cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Some refactoring + picking up the latest WSS4J change
Date Thu, 20 Mar 2014 17:50:55 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9c18083ec -> 5d213075d


Some refactoring + picking up the latest WSS4J change


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5d213075
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5d213075
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5d213075

Branch: refs/heads/master
Commit: 5d213075d4e0ff7a1ef71e8d1dab6523c834a505
Parents: 9c18083
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 20 17:50:20 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 20 17:50:46 2014 +0000

----------------------------------------------------------------------
 .../wss4j/AbstractWSS4JStaxInterceptor.java     | 132 +++++++++++++++++-
 .../PolicyBasedWSS4JStaxInInterceptor.java      | 128 +----------------
 .../PolicyBasedWSS4JStaxOutInterceptor.java     | 136 +------------------
 .../security/wss4j/WSS4JStaxInInterceptor.java  |   4 +-
 .../security/wss4j/WSS4JStaxOutInterceptor.java |  30 ++--
 .../policyhandlers/AbstractBindingBuilder.java  |   2 +-
 .../token/provider/DefaultSubjectProvider.java  |   2 +-
 .../crypto/provider/XkmsCryptoProvider.java     |   9 +-
 .../ws/security/handler/JAXWSHandler.java       |   4 +-
 .../cxf/systest/ws/security/handler/client.xml  |   2 -
 .../cxf/systest/ws/security/handler/server.xml  |   2 -
 11 files changed, 162 insertions(+), 289 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index 30c7d31..a2608a3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -24,6 +24,7 @@ import java.net.URI;
 import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
@@ -39,16 +40,21 @@ import javax.security.auth.callback.CallbackHandler;
 import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.xml.namespace.QName;
 
+import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.interceptor.SoapInterceptor;
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.classloader.ClassLoaderUtils.ClassLoaderHolder;
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.resource.ResourceManager;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.ws.policy.AssertionInfo;
+import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.crypto.Crypto;
@@ -58,6 +64,8 @@ import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.Loader;
+import org.apache.wss4j.policy.SP11Constants;
+import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
@@ -145,7 +153,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
         
         String certConstraints = 
             (String)msg.getContextualProperty(SecurityConstants.SUBJECT_CERT_CONSTRAINTS);
-        if (certConstraints != null) {
+        if (certConstraints != null && !"".equals(certConstraints)) {
             securityProperties.setSubjectCertConstraints(convertCertConstraints(certConstraints));
         }
         
@@ -194,8 +202,16 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
             } catch (Exception e) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
             }
+            
+            if (o instanceof CallbackHandler) {
+                EndpointInfo info = soapMessage.getExchange().get(Endpoint.class).getEndpointInfo();
+                synchronized (info) {
+                    info.setProperty(SecurityConstants.CALLBACK_HANDLER, o);
+                }
+            }
         }            
         
+        
         // If we have a "password" but no CallbackHandler then construct one
         if (o == null && getPassword(soapMessage) != null) {
             final String password = getPassword(soapMessage);
@@ -422,6 +438,120 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
         return null;
     }
     
+    protected Collection<AssertionInfo> getAllAssertionsByLocalname(
+        AssertionInfoMap aim, String localname
+    ) {
+        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS,
localname));
+        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS,
localname));
+
+        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null &&
!sp12Ais.isEmpty())) {
+            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
+            if (sp11Ais != null) {
+                ais.addAll(sp11Ais);
+            }
+            if (sp12Ais != null) {
+                ais.addAll(sp12Ais);
+            }
+            return ais;
+        }
+
+        return Collections.emptySet();
+    }
+    
+    private static Properties getProps(Object o, URL propsURL, SoapMessage message) {
+        Properties properties = null;
+        if (o instanceof Properties) {
+            properties = (Properties)o;
+        } else if (propsURL != null) {
+            try {
+                properties = new Properties();
+                InputStream ins = propsURL.openStream();
+                properties.load(ins);
+                ins.close();
+            } catch (IOException e) {
+                properties = null;
+            }
+        }
+        
+        return properties;
+    }
+    
+    private URL getPropertiesFileURL(Object o, SoapMessage message) {
+        if (o instanceof String) {
+            URL url = null;
+            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
+            url = rm.resolveResource((String)o, URL.class);
+            try {
+                if (url == null) {
+                    url = ClassLoaderUtils.getResource((String)o, AbstractWSS4JInterceptor.class);
+                }
+                if (url == null) {
+                    url = new URL((String)o);
+                }
+                return url;
+            } catch (IOException e) {
+                // Do nothing
+            }
+        } else if (o instanceof URL) {
+            return (URL)o;        
+        }
+        return null;
+    }
+    
+    protected Crypto getEncryptionCrypto(
+            Object e, SoapMessage message, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
+        Crypto encrCrypto = null;
+        if (e instanceof Crypto) {
+            encrCrypto = (Crypto)e;
+        } else if (e != null) {
+            URL propsURL = getPropertiesFileURL(e, message);
+            Properties props = getProps(e, propsURL, message);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Encryption properties: " + e);
+                Exception ex = new Exception("Cannot find Crypto Encryption properties: "
+ e);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+
+            encrCrypto = CryptoFactory.getInstance(props,
+                    Loader.getClassLoader(CryptoFactory.class),
+                    getPasswordEncryptor(message, securityProperties));
+
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
+            }
+        }
+        return encrCrypto;
+    }
+        
+    protected Crypto getSignatureCrypto(
+        Object s, SoapMessage message, WSSSecurityProperties securityProperties
+    ) throws WSSecurityException {
+        Crypto signCrypto = null;
+        if (s instanceof Crypto) {
+            signCrypto = (Crypto)s;
+        } else if (s != null) {
+            URL propsURL = getPropertiesFileURL(s, message);
+            Properties props = getProps(s, propsURL, message);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Signature properties: " + s);
+                Exception ex = new Exception("Cannot find Crypto Signature properties: "
+ s);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+
+            signCrypto = CryptoFactory.getInstance(props,
+                    Loader.getClassLoader(CryptoFactory.class),
+                    getPasswordEncryptor(message, securityProperties));
+
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+            }
+        }
+        return signCrypto;
+    }
+
     private ClassLoader getClassLoader() {
         try {
             return Loader.getTCL();

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 6f13904..1891ee2 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -19,32 +19,23 @@
 
 package org.apache.cxf.ws.security.wss4j;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Properties;
 import java.util.logging.Logger;
 
 import javax.xml.namespace.QName;
 
-import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.interceptor.SoapActionInInterceptor;
 import org.apache.cxf.binding.soap.model.SoapBindingInfo;
 import org.apache.cxf.binding.soap.model.SoapOperationInfo;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.resource.ResourceManager;
 import org.apache.cxf.service.model.BindingInfo;
 import org.apache.cxf.service.model.BindingOperationInfo;
 import org.apache.cxf.service.model.EndpointInfo;
@@ -55,11 +46,8 @@ import org.apache.cxf.ws.policy.EffectivePolicy;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AlgorithmSuite;
@@ -92,67 +80,11 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         }
     }
     
-    private static Properties getProps(Object o, URL propsURL, SoapMessage message) {
-        Properties properties = null;
-        if (o instanceof Properties) {
-            properties = (Properties)o;
-        } else if (propsURL != null) {
-            try {
-                properties = new Properties();
-                InputStream ins = propsURL.openStream();
-                properties.load(ins);
-                ins.close();
-            } catch (IOException e) {
-                properties = null;
-            }
-        }
-        
-        return properties;
-    }
-    
-    private URL getPropertiesFileURL(Object o, SoapMessage message) {
-        if (o instanceof String) {
-            URL url = null;
-            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
-            url = rm.resolveResource((String)o, URL.class);
-            try {
-                if (url == null) {
-                    url = ClassLoaderUtils.getResource((String)o, AbstractWSS4JInterceptor.class);
-                }
-                if (url == null) {
-                    url = new URL((String)o);
-                }
-                return url;
-            } catch (IOException e) {
-                // Do nothing
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
+    @Override
+    protected WSSSecurityProperties createSecurityProperties() {
+        return new WSSSecurityProperties();
     }
     
-    private Collection<AssertionInfo> getAllAssertionsByLocalname(
-        AssertionInfoMap aim,
-        String localname
-    ) {
-        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS,
localname));
-        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS,
localname));
-        
-        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null &&
!sp12Ais.isEmpty())) {
-            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
-            if (sp11Ais != null) {
-                ais.addAll(sp11Ais);
-            }
-            if (sp12Ais != null) {
-                ais.addAll(sp12Ais);
-            }
-            return ais;
-        }
-            
-        return Collections.emptySet();
-    }
-
     private void checkAsymmetricBinding(
         AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
@@ -329,60 +261,6 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         }
     }
     
-    private Crypto getEncryptionCrypto(
-        Object e, SoapMessage message, WSSSecurityProperties securityProperties
-    ) throws WSSecurityException {
-        Crypto encrCrypto = null;
-        if (e instanceof Crypto) {
-            encrCrypto = (Crypto)e;
-        } else if (e != null) {
-            URL propsURL = getPropertiesFileURL(e, message);
-            Properties props = getProps(e, propsURL, message);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Encryption properties: " + e);
-                Exception ex = new Exception("Cannot find Crypto Encryption properties: "
+ e);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-            
-            encrCrypto = CryptoFactory.getInstance(props, 
-                                                   Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message, securityProperties));
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
-            }
-        }
-        return encrCrypto;
-    }
-    
-    private Crypto getSignatureCrypto(
-        Object s, SoapMessage message, WSSSecurityProperties securityProperties
-    ) throws WSSecurityException {
-        Crypto signCrypto = null;
-        if (s instanceof Crypto) {
-            signCrypto = (Crypto)s;
-        } else if (s != null) {
-            URL propsURL = getPropertiesFileURL(s, message);
-            Properties props = getProps(s, propsURL, message);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Signature properties: " + s);
-                Exception ex = new Exception("Cannot find Crypto Signature properties: "
+ s);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-            
-            signCrypto = CryptoFactory.getInstance(props,
-                                                   Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message, securityProperties));
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
-            }
-        }
-        return signCrypto;
-    }
-    
     @Override
     protected void configureProperties(
         SoapMessage msg, WSSSecurityProperties securityProperties

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
index 416d6e2..e15cffe 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
@@ -19,27 +19,12 @@
 
 package org.apache.cxf.ws.security.wss4j;
 
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
 import java.util.Map;
-import java.util.Properties;
-import java.util.logging.Logger;
 
-import javax.xml.namespace.QName;
-
-import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
-import org.apache.cxf.resource.ResourceManager;
-import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
@@ -47,12 +32,8 @@ import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxAsymmetricBindingHand
 import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxSymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxTransportBindingHandler;
 import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.SymmetricBinding;
@@ -67,7 +48,6 @@ import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor {
     public static final PolicyBasedWSS4JStaxOutInterceptor INSTANCE 
         = new PolicyBasedWSS4JStaxOutInterceptor();
-    private static final Logger LOG = LogUtils.getL7dLogger(PolicyBasedWSS4JStaxOutInterceptor.class);
 
     public void handleMessage(SoapMessage msg) throws Fault {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
@@ -79,67 +59,11 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
         }
     }
     
-    private static Properties getProps(Object o, URL propsURL, SoapMessage message) {
-        Properties properties = null;
-        if (o instanceof Properties) {
-            properties = (Properties)o;
-        } else if (propsURL != null) {
-            try {
-                properties = new Properties();
-                InputStream ins = propsURL.openStream();
-                properties.load(ins);
-                ins.close();
-            } catch (IOException e) {
-                properties = null;
-            }
-        }
-        
-        return properties;
-    }
-    
-    private URL getPropertiesFileURL(Object o, SoapMessage message) {
-        if (o instanceof String) {
-            URL url = null;
-            ResourceManager rm = message.getExchange().get(Bus.class).getExtension(ResourceManager.class);
-            url = rm.resolveResource((String)o, URL.class);
-            try {
-                if (url == null) {
-                    url = ClassLoaderUtils.getResource((String)o, AbstractWSS4JInterceptor.class);
-                }
-                if (url == null) {
-                    url = new URL((String)o);
-                }
-                return url;
-            } catch (IOException e) {
-                // Do nothing
-            }
-        } else if (o instanceof URL) {
-            return (URL)o;        
-        }
-        return null;
+    @Override
+    protected WSSSecurityProperties createSecurityProperties() {
+        return new WSSSecurityProperties();
     }
     
-    private Collection<AssertionInfo> getAllAssertionsByLocalname(
-        AssertionInfoMap aim,
-        String localname
-    ) {
-        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS,
localname));
-        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS,
localname));
-        
-        if ((sp11Ais != null && !sp11Ais.isEmpty()) || (sp12Ais != null &&
!sp12Ais.isEmpty())) {
-            Collection<AssertionInfo> ais = new HashSet<AssertionInfo>();
-            if (sp11Ais != null) {
-                ais.addAll(sp11Ais);
-            }
-            if (sp12Ais != null) {
-                ais.addAll(sp12Ais);
-            }
-            return ais;
-        }
-            
-        return Collections.emptySet();
-    }
-
     private void checkAsymmetricBinding(
         AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
@@ -267,60 +191,6 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
         }
     }
     
-    private Crypto getEncryptionCrypto(
-        Object e, SoapMessage message, WSSSecurityProperties securityProperties
-    ) throws WSSecurityException {
-        Crypto encrCrypto = null;
-        if (e instanceof Crypto) {
-            encrCrypto = (Crypto)e;
-        } else if (e != null) {
-            URL propsURL = getPropertiesFileURL(e, message);
-            Properties props = getProps(e, propsURL, message);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Encryption properties: " + e);
-                Exception ex = new Exception("Cannot find Crypto Encryption properties: "
+ e);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-            
-            encrCrypto = CryptoFactory.getInstance(props,
-                                                   Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message, securityProperties));
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
-            }
-        }
-        return encrCrypto;
-    }
-    
-    private Crypto getSignatureCrypto(
-        Object s, SoapMessage message, WSSSecurityProperties securityProperties
-    ) throws WSSecurityException {
-        Crypto signCrypto = null;
-        if (s instanceof Crypto) {
-            signCrypto = (Crypto)s;
-        } else if (s != null) {
-            URL propsURL = getPropertiesFileURL(s, message);
-            Properties props = getProps(s, propsURL, message);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Signature properties: " + s);
-                Exception ex = new Exception("Cannot find Crypto Signature properties: "
+ s);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-            
-            signCrypto = CryptoFactory.getInstance(props,
-                                                   Loader.getClassLoader(CryptoFactory.class),
-                                                   getPasswordEncryptor(message, securityProperties));
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
-            }
-        }
-        return signCrypto;
-    }
-    
     @Override
     protected void configureProperties(
         SoapMessage msg, Map<String, SecurityTokenProvider<OutboundSecurityToken>>
outboundTokens,

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index d298220..2f3d1db 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -111,8 +111,6 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor
{
             configureCallbackHandler(soapMessage, secProps);
             configureProperties(soapMessage, secProps);
             
-            InboundWSSec inboundWSSec = null;
-            
             if (secProps.getActions() != null && secProps.getActions().size() >
0) {
                 soapMessage.getInterceptorChain().add(new StaxActionInInterceptor(secProps.getActions()));
             }
@@ -133,7 +131,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor
{
             List<SecurityEventListener> securityEventListeners = 
                 configureSecurityEventListeners(soapMessage, secProps);
             
-            inboundWSSec = WSSec.getInboundWSSec(secProps);
+            InboundWSSec inboundWSSec = WSSec.getInboundWSSec(secProps);
             
             newXmlStreamReader = 
                 inboundWSSec.processInMessage(originalXmlStreamReader, requestSecurityEvents,
securityEventListeners);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index 5b4baf8..574e18a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -34,7 +34,6 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.interceptor.StaxOutInterceptor;
 import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
@@ -130,8 +129,6 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
             configureCallbackHandler(mc, secProps);
             configureProperties(mc, outboundTokens, secProps);
             
-            OutboundWSSec outboundWSSec = null;
-            
             if ((secProps.getActions() == null || secProps.getActions().size() == 0)
                 && mc.get(AssertionInfoMap.class) != null) {
                 // If no actions configured (with SecurityPolicy) then return
@@ -145,17 +142,19 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
             SecurityEventListener securityEventListener = 
                 configureSecurityEventListener(mc, secProps);
             
-            outboundWSSec = WSSec.getOutboundWSSec(secProps);
+            OutboundWSSec outboundWSSec = WSSec.getOutboundWSSec(secProps);
             
             final OutboundSecurityContextImpl outboundSecurityContext = new OutboundSecurityContextImpl();
             outboundSecurityContext.putList(SecurityEvent.class, requestSecurityEvents);
             outboundSecurityContext.addSecurityEventListener(securityEventListener);
             
             // Save Tokens on the security context
-            for (String key : outboundTokens.keySet()) {
-                SecurityTokenProvider<OutboundSecurityToken> provider = outboundTokens.get(key);
-                outboundSecurityContext.registerSecurityTokenProvider(provider.getId(), provider);
-                outboundSecurityContext.put(key, provider.getId());
+            if (!outboundTokens.isEmpty()) {
+                for (String key : outboundTokens.keySet()) {
+                    SecurityTokenProvider<OutboundSecurityToken> provider = outboundTokens.get(key);
+                    outboundSecurityContext.registerSecurityTokenProvider(provider.getId(),
provider);
+                    outboundSecurityContext.put(key, provider.getId());
+                }
             }
             
             newXMLStreamWriter = outboundWSSec.processOutMessage(os, encoding, outboundSecurityContext);
@@ -167,17 +166,14 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor
{
         }
 
         mc.put(AbstractOutDatabindingInterceptor.DISABLE_OUTPUTSTREAM_OPTIMIZATION, Boolean.TRUE);
-        mc.put(StaxOutInterceptor.FORCE_START_DOCUMENT, Boolean.TRUE);
 
-        if (MessageUtils.getContextualBoolean(mc, StaxOutInterceptor.FORCE_START_DOCUMENT,
false)) {
-            try {
-                newXMLStreamWriter.writeStartDocument(encoding, "1.0");
-            } catch (XMLStreamException e) {
-                throw new Fault(e);
-            }
-            mc.removeContent(OutputStream.class);
-            mc.put(OUTPUT_STREAM_HOLDER, os);
+        try {
+            newXMLStreamWriter.writeStartDocument(encoding, "1.0");
+        } catch (XMLStreamException e) {
+            throw new Fault(e);
         }
+        mc.removeContent(OutputStream.class);
+        mc.put(OUTPUT_STREAM_HOLDER, os);
 
         // Add a final interceptor to write end elements
         mc.getInterceptorChain().add(ending);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index e1a1061..704dc09 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -1396,7 +1396,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             cryptoType.setAlias(encrUser);
             X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
             if (certs != null && certs.length > 0) {
-                crypto.verifyTrust(certs, enableRevocation);
+                crypto.verifyTrust(certs, enableRevocation, null);
             }
         }
         return crypto;

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
index 188cb8f..95ac573 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/provider/DefaultSubjectProvider.java
@@ -170,7 +170,7 @@ public class DefaultSubjectProvider implements SubjectProvider {
                 if (receivedKey.getX509Cert() != null) {
                     try {
                         stsProperties.getSignatureCrypto().verifyTrust(
-                            new X509Certificate[]{receivedKey.getX509Cert()}, false);
+                            new X509Certificate[]{receivedKey.getX509Cert()}, false, null);
                     } catch (WSSecurityException e) {
                         LOG.log(Level.FINE, "Error in trust validation of UseKey: ", e);
                         throw new STSException("Error in trust validation of UseKey", STSException.REQUEST_FAILED);

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
----------------------------------------------------------------------
diff --git a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
index 5970327..4d2844f 100644
--- a/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
+++ b/services/xkms/xkms-client/src/main/java/org/apache/cxf/xkms/crypto/provider/XkmsCryptoProvider.java
@@ -23,8 +23,10 @@ import java.math.BigInteger;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
+import java.util.Collection;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import java.util.regex.Pattern;
 
 import javax.security.auth.callback.CallbackHandler;
 
@@ -111,8 +113,11 @@ public class XkmsCryptoProvider extends CryptoBase {
     }
 
     @Override
-    public void verifyTrust(X509Certificate[] certs, boolean enableRevocation)
-        throws WSSecurityException {
+    public void verifyTrust(
+        X509Certificate[] certs, 
+        boolean enableRevocation, 
+        Collection<Pattern> subjectCertConstraints
+    ) throws WSSecurityException {
         if (certs != null) {
             LOG.fine(String.format("Verifying certificate id: %s", certs[0].getSubjectDN()));
         }

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/handler/JAXWSHandler.java
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/handler/JAXWSHandler.java
b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/handler/JAXWSHandler.java
index 69c8904..5cdf721 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/handler/JAXWSHandler.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/handler/JAXWSHandler.java
@@ -49,12 +49,12 @@ public class JAXWSHandler implements SOAPHandler<SOAPMessageContext>
{
     }
 
     public boolean handleMessage(SOAPMessageContext smc) {
-        logToSystemOut(smc);
+        // logToSystemOut(smc);
         return true;
     }
 
     public boolean handleFault(SOAPMessageContext smc) {
-        logToSystemOut(smc);
+        // logToSystemOut(smc);
         return true;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/client.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/client.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/client.xml
index 04f04f6..b3e44c0 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/client.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/client.xml
@@ -44,11 +44,9 @@
     <cxf:bus>
         <cxf:outInterceptors>
             <ref bean="UsernameTokenSign_Request"/>
-            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
         </cxf:outInterceptors>
         <cxf:inInterceptors>
             <ref bean="UsernameTokenSign_Response"/>
-            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
         </cxf:inInterceptors>
     </cxf:bus>
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/5d213075/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/server.xml
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/server.xml
b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/server.xml
index 0a42e7b..0309544 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/server.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/security/handler/server.xml
@@ -45,11 +45,9 @@
     <jaxws:endpoint id="HelloWorldWS" address="http://localhost:${testutil.ports.Server}/wsse/HelloWorldWS"
wsdlLocation="" implementor="org.apache.cxf.systest.ws.security.handler.HelloWorldImpl">
         <jaxws:inInterceptors>
             <ref bean="UsernameTokenSign_Request"/>
-            <bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
         </jaxws:inInterceptors>
         <jaxws:outInterceptors>
             <ref bean="UsernameTokenSign_Response"/>
-            <bean class="org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor"/>
         </jaxws:outInterceptors>
         <jaxws:handlers>
             <bean class="org.apache.cxf.systest.ws.security.handler.JAXWSHandler"/>


Mime
View raw message