(config, securityProperties);
         }
     }
     
     /**
      * Is a Nonce Cache required, i.e. are we expecting a UsernameToken 
      */
-    protected boolean isNonceCacheRequired(SoapMessage msg) {
-        WSSSecurityProperties securityProperties = getSecurityProperties();
+    protected boolean isNonceCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         
-        if (securityProperties != null && securityProperties.getOutAction() != null) {
-            for (WSSConstants.Action action : securityProperties.getOutAction()) {
+        if (securityProperties != null && securityProperties.getActions() != null) {
+            for (WSSConstants.Action action : securityProperties.getActions()) {
                 if (action == WSSConstants.USERNAMETOKEN) {
                     return true;
                 }
             }
-        } else if (actions != null 
-            && (actions.contains(ConfigurationConstants.USERNAME_TOKEN)
-                || actions.contains(ConfigurationConstants.USERNAME_TOKEN_NO_PASSWORD))) {
-            return true;
         }
         
         return false;
@@ -332,17 +282,16 @@ public class WSS4JStaxInInterceptor exte
     /**
      * Is a Timestamp cache required, i.e. are we expecting a Timestamp 
      */
-    protected boolean isTimestampCacheRequired(SoapMessage msg) {
-        WSSSecurityProperties securityProperties = getSecurityProperties();
+    protected boolean isTimestampCacheRequired(
+        SoapMessage msg, WSSSecurityProperties securityProperties
+    ) {
         
-        if (securityProperties != null && securityProperties.getOutAction() != null) {
-            for (WSSConstants.Action action : securityProperties.getOutAction()) {
+        if (securityProperties != null && securityProperties.getActions() != null) {
+            for (WSSConstants.Action action : securityProperties.getActions()) {
                 if (action == WSSConstants.TIMESTAMP) {
                     return true;
                 }
             }
-        } else if (actions != null && actions.contains(ConfigurationConstants.TIMESTAMP)) {
-            return true;
         }
         
         return false;
@@ -351,19 +300,15 @@ public class WSS4JStaxInInterceptor exte
     /**
      * Is a SAML Cache required, i.e. are we expecting a SAML Token 
      */
-    protected boolean isSamlCacheRequired(SoapMessage msg) {
-        WSSSecurityProperties securityProperties = getSecurityProperties();
+    protected boolean isSamlCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         
-        if (securityProperties != null && securityProperties.getOutAction() != null) {
-            for (WSSConstants.Action action : securityProperties.getOutAction()) {
+        if (securityProperties != null && securityProperties.getActions() != null) {
+            for (WSSConstants.Action action : securityProperties.getActions()) {
                 if (action == WSSConstants.SAML_TOKEN_UNSIGNED 
                     || action == WSSConstants.SAML_TOKEN_SIGNED) {
                     return true;
                 }
             }
-        } else if (actions != null && (actions.contains(ConfigurationConstants.SAML_TOKEN_UNSIGNED)
-            || actions.contains(ConfigurationConstants.SAML_TOKEN_SIGNED))) {
-            return true;
         }
         
         return false;
@@ -452,14 +397,6 @@ public class WSS4JStaxInInterceptor exte
         return null;
     }
 
-    public List<String> getActions() {
-        return actions;
-    }
-
-    public void setActions(List<String> actions) {
-        this.actions = actions;
-    }
-    
     private class TokenStoreCallbackHandler implements CallbackHandler {
         private CallbackHandler internal;
         private TokenStore store;

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java Fri Dec  6 17:17:19 2013
@@ -72,12 +72,11 @@ public class WSS4JStaxOutInterceptor ext
     private boolean mtomEnabled;
     
     public WSS4JStaxOutInterceptor(WSSSecurityProperties securityProperties) {
-        super();
+        super(securityProperties);
         setPhase(Phase.PRE_STREAM);
         getBefore().add(StaxOutInterceptor.class.getName());
         
         ending = createEndingInterceptor();
-        setSecurityProperties(securityProperties);
     }
 
     public WSS4JStaxOutInterceptor(Map<String, Object> props) {
@@ -123,21 +122,16 @@ public class WSS4JStaxOutInterceptor ext
             final List<SecurityEvent> requestSecurityEvents = 
                 (List<SecurityEvent>) mc.getExchange().get(SecurityEvent.class.getName() + ".in");
             
-            translateProperties(mc);
+            WSSSecurityProperties secProps = createSecurityProperties();
+            translateProperties(mc, secProps);
             Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens = 
                 new HashMap<String, SecurityTokenProvider<OutboundSecurityToken>>();
-            configureCallbackHandler(mc);
-            configureProperties(mc, outboundTokens);
+            configureCallbackHandler(mc, secProps);
+            configureProperties(mc, outboundTokens, secProps);
             
             OutboundWSSec outboundWSSec = null;
-            WSSSecurityProperties secProps = null;
-            if (getSecurityProperties() != null) {
-                secProps = getSecurityProperties();
-            } else {
-                secProps = ConfigurationConverter.convert(getProperties());
-            }
             
-            if ((secProps.getOutAction() == null || secProps.getOutAction().length == 0)
+            if ((secProps.getActions() == null || secProps.getActions().size() == 0)
                 && mc.get(AssertionInfoMap.class) != null) {
                 // If no actions configured (with SecurityPolicy) then return
                 return;
@@ -213,7 +207,8 @@ public class WSS4JStaxOutInterceptor ext
     }
     
     protected void configureProperties(
-        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
+        SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens,
+        WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
         Map<String, Object> config = getProperties();
         
@@ -221,30 +216,30 @@ public class WSS4JStaxOutInterceptor ext
         if (config != null) {
             String user = (String)msg.getContextualProperty(SecurityConstants.USERNAME);
             if (user != null) {
-                config.put(ConfigurationConstants.USER, user);
+                securityProperties.setTokenUser(user);
             }
             String sigUser = (String)msg.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
             if (sigUser != null) {
-                config.put(ConfigurationConstants.SIGNATURE_USER, sigUser);
+                securityProperties.setSignatureUser(sigUser);
             }
             String encUser = (String)msg.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
             if (encUser != null) {
-                config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
+                securityProperties.setEncryptionUser(encUser);
             }
             
             Crypto sigCrypto = 
                 loadCrypto(
                     msg,
                     ConfigurationConstants.SIG_PROP_FILE,
-                    ConfigurationConstants.SIG_PROP_REF_ID
+                    ConfigurationConstants.SIG_PROP_REF_ID,
+                    securityProperties
                 );
             if (sigCrypto != null) {
                 config.put(ConfigurationConstants.SIG_PROP_REF_ID, "RefId-" + sigCrypto.hashCode());
                 config.put("RefId-" + sigCrypto.hashCode(), sigCrypto);
                 if (sigUser == null && sigCrypto.getDefaultX509Identifier() != null) {
                     // Fall back to default identifier
-                    config.put(ConfigurationConstants.SIGNATURE_USER, 
-                               sigCrypto.getDefaultX509Identifier());
+                    securityProperties.setSignatureUser(sigCrypto.getDefaultX509Identifier());
                 }
             }
             
@@ -252,17 +247,25 @@ public class WSS4JStaxOutInterceptor ext
                 loadCrypto(
                     msg,
                     ConfigurationConstants.ENC_PROP_FILE,
-                    ConfigurationConstants.ENC_PROP_REF_ID
+                    ConfigurationConstants.ENC_PROP_REF_ID,
+                    securityProperties
                 );
             if (encCrypto != null) {
                 config.put(ConfigurationConstants.ENC_PROP_REF_ID, "RefId-" + encCrypto.hashCode());
                 config.put("RefId-" + encCrypto.hashCode(), encCrypto);
                 if (encUser == null && encCrypto.getDefaultX509Identifier() != null) {
                     // Fall back to default identifier
-                    config.put(ConfigurationConstants.ENCRYPTION_USER, 
-                               encCrypto.getDefaultX509Identifier());
+                    securityProperties.setEncryptionUser(encCrypto.getDefaultX509Identifier());
                 }
             }
+            ConfigurationConverter.parseCrypto(config, securityProperties);
+            
+            if (securityProperties.getSignatureUser() == null && user != null) {
+                securityProperties.setSignatureUser(user);
+            }
+            if (securityProperties.getEncryptionUser() == null && user != null) {
+                securityProperties.setEncryptionUser(user);
+            }
         }
     }
     

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java Fri Dec  6 17:17:19 2013
@@ -47,7 +47,6 @@ import org.apache.cxf.ws.security.Securi
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.neethi.Assertion;
-import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
@@ -87,7 +86,10 @@ import org.apache.wss4j.policy.model.X50
 import org.apache.wss4j.policy.model.X509Token.TokenType;
 import org.apache.wss4j.policy.model.XPath;
 import org.apache.wss4j.policy.stax.PolicyUtils;
+import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.wss4j.stax.impl.securityToken.KerberosClientSecurityToken;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.algorithms.JCEMapper;
@@ -117,11 +119,11 @@ public abstract class AbstractStaxBindin
     protected Map<AbstractToken, SecurePart> sgndEndSuppTokMap;
     protected Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens;
     
-    private final Map<String, Object> properties;
+    private final WSSSecurityProperties properties;
     private AbstractBinding binding;
     
     public AbstractStaxBindingHandler(
-        Map<String, Object> properties, 
+        WSSSecurityProperties properties, 
         SoapMessage msg,
         AbstractBinding binding,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
@@ -139,44 +141,36 @@ public abstract class AbstractStaxBindin
             return null;
         }
 
-        Map<String, Object> config = getProperties();
-        
         // Action
-        if (config.containsKey(ConfigurationConstants.ACTION)) {
-            String action = (String)config.get(ConfigurationConstants.ACTION);
-            config.put(ConfigurationConstants.ACTION, 
-                       action + " " + ConfigurationConstants.USERNAME_TOKEN);
-        } else {
-            config.put(ConfigurationConstants.ACTION, 
-                       ConfigurationConstants.USERNAME_TOKEN);
-        }
+        WSSConstants.Action actionToPerform = WSSConstants.USERNAMETOKEN;
+        properties.addAction(actionToPerform);
 
         // Password Type
         PasswordType passwordType = usernameToken.getPasswordType();
         if (passwordType == PasswordType.HashPassword) {
-            config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_DIGEST);
+            properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
         } else if (passwordType == PasswordType.NoPassword) {
-            config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_NONE);
+            properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
         } else {
-            config.put(ConfigurationConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+            properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
         }
 
         // Nonce + Created
         if (usernameToken.isNonce()) {
-            config.put(ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, "true");
+            properties.setAddUsernameTokenNonce(true);
         }
         if (usernameToken.isCreated()) {
-            config.put(ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, "true");
+            properties.setAddUsernameTokenCreated(true);
         }
         
         // Check if a CallbackHandler was specified
-        if (config.get(ConfigurationConstants.PW_CALLBACK_REF) == null) {
+        if (properties.getCallbackHandler() == null) {
             String password = (String)message.getContextualProperty(SecurityConstants.PASSWORD);
             if (password != null) {
                 String username = 
                     (String)message.getContextualProperty(SecurityConstants.USERNAME);
                 UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
-                config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+                properties.setCallbackHandler(callbackHandler);
             }
         }
         
@@ -260,15 +254,8 @@ public abstract class AbstractStaxBindin
         }
         
         // Action
-        Map<String, Object> config = getProperties();
-        String actionToPerform = ConfigurationConstants.KERBEROS_TOKEN;
-        
-        if (config.containsKey(ConfigurationConstants.ACTION)) {
-            String action = (String)config.get(ConfigurationConstants.ACTION);
-            config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
-        } else {
-            config.put(ConfigurationConstants.ACTION, actionToPerform);
-        }
+        WSSConstants.Action actionToPerform = WSSConstants.KERBEROS_TOKEN;
+        properties.addAction(actionToPerform);
         
         /*
         if (endorsing) {
@@ -296,8 +283,6 @@ public abstract class AbstractStaxBindin
             return null;
         }
         
-        Map<String, Object> config = getProperties();
-        
         //
         // Get the SAML CallbackHandler
         //
@@ -318,20 +303,14 @@ public abstract class AbstractStaxBindin
             policyNotAsserted(token, "No SAML CallbackHandler available");
             return null;
         }
-        config.put(ConfigurationConstants.SAML_CALLBACK_REF, handler);
+        properties.setSamlCallbackHandler(handler);
         
         // Action
-        String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+        WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
         if (signed || endorsing) {
-            samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
-        }
-        
-        if (config.containsKey(ConfigurationConstants.ACTION)) {
-            String action = (String)config.get(ConfigurationConstants.ACTION);
-            config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
-        } else {
-            config.put(ConfigurationConstants.ACTION, samlAction);
+            actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
         }
+        properties.addAction(actionToPerform);
         
         QName qname = WSSConstants.TAG_saml2_Assertion;
         SamlTokenType tokenType = token.getSamlTokenType();
@@ -351,17 +330,11 @@ public abstract class AbstractStaxBindin
             if (el != null && "Assertion".equals(el.getLocalName())
                 && (WSSConstants.NS_SAML.equals(el.getNamespaceURI())
                 || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
-                String samlAction = ConfigurationConstants.SAML_TOKEN_UNSIGNED;
+                WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
                 if (endorsing) {
-                    samlAction = ConfigurationConstants.SAML_TOKEN_SIGNED;
-                }
-                Map<String, Object> config = getProperties();
-                if (config.containsKey(ConfigurationConstants.ACTION)) {
-                    String action = (String)config.get(ConfigurationConstants.ACTION);
-                    config.put(ConfigurationConstants.ACTION, action + " " + samlAction);
-                } else {
-                    config.put(ConfigurationConstants.ACTION, samlAction);
+                    actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
                 }
+                properties.addAction(actionToPerform);
                 
                 // Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
                 final SubjectBean subjectBean;
@@ -395,7 +368,7 @@ public abstract class AbstractStaxBindin
                     }
                     
                 };
-                config.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
+                properties.setSamlCallbackHandler(callbackHandler);
                 
                 QName qname = WSSConstants.TAG_saml2_Assertion;
                 if (WSConstants.SAML_NS.equals(el.getNamespaceURI())) {
@@ -405,14 +378,8 @@ public abstract class AbstractStaxBindin
                 return new SecurePart(qname, Modifier.Element);
             } else if (isRequestor()) {
                 // An Encrypted Token...just include it as is
-                Map<String, Object> config = getProperties();
-                String actionToPerform = ConfigurationConstants.CUSTOM_TOKEN;
-                if (config.containsKey(ConfigurationConstants.ACTION)) {
-                    String action = (String)config.get(ConfigurationConstants.ACTION);
-                    config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
-                } else {
-                    config.put(ConfigurationConstants.ACTION, actionToPerform);
-                }
+                WSSConstants.Action actionToPerform = WSSConstants.CUSTOM_TOKEN;
+                properties.addAction(actionToPerform);
             }
         }
         
@@ -514,71 +481,70 @@ public abstract class AbstractStaxBindin
             return;
         }
         
-        Map<String, Object> config = getProperties();
         boolean timestampLast = 
             layout != null && layout.getLayoutType() == LayoutType.LaxTsLast;
         
-        if (config.containsKey(ConfigurationConstants.ACTION)) {
-            String action = (String)config.get(ConfigurationConstants.ACTION);
-            if (timestampLast) {
-                config.put(ConfigurationConstants.ACTION, 
-                       ConfigurationConstants.TIMESTAMP + " " + action);
-            } else {
-                config.put(ConfigurationConstants.ACTION, 
-                       action + " " + ConfigurationConstants.TIMESTAMP);
-            }
+        WSSConstants.Action actionToPerform = WSSConstants.TIMESTAMP;
+        List<WSSConstants.Action> actionList = properties.getActions();
+        if (timestampLast) {
+            actionList.add(0, actionToPerform);
         } else {
-            config.put(ConfigurationConstants.ACTION, ConfigurationConstants.TIMESTAMP);
+            actionList.add(actionToPerform);
         }
     }
 
-    protected Map<String, Object> getProperties() {
+    protected WSSSecurityProperties getProperties() {
         return properties;
     }
 
     protected void configureSignature(
         AbstractTokenWrapper wrapper, AbstractToken token, boolean attached
     ) throws WSSecurityException {
-        Map<String, Object> config = getProperties();
         
         if (token instanceof X509Token) {
             X509Token x509Token = (X509Token) token;
             TokenType tokenType = x509Token.getTokenType();
             if (tokenType == TokenType.WssX509PkiPathV1Token10
                 || tokenType == TokenType.WssX509PkiPathV1Token11) {
-                config.put(ConfigurationConstants.USE_SINGLE_CERTIFICATE, "false");
+                properties.setUseSingleCert(false);
             }
         }
         
-        config.put(ConfigurationConstants.SIG_KEY_ID, getKeyIdentifierType(wrapper, token));
+        properties.setSignatureKeyIdentifier(
+            ConfigurationConverter.convertKeyIdentifier(getKeyIdentifierType(wrapper, token)));
 
         // Find out do we also need to include the token as per the Inclusion requirement
+        WSSecurityTokenConstants.KeyIdentifier keyIdentifier = properties.getSignatureKeyIdentifier();
         if (token instanceof X509Token 
             && isTokenRequired(token.getIncludeTokenType())
-            && ("IssuerSerial".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
-                || "Thumbprint".equals(config.get(ConfigurationConstants.SIG_KEY_ID))
-                || "DirectReference".equals(config.get(ConfigurationConstants.SIG_KEY_ID)))) {
-            config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "true");
+            && (WSSecurityTokenConstants.KeyIdentifier_IssuerSerial.equals(keyIdentifier)
+                || WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier.equals(keyIdentifier)
+                || WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference.equals(
+                    keyIdentifier))) {
+            properties.setIncludeSignatureToken(true);
         } else {
-            config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
+            properties.setIncludeSignatureToken(false);
         }
 
         String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
         if (binding instanceof SymmetricBinding) {
             userNameKey = SecurityConstants.ENCRYPT_USERNAME;
-            config.put(ConfigurationConstants.SIG_ALGO, 
+            properties.setSignatureAlgorithm(
                        binding.getAlgorithmSuite().getSymmetricSignature());
         } else {
-            config.put(ConfigurationConstants.SIG_ALGO, 
+            properties.setSignatureAlgorithm(
                        binding.getAlgorithmSuite().getAsymmetricSignature());
         }
         String sigUser = (String)message.getContextualProperty(userNameKey);
-        if (sigUser != null) {
-            config.put(ConfigurationConstants.SIGNATURE_USER, sigUser);
+        if (sigUser == null) {
+            sigUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+        }
+        if (sigUser != null && properties.getSignatureUser() == null) {
+            properties.setSignatureUser(sigUser);
         }
 
         AlgorithmSuiteType algType = binding.getAlgorithmSuite().getAlgorithmSuiteType();
-        config.put(ConfigurationConstants.SIG_DIGEST_ALGO, algType.getDigest());
+        properties.setSignatureDigestAlgorithm(algType.getDigest());
         // sig.setSigCanonicalization(binding.getAlgorithmSuite().getC14n().getValue());
 
     }
@@ -787,25 +753,15 @@ public abstract class AbstractStaxBindin
         for (AbstractToken token : tokenMap.keySet()) {
             SecurePart part = tokenMap.get(token);
 
-            String parts = "";
-            Map<String, Object> config = getProperties();
-            if (config.containsKey(ConfigurationConstants.SIGNATURE_PARTS)) {
-                parts = (String)config.get(ConfigurationConstants.SIGNATURE_PARTS);
-                if (!parts.endsWith(";")) {
-                    parts += ";";
-                }
-            }
-
             QName name = part.getName();
-            String action = (String)config.get(ConfigurationConstants.ACTION);
+            List<WSSConstants.Action> actionList = properties.getActions();
+
             // Don't add a signed SAML Token as a part, as it will be automatically signed by WSS4J
             if (!((WSSConstants.TAG_saml_Assertion.equals(name) 
                 || WSSConstants.TAG_saml2_Assertion.equals(name))
-                && action != null && action.contains(ConfigurationConstants.SAML_TOKEN_SIGNED))) {
-                parts += "{Element}{" +  name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
+                && actionList != null && actionList.contains(WSSConstants.SAML_TOKEN_SIGNED))) {
+                properties.addSignaturePart(part);
             }
-
-            config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
         }
         
     }
@@ -820,8 +776,11 @@ public abstract class AbstractStaxBindin
         }
         
         // Enable SignatureConfirmation
-        Map<String, Object> config = getProperties();
-        config.put(ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, "true");
+        if (isRequestor()) {
+            properties.setEnableSignatureConfirmationVerification(true);
+        } else {
+            properties.getActions().add(WSSConstants.SIGNATURE_CONFIRMATION);
+        }
         
         if (sigParts != null) {
             SecurePart securePart = 

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java?rev=1548603&r1=1548602&r2=1548603&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java Fri Dec  6 17:17:19 2013
@@ -25,7 +25,6 @@ import java.util.Map;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 
@@ -52,7 +51,9 @@ import org.apache.wss4j.policy.model.Sec
 import org.apache.wss4j.policy.model.SecurityContextToken;
 import org.apache.wss4j.policy.model.SpnegoContextToken;
 import org.apache.wss4j.policy.model.X509Token;
+import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 import org.apache.xml.security.stax.ext.SecurePart;
 import org.apache.xml.security.stax.ext.SecurePart.Modifier;
 import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
@@ -69,7 +70,7 @@ public class StaxAsymmetricBindingHandle
     private SoapMessage message;
     
     public StaxAsymmetricBindingHandler(
-        Map<String, Object> properties, 
+        WSSSecurityProperties properties, 
         SoapMessage msg,
         AsymmetricBinding abinding,
         Map<String, SecurityTokenProvider<OutboundSecurityToken>> outboundTokens
@@ -131,13 +132,12 @@ public class StaxAsymmetricBindingHandle
                     }
                     
                     // Set up CallbackHandler which wraps the configured Handler
-                    Map<String, Object> config = getProperties();
+                    WSSSecurityProperties properties = getProperties();
                     TokenStoreCallbackHandler callbackHandler = 
                         new TokenStoreCallbackHandler(
-                            (CallbackHandler)config.get(ConfigurationConstants.PW_CALLBACK_REF), 
-                            WSS4JUtils.getTokenStore(message)
+                            properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
                         );
-                    config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+                    properties.setCallbackHandler(callbackHandler);
                 } else if (initiatorToken instanceof SamlToken) {
                     addSamlToken((SamlToken)initiatorToken, false, true);
                 }
@@ -174,16 +174,15 @@ public class StaxAsymmetricBindingHandle
             
             addSupportingTokens();
             
-            Map<String, Object> config = getProperties();
-            if (config.containsKey(ConfigurationConstants.ACTION)) {
-                String action = (String)config.get(ConfigurationConstants.ACTION);
-                if (action.contains(ConfigurationConstants.SAML_TOKEN_SIGNED)
-                    && action.contains(ConfigurationConstants.SIGNATURE)) {
-                    String newAction = action.replaceFirst(ConfigurationConstants.SIGNATURE, "").trim();
-                    config.put(ConfigurationConstants.ACTION, newAction);
+            WSSSecurityProperties properties = getProperties();
+            if (properties.getActions() != null) {
+                List<WSSConstants.Action> actionList = properties.getActions();
+                if (actionList.contains(WSSConstants.SAML_TOKEN_SIGNED)
+                    && actionList.contains(WSSConstants.SIGNATURE)) {
+                    actionList.remove(WSSConstants.SIGNATURE);
                 }
-            } 
-            
+            }
+
             List<SecurePart> enc = getEncryptedParts();
             
             //Check for signature protection
@@ -263,13 +262,12 @@ public class StaxAsymmetricBindingHandle
                     }
                     
                     // Set up CallbackHandler which wraps the configured Handler
-                    Map<String, Object> config = getProperties();
+                    WSSSecurityProperties properties = getProperties();
                     TokenStoreCallbackHandler callbackHandler = 
                         new TokenStoreCallbackHandler(
-                            (CallbackHandler)config.get(ConfigurationConstants.PW_CALLBACK_REF), 
-                            WSS4JUtils.getTokenStore(message)
+                            properties.getCallbackHandler(), WSS4JUtils.getTokenStore(message)
                         );
-                    config.put(ConfigurationConstants.PW_CALLBACK_REF, callbackHandler);
+                    properties.setCallbackHandler(callbackHandler);
                 } else if (initiatorToken instanceof SamlToken) {
                     addSamlToken((SamlToken)initiatorToken, false, true);
                 }
@@ -349,74 +347,34 @@ public class StaxAsymmetricBindingHandle
             AlgorithmSuite algorithmSuite = abinding.getAlgorithmSuite();
             
             // Action
-            Map<String, Object> config = getProperties();
-            String actionToPerform = ConfigurationConstants.ENCRYPT;
+            WSSSecurityProperties properties = getProperties();
+            WSSConstants.Action actionToPerform = WSSConstants.ENCRYPT;
             if (recToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
-                actionToPerform = ConfigurationConstants.ENCRYPT_DERIVED;
-            }
-            
-            if (config.containsKey(ConfigurationConstants.ACTION)) {
-                String action = (String)config.get(ConfigurationConstants.ACTION);
-                config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
-            } else {
-                config.put(ConfigurationConstants.ACTION, actionToPerform);
+                actionToPerform = WSSConstants.ENCRYPT_WITH_DERIVED_KEY;
             }
+            properties.addAction(actionToPerform);
             
-            String parts = "";
-            if (config.containsKey(ConfigurationConstants.ENCRYPTION_PARTS)) {
-                parts = (String)config.get(ConfigurationConstants.ENCRYPTION_PARTS);
-                if (!parts.endsWith(";")) {
-                    parts += ";";
-                }
+            for (SecurePart encPart : encrParts) {
+                properties.addEncryptionPart(encPart);
             }
             
-            String optionalParts = "";
-            if (config.containsKey(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS)) {
-                optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS);
-                if (!optionalParts.endsWith(";")) {
-                    optionalParts += ";";
-                }
-            }
-
-            if (encrParts != null) {
-                for (SecurePart part : encrParts) {
-                    QName name = part.getName();
-                    String modifier = part.getModifier().getModifier();
-                    if (modifier == null || Modifier.Element.getModifier().equals(modifier)) {
-                        modifier = "Element";
-                    } else {
-                        modifier = "Content";
-                    }
-                    
-                    String parsedPart = "";
-                    if (name != null) {
-                        parsedPart = "{" + modifier + "}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
-                    } else {
-                        parsedPart = "{" + modifier + "}" + part.getExternalReference() + ";";
-                    }
-                    
-                    if (part.isRequired()) {
-                        parts += parsedPart;
-                    } else {
-                        optionalParts += parsedPart;
-                    }
-                }
-            }
-
-            config.put(ConfigurationConstants.ENCRYPTION_PARTS, parts);
-            config.put(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS, optionalParts);
-    
-            config.put(ConfigurationConstants.ENC_KEY_ID, 
-                       getKeyIdentifierType(recToken, encrToken));
+            properties.setEncryptionKeyIdentifier(
+                ConfigurationConverter.convertKeyIdentifier(getKeyIdentifierType(recToken, encrToken)));
 
-            config.put(ConfigurationConstants.ENC_KEY_TRANSPORT, 
+            properties.setEncryptionKeyTransportAlgorithm(
                        algorithmSuite.getAlgorithmSuiteType().getAsymmetricKeyWrap());
-            config.put(ConfigurationConstants.ENC_SYM_ALGO, 
+            properties.setEncryptionSymAlgorithm(
                        algorithmSuite.getAlgorithmSuiteType().getEncryption());
 
             String encUser = (String)message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
-            if (encUser != null) {
-                config.put(ConfigurationConstants.ENCRYPTION_USER, encUser);
+            if (encUser == null) {
+                encUser = (String)message.getContextualProperty(SecurityConstants.USERNAME);
+            }
+            if (encUser != null && properties.getEncryptionUser() == null) {
+                properties.setEncryptionUser(encUser);
+            }
+            if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encUser)) {
+                properties.setUseReqSigCertForEncryption(true);
             }
             
             //
@@ -424,7 +382,7 @@ public class StaxAsymmetricBindingHandle
             // we're extracting the cert from a SAML Assertion on the provider side
             //
             if (!isRequestor() && recToken.getToken() instanceof IssuedToken) {
-                config.put(ConfigurationConstants.ENCRYPTION_USER, ConfigurationConstants.USE_REQ_SIG_CERT);
+                properties.setUseReqSigCertForEncryption(true);
             }
         }
     }
@@ -433,56 +391,20 @@ public class StaxAsymmetricBindingHandle
         throws WSSecurityException, SOAPException {
         
         // Action
-        Map<String, Object> config = getProperties();
-        String actionToPerform = ConfigurationConstants.SIGNATURE;
+        WSSSecurityProperties properties = getProperties();
+        WSSConstants.Action actionToPerform = WSSConstants.SIGNATURE;
         if (wrapper.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
-            actionToPerform = ConfigurationConstants.SIGNATURE_DERIVED;
+            actionToPerform = WSSConstants.SIGNATURE_WITH_DERIVED_KEY;
         }
-        
-        if (config.containsKey(ConfigurationConstants.ACTION)) {
-            String action = (String)config.get(ConfigurationConstants.ACTION);
-            config.put(ConfigurationConstants.ACTION, action + " " + actionToPerform);
+        List<WSSConstants.Action> actionList = properties.getActions();
+        if (actionList.contains(WSSConstants.SIGNATURE_CONFIRMATION)) {
+            actionList.add(0, actionToPerform);
         } else {
-            config.put(ConfigurationConstants.ACTION, actionToPerform);
-        }
-        
-        String parts = "";
-        if (config.containsKey(ConfigurationConstants.SIGNATURE_PARTS)) {
-            parts = (String)config.get(ConfigurationConstants.SIGNATURE_PARTS);
-            if (!parts.endsWith(";")) {
-                parts += ";";
-            }
-        }
-        
-        String optionalParts = "";
-        if (config.containsKey(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS)) {
-            optionalParts = (String)config.get(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS);
-            if (!optionalParts.endsWith(";")) {
-                optionalParts += ";";
-            }
+            actionList.add(actionToPerform);
         }
         
-        for (SecurePart part : sigParts) {
-            QName name = part.getName();
-            String modifier = part.getModifier().getModifier();
-            if (modifier == null || Modifier.Element.getModifier().equals(modifier)) {
-                modifier = "Element";
-            } else {
-                modifier = "Content";
-            }
-            
-            String parsedPart = "";
-            if (name != null) {
-                parsedPart = "{" + modifier + "}{" + name.getNamespaceURI() + "}" + name.getLocalPart() + ";";
-            } else {
-                parsedPart = "{" + modifier + "}" + part.getExternalReference() + ";";
-            }
-            
-            if (part.isRequired()) {
-                parts += parsedPart;
-            } else {
-                optionalParts += parsedPart;
-            }
+        for (SecurePart sigPart : sigParts) {
+            properties.addSignaturePart(sigPart);
         }
         
         AbstractToken sigToken = wrapper.getToken();
@@ -490,18 +412,17 @@ public class StaxAsymmetricBindingHandle
         
         if (abinding.isProtectTokens() && (sigToken instanceof X509Token)
             && sigToken.getIncludeTokenType() != IncludeTokenType.INCLUDE_TOKEN_NEVER) {
-            parts += "{Element}{" + WSSConstants.NS_WSSE10 + "}BinarySecurityToken;";
+            SecurePart securePart = 
+                new SecurePart(new QName(WSSConstants.NS_WSSE10, "BinarySecurityToken"), Modifier.Element);
+            properties.addSignaturePart(securePart);
         } else if (sigToken instanceof IssuedToken || sigToken instanceof SecurityContextToken
             || sigToken instanceof SecureConversationToken || sigToken instanceof SpnegoContextToken
             || sigToken instanceof SamlToken) {
-            config.put(ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, "false");
+            properties.setIncludeSignatureToken(false);
         }
         
-        config.put(ConfigurationConstants.SIGNATURE_PARTS, parts);
-        config.put(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, optionalParts);
-        
         if (sigToken.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
-            config.put(ConfigurationConstants.SIG_ALGO, 
+            properties.setSignatureAlgorithm(
                    abinding.getAlgorithmSuite().getSymmetricSignature());
         }
     }



Mime
View raw message