cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: More policy work
Date Fri, 20 Mar 2015 21:58:19 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9064201a2 -> afeb2ab05


More policy work


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/afeb2ab0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/afeb2ab0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/afeb2ab0

Branch: refs/heads/master
Commit: afeb2ab056a4a4377db11d597c675108eb780d16
Parents: 9064201
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Mar 20 21:57:54 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Mar 20 21:58:13 2015 +0000

----------------------------------------------------------------------
 .../cxf/ws/security/policy/PolicyUtils.java     | 26 ++++++++
 .../HttpsTokenInterceptorProvider.java          | 70 +++++++-------------
 .../IssuedTokenInterceptorProvider.java         | 17 ++---
 .../policy/interceptors/NegotiationUtils.java   | 31 ++-------
 .../policy/interceptors/STSTokenHelper.java     | 26 +-------
 .../SecureConversationInInterceptor.java        | 40 +++--------
 .../SecureConversationOutInterceptor.java       |  4 +-
 .../SecurityVerificationOutInterceptor.java     | 50 ++++++--------
 .../WSSecurityInterceptorProvider.java          |  2 +-
 .../WSSecurityPolicyInterceptorProvider.java    |  2 +-
 .../wss4j/PolicyBasedWSS4JOutInterceptor.java   | 27 +-------
 11 files changed, 96 insertions(+), 199 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
index b8cf971..6bed02e 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/PolicyUtils.java
@@ -28,6 +28,8 @@ import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
+import org.apache.wss4j.policy.SPConstants;
+import org.apache.wss4j.policy.model.AbstractBinding;
 
 /**
  * Some common functionality that can be shared for working with policies
@@ -108,4 +110,28 @@ public final class PolicyUtils {
 
         return false;
     }
+    
+    public static AbstractBinding getSecurityBinding(AssertionInfoMap aim) {
+        
+        AssertionInfo transAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
+        if (transAis != null) {
+            transAis.setAsserted(true);
+            return (AbstractBinding)transAis.getAssertion();
+        }
+        
+        AssertionInfo asymAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
+        if (asymAis != null) {
+            asymAis.setAsserted(true);
+            return (AbstractBinding)asymAis.getAssertion();
+        }
+
+        AssertionInfo symAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
+        if (symAis != null) {
+            symAis.setAsserted(true);
+            return (AbstractBinding)symAis.getAssertion();
+        }
+        
+        return null;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
index 5d6ebae..bf8171a 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/HttpsTokenInterceptorProvider.java
@@ -24,24 +24,22 @@ import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.TreeMap;
 import java.util.logging.Logger;
 
+import javax.xml.namespace.QName;
+
 import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.security.SecurityContext;
 import org.apache.cxf.security.transport.TLSSessionInfo;
-import org.apache.cxf.transport.Conduit;
-import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.MessageTrustDecider;
 import org.apache.cxf.transport.http.URLConnectionInfo;
 import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
@@ -52,7 +50,6 @@ import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.policy.PolicyException;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor;
-import org.apache.neethi.Assertion;
 import org.apache.wss4j.policy.SP11Constants;
 import org.apache.wss4j.policy.SP12Constants;
 import org.apache.wss4j.policy.SPConstants;
@@ -82,43 +79,15 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
         this.getInFaultInterceptors().add(new HttpsTokenInInterceptor());
     }
     
-    private static Map<String, List<String>> getSetProtocolHeaders(Message message)
{
+    private static Map<String, List<String>> getProtocolHeaders(Message message)
{
         Map<String, List<String>> headers =
             CastUtils.cast((Map<?, ?>)message.get(Message.PROTOCOL_HEADERS));     
  
         if (null == headers) {
-            headers = new TreeMap<String, List<String>>(String.CASE_INSENSITIVE_ORDER);
-            message.put(Message.PROTOCOL_HEADERS, headers);
+            Collections.emptyMap();
         }
         return headers;
     }
 
-    public boolean configurationPresent(Message msg, Assertion assertion) {
-        if (msg == null || !MessageUtils.isRequestor(msg) || !SP11Constants.HTTPS_TOKEN.equals(assertion.getName()))
{
-            return true;
-        }
-        
-        HttpsToken token = (HttpsToken)assertion;        
-        if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication
-            || token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication)
{
-            try {
-                return tryAuth(msg);
-            } catch (Throwable t) {
-                //ignore, can catch it later
-            }
-        }
-        return true;
-    }    
-    
-    private boolean tryAuth(Message msg) {
-        Conduit conduit = msg.getExchange().getConduit(msg);
-        AuthorizationPolicy p = ((HTTPConduit)conduit).getEffectiveAuthPolicy(msg);
-
-        if (StringUtils.isEmpty(p.getUserName())) {
-            return false;
-        }
-        return true;
-    }
-    
     static class HttpsTokenOutInterceptor extends AbstractPhaseInterceptor<Message>
{
         public HttpsTokenOutInterceptor() {
             super(Phase.PRE_STREAM);
@@ -147,7 +116,7 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                 HttpsToken token = (HttpsToken)ai.getAssertion();
                 String scheme = (String)message.get("http.scheme");
                 ai.setAsserted(true);
-                Map<String, List<String>> headers = getSetProtocolHeaders(message);
+                Map<String, List<String>> headers = getProtocolHeaders(message);
                 
                 if ("https".equals(scheme)) {
                     if (token.getAuthenticationType() 
@@ -172,7 +141,8 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                             }
                         };
                         message.put(MessageTrustDecider.class, trust);
-                        PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+                        PolicyUtils.assertPolicy(aim, new QName(token.getName().getNamespaceURI(),
+                                                                SPConstants.REQUIRE_CLIENT_CERTIFICATE));
                     }
                     if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication)
{
                         List<String> auth = headers.get("Authorization");
@@ -180,7 +150,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                             || !auth.get(0).startsWith("Basic")) {
                             ai.setNotAsserted("HttpBasicAuthentication is set, but not being
used");
                         } else {
-                            PolicyUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION);
+                            PolicyUtils.assertPolicy(aim, 
+                                                     new QName(token.getName().getNamespaceURI(),

+                                                               SPConstants.HTTP_BASIC_AUTHENTICATION));
                         }
                     }
                     if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication)
{
@@ -189,7 +161,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                             || !auth.get(0).startsWith("Digest")) {
                             ai.setNotAsserted("HttpDigestAuthentication is set, but not being
used");
                         } else {
-                            PolicyUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION);
+                            PolicyUtils.assertPolicy(aim, 
+                                                     new QName(token.getName().getNamespaceURI(),
+                                                               SPConstants.HTTP_DIGEST_AUTHENTICATION));
                         }
                     }
                 } else {
@@ -274,7 +248,7 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                 
                 HttpsTokenSecurityEvent httpsTokenSecurityEvent = new HttpsTokenSecurityEvent();
                 
-                Map<String, List<String>> headers = getSetProtocolHeaders(message);
               
+                Map<String, List<String>> headers = getProtocolHeaders(message);
               
                 if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpBasicAuthentication)
{
                     List<String> auth = headers.get("Authorization");
                     if (auth == null || auth.size() == 0 
@@ -288,7 +262,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                             new HttpsSecurityTokenImpl(true, policy.getUserName());
                         httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                         httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-                        PolicyUtils.assertPolicy(aim, SPConstants.HTTP_BASIC_AUTHENTICATION);
+                        PolicyUtils.assertPolicy(aim, 
+                                                 new QName(token.getName().getNamespaceURI(),
+                                                           SPConstants.HTTP_BASIC_AUTHENTICATION));
                     }
                 }
                 if (token.getAuthenticationType() == HttpsToken.AuthenticationType.HttpDigestAuthentication)
{
@@ -304,7 +280,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                             new HttpsSecurityTokenImpl(false, policy.getUserName());
                         httpsSecurityToken.addTokenUsage(WSSecurityTokenConstants.TokenUsage_MainSignature);
                         httpsTokenSecurityEvent.setSecurityToken(httpsSecurityToken);
-                        PolicyUtils.assertPolicy(aim, SPConstants.HTTP_DIGEST_AUTHENTICATION);
+                        PolicyUtils.assertPolicy(aim, 
+                                                 new QName(token.getName().getNamespaceURI(),
+                                                           SPConstants.HTTP_DIGEST_AUTHENTICATION));
                     }
                 }
 
@@ -316,7 +294,9 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
                             || tlsInfo.getPeerCertificates().length == 0) {
                             asserted = false;
                         } else {
-                            PolicyUtils.assertPolicy(aim, SPConstants.REQUIRE_CLIENT_CERTIFICATE);
+                            PolicyUtils.assertPolicy(aim, 
+                                                     new QName(token.getName().getNamespaceURI(),
+                                                               SPConstants.REQUIRE_CLIENT_CERTIFICATE));
                         }
                     }
                     
@@ -379,7 +359,7 @@ public class HttpsTokenInterceptorProvider extends AbstractPolicyInterceptorProv
             List<SecurityEvent> securityEvents = 
                 (List<SecurityEvent>) message.getExchange().get(SecurityEvent.class.getName()
+ ".out");
             if (securityEvents == null) {
-                securityEvents = new ArrayList<SecurityEvent>();
+                securityEvents = new ArrayList<>();
                 message.getExchange().put(SecurityEvent.class.getName() + ".out", securityEvents);
             }
             

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
index 867bcae..7014a77 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/IssuedTokenInterceptorProvider.java
@@ -89,21 +89,12 @@ public class IssuedTokenInterceptorProvider extends AbstractPolicyInterceptorPro
         }
         // Assert some policies
         if (issuedToken.isRequireExternalReference()) {
-            assertPolicy(new QName(issuedToken.getName().getNamespaceURI(), 
-                                   SPConstants.REQUIRE_EXTERNAL_REFERENCE), aim);
+            PolicyUtils.assertPolicy(aim, new QName(issuedToken.getName().getNamespaceURI(),

+                                                    SPConstants.REQUIRE_EXTERNAL_REFERENCE));
         }
         if (issuedToken.isRequireInternalReference()) {
-            assertPolicy(new QName(issuedToken.getName().getNamespaceURI(), 
-                                   SPConstants.REQUIRE_INTERNAL_REFERENCE), aim);
-        }
-    }
-    
-    protected static void assertPolicy(QName n, AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = aim.getAssertionInfo(n);
-        if (ais != null && !ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                ai.setAsserted(true);
-            }
+            PolicyUtils.assertPolicy(aim, new QName(issuedToken.getName().getNamespaceURI(),

+                                                    SPConstants.REQUIRE_INTERNAL_REFERENCE));
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
index aab8fc3..3ac9fb9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/NegotiationUtils.java
@@ -120,30 +120,9 @@ final class NegotiationUtils {
     }
 
     static AlgorithmSuite getAlgorithmSuite(AssertionInfoMap aim) {
-        AbstractBinding transport = null;
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (!ais.isEmpty()) {
-            for (AssertionInfo ai : ais) {
-                transport = (AbstractBinding)ai.getAssertion();
-            }                    
-        } else {
-            ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-            if (!ais.isEmpty()) {
-                for (AssertionInfo ai : ais) {
-                    transport = (AbstractBinding)ai.getAssertion();
-                }                    
-            } else {
-                ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-                if (!ais.isEmpty()) {
-                    for (AssertionInfo ai : ais) {
-                        transport = (AbstractBinding)ai.getAssertion();
-                    }                    
-                }
-            }
-        }
-        if (transport != null) {
-            return transport.getAlgorithmSuite();
+        AbstractBinding binding = PolicyUtils.getSecurityBinding(aim);
+        if (binding != null) {
+            return binding.getAlgorithmSuite();
         }
         return null;
     }
@@ -202,9 +181,7 @@ final class NegotiationUtils {
 
             EndpointPolicy ep = pe.getServerEndpointPolicy(endpoint.getEndpointInfo(), destination,
message);
             List<Interceptor<? extends Message>> interceptors = ep.getInterceptors(message);
-            for (Interceptor<? extends Message> i : interceptors) {
-                message.getInterceptorChain().add(i);
-            }
+            message.getInterceptorChain().add(interceptors);
 
             Collection<Assertion> assertions = ep.getVocabulary(message);
             if (null != assertions) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
index 0177d08..2771883 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenHelper.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
-import java.util.Collection;
 import java.util.Map;
 import java.util.Properties;
 import java.util.logging.Level;
@@ -32,11 +31,9 @@ import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.ws.addressing.AddressingProperties;
-import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.SecurityUtils;
-import org.apache.cxf.ws.security.policy.PolicyUtils;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.tokenstore.TokenStore;
 import org.apache.cxf.ws.security.trust.STSClient;
@@ -44,7 +41,6 @@ import org.apache.cxf.ws.security.trust.STSUtils;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.apache.wss4j.dom.WSConstants;
-import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.IssuedToken;
 import org.apache.wss4j.policy.model.Trust10;
 import org.apache.wss4j.policy.model.Trust13;
@@ -65,8 +61,8 @@ public final class STSTokenHelper {
         if (issuedToken.getPolicy() != null) {
             params.setWspNamespace(issuedToken.getPolicy().getNamespace());
         }
-        params.setTrust10(getTrust10(aim));
-        params.setTrust13(getTrust13(aim));
+        params.setTrust10(NegotiationUtils.getTrust10(aim));
+        params.setTrust13(NegotiationUtils.getTrust13(aim));
         params.setTokenTemplate(issuedToken.getRequestSecurityTokenTemplate());
 
         return getToken(message, params);
@@ -441,24 +437,6 @@ public final class STSTokenHelper {
         return client.requestSecurityToken(appliesTo);
     }
 
-    private static Trust10 getTrust10(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais =
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_10);
-        if (ais.isEmpty()) {
-            return null;
-        }
-        return (Trust10)ais.iterator().next().getAssertion();
-    }
-
-    private static Trust13 getTrust13(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais =
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRUST_13);
-        if (ais.isEmpty()) {
-            return null;
-        }
-        return (Trust13)ais.iterator().next().getAssertion();
-    }
-
     public static class TokenRequestParams {
         private Element issuer;
         private Trust10 trust10;

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
index 930b8a8..c869f57 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationInInterceptor.java
@@ -83,22 +83,6 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
         addBefore(WSS4JStaxInInterceptor.class.getName());
         addBefore(HttpsTokenInInterceptor.class.getName());
     }
-    private AbstractBinding getBinding(AssertionInfoMap aim) {
-        Collection<AssertionInfo> ais = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-        if (!ais.isEmpty()) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-        if (!ais.isEmpty()) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        ais = PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-        if (!ais.isEmpty()) {
-            return (AbstractBinding)ais.iterator().next().getAssertion();
-        }
-        return null;
-    }
     
     public void handleMessage(SoapMessage message) throws Fault {
         final AssertionInfoMap aim = message.get(AssertionInfoMap.class);
@@ -205,7 +189,7 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
                 bindingPolicy.addPolicyComponent(bindingPolicyEa);
                 All bindingPolicyAll = new All();
                 
-                AbstractBinding origBinding = getBinding(aim);
+                AbstractBinding origBinding = PolicyUtils.getSecurityBinding(aim);
                 bindingPolicyAll.addPolicyComponent(origBinding.getAlgorithmSuite());
                 bindingPolicyAll.addPolicyComponent(new ProtectionToken(SPConstants.SPVersion.SP12,
sctPolicy));
                 bindingPolicyAll.addAssertion(
@@ -255,14 +239,14 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
     }
     
     private SignedParts getSignedParts(AssertionInfoMap aim, String addNs) {
-        Collection<AssertionInfo> signedPartsAis = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_PARTS);
+        AssertionInfo signedPartsAi = 
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
         SignedParts signedParts = null;
-        if (!signedPartsAis.isEmpty()) {
-            signedParts = (SignedParts)signedPartsAis.iterator().next().getAssertion();
+        if (signedPartsAi != null) {
+            signedParts = (SignedParts)signedPartsAi.getAssertion();
         }
         if (signedParts == null) {
-            List<Header> headers = new ArrayList<Header>();
+            List<Header> headers = new ArrayList<>();
             if (addNs != null) {
                 headers.add(new Header("To", addNs));
                 headers.add(new Header("From", addNs));
@@ -500,23 +484,19 @@ class SecureConversationInInterceptor extends AbstractPhaseInterceptor<SoapMessa
         }
         
         public void handleMessage(SoapMessage message) throws Fault {
-            // TODO Auto-generated method stub
-            
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
             // extract Assertion information
             if (aim == null) {
                 return;
             }
-            Collection<AssertionInfo> ais = 
-                PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
-            if (ais.isEmpty()) {
+            AssertionInfo ai = 
+                PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SECURE_CONVERSATION_TOKEN);
+            if (ai == null) {
                 return;
             }
             
-            SecureConversationToken tok = (SecureConversationToken)ais.iterator()
-                .next().getAssertion();
+            SecureConversationToken tok = (SecureConversationToken)ai.getAssertion();
             doCancel(message, aim, tok);
-
         }
         
         private void doCancel(SoapMessage message, AssertionInfoMap aim, SecureConversationToken
itok) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
index bba1952..083b1f9 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecureConversationOutInterceptor.java
@@ -113,7 +113,6 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
             return tok;
         }
         
-        
         // Remove the old token
         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN);
         message.getExchange().get(Endpoint.class).remove(SecurityConstants.TOKEN_ID);
@@ -135,8 +134,7 @@ class SecureConversationOutInterceptor extends AbstractPhaseInterceptor<SoapMess
             try {
                 SecureConversationTokenInterceptorProvider.setupClient(client, message, aim,
itok, true);
 
-                String s = message
-                    .getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
+                String s = message.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
                 client.setLocation(s);
                 
                 Map<String, Object> ctx = client.getRequestContext();

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
index ff0bb03..cbc6d87 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/SecurityVerificationOutInterceptor.java
@@ -19,7 +19,6 @@
 
 package org.apache.cxf.ws.security.policy.interceptors;
 
-import java.util.Collection;
 import java.util.logging.Logger;
 
 import org.apache.cxf.binding.soap.SoapMessage;
@@ -58,7 +57,7 @@ public class SecurityVerificationOutInterceptor extends AbstractPhaseInterceptor
     public void handleMessage(SoapMessage message) throws Fault {
         if (MessageUtils.isRequestor(message)) {
             AssertionInfoMap aim = message.get(AssertionInfoMap.class);
-            if (aim != null && !isThereASecurityBinding(aim)) {
+            if (aim != null && PolicyUtils.getSecurityBinding(aim) == null) {
                 AssertionInfo assertion = getSecuredPart(aim);
                 if (assertion != null) {
                     String error = String
@@ -76,42 +75,35 @@ public class SecurityVerificationOutInterceptor extends AbstractPhaseInterceptor
         }
     }
     
-    private boolean isThereASecurityBinding(AssertionInfoMap aim) {
-        return 
-            PolicyUtils.isThereAnAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING)
-            || PolicyUtils.isThereAnAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING)
-            || PolicyUtils.isThereAnAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-    }
-    
     private AssertionInfo getSecuredPart(AssertionInfoMap aim) {
-        Collection<AssertionInfo> assertions = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_PARTS);
-        if (!assertions.isEmpty()) {
-            return assertions.iterator().next();
+        AssertionInfo assertion = 
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_PARTS);
+        if (assertion != null) {
+            return assertion;
         }
         
-        assertions = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
-        if (!assertions.isEmpty()) {
-            return assertions.iterator().next();
+        assertion = 
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SIGNED_ELEMENTS);
+        if (assertion != null) {
+            return assertion;
         }
         
-        assertions = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
-        if (!assertions.isEmpty()) {
-            return assertions.iterator().next();
+        assertion = 
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_PARTS);
+        if (assertion != null) {
+            return assertion;
         }
         
-        assertions = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
-        if (!assertions.isEmpty()) {
-            return assertions.iterator().next();
+        assertion = 
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ENCRYPTED_ELEMENTS);
+        if (assertion != null) {
+            return assertion;
         }
         
-        assertions = 
-            PolicyUtils.getAllAssertionsByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
-        if (!assertions.isEmpty()) {
-            return assertions.iterator().next();
+        assertion = 
+            PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.CONTENT_ENCRYPTED_ELEMENTS);
+        if (assertion != null) {
+            return assertion;
         }
         
         return null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
index beb0a0d..065ca44 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityInterceptorProvider.java
@@ -39,7 +39,7 @@ public class WSSecurityInterceptorProvider extends AbstractPolicyInterceptorProv
     private static final long serialVersionUID = -6222118542914666817L;
     private static final Collection<QName> ASSERTION_TYPES;
     static {
-        ASSERTION_TYPES = new ArrayList<QName>();
+        ASSERTION_TYPES = new ArrayList<>();
         
         ASSERTION_TYPES.add(SP12Constants.TRANSPORT_BINDING);
         ASSERTION_TYPES.add(SP12Constants.ASYMMETRIC_BINDING);

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
index 1f869ea..b85008b 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
@@ -35,7 +35,7 @@ public class WSSecurityPolicyInterceptorProvider extends AbstractPolicyIntercept
     private static final long serialVersionUID = 2092269997296804632L;
     private static final Collection<QName> ASSERTION_TYPES;
     static {
-        ASSERTION_TYPES = new ArrayList<QName>();
+        ASSERTION_TYPES = new ArrayList<>();
         ASSERTION_TYPES.add(SP12Constants.LAYOUT);
         ASSERTION_TYPES.add(SP12Constants.INCLUDE_TIMESTAMP);
         ASSERTION_TYPES.add(SP12Constants.ALGORITHM_SUITE);

http://git-wip-us.apache.org/repos/asf/cxf/blob/afeb2ab0/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
index 7dff5d8..8bc0849 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JOutInterceptor.java
@@ -39,7 +39,6 @@ import org.apache.cxf.message.MessageUtils;
 import org.apache.cxf.phase.AbstractPhaseInterceptor;
 import org.apache.cxf.phase.Phase;
 import org.apache.cxf.phase.PhaseInterceptor;
-import org.apache.cxf.ws.policy.AssertionInfo;
 import org.apache.cxf.ws.policy.AssertionInfoMap;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.PolicyUtils;
@@ -52,7 +51,6 @@ import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.dom.WSSConfig;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 import org.apache.wss4j.dom.message.WSSecHeader;
-import org.apache.wss4j.policy.SPConstants;
 import org.apache.wss4j.policy.model.AbstractBinding;
 import org.apache.wss4j.policy.model.AsymmetricBinding;
 import org.apache.wss4j.policy.model.SymmetricBinding;
@@ -130,7 +128,7 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
             String actor = (String)message.getContextualProperty(SecurityConstants.ACTOR);
             
             // extract Assertion information
-            AbstractBinding binding = getSecurityBinding(aim);
+            AbstractBinding binding = PolicyUtils.getSecurityBinding(aim);
 
             if (binding == null && isRequestor(message)) {
                 Policy policy = new Policy();
@@ -192,29 +190,6 @@ public class PolicyBasedWSS4JOutInterceptor extends AbstractPhaseInterceptor<Soa
             
         }
         
-        private AbstractBinding getSecurityBinding(AssertionInfoMap aim) {
-            
-            AssertionInfo transAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.TRANSPORT_BINDING);
-            if (transAis != null) {
-                transAis.setAsserted(true);
-                return (AbstractBinding)transAis.getAssertion();
-            }
-            
-            AssertionInfo asymAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.ASYMMETRIC_BINDING);
-            if (asymAis != null) {
-                asymAis.setAsserted(true);
-                return (AbstractBinding)asymAis.getAssertion();
-            }
-
-            AssertionInfo symAis = PolicyUtils.getFirstAssertionByLocalname(aim, SPConstants.SYMMETRIC_BINDING);
-            if (symAis != null) {
-                symAis.setAsserted(true);
-                return (AbstractBinding)symAis.getAssertion();
-            }
-            
-            return null;
-        }
-
         public Set<String> getAfter() {
             return Collections.emptySet();
         }


Mime
View raw message