cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: More refactoring
Date Wed, 18 Mar 2015 12:15:12 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 5b26ab08f -> 7e8d0b4b1


More refactoring


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/7e8d0b4b
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/7e8d0b4b
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/7e8d0b4b

Branch: refs/heads/master
Commit: 7e8d0b4b1cd868272380ca5779e67a15e46cf799
Parents: 5b26ab0
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Mar 18 11:48:25 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Mar 18 11:48:25 2015 +0000

----------------------------------------------------------------------
 .../wss4j/AbstractWSS4JStaxInterceptor.java     |  90 ++------------
 .../wss4j/PolicyBasedWSS4JInInterceptor.java    |  55 +--------
 .../wss4j/PolicyBasedWSS4JOutInterceptor.java   |  40 +++----
 .../PolicyBasedWSS4JStaxInInterceptor.java      |  17 +--
 .../PolicyBasedWSS4JStaxOutInterceptor.java     |  10 +-
 .../wss4j/StaxCryptoCoverageChecker.java        |   4 +-
 .../wss4j/TokenStoreCallbackHandler.java        |  60 ++++++++++
 .../ws/security/wss4j/WSS4JInInterceptor.java   |  35 ------
 .../security/wss4j/WSS4JStaxInInterceptor.java  |  38 +-----
 .../security/wss4j/WSS4JStaxOutInterceptor.java |   2 +-
 .../cxf/ws/security/wss4j/WSS4JUtils.java       |  60 ++++++++++
 .../policyhandlers/AbstractBindingBuilder.java  | 119 +++++++++----------
 .../AbstractCommonBindingHandler.java           |  19 +--
 .../AsymmetricBindingHandler.java               |  60 ++--------
 .../policyhandlers/SymmetricBindingHandler.java |  57 ++++-----
 .../policyhandlers/TransportBindingHandler.java |   6 +-
 16 files changed, 262 insertions(+), 410 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
index d7b27a1..5f77140 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/AbstractWSS4JStaxInterceptor.java
@@ -20,7 +20,6 @@ package org.apache.cxf.ws.security.wss4j;
 
 import java.io.IOException;
 import java.net.URI;
-import java.net.URL;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -48,8 +47,6 @@ import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.PhaseInterceptor;
 import org.apache.cxf.service.model.EndpointInfo;
-import org.apache.cxf.ws.policy.AssertionInfo;
-import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.wss4j.common.ConfigurationConstants;
@@ -60,29 +57,23 @@ import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.util.Loader;
-import org.apache.wss4j.policy.SP11Constants;
-import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.stax.ConfigurationConverter;
-import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.ext.WSSSecurityProperties;
 
 public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor, 
     PhaseInterceptor<SoapMessage> {
 
-    private static final Set<QName> HEADERS = new HashSet<QName>();
-    static {
-        HEADERS.add(new QName(WSSConstants.NS_WSSE10, "Security"));
-        HEADERS.add(new QName(WSSConstants.NS_WSSE11, "Security"));
-        HEADERS.add(new QName(WSSConstants.NS_XMLENC, "EncryptedData"));
-    }
+    private static final Set<QName> HEADERS = 
+        Collections.singleton(new QName(WSConstants.WSSE_NS, "Security"));
     
     private static final Logger LOG = LogUtils.getL7dLogger(AbstractWSS4JStaxInterceptor.class);
 
     private final Map<String, Object> properties;
     private final WSSSecurityProperties userSecurityProperties;
-    private Map<String, Crypto> cryptos = new ConcurrentHashMap<String, Crypto>();
-    private final Set<String> before = new HashSet<String>();
-    private final Set<String> after = new HashSet<String>();
+    private Map<String, Crypto> cryptos = new ConcurrentHashMap<>();
+    private final Set<String> before = new HashSet<>();
+    private final Set<String> after = new HashSet<>();
     private String phase;
     private String id;
     
@@ -181,8 +172,7 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
     private  Collection<Pattern> convertCertConstraints(String certConstraints) {
         String[] certConstraintsList = certConstraints.split(",");
         if (certConstraintsList.length > 0) {
-            Collection<Pattern> subjectCertConstraints = 
-                new ArrayList<Pattern>(certConstraintsList.length);
+            Collection<Pattern> subjectCertConstraints = new ArrayList<>(certConstraintsList.length);
             for (String certConstraint : certConstraintsList) {
                 try {
                     subjectCertConstraints.add(Pattern.compile(certConstraint.trim()));
@@ -408,76 +398,18 @@ public abstract class AbstractWSS4JStaxInterceptor implements SoapInterceptor,
         return null;
     }
     
-    protected AssertionInfo getFirstAssertionByLocalname(
-        AssertionInfoMap aim, String localname
-    ) {
-        Collection<AssertionInfo> sp11Ais = aim.get(new QName(SP11Constants.SP_NS, localname));
-        if (sp11Ais != null && !sp11Ais.isEmpty()) {
-            return sp11Ais.iterator().next();
-        }
-        
-        Collection<AssertionInfo> sp12Ais = aim.get(new QName(SP12Constants.SP_NS, localname));
-        if (sp12Ais != null && !sp12Ais.isEmpty()) {
-            return sp12Ais.iterator().next();
-        }
-
-        return null;
-    }
-    
     protected Crypto getEncryptionCrypto(
             Object e, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
-        if (e == null) {
-            return null;
-        } else if (e instanceof Crypto) {
-            return (Crypto)e;
-        } else {
-            URL propsURL = SecurityUtils.loadResource(message, e);
-            Properties props = WSS4JUtils.getProps(e, propsURL);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Encryption properties: " + e);
-                Exception ex = new Exception("Cannot find Crypto Encryption properties: " + e);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-
-            Crypto encrCrypto = CryptoFactory.getInstance(props,
-                    Loader.getClassLoader(CryptoFactory.class),
-                    getPasswordEncryptor(message, securityProperties));
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
-            }
-            return encrCrypto;
-        }
+        PasswordEncryptor passwordEncryptor = getPasswordEncryptor(message, securityProperties);
+        return WSS4JUtils.getEncryptionCrypto(e, message, passwordEncryptor);
     }
         
     protected Crypto getSignatureCrypto(
         Object s, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
-        if (s == null) {
-            return null;
-        } else if (s instanceof Crypto) {
-            return (Crypto)s;
-        } else {
-            URL propsURL = SecurityUtils.loadResource(message, s);
-            Properties props = WSS4JUtils.getProps(s, propsURL);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Signature properties: " + s);
-                Exception ex = new Exception("Cannot find Crypto Signature properties: " + s);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-
-            Crypto signCrypto = CryptoFactory.getInstance(props,
-                    Loader.getClassLoader(CryptoFactory.class),
-                    getPasswordEncryptor(message, securityProperties));
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
-            }
-            return signCrypto;
-        }
+        PasswordEncryptor passwordEncryptor = getPasswordEncryptor(message, securityProperties);
+        return WSS4JUtils.getSignatureCrypto(s, message, passwordEncryptor);
     }
 
     private ClassLoader getClassLoader() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
index 12aebb9..b5836ee 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
@@ -19,14 +19,12 @@
 
 package org.apache.cxf.ws.security.wss4j;
 
-import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.Properties;
 import java.util.logging.Logger;
 
 import javax.security.auth.callback.CallbackHandler;
@@ -43,18 +41,15 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.helpers.MapNamespaceContext;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.security.transport.TLSSessionInfo;
-import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
-import org.apache.cxf.ws.security.SecurityUtils;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageScope;
 import org.apache.cxf.ws.security.wss4j.CryptoCoverageUtil.CoverageType;
@@ -80,11 +75,9 @@ import org.apache.cxf.ws.security.wss4j.policyvalidators.UsernameTokenPolicyVali
 import org.apache.cxf.ws.security.wss4j.policyvalidators.WSS11PolicyValidator;
 import org.apache.cxf.ws.security.wss4j.policyvalidators.X509TokenPolicyValidator;
 import org.apache.wss4j.common.crypto.Crypto;
-import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
-import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.WSDataRef;
 import org.apache.wss4j.dom.WSSecurityEngineResult;
@@ -403,28 +396,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
     private Crypto getEncryptionCrypto(Object e, 
                                        SoapMessage message, 
                                        RequestData requestData) throws WSSecurityException {
-        Crypto encrCrypto = null;
-        if (e instanceof Crypto) {
-            encrCrypto = (Crypto)e;
-        } else if (e != null) {
-            URL propsURL = SecurityUtils.loadResource(message, e);
-            Properties props = WSS4JUtils.getProps(e, propsURL);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Encryption properties: " + e);
-                Exception ex = new Exception("Cannot find Crypto Encryption properties: " + e);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-            
-            PasswordEncryptor passwordEncryptor = getPasswordEncryptor(message, requestData);
-            encrCrypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class),
-                                                   passwordEncryptor);
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
-            }
-        }
-        return encrCrypto;
+        PasswordEncryptor passwordEncryptor = getPasswordEncryptor(message, requestData);
+        return WSS4JUtils.getEncryptionCrypto(e, message, passwordEncryptor);
     }
     
     private PasswordEncryptor getPasswordEncryptor(SoapMessage soapMessage, RequestData requestData) {
@@ -450,28 +423,8 @@ public class PolicyBasedWSS4JInInterceptor extends WSS4JInInterceptor {
     
     private Crypto getSignatureCrypto(Object s, SoapMessage message, 
                                       RequestData requestData) throws WSSecurityException {
-        Crypto signCrypto = null;
-        if (s instanceof Crypto) {
-            signCrypto = (Crypto)s;
-        } else if (s != null) {
-            URL propsURL = SecurityUtils.loadResource(message, s);
-            Properties props = WSS4JUtils.getProps(s, propsURL);
-            if (props == null) {
-                LOG.fine("Cannot find Crypto Signature properties: " + s);
-                Exception ex = new Exception("Cannot find Crypto Signature properties: " + s);
-                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
-            }
-            
-            PasswordEncryptor passwordEncryptor = getPasswordEncryptor(message, requestData);
-            signCrypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class),
-                                                   passwordEncryptor);
-
-            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
-            synchronized (info) {
-                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
-            }
-        }
-        return signCrypto;
+        PasswordEncryptor passwordEncryptor = getPasswordEncryptor(message, requestData);
+        return WSS4JUtils.getSignatureCrypto(s, message, passwordEncryptor);
     }
     
     private boolean assertXPathTokens(AssertionInfoMap aim, 

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index b73cd6c..7dff5d8 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -193,33 +193,23 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
         }
         
         private AbstractBinding getSecurityBinding(AssertionInfoMap aim) {
-            Collection<AssertionInfo> ais = 
-                PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-            if (!ais.isEmpty()) {
-                AbstractBinding binding = null;
-                for (AssertionInfo ai : ais) {
-                    binding = (AbstractBinding)ai.getAssertion();
-                    ai.setAsserted(true);
-                }
-                return binding;
+            
+            AssertionInfo transAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+            if (transAis != null) {
+                transAis.setAsserted(true);
+                return (AbstractBinding)transAis.getAssertion();
             }
-            ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-            if (!ais.isEmpty()) {
-                AbstractBinding binding = null;
-                for (AssertionInfo ai : ais) {
-                    binding = (AbstractBinding)ai.getAssertion();
-                    ai.setAsserted(true);
-                }
-                return binding;
+            
+            AssertionInfo asymAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+            if (asymAis != null) {
+                asymAis.setAsserted(true);
+                return (AbstractBinding)asymAis.getAssertion();
             }
-            ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-            if (!ais.isEmpty()) {
-                AbstractBinding binding = null;
-                for (AssertionInfo ai : ais) {
-                    binding = (AbstractBinding)ai.getAssertion();
-                    ai.setAsserted(true);
-                }
-                return binding;
+
+            AssertionInfo symAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+            if (symAis != null) {
+                symAis.setAsserted(true);
+                return (AbstractBinding)symAis.getAssertion();
             }
             
             return null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
index 65b87b3..be069db 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxInInterceptor.java
@@ -44,6 +44,7 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.EffectivePolicy;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.ext.WSSecurityException;
@@ -86,7 +87,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
     private void checkAsymmetricBinding(
         AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
-        AssertionInfo ais = getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
         if (ais == null) {
             return;
         }
@@ -123,10 +124,10 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
         AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws XMLSecurityException {
         boolean transportPolicyInEffect = 
-            getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING) != null;
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING) != null;
         if (!transportPolicyInEffect 
-            && !(getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING) == null
-                && getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING) == null)) {
+            && !(PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING) == null
+                && PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING) == null)) {
             return;
         }
         
@@ -191,7 +192,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
     private void checkSymmetricBinding(
         AssertionInfoMap aim, SoapMessage message, WSSSecurityProperties securityProperties
     ) throws WSSecurityException {
-        AssertionInfo ais = getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
         if (ais == null) {
             return;
         }
@@ -281,7 +282,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
     protected boolean isNonceCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
-            AssertionInfo ais = getFirstAssertionByLocalname(aim, SPConstants.USERNAME_TOKEN);
+            AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.USERNAME_TOKEN);
             if (ais != null) {
                 return true;
             }
@@ -297,7 +298,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
     protected boolean isTimestampCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
-            AssertionInfo ais = getFirstAssertionByLocalname(aim, SPConstants.INCLUDE_TIMESTAMP);
+            AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.INCLUDE_TIMESTAMP);
             if (ais != null) {
                 return true;
             }
@@ -313,7 +314,7 @@ public class PolicyBasedWSS4JStaxInInterceptor extends WSS4JStaxInInterceptor {
     protected boolean isSamlCacheRequired(SoapMessage msg, WSSSecurityProperties securityProperties) {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         if (aim != null) {
-            AssertionInfo ais = getFirstAssertionByLocalname(aim, SPConstants.SAML_TOKEN);
+            AssertionInfo ais = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SAML_TOKEN);
             if (ais != null) {
                 return true;
             }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
index eedf4f4..9ec4040 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JStaxOutInterceptor.java
@@ -25,6 +25,7 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxAsymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxSymmetricBindingHandler;
 import org.apache.cxf.ws.security.wss4j.policyhandlers.StaxTransportBindingHandler;
@@ -182,19 +183,22 @@ public class PolicyBasedWSS4JStaxOutInterceptor extends WSS4JStaxOutInterceptor
     ) throws WSSecurityException {
         AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
         
-        AssertionInfo asymAis = getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        AssertionInfo asymAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
         if (asymAis != null) {
             checkAsymmetricBinding(msg, securityProperties);
+            asymAis.setAsserted(true);
         }
         
-        AssertionInfo symAis = getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        AssertionInfo symAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
         if (symAis != null) {
             checkSymmetricBinding(msg, securityProperties);
+            symAis.setAsserted(true);
         }
         
-        AssertionInfo transAis = getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        AssertionInfo transAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
         if (transAis != null) {
             checkTransportBinding(msg, securityProperties);
+            transAis.setAsserted(true);
         }
         
         super.configureProperties(msg, outboundSecurityContext, securityProperties);

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
index cde80d3..d4c901c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/StaxCryptoCoverageChecker.java
@@ -83,7 +83,7 @@ public class StaxCryptoCoverageChecker extends AbstractPhaseInterceptor<SoapMess
         final List<SecurityEvent> incomingSecurityEventList = 
             (List<SecurityEvent>)soapMessage.get(SecurityEvent.class.getName() + ".in");
         
-        List<SecurityEvent> results = new ArrayList<SecurityEvent>();
+        List<SecurityEvent> results = new ArrayList<>();
         if (incomingSecurityEventList != null) {
             // Get all Signed/Encrypted Results
             results.addAll(
@@ -139,7 +139,7 @@ public class StaxCryptoCoverageChecker extends AbstractPhaseInterceptor<SoapMess
     }
     
     private List<SecurityEvent> getEventFromResults(Event event, List<SecurityEvent> incomingSecurityEventList) {
-        List<SecurityEvent> results = new ArrayList<SecurityEvent>();
+        List<SecurityEvent> results = new ArrayList<>();
         for (SecurityEvent incomingEvent : incomingSecurityEventList) {
             if (event == incomingEvent.getSecurityEventType()) {
                 results.add(incomingEvent);

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
new file mode 100644
index 0000000..524d29f
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/TokenStoreCallbackHandler.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.wss4j;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.tokenstore.TokenStore;
+import org.apache.wss4j.common.ext.WSPasswordCallback;
+
+class TokenStoreCallbackHandler implements CallbackHandler {
+    private CallbackHandler internal;
+    private TokenStore store;
+    public TokenStoreCallbackHandler(CallbackHandler in, TokenStore st) {
+        internal = in;
+        store = st;
+    }
+    
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WSPasswordCallback) {
+                WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+                
+                String id = pc.getIdentifier();
+                SecurityToken tok = store.getToken(id);
+                if (tok != null && !tok.isExpired()) {
+                    pc.setKey(tok.getSecret());
+                    pc.setKey(tok.getKey());
+                    pc.setCustomToken(tok.getToken());
+                    return;
+                }
+            }
+        }
+        if (internal != null) {
+            internal.handle(callbacks);
+        }
+    }
+    
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
index c175b58..61a25b3 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.ws.security.wss4j;
 
-import java.io.IOException;
 import java.security.Principal;
 import java.security.Provider;
 import java.security.PublicKey;
@@ -34,9 +33,7 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.security.auth.Subject;
-import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.security.auth.kerberos.KerberosPrincipal;
 import javax.xml.namespace.QName;
 import javax.xml.soap.SOAPException;
@@ -70,12 +67,10 @@ import org.apache.cxf.security.transport.TLSSessionInfo;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
@@ -655,36 +650,6 @@ public class WSS4JInInterceptor extends AbstractWSS4JInterceptor {
         return action;
     }
     
-    private class TokenStoreCallbackHandler implements CallbackHandler {
-        private CallbackHandler internal;
-        private TokenStore store;
-        public TokenStoreCallbackHandler(CallbackHandler in,
-                                         TokenStore st) {
-            internal = in;
-            store = st;
-        }
-        
-        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-            for (Callback callback : callbacks) {
-                if (callback instanceof WSPasswordCallback) {
-                    WSPasswordCallback pc = (WSPasswordCallback)callback;
-                    
-                    String id = pc.getIdentifier();
-                    SecurityToken tok = store.getToken(id);
-                    if (tok != null && !tok.isExpired()) {
-                        pc.setKey(tok.getSecret());
-                        pc.setCustomToken(tok.getToken());
-                        return;
-                    }
-                }
-            }
-            if (internal != null) {
-                internal.handle(callbacks);
-            }
-        }
-        
-    }
-
     protected CallbackHandler getCallback(RequestData reqData, boolean utWithCallbacks) 
         throws WSSecurityException {
         if (!utWithCallbacks) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
index 112d333..47d30ed 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxInInterceptor.java
@@ -18,7 +18,6 @@
  */
 package org.apache.cxf.ws.security.wss4j;
 
-import java.io.IOException;
 import java.security.Provider;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -27,9 +26,6 @@ import java.util.List;
 import java.util.Map;
 import java.util.logging.Logger;
 
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.UnsupportedCallbackException;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
 import javax.xml.stream.util.StreamReaderDelegate;
@@ -45,14 +41,11 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
-import org.apache.cxf.ws.security.tokenstore.SecurityToken;
-import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.wss4j.common.ConfigurationConstants;
 import org.apache.wss4j.common.WSSPolicyException;
 import org.apache.wss4j.common.cache.ReplayCache;
 import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.ThreadLocalSecurityProvider;
-import org.apache.wss4j.common.ext.WSPasswordCallback;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.stax.ConfigurationConverter;
 import org.apache.wss4j.stax.WSSec;
@@ -183,7 +176,7 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
     protected List<SecurityEventListener> configureSecurityEventListeners(
         SoapMessage msg, WSSSecurityProperties securityProperties
     ) throws WSSPolicyException {
-        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<SecurityEvent>();
+        final List<SecurityEvent> incomingSecurityEventList = new LinkedList<>();
         msg.getExchange().put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
         msg.put(SecurityEvent.class.getName() + ".in", incomingSecurityEventList);
         
@@ -426,33 +419,4 @@ public class WSS4JStaxInInterceptor extends AbstractWSS4JStaxInterceptor {
         }
     }
 
-    private class TokenStoreCallbackHandler implements CallbackHandler {
-        private CallbackHandler internal;
-        private TokenStore store;
-        public TokenStoreCallbackHandler(CallbackHandler in, TokenStore st) {
-            internal = in;
-            store = st;
-        }
-        
-        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
-            for (int i = 0; i < callbacks.length; i++) {
-                if (callbacks[i] instanceof WSPasswordCallback) {
-                    WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
-                    
-                    String id = pc.getIdentifier();
-                    SecurityToken tok = store.getToken(id);
-                    if (tok != null && !tok.isExpired()) {
-                        pc.setKey(tok.getSecret());
-                        pc.setKey(tok.getKey());
-                        pc.setCustomToken(tok.getToken());
-                        return;
-                    }
-                }
-            }
-            if (internal != null) {
-                internal.handle(callbacks);
-            }
-        }
-        
-    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
index 84930bd..2de2d57 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JStaxOutInterceptor.java
@@ -185,7 +185,7 @@ public class WSS4JStaxOutInterceptor extends AbstractWSS4JStaxInterceptor {
     protected SecurityEventListener configureSecurityEventListener(
         final SoapMessage msg, WSSSecurityProperties securityProperties
     ) throws WSSPolicyException {
-        final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<SecurityEvent>();
+        final List<SecurityEvent> outgoingSecurityEventList = new LinkedList<>();
         msg.getExchange().put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
         msg.put(SecurityEvent.class.getName() + ".out", outgoingSecurityEventList);
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
index accc4df..f012096 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JUtils.java
@@ -25,6 +25,7 @@ import java.security.Key;
 import java.util.Date;
 import java.util.Map;
 import java.util.Properties;
+import java.util.logging.Logger;
 
 import javax.crypto.SecretKey;
 
@@ -32,6 +33,7 @@ import org.apache.cxf.Bus;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.SoapVersion;
+import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.endpoint.Endpoint;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
@@ -46,6 +48,7 @@ import org.apache.wss4j.common.crypto.Crypto;
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.PasswordEncryptor;
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.stax.ext.WSSConstants;
 import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
 import org.apache.xml.security.exceptions.XMLSecurityException;
@@ -56,6 +59,8 @@ import org.apache.xml.security.exceptions.XMLSecurityException;
  */
 public final class WSS4JUtils {
     
+    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JUtils.class);
+    
     private WSS4JUtils() {
         // complete
     }
@@ -251,4 +256,59 @@ public final class WSS4JUtils {
         return CryptoFactory.getInstance(propFilename, classLoader);
     }
  
+    public static Crypto getEncryptionCrypto(
+        Object e, 
+        SoapMessage message, 
+        PasswordEncryptor passwordEncryptor
+    ) throws WSSecurityException {
+        Crypto encrCrypto = null;
+        if (e instanceof Crypto) {
+            encrCrypto = (Crypto)e;
+        } else if (e != null) {
+            URL propsURL = SecurityUtils.loadResource(message, e);
+            Properties props = WSS4JUtils.getProps(e, propsURL);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Encryption properties: " + e);
+                Exception ex = new Exception("Cannot find Crypto Encryption properties: " + e);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+            
+            encrCrypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class),
+                                                   passwordEncryptor);
+
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.ENCRYPT_CRYPTO, encrCrypto);
+            }
+        }
+        return encrCrypto;
+    }
+    
+    public static Crypto getSignatureCrypto(
+        Object s, 
+        SoapMessage message, 
+        PasswordEncryptor passwordEncryptor
+    ) throws WSSecurityException {
+        Crypto signCrypto = null;
+        if (s instanceof Crypto) {
+            signCrypto = (Crypto)s;
+        } else if (s != null) {
+            URL propsURL = SecurityUtils.loadResource(message, s);
+            Properties props = WSS4JUtils.getProps(s, propsURL);
+            if (props == null) {
+                LOG.fine("Cannot find Crypto Signature properties: " + s);
+                Exception ex = new Exception("Cannot find Crypto Signature properties: " + s);
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
+            }
+            
+            signCrypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class),
+                                                   passwordEncryptor);
+
+            EndpointInfo info = message.getExchange().get(Endpoint.class).getEndpointInfo();
+            synchronized (info) {
+                info.setProperty(SecurityConstants.SIGNATURE_CRYPTO, signCrypto);
+            }
+        }
+        return signCrypto;
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
index 38edb3e..c257cdc 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
@@ -53,7 +53,6 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.binding.soap.saaj.SAAJUtils;
-import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.endpoint.Endpoint;
@@ -163,7 +162,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     protected String mainSigId;
     protected List<WSEncryptionPart> sigConfList;
     
-    protected Set<WSEncryptionPart> encryptedTokensList = new HashSet<WSEncryptionPart>();
+    protected Set<WSEncryptionPart> encryptedTokensList = new HashSet<>();
 
     protected Set<Integer> signatures = new HashSet<>();
 
@@ -177,7 +176,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     private Element lastSupportingTokenElement;
     private Element lastDerivedKeyElement;
     
-    private List<AbstractSecurityAssertion> suppTokenParts = new ArrayList<AbstractSecurityAssertion>();
+    private List<AbstractSecurityAssertion> suppTokenParts = new ArrayList<>();
     private List<SupportingToken> endSuppTokList;
     private List<SupportingToken> sgndEndSuppTokList;
     
@@ -320,22 +319,15 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             timestampEl.setTimeToLive(ttl);
             timestampEl.prepare(saaj.getSOAPPart());
             
-            Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.INCLUDE_TIMESTAMP);
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }                    
+            String namespace = binding.getName().getNamespaceURI();
+            PolicyUtils.assertPolicy(aim, new QName(namespace, SPConstants.INCLUDE_TIMESTAMP));
         }
         return timestampEl;
     }
     
     protected WSSecTimestamp handleLayout(WSSecTimestamp timestamp) {
         if (binding.getLayout() != null) {
-            Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.LAYOUT);
-            AssertionInfo ai = null;
-            for (AssertionInfo layoutAi : ais) {
-                layoutAi.setAsserted(true);
-                ai = layoutAi;
-            }   
+            AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.LAYOUT);
             
             if (binding.getLayout().getLayoutType() == LayoutType.LaxTsLast) {
                 if (timestamp == null) {
@@ -397,7 +389,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         Collection<AssertionInfo> tokensInfos, 
         boolean endorse
     ) throws WSSecurityException {
-        List<SupportingToken> ret = new ArrayList<SupportingToken>();
+        List<SupportingToken> ret = new ArrayList<>();
         if (tokensInfos != null) {
             for (AssertionInfo assertionInfo : tokensInfos) {
                 if (assertionInfo.getAssertion() instanceof SupportingTokens) {
@@ -588,8 +580,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return (Element)secHeader.getSecurityHeader().getOwnerDocument().importNode(el, true);
     }
 
-    protected void addSignatureParts(List<SupportingToken> tokenList,
-                                       List<WSEncryptionPart> sigParts) {
+    protected void addSignatureParts(List<SupportingToken> tokenList, List<WSEncryptionPart> sigParts) {
         
         for (SupportingToken supportingToken : tokenList) {
             
@@ -831,17 +822,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             }
         }
         
-        CallbackHandler handler = null;
-        if (o instanceof CallbackHandler) {
-            handler = (CallbackHandler)o;
-        } else if (o instanceof String) {
-            try {
-                handler = (CallbackHandler)ClassLoaderUtils
-                    .loadClass((String)o, this.getClass()).newInstance();
-            } catch (Exception e) {
-                handler = null;
-            }
-        }
+        CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
         if (handler == null) {
             policyNotAsserted(token, "No SAML CallbackHandler available");
             return null;
@@ -1011,8 +992,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     public List<WSEncryptionPart> getEncryptedParts() 
         throws SOAPException {
         
-        boolean isBody = false;
-        
         EncryptedParts parts = null;
         EncryptedElements elements = null;
         ContentEncryptedElements celements = null;
@@ -1042,23 +1021,24 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         }
         
         if (parts == null && elements == null && celements == null) {
-            return new ArrayList<WSEncryptionPart>();
+            return new ArrayList<>();
         }
         
-        List<WSEncryptionPart> signedParts = new ArrayList<>();
+        List<WSEncryptionPart> securedParts = new ArrayList<>();
+        boolean isBody = false;
         if (parts != null) {
             isBody = parts.isBody();
             for (Header head : parts.getHeaders()) {
                 WSEncryptionPart wep = new WSEncryptionPart(head.getName(),
                                                             head.getNamespace(),
                                                             "Element");
-                signedParts.add(wep);
+                securedParts.add(wep);
             }
             
             Attachments attachments = parts.getAttachments();
             if (attachments != null) {
                 WSEncryptionPart wep = new WSEncryptionPart("cid:Attachments", "Element");
-                signedParts.add(wep);
+                securedParts.add(wep);
             }
         }
     
@@ -1068,7 +1048,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         // the encrypted list to prevent duplication / errors in encryption.
         return getPartsAndElements(false, 
                                    isBody,
-                                   signedParts,
+                                   securedParts,
                                    elements == null ? null : elements.getXPaths(),
                                    celements == null ? null : celements.getXPaths());
     }    
@@ -1116,10 +1096,10 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         }
         
         if (parts == null && elements == null) {
-            return new ArrayList<WSEncryptionPart>();
+            return new ArrayList<>();
         }
         
-        List<WSEncryptionPart> signedParts = new ArrayList<WSEncryptionPart>();
+        List<WSEncryptionPart> signedParts = new ArrayList<>();
         if (parts != null) {
             isSignBody = parts.isBody();
             for (Header head : parts.getHeaders()) {
@@ -1139,10 +1119,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             }
         }
         
-        // REVISIT consider catching exceptions and unassert failed assertions or
-        // to process and assert them one at a time.  Additionally, a found list
-        // should be applied to all operations that involve adding anything to
-        // the signed list to prevent duplication in the signature.
         return getPartsAndElements(true, 
                                    isSignBody,
                                    signedParts,
@@ -1171,9 +1147,6 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
      * @throws SOAPException
      *             if there is an error extracting SOAP content from the SAAJ
      *             model
-     *             
-     * @deprecated Use {@link #getSignedParts()} and {@link #getEncryptedParts()}
-     *             instead.
      */
     public List<WSEncryptionPart> getPartsAndElements(boolean sign, 
                                                     boolean includeBody,
@@ -1182,9 +1155,9 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                                                     List<org.apache.wss4j.policy.model.XPath> contentXpaths) 
         throws SOAPException {
         
-        List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
+        List<WSEncryptionPart> result = new ArrayList<>();
         
-        List<Element> found = new ArrayList<Element>();
+        List<Element> found = new ArrayList<>();
         
         // Handle sign/enc parts
         result.addAll(this.getParts(sign, includeBody, parts, found));
@@ -1227,7 +1200,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             boolean includeBody, List<WSEncryptionPart> parts,
             List<Element> found) throws SOAPException {
         
-        List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
+        List<WSEncryptionPart> result = new ArrayList<>();
         
         if (includeBody && !found.contains(SAAJUtils.getBody(this.saaj))) {
             found.add(SAAJUtils.getBody(saaj));
@@ -1311,7 +1284,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             List<Element> found,
             boolean forceId) throws SOAPException {
         
-        List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
+        List<WSEncryptionPart> result = new ArrayList<>();
         
         if (xpaths != null && !xpaths.isEmpty()) {
             XPathFactory factory = XPathFactory.newInstance();
@@ -1334,6 +1307,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
                         Element el = (Element)list.item(x);
                         
                         if (!found.contains(el)) {
+                            found.add(el);
                             String id = setIdOnElement(el, forceId);
                             WSEncryptionPart part = 
                                 new WSEncryptionPart(id, encryptionModifier);
@@ -1416,7 +1390,11 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
         cryptoType.setAlias(encrUser);
         X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
-        return certs[0];
+        if (certs != null && certs.length > 0) {
+            return certs[0];
+        }
+        
+        return null;
     }
     
     public Crypto getSignatureCrypto(AbstractTokenWrapper wrapper) throws WSSecurityException {
@@ -1648,6 +1626,27 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         return null;
     }
     
+    protected WSSecurityEngineResult getEncryptedKeyResult() {
+        
+        List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
+            .get(WSHandlerConstants.RECV_RESULTS));
+        
+        for (WSHandlerResult rResult : results) {
+            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+            
+            for (WSSecurityEngineResult wser : wsSecEngineResults) {
+                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+                String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
+                if (actInt.intValue() == WSConstants.ENCR
+                    && encryptedKeyID != null
+                    && encryptedKeyID.length() != 0) {
+                    return wser;
+                }
+            }
+        }
+        return null;
+    }
+    
     private void checkForX509PkiPath(WSSecSignature sig, AbstractToken token) {
         if (token instanceof X509Token) {
             X509Token x509Token = (X509Token) token;
@@ -1798,7 +1797,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         for (SupportingToken supportingToken : tokenList) {
             Object tempTok = supportingToken.getTokenImplementation();
             
-            List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
+            List<WSEncryptionPart> sigParts = new ArrayList<>();
             WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId);
             sigPart.setElement(bottomUpElement);
             sigParts.add(sigPart);
@@ -1939,12 +1938,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
         dkSign.prepare(doc, secHeader);
         
         if (isTokenProtection) {
-            //Hack to handle reference id issues
-            //TODO Need a better fix
-            String sigTokId = tok.getId();
-            if (sigTokId.startsWith("#")) {
-                sigTokId = sigTokId.substring(1);
-            }
+            String sigTokId = WSSecurityUtil.getIDFromReference(tok.getId());
             sigParts.add(new WSEncryptionPart(sigTokId));
         }
         
@@ -2007,12 +2001,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             sigTokId = tok.getId();
         }
                        
-        //Hack to handle reference id issues
-        //TODO Need a better fix
-        if (sigTokId.startsWith("#")) {
-            sigTokId = sigTokId.substring(1);
-        }
-        
+        sigTokId = WSSecurityUtil.getIDFromReference(sigTokId);
         sig.setCustomTokenId(sigTokId);
         sig.setSecretKey(tok.getSecret());
         sig.setSignatureAlgorithm(binding.getAlgorithmSuite().getAsymmetricSignature());
@@ -2101,8 +2090,8 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
          * handler result get the various actions. After that loop we have all
          * signature results in the signatureActions list
          */
-        List<WSSecurityEngineResult> signatureActions = new ArrayList<WSSecurityEngineResult>();
-        final List<Integer> signedActions = new ArrayList<Integer>(2);
+        List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
+        final List<Integer> signedActions = new ArrayList<>(2);
         signedActions.add(WSConstants.SIGN);
         signedActions.add(WSConstants.UT_SIGN);
         for (WSHandlerResult wshResult : results) {
@@ -2111,7 +2100,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
             );
         }
         
-        sigConfList = new ArrayList<WSEncryptionPart>();
+        sigConfList = new ArrayList<>();
         // prepare a SignatureConfirmation token
         WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(wssConfig);
         if (signatureActions.size() > 0) {
@@ -2161,7 +2150,7 @@ public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandle
     public void handleEncryptedSignedHeaders(List<WSEncryptionPart> encryptedParts, 
             List<WSEncryptionPart> signedParts) {
 
-        final List<WSEncryptionPart> signedEncryptedParts = new ArrayList<WSEncryptionPart>();
+        final List<WSEncryptionPart> signedEncryptedParts = new ArrayList<>();
         
         for (WSEncryptionPart encryptedPart : encryptedParts) {
             final Iterator<WSEncryptionPart> signedPartsIt = signedParts.iterator();

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
index ae36dcc..cc36efa 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractCommonBindingHandler.java
@@ -447,21 +447,14 @@ public abstract class AbstractCommonBindingHandler {
     
     protected Wss10 getWss10() {
         AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS10);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
+        AssertionInfo ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.WSS10);
+        if (ai == null) {
+            ai = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.WSS11);
         }
         
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.WSS11);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                return (Wss10)ai.getAssertion();
-            }            
-        }  
-        
+        if (ai != null) {
+            return (Wss10)ai.getAssertion();
+        }
         return null;
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
index 67d7afe..ee7bdad 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java
@@ -164,7 +164,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             }
             
             // Add timestamp
-            List<WSEncryptionPart> sigs = new ArrayList<WSEncryptionPart>();
+            List<WSEncryptionPart> sigs = new ArrayList<>();
             if (timestampEl != null) {
                 WSEncryptionPart timestampPart = 
                     convertToEncryptionPart(timestampEl.getElement());
@@ -309,7 +309,7 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
             assertToken(initiatorToken);
         }
         
-        List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
+        List<WSEncryptionPart> sigParts = new ArrayList<>();
         if (timestampEl != null) {
             WSEncryptionPart timestampPart = 
                 convertToEncryptionPart(timestampEl.getElement());
@@ -722,14 +722,17 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
                 CastUtils.cast(
                     (List<?>)message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
             if (results != null) {
-                encryptedKeyId = getRequestEncryptedKeyId(results);
-                encryptedKeyValue = getRequestEncryptedKeyValue(results);
+                WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
+                if (encryptedKeyResult != null) {
+                    encryptedKeyId = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
+                    encryptedKeyValue = (byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET);
+                }
                 
                 //In the case where we don't have the EncryptedKey in the 
                 //request, for the control to have reached this state,
                 //the scenario MUST be a case where this is the response
                 //message by a listener created for an async client
-                //Therefor we will create a new EncryptedKey
+                //Therefore we will create a new EncryptedKey
                 if (encryptedKeyId == null && encryptedKeyValue == null) {
                     createEncryptedKey(wrapper, token);
                 }
@@ -741,49 +744,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
         }
     }
     
-    public static String getRequestEncryptedKeyId(List<WSHandlerResult> results) {
-        
-        for (WSHandlerResult rResult : results) {
-            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
-            /*
-             * Scan the results for the first Signature action. Use the
-             * certificate of this Signature to set the certificate for the
-             * encryption action :-).
-             */
-            for (WSSecurityEngineResult wser : wsSecEngineResults) {
-                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
-                String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ID);
-                if (actInt.intValue() == WSConstants.ENCR && encrKeyId != null) {
-                    return encrKeyId;
-                }
-            }
-        }
-        
-        return null;
-    }
-    
-    public static byte[] getRequestEncryptedKeyValue(List<WSHandlerResult> results) {
-        
-        for (WSHandlerResult rResult : results) {
-            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
-
-            /*
-            * Scan the results for the first Signature action. Use the
-            * certificate of this Signature to set the certificate for the
-            * encryption action :-).
-            */
-            for (WSSecurityEngineResult wser : wsSecEngineResults) {
-                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
-                byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_SECRET);
-                if (actInt.intValue() == WSConstants.ENCR && decryptedKey != null) {
-                    return decryptedKey;
-                }
-            }
-        }
-        
-        return null;
-    }
-    
     private void createEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken token)
         throws WSSecurityException {
         //Set up the encrypted key to use
@@ -798,10 +758,6 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder {
         this.addEncryptedKeyElement(encrKey.getEncryptedKeyElement());
         encryptedKeyValue = encrKey.getEphemeralKey();
         encryptedKeyId = encrKey.getId();
-        
-        //Store the token for client - response verification 
-        // and server - response creation
-        message.put(WSSecEncryptedKey.class.getName(), encrKey);
     }
 
     private String getSAMLToken() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index de508d7..3966638 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -20,7 +20,6 @@
 package org.apache.cxf.ws.security.wss4j.policyhandlers;
 
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Date;
 import java.util.List;
 import java.util.logging.Level;
@@ -36,9 +35,9 @@ import org.apache.cxf.binding.soap.SoapMessage;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
@@ -191,7 +190,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                     attached = true;
                 }
                 
-                List<WSEncryptionPart> sigParts = new ArrayList<WSEncryptionPart>();
+                List<WSEncryptionPart> sigParts = new ArrayList<>();
                 if (timestampEl != null) {
                     WSEncryptionPart timestampPart = 
                         convertToEncryptionPart(timestampEl.getElement());
@@ -222,7 +221,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
                 //Check for signature protection and encryption of UsernameToken
                 if (sbinding.isEncryptSignature() 
                     || encryptedTokensList.size() > 0 && isRequestor()) {
-                    List<WSEncryptionPart> secondEncrParts = new ArrayList<WSEncryptionPart>();
+                    List<WSEncryptionPart> secondEncrParts = new ArrayList<>();
                     
                     //Now encrypt the signature using the above token
                     if (sbinding.isEncryptSignature()) {
@@ -328,7 +327,7 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
             }
         
             //Add timestamp
-            List<WSEncryptionPart> sigs = new ArrayList<WSEncryptionPart>();
+            List<WSEncryptionPart> sigs = new ArrayList<>();
             if (timestampEl != null) {
                 WSEncryptionPart timestampPart = convertToEncryptionPart(timestampEl.getElement());
                 sigs.add(timestampPart);        
@@ -913,32 +912,23 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
     }
     
     private String getEncryptedKey() {
-        
-        List<WSHandlerResult> results = CastUtils.cast((List<?>)message.getExchange().getInMessage()
-            .get(WSHandlerConstants.RECV_RESULTS));
-        
-        for (WSHandlerResult rResult : results) {
-            List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
+        WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
+        if (encryptedKeyResult != null) {
+            // Store it in the cache
+            Date created = new Date();
+            Date expires = new Date();
+            expires.setTime(created.getTime() + 300000);
             
-            for (WSSecurityEngineResult wser : wsSecEngineResults) {
-                Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
-                String encryptedKeyID = (String)wser.get(WSSecurityEngineResult.TAG_ID);
-                if (actInt.intValue() == WSConstants.ENCR
-                    && encryptedKeyID != null
-                    && encryptedKeyID.length() != 0) {
-                    Date created = new Date();
-                    Date expires = new Date();
-                    expires.setTime(created.getTime() + 300000);
-                    SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
-                    tempTok.setSecret((byte[])wser.get(WSSecurityEngineResult.TAG_SECRET));
-                    tempTok.setSHA1(getSHA1((byte[])wser
-                                            .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
-                    tokenStore.add(tempTok);
-                    
-                    return encryptedKeyID;
-                }
-            }
+            String encryptedKeyID = (String)encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
+            SecurityToken tempTok = new SecurityToken(encryptedKeyID, created, expires);
+            tempTok.setSecret((byte[])encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET));
+            tempTok.setSHA1(getSHA1((byte[])encryptedKeyResult
+                                    .get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
+            tokenStore.add(tempTok);
+            
+            return encryptedKeyID;
         }
+        
         return null;
     }
     
@@ -974,13 +964,8 @@ public class SymmetricBindingHandler extends AbstractBindingBuilder {
     }
     
     private boolean hasSignedPartsOrElements() {
-        Collection<AssertionInfo> ais = getAllAssertionsByLocalname(SPConstants.SIGNED_PARTS);
-        if (ais.size() > 0) {
-            return true;
-        }
-        
-        ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ELEMENTS);
-        if (ais.size() > 0) {
+        if (PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS) != null
+            || PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS) != null) {
             return true;
         }
         

http://git-wip-us.apache.org/repos/asf/cxf/blob/7e8d0b4b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
index 9712f51..d9eaa2c 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.java
@@ -603,8 +603,8 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
         SignedElements signedElements
     ) throws SOAPException {
         
-        List<WSEncryptionPart> result = new ArrayList<WSEncryptionPart>();
-        List<Element> found = new ArrayList<Element>();
+        List<WSEncryptionPart> result = new ArrayList<>();
+        List<Element> found = new ArrayList<>();
         
         // Add timestamp
         if (timestampEl != null) {
@@ -620,7 +620,7 @@ public class TransportBindingHandler extends AbstractBindingBuilder {
 
         // Add SignedParts
         if (signedParts != null) {
-            List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>();
+            List<WSEncryptionPart> parts = new ArrayList<>();
             boolean isSignBody = signedParts.isBody();
             
             for (Header head : signedParts.getHeaders()) {


Mime
View raw message