cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: More refactoring
Date Thu, 19 Mar 2015 12:01:29 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 3c056d9f8 -> e2bc8d8f3


More refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e2bc8d8f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e2bc8d8f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e2bc8d8f

Branch: refs/heads/master
Commit: e2bc8d8f31f6e3c6c6103dcf22e26726756bb39c
Parents: 3c056d9
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 19 10:56:11 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 19 10:56:11 2015 +0000

----------------------------------------------------------------------
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    | 161 +++++++------------
 .../PolicyBasedWSS4JStaxInInterceptor.java      |   9 +-
 .../wss4j/TokenStoreCallbackHandler.java        |  27 +++-
 .../policyhandlers/AbstractBindingBuilder.java  |   2 +-
 .../AbstractCommonBindingHandler.java           |  13 --
 .../AbstractStaxBindingHandler.java             |  74 ++-------
 .../StaxAsymmetricBindingHandler.java           |   3 +-
 .../StaxSymmetricBindingHandler.java            |   8 +-
 .../StaxTransportBindingHandler.java            |   1 +
 .../policyhandlers/SymmetricBindingHandler.java |  12 ++
 10 files changed, 118 insertions(+), 192 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index b5836ee..d96ecba 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -27,7 +27,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.logging.Logger;
 
-import javax.security.auth.callback.CallbackHandler;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
 import javax.xml.stream.XMLStreamException;
@@ -75,7 +74,6 @@ import org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyVali
 import org.apache.cxf.ws.security.wss4j.policyvalidators.WSS11PolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator;
 import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
@@ -150,34 +148,11 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         return action + " " + val;
     }
     
-    private boolean assertPolicy(AssertionInfoMap aim, QName name) {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(name);
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }    
-            return true;
-        }
-        return false;
-    }
-    
-    private boolean assertPolicy(AssertionInfoMap aim, String localname) {
-        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim,
localname);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }    
-            return true;
-        }
-        return false;
-    }
-    
     private String checkAsymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message, RequestData data
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (ais.isEmpty()) {
+        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (ai == null) {
             return action;
         }
         
@@ -261,10 +236,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
     protected boolean isNonceCacheRequired(List<Integer> actions, SoapMessage msg)
{
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
-            Collection<AssertionInfo> ais = 
-                PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.USERNAME_TOKEN);
-            
-            if (!ais.isEmpty()) {
+            AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.USERNAME_TOKEN);
+            if (ai != null) {
                 return true;
             }
         }
@@ -279,10 +252,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
     protected boolean isTimestampCacheRequired(List<Integer> actions, SoapMessage msg)
{
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
-            Collection<AssertionInfo> ais = 
-                PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.INCLUDE_TIMESTAMP);
-            
-            if (!ais.isEmpty()) {
+            AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.INCLUDE_TIMESTAMP);
+            if (ai != null) {
                 return true;
             }
         }
@@ -297,10 +268,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
     protected boolean isSamlCacheRequired(List<Integer> actions, SoapMessage msg) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
-            Collection<AssertionInfo> ais = 
-                PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SAML_TOKEN);
-            
-            if (!ais.isEmpty()) {
+            AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SAML_TOKEN);
+            if (ai != null) {
                 return true;
             }
         }
@@ -327,9 +296,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
     private String checkSymmetricBinding(
         AssertionInfoMap aim, String action, SoapMessage message, RequestData data
     ) throws WSSecurityException {
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (ais.isEmpty()) {
+        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (ai == null) {
             return action;
         }
         
@@ -409,16 +377,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
             return passwordEncryptor;
         }
         
-        if (requestData.getPasswordEncryptor() != null) {
-            return requestData.getPasswordEncryptor();
-        }
-        
-        CallbackHandler callbackHandler = requestData.getCallbackHandler();
-        if (callbackHandler != null) {
-            return new JasyptPasswordEncryptor(callbackHandler);
-        }
-        
-        return null;
+        return super.getPasswordEncryptor(requestData);
     }
     
     private Crypto getSignatureCrypto(Object s, SoapMessage message, 
@@ -441,9 +400,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
                 
                 RequiredElements elements = (RequiredElements)ai.getAssertion();
                 
-                if (elements != null && elements.getXPaths() != null 
-                    && !elements.getXPaths().isEmpty()) {
-                    List<String> expressions = new ArrayList<String>();
+                if (elements != null && elements.getXPaths() != null && !elements.getXPaths().isEmpty())
{
+                    List<String> expressions = new ArrayList<>();
                     MapNamespaceContext namespaceContext = new MapNamespaceContext();
                     
                     for (org.apache.wss4j.policy.model.XPath xPath : elements.getXPaths())
{
@@ -579,8 +537,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
             checkUsernameToken(aim, message);
             
             // stuff we can default to asserted and un-assert if a condition isn't met
-            assertPolicy(aim, SPConstants.KEY_VALUE_TOKEN);
-            assertPolicy(aim, SPConstants.RSA_KEY_VALUE);
+            PolicyUtils.assertPolicy(aim, SPConstants.KEY_VALUE_TOKEN);
+            PolicyUtils.assertPolicy(aim, SPConstants.RSA_KEY_VALUE);
             
             // WSS10
             ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS10);
@@ -588,10 +546,10 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
                 for (AssertionInfo ai : ais) {
                     ai.setAsserted(true);
                 }
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_KEY_IDENTIFIER);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_ISSUER_SERIAL);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EXTERNAL_URI);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_REF_EMBEDDED_TOKEN);
             }
             
             // Trust 1.0
@@ -601,11 +559,11 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
                 for (AssertionInfo ai : ais) {
                     ai.setAsserted(true);
                 }
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
-                assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
-                assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
-                assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
+                PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
+                PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
+                PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
                 trust10Asserted = true;
             }
             
@@ -615,17 +573,17 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
                 for (AssertionInfo ai : ais) {
                     ai.setAsserted(true);
                 }
-                assertPolicy(aim, SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION);
-                assertPolicy(aim, SP12Constants.REQUIRE_APPLIES_TO);
-                assertPolicy(aim, SP13Constants.SCOPE_POLICY_15);
-                assertPolicy(aim, SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE);
+                PolicyUtils.assertPolicy(aim, SP12Constants.REQUIRE_REQUEST_SECURITY_TOKEN_COLLECTION);
+                PolicyUtils.assertPolicy(aim, SP12Constants.REQUIRE_APPLIES_TO);
+                PolicyUtils.assertPolicy(aim, SP13Constants.SCOPE_POLICY_15);
+                PolicyUtils.assertPolicy(aim, SP13Constants.MUST_SUPPORT_INTERACTIVE_CHALLENGE);
                 
                 if (!trust10Asserted) {
-                    assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
-                    assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
-                    assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
-                    assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
-                    assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
+                    PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_CLIENT_CHALLENGE);
+                    PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_SERVER_CHALLENGE);
+                    PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_ENTROPY);
+                    PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_SERVER_ENTROPY);
+                    PolicyUtils.assertPolicy(aim, SPConstants.MUST_SUPPORT_ISSUED_TOKENS);
                 }
             }
             
@@ -642,19 +600,16 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         List<WSSecurityEngineResult> results, 
         boolean utWithCallbacks
     ) throws SOAPException, XMLStreamException, WSSecurityException {
-        AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
-        Collection<WSDataRef> signed = new HashSet<WSDataRef>();
-        Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
-        
         //
         // Pre-fetch various results
         //
-        final List<Integer> actions = new ArrayList<Integer>(3);
+        final List<Integer> actions = new ArrayList<>(3);
         actions.add(WSConstants.SIGN);
         actions.add(WSConstants.UT_SIGN);
         actions.add(WSConstants.ST_SIGNED);
         List<WSSecurityEngineResult> signedResults = 
             WSSecurityUtil.fetchAllActionResults(results, actions);
+        Collection<WSDataRef> signed = new HashSet<>();
         for (WSSecurityEngineResult result : signedResults) {
             List<WSDataRef> sl = 
                 CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
@@ -667,6 +622,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         
         List<WSSecurityEngineResult> encryptResults = 
             WSSecurityUtil.fetchAllActionResults(results, WSConstants.ENCR);
+        Collection<WSDataRef> encrypted = new HashSet<>();
         for (WSSecurityEngineResult result : encryptResults) {
             List<WSDataRef> sl = 
                 CastUtils.cast((List<?>)result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
@@ -680,6 +636,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         //
         // Check policies
         //
+        AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (!checkSignedEncryptedCoverage(aim, msg, soapHeader, soapBody, signed, encrypted))
{
             LOG.fine("Incoming request failed signed-encrypted policy validation");
         }
@@ -826,13 +783,13 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         List<WSSecurityEngineResult> encryptedResults,
         boolean utWithCallbacks
     ) {
-        final List<Integer> utActions = new ArrayList<Integer>(2);
+        final List<Integer> utActions = new ArrayList<>(2);
         utActions.add(WSConstants.UT);
         utActions.add(WSConstants.UT_NOPASSWORD);
         List<WSSecurityEngineResult> utResults = 
             WSSecurityUtil.fetchAllActionResults(results, utActions);
         
-        final List<Integer> samlActions = new ArrayList<Integer>(2);
+        final List<Integer> samlActions = new ArrayList<>(2);
         samlActions.add(WSConstants.ST_SIGNED);
         samlActions.add(WSConstants.ST_UNSIGNED);
         List<WSSecurityEngineResult> samlResults = 
@@ -909,8 +866,7 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
                 ai.setAsserted(true);
                 for (Header h : rp.getHeaders()) {
                     QName qName = new QName(h.getNamespace(), h.getName());
-                    if (header == null 
-                        || DOMUtils.getFirstChildWithName((Element)header, qName) == null)
{
+                    if (header == null || DOMUtils.getFirstChildWithName((Element)header,
qName) == null) {
                         ai.setNotAsserted("No header element of name " + qName + " found.");
                     }
                 }
@@ -953,19 +909,18 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
     }
 
     private boolean isTransportBinding(AssertionInfoMap aim, SoapMessage message) {
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (ais.size() > 0) {
+        AssertionInfo symAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (symAis != null) {
             return false;
         }
         
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (ais.size() > 0) {
+        AssertionInfo asymAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (asymAis != null) {
             return false;
         }
         
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (ais.size() > 0) {
+        AssertionInfo transAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (transAis != null) {
             return true;
         }
         
@@ -973,10 +928,10 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
         TLSSessionInfo tlsInfo = message.get(TLSSessionInfo.class);
         if (tlsInfo != null) {
             // We don't need to check these policies for TLS
-            assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
-            assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS);
-            assertPolicy(aim, SP12Constants.SIGNED_PARTS);
-            assertPolicy(aim, SP11Constants.SIGNED_PARTS);
+            PolicyUtils.assertPolicy(aim, SP12Constants.ENCRYPTED_PARTS);
+            PolicyUtils.assertPolicy(aim, SP11Constants.ENCRYPTED_PARTS);
+            PolicyUtils.assertPolicy(aim, SP12Constants.SIGNED_PARTS);
+            PolicyUtils.assertPolicy(aim, SP11Constants.SIGNED_PARTS);
             return true;
         }
         
@@ -984,19 +939,21 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor
{
     }
     
     private boolean containsXPathPolicy(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
-        if (ais.size() > 0) {
+        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
+        if (ai != null) {
             return true;
         }
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
-        if (ais.size() > 0) {
+        
+        ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
+        if (ai != null) {
             return true;
         }
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
-        if (ais.size() > 0) {
+        
+        ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
+        if (ai != null) {
             return true;
         }
+        
         return false;
     }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index be069db..2a133ce 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -182,7 +182,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         List<SecurityEvent> securityEvents = 
             (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName()
+ ".out");
         if (securityEvents == null) {
-            securityEvents = new ArrayList<SecurityEvent>();
+            securityEvents = new ArrayList<>();
             message.getExchange().put(SecurityEvent.class.getName() + ".out", securityEvents);
         }
         
@@ -327,7 +327,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
     protected List<SecurityEventListener> configureSecurityEventListeners(
         SoapMessage msg, WSSSecurityProperties securityProperties
     ) throws WSSPolicyException {
-        final List<SecurityEventListener> securityEventListeners = new ArrayList<SecurityEventListener>(2);
+        final List<SecurityEventListener> securityEventListeners = new ArrayList<>(2);
         securityEventListeners.addAll(super.configureSecurityEventListeners(msg, securityProperties));
         
         Endpoint endoint = msg.getExchange().get(Endpoint.class);
@@ -343,7 +343,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         EndpointInfo endpointInfo, SoapMessage msg
     ) throws WSSPolicyException {
         EffectivePolicy dispatchPolicy = null;
-        List<OperationPolicy> operationPolicies = new ArrayList<OperationPolicy>();
+        List<OperationPolicy> operationPolicies = new ArrayList<>();
         Collection<BindingOperationInfo> bindingOperationInfos = endpointInfo.getBinding().getOperations();
         for (Iterator<BindingOperationInfo> bindingOperationInfoIterator =
                      bindingOperationInfos.iterator(); bindingOperationInfoIterator.hasNext();)
{
@@ -420,8 +420,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor
{
         }
         
         String actor = (String)msg.getContextualProperty(SecurityConstants.ACTOR);
-        final Collection<org.apache.cxf.message.Attachment> attachments = 
-            msg.getAttachments();
+        final Collection<org.apache.cxf.message.Attachment> attachments = msg.getAttachments();
         int attachmentCount = 0;
         if (attachments != null && !attachments.isEmpty()) {
             attachmentCount = attachments.size();

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
index 524d29f..361b728 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
@@ -28,8 +28,11 @@ import javax.security.auth.callback.UnsupportedCallbackException;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
+import org.apache.xml.security.utils.Base64;
 
-class TokenStoreCallbackHandler implements CallbackHandler {
+public class TokenStoreCallbackHandler implements CallbackHandler {
     private CallbackHandler internal;
     private TokenStore store;
     public TokenStoreCallbackHandler(CallbackHandler in, TokenStore st) {
@@ -38,13 +41,18 @@ class TokenStoreCallbackHandler implements CallbackHandler {
     }
     
     public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
-        for (int i = 0; i < callbacks.length; i++) {
-            if (callbacks[i] instanceof WSPasswordCallback) {
-                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
-                
+        for (Callback callback : callbacks) {
+            if (callback instanceof WSPasswordCallback) {
+                WSPasswordCallback pc = (WSPasswordCallback)callback;
+
                 String id = pc.getIdentifier();
                 SecurityToken tok = store.getToken(id);
                 if (tok != null && !tok.isExpired()) {
+                    if (tok.getSHA1() == null && pc.getKey() != null) {
+                        tok.setSHA1(getSHA1(pc.getKey()));
+                        // Create another cache entry with the SHA1 Identifier as the key
for easy retrieval
+                        store.add(tok.getSHA1(), tok);
+                    }
                     pc.setKey(tok.getSecret());
                     pc.setKey(tok.getKey());
                     pc.setCustomToken(tok.getToken());
@@ -57,4 +65,13 @@ class TokenStoreCallbackHandler implements CallbackHandler {
         }
     }
     
+    private static String getSHA1(byte[] input) {
+        try {
+            byte[] digestBytes = WSSecurityUtil.generateDigest(input);
+            return Base64.encode(digestBytes);
+        } catch (WSSecurityException e) {
+            //REVISIT
+        }
+        return null;
+    }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index c257cdc..e753bcc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -292,7 +292,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             Map<Object, Crypto> o = 
                 CastUtils.cast((Map<?, ?>)message.getContextualProperty(CRYPTO_CACHE));
             if (o == null) {
-                o = new ConcurrentHashMap<Object, Crypto>();
+                o = new ConcurrentHashMap<>();
                 info.setProperty(CRYPTO_CACHE, o);
             }
             return o;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index cc36efa..7614198 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -37,8 +37,6 @@ import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.neethi.Assertion;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SP13Constants;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.SPConstants.IncludeTokenType;
@@ -60,7 +58,6 @@ import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.Wss10;
 import org.apache.wss4j.policy.model.Wss11;
 import org.apache.wss4j.policy.model.X509Token;
-import org.apache.xml.security.utils.Base64;
 
 /**
  * Some common functionality to be shared between the two binding handlers (DOM + StAX)
@@ -414,16 +411,6 @@ public abstract class AbstractCommonBindingHandler {
         return message;
     }
     
-    protected static String getSHA1(byte[] input) {
-        try {
-            byte[] digestBytes = WSSecurityUtil.generateDigest(input);
-            return Base64.encode(digestBytes);
-        } catch (WSSecurityException e) {
-            //REVISIT
-        }
-        return null;
-    }
-    
     protected boolean isRequestor() {
         return MessageUtils.isRequestor(message);
     }

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
index 3715162..ec40234 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractStaxBindingHandler.java
@@ -24,6 +24,7 @@ import java.security.Key;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -39,14 +40,13 @@ import javax.xml.soap.SOAPException;
 
 import org.w3c.dom.Element;
 import org.apache.cxf.binding.soap.SoapMessage;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SAMLCallback;
@@ -108,7 +108,7 @@ import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
 public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHandler {
     protected boolean timestampAdded;
     protected boolean signatureConfirmationAdded;
-    protected Set<SecurePart> encryptedTokensList = new HashSet<SecurePart>();
+    protected Set<SecurePart> encryptedTokensList = new HashSet<>();
     
     protected Map<AbstractToken, SecurePart> endEncSuppTokMap;
     protected Map<AbstractToken, SecurePart> endSuppTokMap;
@@ -285,18 +285,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         // Get the SAML CallbackHandler
         //
         Object o = message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
-    
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = (CallbackHandler)ClassLoaderUtils
-                    .loadClass((String)o, this.getClass()).newInstance();
-            } catch (Exception e) {
-                handler = null;
-            }
-        }
+        CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
         if (handler == null) {
             policyNotAsserted(token, "No SAML CallbackHandler available");
             return null;
@@ -472,18 +461,13 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
     }
     
     protected void configureLayout(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = PolicyUtils.getAllAssertionsByLocalname(aim,
SPConstants.LAYOUT);
+        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.LAYOUT);
         Layout layout = null;
-        for (AssertionInfo ai : ais) {
+        if (ai != null) {
             layout = (Layout)ai.getAssertion();
-            Collection<AssertionInfo> layoutTypeAis = aim.get(layout.getName());
-            if (layoutTypeAis != null) {
-                for (AssertionInfo layoutAi : layoutTypeAis) {
-                    layoutAi.setAsserted(true);
-                }
-            }
             ai.setAsserted(true);
         }
+        
         if (layout != null && layout.getLayoutType() != null) {
             assertPolicy(new QName(layout.getName().getNamespaceURI(), layout.getLayoutType().name()));
         }
@@ -610,9 +594,8 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         boolean signed,
         boolean endorse
     ) throws Exception {
-        Map<AbstractToken, SecurePart> ret = null;
-        if (tokenAssertions != null) {
-            ret = new HashMap<AbstractToken, SecurePart>();
+        if (tokenAssertions != null && !tokenAssertions.isEmpty()) {
+            Map<AbstractToken, SecurePart> ret = new HashMap<AbstractToken, SecurePart>();
             for (AssertionInfo assertionInfo : tokenAssertions) {
                 if (assertionInfo.getAssertion() instanceof SupportingTokens) {
                     assertionInfo.setAsserted(true);
@@ -620,8 +603,9 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
                             signed, endorse, ret);
                 }
             }
+            return ret;
         }
-        return ret;
+        return Collections.emptyMap();
     }
                                                             
     protected Map<AbstractToken, SecurePart> handleSupportingTokens(
@@ -840,7 +824,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
             assertionInfo.setAsserted(true);
         }
         
-        List<SecurePart> signedParts = new ArrayList<SecurePart>();
+        List<SecurePart> signedParts = new ArrayList<>();
         if (parts != null) {
             if (parts.isBody()) {
                 QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
@@ -917,7 +901,7 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
             }            
         }
         
-        List<SecurePart> encryptedParts = new ArrayList<SecurePart>();
+        List<SecurePart> encryptedParts = new ArrayList<>();
         if (parts != null) {
             if (parts.isBody()) {
                 QName soapBody = new QName(WSSConstants.NS_SOAP12, "Body");
@@ -970,38 +954,6 @@ public abstract class AbstractStaxBindingHandler extends AbstractCommonBindingHa
         return encryptedParts;
     }
     
-    protected static class TokenStoreCallbackHandler implements CallbackHandler {
-        private CallbackHandler internal;
-        private TokenStore store;
-        public TokenStoreCallbackHandler(CallbackHandler in, TokenStore st) {
-            internal = in;
-            store = st;
-        }
-        
-        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
-            for (int i = 0; i < callbacks.length; i++) {
-                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
-                
-                String id = pc.getIdentifier();
-                SecurityToken token = store.getToken(id);
-                if (token != null) {
-                    if (token.getSHA1() == null && pc.getKey() != null) {
-                        token.setSHA1(getSHA1(pc.getKey()));
-                        // Create another cache entry with the SHA1 Identifier as the key

-                        // for easy retrieval
-                        store.add(token.getSHA1(), token);
-                    }
-                    pc.setKey(token.getSecret());
-                    pc.setCustomToken(token.getToken());
-                    return;
-                }
-            }
-            if (internal != null) {
-                internal.handle(callbacks);
-            }
-        }
-    }
-    
     protected org.apache.xml.security.stax.securityToken.SecurityToken 
     findInboundSecurityToken(SecurityEventConstants.Event event) throws XMLSecurityException
{
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
index c515749..441943c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxAsymmetricBindingHandler.java
@@ -34,6 +34,7 @@ import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.policy.SPConstants;
@@ -144,7 +145,7 @@ public class StaxAsymmetricBindingHandler extends AbstractStaxBindingHandler
{
             }
             
             // Add timestamp
-            List<SecurePart> sigs = new ArrayList<SecurePart>();
+            List<SecurePart> sigs = new ArrayList<>();
             if (timestampAdded) {
                 SecurePart part = 
                     new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
index 139f233..a678aef 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxSymmetricBindingHandler.java
@@ -37,11 +37,13 @@ import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
 import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
@@ -198,9 +200,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler
{
             }
             assertToken(encryptionToken);
             if (tok == null) {
-                if (tokenId != null && tokenId.startsWith("#")) {
-                    tokenId = tokenId.substring(1);
-                }
+                tokenId = WSSecurityUtil.getIDFromReference(tokenId);
 
                 // Get hold of the token from the token storage
                 tok = SecurityUtils.getTokenStore(message).getToken(tokenId);
@@ -344,7 +344,7 @@ public class StaxSymmetricBindingHandler extends AbstractStaxBindingHandler
{
             }
 
             // Add timestamp
-            List<SecurePart> sigs = new ArrayList<SecurePart>();
+            List<SecurePart> sigs = new ArrayList<>();
             if (timestampAdded) {
                 SecurePart part = 
                     new SecurePart(new QName(WSSConstants.NS_WSU10, "Timestamp"), Modifier.Element);

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
index f07412e..8f093fc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/StaxTransportBindingHandler.java
@@ -36,6 +36,7 @@ import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.wss4j.TokenStoreCallbackHandler;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;

http://git-wip-us.apache.org/repos/asf/cxf/blob/e2bc8d8f/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 3966638..7c4c745 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -61,6 +61,7 @@ import org.apache.wss4j.dom.message.WSSecSignature;
 import org.apache.wss4j.dom.message.WSSecTimestamp;
 import org.apache.wss4j.dom.message.WSSecUsernameToken;
 import org.apache.wss4j.dom.message.token.SecurityTokenReference;
+import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
 import org.apache.wss4j.policy.model.AbstractToken;
@@ -76,6 +77,7 @@ import org.apache.wss4j.policy.model.SpnegoContextToken;
 import org.apache.wss4j.policy.model.SymmetricBinding;
 import org.apache.wss4j.policy.model.UsernameToken;
 import org.apache.wss4j.policy.model.X509Token;
+import org.apache.xml.security.utils.Base64;
 
 /**
  * 
@@ -893,6 +895,16 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
         return id;
     }
     
+    private static String getSHA1(byte[] input) {
+        try {
+            byte[] digestBytes = WSSecurityUtil.generateDigest(input);
+            return Base64.encode(digestBytes);
+        } catch (WSSecurityException e) {
+            //REVISIT
+        }
+        return null;
+    }
+    
     private String setupUTDerivedKey(UsernameToken sigToken) throws WSSecurityException {
         boolean useMac = hasSignedPartsOrElements();
         WSSecUsernameToken usernameToken = addDKUsernameToken(sigToken, useMac);


Mime
View raw message