Moving axis svn, part of TLP move INFRA-2441
diff --git a/build.xml b/build.xml
new file mode 100644
index 0000000..264d290
--- /dev/null
+++ b/build.xml
@@ -0,0 +1,145 @@
+<project name="Apache Rampart release build" default="dist">
+
+ <property name="rampart.version" value="1.2"/>
+ <property name="rampart.bin.dist" value="rampart"/>
+ <property name="rampart.src.dist" value="rampart-src"/>
+ <property name="rampart.docs.dist" value="rampart-docs"/>
+
+ <property name="dir.dist" value="dist"/>
+ <property name="dir.dist.bin" value="${dir.dist}/bin/${rampart.bin.dist}-${rampart.version}"/>
+ <property name="dir.dist.src" value="${dir.dist}/src/${rampart.src.dist}-${rampart.version}"/>
+ <property name="dir.dist.docs" value="${dir.dist}/docs/${rampart.docs.dist}-${rampart.version}"/>
+
+ <property name="dir.mvn2.repo" value="${user.home}/.m2/repository"/>
+
+ <property name="version.bcprov13" value="132"/>
+ <property name="version.xmlsec" value="1.4.0"/>
+ <property name="version.opensaml" value="1.1"/>
+ <property name="version.wss4j" value="1.5.2"/>
+
+ <target name="init">
+ <mkdir dir="${dir.dist}"/>
+ </target>
+
+ <target name="dist" depends="clean, bin-dist, src-dist, docs-dist">
+ <copy todir="${dir.dist}" file="modules/rampart-mar/target/rampart-${rampart.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust-mar/target/rahas-${rampart.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+ </target>
+
+ <target name="bin-dist" depends="init">
+
+ <mkdir dir="${dir.dist.bin}"/>
+
+ <copy todir="${dir.dist.bin}">
+ <fileset dir="release-docs">
+ </fileset>
+ </copy>
+
+ <!-- Modules -->
+ <echo>Copying mars in to modules</echo>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-mar/target/rampart-${rampart.version}.mar"/>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-trust-mar/target/rahas-${rampart.version}.mar"/>
+
+ <!-- All dep jars -->
+ <echo>Copying dependencies into lib</echo>
+ <mkdir dir="${dir.dist.bin}/lib"/>
+
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk13/${version.bcprov13}/bcprov-jdk13-${version.bcprov13}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/santuario/xmlsec/${version.xmlsec}/xmlsec-${version.xmlsec}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/opensaml/opensaml/${version.opensaml}/opensaml-${version.opensaml}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/ws/security/wss4j/${version.wss4j}/wss4j-${version.wss4j}.jar"/>
+
+ <echo>Copying samples</echo>
+ <!-- copy samples -->
+ <mkdir dir="${dir.dist.bin}/samples"/>
+
+ <copy todir="${dir.dist.bin}/samples">
+ <fileset dir="modules/rampart-samples/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.bin.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.bin}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.bin}/../"/>
+
+ </target>
+
+ <target name="src-dist" depends="init">
+
+ <mkdir dir="${dir.dist.src}"/>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="modules">
+ <include name="rampart-core/**/*"/>
+ <include name="rampart-policy/**/*"/>
+ <include name="rampart-trust/**/*"/>
+ <include name="rampart-samples/**/*"/>
+ <exclude name=".svn"/>
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.src.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.src}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.src}/../"/>
+ </target>
+
+ <target name="docs-dist">
+
+ <mkdir dir="${dir.dist.docs}"/>
+
+ <copy todir="${dir.dist.docs}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <mkdir dir="${dir.dist.docs}/core"/>
+ <mkdir dir="${dir.dist.docs}/policy"/>
+ <mkdir dir="${dir.dist.docs}/trust"/>
+
+ <copy todir="${dir.dist.docs}/core">
+ <fileset dir="modules/rampart-core/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/policy">
+ <fileset dir="modules/rampart-policy/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/trust">
+ <fileset dir="modules/rampart-trust/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.docs.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.docs}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.docs}/../"/>
+ </target>
+
+ <target name="clean">
+ <delete dir="${dir.dist}"/>
+ </target>
+
+</project>
diff --git a/modules/rampart-core/pom.xml b/modules/rampart-core/pom.xml
new file mode 100644
index 0000000..58c8c59
--- /dev/null
+++ b/modules/rampart-core/pom.xml
@@ -0,0 +1,62 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.21</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-core</artifactId>
+ <packaging>jar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Core</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
diff --git a/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..92c67c0
--- /dev/null
+++ b/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,2 @@
+org.apache.rampart.policy.builders.CryptoConfigBuilder
+org.apache.rampart.policy.builders.RampartConfigBuilder
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
new file mode 100644
index 0000000..6c2a543
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.AddressingConstants.Final;
+import org.apache.axis2.addressing.AddressingConstants.Submission;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.util.XMLUtils;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.builder.AsymmetricBindingBuilder;
+import org.apache.rampart.builder.SymmetricBindingBuilder;
+import org.apache.rampart.builder.TransportBindingBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import javax.xml.namespace.QName;
+
+public class MessageBuilder {
+
+ private static Log log = LogFactory.getLog(MessageBuilder.class);
+
+ public void build(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ Axis2Util.useDOOM(true);
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, true);
+
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null) {
+ return;
+ }
+
+ //Copy the RECV_RESULTS if available
+ if(!rmd.isInitiator()) {
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgCtx.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+ }
+
+
+ String isCancelreq = (String)msgCtx.getProperty(RampartMessageData.CANCEL_REQUEST);
+ if(isCancelreq != null && Constants.VALUE_TRUE.equals(isCancelreq)) {
+ try {
+
+ String cancelAction = TrustUtil.getWSTNamespace(rmd.getWstVersion()) + RahasConstants.RST_ACTION_CANCEL_SCT;
+ //Set action
+ msgCtx.getOptions().setAction(cancelAction);
+
+ //Change the wsa:Action header
+ String wsaNs = Final.WSA_NAMESPACE;
+ Object addressingVersionFromCurrentMsgCtxt = msgCtx.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+ if (Submission.WSA_NAMESPACE.equals(addressingVersionFromCurrentMsgCtxt)) {
+ wsaNs = Submission.WSA_NAMESPACE;
+ }
+ OMElement header = msgCtx.getEnvelope().getHeader();
+ if(header != null) {
+ OMElement actionElem = header.getFirstChildWithName(new QName(wsaNs, AddressingConstants.WSA_ACTION));
+ if(actionElem != null) {
+ actionElem.setText(cancelAction);
+ }
+ }
+
+ //set payload to a cancel request
+ String ctxIdKey = RampartUtil.getContextIdentifierKey(msgCtx);
+ String tokenId = (String)RampartUtil.getContextMap(msgCtx).get(ctxIdKey);
+
+ if(tokenId != null && RampartUtil.isTokenValid(rmd, tokenId)) {
+ OMElement bodyElem = msgCtx.getEnvelope().getBody();
+ OMElement child = bodyElem.getFirstElement();
+ OMElement newChild = TrustUtil.createCancelRequest(tokenId, rmd.getWstVersion());
+ Element newDomChild = XMLUtils.toDOM(newChild);
+ Node importedNode = rmd.getDocument().importNode((Element) newDomChild, true);
+ ((Element) bodyElem).replaceChild(importedNode, (Element) child);
+ } else {
+ throw new RampartException("tokenToBeCancelledInvalid");
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RampartException("errorInTokenCancellation");
+ }
+ }
+
+ if(rpd.isTransportBinding()) {
+ log.debug("Building transport binding");
+ TransportBindingBuilder building = new TransportBindingBuilder();
+ building.build(rmd);
+ } else if(rpd.isSymmetricBinding()) {
+ log.debug("Building SymmetricBinding");
+ SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
+ builder.build(rmd);
+ } else {
+ AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
+ builder.build(rmd);
+ }
+
+ /*
+ * Checking wether MTOMSerializable is there. If so set optimizeElement.
+ * */
+ if(rpd.isMTOMSerialize()){
+ String optimizeElement = rpd.getOptimizeParts();
+ if(optimizeElement == null){
+ optimizeElement = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+ }
+ msgCtx.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ MessageOptimizer.optimize(msgCtx.getEnvelope(),optimizeElement);
+ }
+
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
new file mode 100644
index 0000000..53533b3
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -0,0 +1,607 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+
+public class PolicyBasedResultsValidator {
+
+ private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
+
+ public void validate(ValidatorData data, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //If there's Security policy present and no results
+ //then we should throw an error
+ if(rpd != null && results == null) {
+ throw new RampartException("noSecurityResults");
+ }
+
+ //Check presence of timestamp
+ WSSecurityEngineResult tsResult = null;
+ if(rpd.isIncludeTimestamp()) {
+ tsResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+ if(tsResult == null) {
+ throw new RampartException("timestampMissing");
+ }
+
+ }
+
+ //sig/encr
+ Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
+ if(rpd.isSignatureProtection() && isSignatureRequired(rpd)) {
+ encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
+ WSConstants.SIG_NS, "Element"));
+ }
+
+ Vector signatureParts = RampartUtil.getSignedParts(rmd);
+
+ //Add the timestamp result
+ if(rpd.isIncludeTimestamp() && !rpd.isTransportBinding()) {
+ signatureParts.add(new WSEncryptionPart(tsResult.getTimestamp().getID()));
+ }
+
+ validateEncrSig(encryptedParts, signatureParts, results);
+
+ validateProtectionOrder(data, results);
+
+ validateEncryptedParts(data, encryptedParts, results);
+
+ validateSignedPartsHeaders(data, signatureParts, results);
+
+ //Supporting tokens
+ if(!rmd.isInitiator()) {
+ validateSupportingTokens(data, results);
+ }
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = actionResult.getCertificate();
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, rmd)) {
+ throw new RampartException ("trustVerificationError");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header.
+ * In the following implementation the timestamp is valid if :
+ * Timestamp->Created < 'now' < Timestamp->Expires (Last test already handled by WSS4J)
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = actionResult.getTimestamp();
+
+ if (timestamp != null) {
+ if (!verifyTimestamp(timestamp, rmd)) {
+ throw new RampartException("cannotValidateTimestamp");
+ }
+ }
+ }
+ }
+
+ /**
+ * @param encryptedParts
+ * @param signatureParts
+ */
+ private void validateEncrSig(Vector encryptedParts, Vector signatureParts, Vector results)
+ throws RampartException {
+ ArrayList actions = getSigEncrActions(results);
+ boolean sig = false;
+ boolean encr = false;
+ for (Iterator iter = actions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sig = true;
+ } else if(act.intValue() == WSConstants.ENCR) {
+ encr = true;
+ }
+ }
+
+ if(sig && signatureParts.size() == 0) {
+
+ //Unexpected signature
+ throw new RampartException("unexprectedSignature");
+ } else if(!sig && signatureParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("signatureMissing");
+ }
+
+ if(encr && encryptedParts.size() == 0) {
+
+ //Check whether its just an encrypted key
+ ArrayList list = this.getResults(results, WSConstants.ENCR);
+ boolean encrDataFound = false;
+ for (Iterator iter = list.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult result = (WSSecurityEngineResult) iter.next();
+ if(result.getDataRefUris() != null) {
+ encrDataFound = true;
+ }
+ }
+ if(encrDataFound) {
+ //Unexpected encryption
+ throw new RampartException("unexprectedEncryptedPart");
+ }
+ } else if(!encr && encryptedParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("encryptionMissing");
+ }
+ }
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateSupportingTokens(ValidatorData data, Vector results)
+ throws RampartException {
+
+ //Check for UsernameToken
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+ SupportingToken suppTok = rpd.getSupportingTokens();
+ handleSupportingTokens(results, suppTok);
+ SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ handleSupportingTokens(results, signedSuppToken);
+ SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ handleSupportingTokens(results, signedEndSuppToken);
+ SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ handleSupportingTokens(results, endSuppToken);
+ }
+
+ /**
+ * @param results
+ * @param suppTok
+ * @throws RampartException
+ */
+ private void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+
+ if(suppTok == null) {
+ return;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ //Check presence of a UsernameToken
+ WSSecurityEngineResult utResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
+ if(utResult == null) {
+ throw new RampartException("usernameTokenMissing");
+ }
+
+ }
+ }
+ }
+
+
+
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateProtectionOrder(ValidatorData data, Vector results)
+ throws RampartException {
+
+ String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
+ ArrayList sigEncrActions = this.getSigEncrActions(results);
+
+ if(sigEncrActions.size() < 2) {
+ //There are no results to COMPARE
+ return;
+ }
+ boolean done = false;
+ if(Constants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ boolean sigFound = false;
+ for (Iterator iter = sigEncrActions.iterator();
+ iter.hasNext() || !done;) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.ENCR && ! sigFound ) {
+ // We found ENCR and SIGN has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.SIGN) {
+ sigFound = true;
+ } else if(sigFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+
+ } else {
+ boolean encrFound = false;
+ for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN && ! encrFound ) {
+ // We found SIGN and ENCR has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.ENCR) {
+ encrFound = true;
+ } else if(encrFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+ }
+
+ if(!done) {
+ throw new RampartException("protectionOrderMismatch");
+ }
+ }
+
+
+ private ArrayList getSigEncrActions(Vector results) {
+ ArrayList sigEncrActions = new ArrayList();
+ for (Iterator iter = results.iterator(); iter.hasNext();) {
+ int action = ((WSSecurityEngineResult) iter.next()).getAction();
+ if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
+ sigEncrActions.add(new Integer(action));
+ }
+
+ }
+ return sigEncrActions;
+ }
+
+ private void validateEncryptedParts(ValidatorData data, Vector encryptedParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ ArrayList encrRefs = getEncryptedReferences(results);
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Check for encrypted body
+ if(rpd.isEncryptBody()) {
+
+ if(!encrRefs.contains(data.getBodyEncrDataId())){
+ throw new RampartException("encryptedPartMissing",
+ new String[]{data.getBodyEncrDataId()});
+ }
+ }
+
+ int refCount = 0;
+
+ refCount += encryptedParts.size();
+
+ if(encrRefs.size() != refCount) {
+ throw new RampartException("invalidNumberOfEncryptedParts",
+ new String[]{Integer.toString(refCount)});
+ }
+
+ }
+
+ private void validateSignedPartsHeaders(ValidatorData data, Vector signatureParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ Node envelope = rmd.getDocument().getFirstChild();
+
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ // Find elements that are signed
+ Vector actuallySigned = new Vector();
+ if( actionResult != null ) {
+ Set signedIDs = actionResult.getSignedElements();
+ for (Iterator i = signedIDs.iterator(); i.hasNext();) {
+ String e = (String) i.next();
+
+ Element element = WSSecurityUtil.findElementById(envelope, e, WSConstants.WSU_NS);
+ actuallySigned.add( element );
+ }
+ }
+
+ for(int i=0; i<signatureParts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) signatureParts.get( i );
+
+ Element headerElement = (Element) WSSecurityUtil.findElement(
+ envelope, wsep.getName(), wsep.getNamespace() );
+ if( headerElement == null ) {
+ // The signedpart header we are checking is not present in Soap header - this is allowed
+ continue;
+ }
+
+ // header elemement present - verify that it is part of signature
+ if( actuallySigned.contains( headerElement) ) {
+ continue;
+ }
+
+ // header defined in policy is present but not signed
+ throw new RampartException("signedPartHeaderNotSigned", new String[] { wsep.getName() });
+ }
+ }
+
+
+ private boolean isSignatureRequired(RampartPolicyData rpd) {
+ return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
+ (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
+ rpd.getInitiatorToken() != null);
+ }
+
+
+ /*
+ * Verify that ts->Created is before 'now'
+ * - testing that timestamp has not expired ('now' is before ts->Expires) is handled earlier by WSS4J
+ */
+ private boolean verifyTimestamp(Timestamp timestamp, RampartMessageData rmd) throws RampartException {
+
+ Calendar cre = timestamp.getCreated();
+ if (cre != null) {
+ long now = Calendar.getInstance().getTimeInMillis();
+
+ // ajust 'now' with allowed timeskew
+ long maxSkew = RampartUtil.getTimestampMaxSkew( rmd );
+ if( maxSkew > 0 ) {
+ now += (maxSkew * 1000);
+ }
+
+ // fail if ts->Created is after 'now'
+ if( cre.getTimeInMillis() > now ) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Evaluate whether a given certificate should be trusted.
+ * Hook to allow subclasses to implement custom validation methods however they see fit.
+ * <p/>
+ * Policy used in this implementation:
+ * 1. Search the keystore for the transmitted certificate
+ * 2. Search the keystore for a connection to the transmitted certificate
+ * (that is, search for certificate(s) of the issuer of the transmitted certificate
+ * 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)
+ *
+ * @param cert the certificate that should be validated against the keystore
+ * @return true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
+ * @throws WSSecurityException
+ */
+ protected boolean verifyTrust(X509Certificate cert, RampartMessageData rmd) throws RampartException {
+
+ // If no certificate was transmitted, do not trust the signature
+ if (cert == null) {
+ return false;
+ }
+
+ String[] aliases = null;
+ String alias = null;
+ X509Certificate[] certs;
+
+ String subjectString = cert.getSubjectDN().getName();
+ String issuerString = cert.getIssuerDN().getName();
+ BigInteger issuerSerial = cert.getSerialNumber();
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSHandler: Transmitted certificate has subject " +
+ subjectString);
+ log.debug("WSHandler: Transmitted certificate has issuer " +
+ issuerString + " (serial " + issuerSerial + ")");
+ }
+
+ // FIRST step
+ // Search the keystore for the transmitted certificate
+
+ // Search the keystore for the alias of the transmitted certificate
+ try {
+ alias = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasForX509Cert(
+ issuerString, issuerSerial);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{subjectString}, ex);
+ }
+
+ if (alias != null) {
+ // Retrieve the certificate for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If certificates have been found, the certificates must be compared
+ // to ensure againgst phony DNs (compare encoded form including signature)
+ if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
+ if (doDebug) {
+ log.debug("Direct trust for certificate with " + subjectString);
+ }
+ return true;
+ }
+ } else {
+ if (doDebug) {
+ log.debug("No alias found for subject from issuer with " + issuerString + " (serial " + issuerSerial + ")");
+ }
+ }
+
+ // SECOND step
+ // Search for the issuer of the transmitted certificate in the keystore
+
+ // Search the keystore for the alias of the transmitted certificates issuer
+ try {
+ aliases = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasesForDN(issuerString);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{issuerString}, ex);
+ }
+
+ // If the alias has not been found, the issuer is not in the keystore
+ // As a direct result, do not trust the transmitted certificate
+ if (aliases == null || aliases.length < 1) {
+ if (doDebug) {
+ log.debug("No aliases found in keystore for issuer " + issuerString + " of certificate for " + subjectString);
+ }
+ return false;
+ }
+
+ // THIRD step
+ // Check the certificate trust path for every alias of the issuer found in the keystore
+ for (int i = 0; i < aliases.length; i++) {
+ alias = aliases[i];
+
+ if (doDebug) {
+ log.debug("Preparing to validate certificate path with alias " + alias + " for issuer " + issuerString);
+ }
+
+ // Retrieve the certificate(s) for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If no certificates have been found, there has to be an error:
+ // The keystore can find an alias but no certificate(s)
+ if (certs == null | certs.length < 1) {
+ throw new RampartException("noCertForAlias", new String[] {alias});
+ }
+
+ // Form a certificate chain from the transmitted certificate
+ // and the certificate(s) of the issuer from the keystore
+ // First, create new array
+ X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
+ // Then add the first certificate ...
+ x509certs[0] = cert;
+ // ... and the other certificates
+ for (int j = 0; j < certs.length; j++) {
+ cert = certs[i];
+ x509certs[certs.length + j] = cert;
+ }
+ certs = x509certs;
+
+ // Use the validation method from the crypto to check whether the subjects certificate was really signed by the issuer stated in the certificate
+ try {
+ if (RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).validateCertPath(certs)) {
+ if (doDebug) {
+ log.debug("WSHandler: Certificate path has been verified for certificate with subject " + subjectString);
+ }
+ return true;
+ }
+ } catch (WSSecurityException ex) {
+ throw new RampartException("certPathVerificationFailed", new String[]{subjectString}, ex);
+ }
+ }
+
+ log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ return false;
+ }
+
+
+ private ArrayList getEncryptedReferences(Vector results) {
+
+ //there can be multiple ref lists
+ ArrayList encrResults = getResults(results, WSConstants.ENCR);
+
+ ArrayList refs = new ArrayList();
+
+ for (Iterator iter = encrResults.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult engineResult = (WSSecurityEngineResult) iter.next();
+ ArrayList dataRefUris = engineResult.getDataRefUris();
+
+ //take only the ref list processing results
+ if(dataRefUris != null) {
+ for (Iterator iterator = dataRefUris.iterator(); iterator
+ .hasNext();) {
+ String uri = (String) iterator.next();
+ refs.add(uri);
+ }
+ }
+ }
+
+ return refs;
+ }
+
+
+
+ private ArrayList getResults(Vector results, int action) {
+
+ ArrayList list = new ArrayList();
+
+ for (int i = 0; i < results.size(); i++) {
+ // Check the result of every action whether it matches the given
+ // action
+ if (((WSSecurityEngineResult) results.get(i)).getAction() == action) {
+ list.add((WSSecurityEngineResult) results.get(i));
+ }
+ }
+
+ return list;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
new file mode 100644
index 0000000..b6f53f4
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisDescription;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.modules.Module;
+import org.apache.axis2.modules.ModulePolicyExtension;
+import org.apache.axis2.modules.PolicyExtension;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+
+public class Rampart implements Module, ModulePolicyExtension {
+
+ public void init(ConfigurationContext configContext, AxisModule module)
+ throws AxisFault {
+ }
+
+ public void engageNotify(AxisDescription axisDescription) throws AxisFault {
+ //Nothing to do here, since RampartMessageData will pick up the
+ //effective policy from the message context
+ }
+
+ public void shutdown(ConfigurationContext configurationContext) throws AxisFault {
+ // at the moment, nothing needs to be done ..
+ }
+
+ public PolicyExtension getPolicyExtension() {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void applyPolicy(Policy policy, AxisDescription axisDescription) throws AxisFault {
+ // TODO Ruchith
+ }
+
+ public boolean canSupportAssertion(Assertion assertion) {
+ // TODO Ruchith
+ return true;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
new file mode 100644
index 0000000..77472d7
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.util.WSSecurityUtil;
+
+import java.util.Vector;
+
+public class RampartEngine {
+
+
+ public Vector process(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, false);
+
+
+ //If there is no policy information or if the message is a fault
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null ||
+ WSSecurityUtil.findElement(rmd.getDocument().getDocumentElement(),
+ "Fault",
+ rmd.getSoapConstants().getEnvelopeURI()) != null) {
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ //Convert back to llom since the inflow cannot use llom
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+ return null;
+ }
+
+ Vector results = null;
+
+ WSSecurityEngine engine = new WSSecurityEngine();
+
+ ValidatorData data = new ValidatorData(rmd);
+
+ if(rpd.isSymmetricBinding()) {
+ //Here we have to create the CB handler to get the tokens from the
+ //token storage
+
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ null,
+ new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
+ RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ } else {
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ null,
+ new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd)),
+ RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()),
+ RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ }
+
+
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ //Convert back to llom since the inflow cannot use DOOM
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+
+ PolicyBasedResultsValidator validator = new PolicyBasedResultsValidator();
+ validator.validate(data, results);
+
+ return results;
+ }
+
+
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
new file mode 100644
index 0000000..f76de9c
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class RampartException extends Exception {
+
+ private static final long serialVersionUID = 8674795537585339704L;
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public RampartException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ //TODO check for spec specific error codes
+ return code;
+ }
+
+ public RampartException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public RampartException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public RampartException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ return msg;
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
new file mode 100644
index 0000000..2c09fdc
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -0,0 +1,651 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.policy.RampartPolicyBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import javax.xml.namespace.QName;
+
+import java.util.List;
+import java.util.Vector;
+
+public class RampartMessageData {
+
+ /**
+ * Axis2 parameter name to be used in the client's axis2 xml
+ */
+ public final static String KEY_RAMPART_POLICY = "rampartPolicy";
+
+ /**
+ * Key to hold the address of the issuer in the msg ctx.
+ */
+ public final static String KEY_ISSUER_ADDRESS = "issuerAddress";
+
+ /**
+ * Key to hold the WS-Trust version
+ */
+ public final static String KEY_WST_VERSION = "wstVersion";
+
+ private final String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+ /**
+ * Key to hold the WS-SecConv version
+ */
+ public final static String KEY_WSSC_VERSION = "wscVersion";
+
+ public static final String KEY_SCT_ISSUER_POLICY = "sct-issuer-policy";
+
+ public final static String CANCEL_REQUEST = "cancelrequest";
+
+ public final static String SCT_ID = "sctID";
+
+ private MessageContext msgContext = null;
+
+ private RampartPolicyData policyData = null;
+
+ private WSSecHeader secHeader = null;
+
+ private WSSConfig config = null;
+
+ private int timeToLive = 300;
+
+ private int timestampMaxSkew = 0;
+
+ private String timestampId;
+
+ private Document document;
+
+ private TokenStorage tokenStorage;
+
+ /**
+ * WS-Trust version to use.
+ *
+ * Pissible values:
+ * RahasConstants.VERSION_05_02
+ * RahasConstants.VERSION_05_12
+ */
+
+ private int wstVersion = RahasConstants.VERSION_05_02;
+
+ private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+
+ /*
+ * IssuedTokens or SecurityContextTokens can be used
+ * as the encryption token, signature token,
+ */
+ private String issuedEncryptionTokenId;
+
+ private String issuedSignatureTokenId;
+
+ /**
+ * The service policy extracted from the message context.
+ * If policy is specified in the RampartConfig <b>this</b> will take precedence
+ */
+ private Policy servicePolicy;
+
+ private boolean isInitiator;
+
+ private boolean sender;
+
+ private ClassLoader customClassLoader;
+
+ private SOAPConstants soapConstants;
+
+ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartException {
+
+ this.msgContext = msgCtx;
+
+ try {
+
+ /*
+ * First get the SOAP envelope as document, then create a security
+ * header and insert into the document (Envelope)
+ */
+ this.document = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx.getEnvelope(), true);
+ msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());
+
+ this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());
+
+ //Extract known properties from the msgCtx
+
+ if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
+ this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
+ }
+
+ if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
+ this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
+ }
+
+ Parameter clientSideParam = msgCtx.getAxisService().getParameter(PARAM_CLIENT_SIDE);
+ if(clientSideParam != null) {
+ this.isInitiator = true;
+ } else {
+ this.isInitiator = !msgCtx.isServerSide();
+ if(this.isInitiator) {
+ clientSideParam = new Parameter();
+ clientSideParam.setName(PARAM_CLIENT_SIDE);
+ clientSideParam.setLocked(true);
+ msgCtx.getAxisService().addParameter(clientSideParam);
+ }
+ }
+
+ if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
+ }
+
+ /*
+ * Init policy:
+ * When creating the RampartMessageData instance we
+ * extract the service policy is set in the msgCtx.
+ * If it is missing then try to obtain from the configuration files.
+ */
+
+ if(this.servicePolicy == null) {
+ this.servicePolicy = msgCtx.getEffectivePolicy();
+ }
+
+ if(this.servicePolicy == null) {
+ Parameter param = msgCtx.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
+ if(param != null) {
+ OMElement policyElem = param.getParameterElement().getFirstElement();
+ this.servicePolicy = PolicyEngine.getPolicy(policyElem);
+ }
+ }
+
+ if(this.servicePolicy != null){
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+
+
+ if(isInitiator && this.policyData != null && this.policyData.getRampartConfig() == null) {
+ //We'r missing the extra info rampart needs
+ throw new RampartException("rampartConigMissing");
+ }
+
+ if(this.policyData != null) {
+
+ //Check for RST and RSTR for an SCT
+ if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
+ this.policyData.getIssuerPolicy() != null) {
+
+ this.servicePolicy = this.policyData.getIssuerPolicy();
+
+ RampartConfig rampartConfig = policyData.getRampartConfig();
+ /*
+ * Copy crypto info from the into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+
+ this.servicePolicy.addAssertion(rc);
+
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+ }
+
+
+ this.sender = sender;
+
+ OperationContext opCtx = this.msgContext.getOperationContext();
+
+ if(!this.isInitiator && this.sender) {
+ //Get hold of the incoming msg ctx
+ MessageContext inMsgCtx;
+ if (opCtx != null
+ && (inMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null
+ && msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, inMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ if(this.isInitiator && !this.sender) {
+ MessageContext outMsgCtx;
+ if (opCtx != null
+ && (outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE)) != null) {
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, outMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ this.config = WSSConfig.getDefaultWSConfig();
+
+ this.customClassLoader = msgCtx.getAxisService().getClassLoader();
+
+ if(this.sender && this.policyData != null) {
+ this.secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(this.document);
+ }
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (AxisFault e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSPolicyException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ }
+
+ }
+
+ /**
+ * @return Returns the document.
+ */
+ public Document getDocument() {
+ return document;
+ }
+
+ /**
+ * @param document The document to set.
+ */
+ public void setDocument(Document document) {
+ this.document = document;
+ }
+
+ /**
+ * @return Returns the timeToLive.
+ */
+ public int getTimeToLive() {
+ return timeToLive;
+ }
+
+ /**
+ * @param timeToLive The timeToLive to set.
+ */
+ public void setTimeToLive(int timeToLive) {
+ this.timeToLive = timeToLive;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public int getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(int timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ /**
+ * @return Returns the config.
+ */
+ public WSSConfig getConfig() {
+ return config;
+ }
+
+ /**
+ * @param config
+ * The config to set.
+ */
+ public void setConfig(WSSConfig config) {
+ this.config = config;
+ }
+
+ /**
+ * @return Returns the msgContext.
+ */
+ public MessageContext getMsgContext() {
+ return msgContext;
+ }
+
+ /**
+ * @param msgContext
+ * The msgContext to set.
+ */
+ public void setMsgContext(MessageContext msgContext) {
+ this.msgContext = msgContext;
+ }
+
+ /**
+ * @return Returns the policyData.
+ */
+ public RampartPolicyData getPolicyData() {
+ return policyData;
+ }
+
+ /**
+ * @param policyData
+ * The policyData to set.
+ */
+ public void setPolicyData(RampartPolicyData policyData) throws RampartException {
+ this.policyData = policyData;
+
+ try {
+ //if client side then check whether sig conf enabled
+ //and get hold of the stored signature values
+ if(this.isInitiator && !this.sender && policyData.isSignatureConfirmation()) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ }
+ } catch (AxisFault e) {
+ throw new RampartException("errorGettingSignatureValuesForSigconf", e);
+ }
+ }
+
+ /**
+ * @return Returns the secHeader.
+ */
+ public WSSecHeader getSecHeader() {
+ return secHeader;
+ }
+
+ /**
+ * @param secHeader
+ * The secHeader to set.
+ */
+ public void setSecHeader(WSSecHeader secHeader) {
+ this.secHeader = secHeader;
+ }
+
+ /**
+ * @return Returns the issuedEncryptionTokenId.
+ */
+ public String getIssuedEncryptionTokenId() {
+ return issuedEncryptionTokenId;
+ }
+
+ /**
+ * @param issuedEncryptionTokenId The issuedEncryptionTokenId to set.
+ */
+ public void setIssuedEncryptionTokenId(String issuedEncryptionTokenId) {
+ this.issuedEncryptionTokenId = issuedEncryptionTokenId;
+ }
+
+ /**
+ * @return Returns the issuedSignatureTokenId.
+ */
+ public String getIssuedSignatureTokenId() {
+ return issuedSignatureTokenId;
+ }
+
+ /**
+ * @param issuedSignatureTokenId The issuedSignatureTokenId to set.
+ */
+ public void setIssuedSignatureTokenId(String issuedSignatureTokenId) {
+ this.issuedSignatureTokenId = issuedSignatureTokenId;
+ }
+
+ /**
+ * @return Returns the secConvTokenId.
+ */
+ public String getSecConvTokenId() {
+ String id = null;
+
+ if(this.isInitiator) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ id = (String) RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
+ } else {
+ //get the sec context id from the req msg ctx
+ Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ if(WSConstants.SCT == wser.getAction()) {
+ id = wser.getSecurityContextToken().getID();
+ }
+
+ }
+ }
+ }
+
+ if(id == null || id.length() == 0) {
+ //If we can't find the sec conv token id up to this point then
+ //check if someone has specified which one to use
+ id = (String)this.msgContext.getProperty(SCT_ID);
+ }
+
+ return id;
+ }
+
+ /**
+ * @param secConvTokenId The secConvTokenId to set.
+ */
+ public void setSecConvTokenId(String secConvTokenId) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ RampartUtil.getContextMap(this.msgContext).put(
+ contextIdentifierKey,
+ secConvTokenId);
+ }
+
+
+
+ /**
+ * @return Returns the tokenStorage.
+ */
+ public TokenStorage getTokenStorage() throws RampartException {
+
+ if(this.tokenStorage != null) {
+ return this.tokenStorage;
+ }
+
+ TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
+ TokenStorage.TOKEN_STORAGE_KEY);
+
+ if (storage != null) {
+ this.tokenStorage = storage;
+ } else {
+
+ String storageClass = this.policyData.getRampartConfig()
+ .getTokenStoreClass();
+
+ if (storageClass != null) {
+ Class stClass = null;
+ try {
+ stClass = Loader.loadClass(msgContext.getAxisService()
+ .getClassLoader(), storageClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException(
+ "WSHandler: cannot load token storage class: "
+ + storageClass, e);
+ }
+ try {
+ this.tokenStorage = (TokenStorage) stClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException(
+ "Cannot create instance of token storage: "
+ + storageClass, e);
+ }
+ } else {
+ this.tokenStorage = new SimpleTokenStore();
+
+ }
+
+ //Set the storage instance
+ this.msgContext.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStorage);
+ }
+
+
+ return tokenStorage;
+ }
+
+ /**
+ * @param tokenStorage The tokenStorage to set.
+ */
+ public void setTokenStorage(TokenStorage tokenStorage) {
+ this.tokenStorage = tokenStorage;
+ }
+
+ /**
+ * @return Returns the wstVerion.
+ */
+ public int getWstVersion() {
+ return wstVersion;
+ }
+
+ /**
+ * @param wstVerion The wstVerion to set.
+ */
+ public void setWstVersion(int wstVerion) {
+ this.wstVersion = wstVerion;
+ }
+
+ /**
+ * @return Returns the secConvVersion.
+ */
+ public int getSecConvVersion() {
+ return secConvVersion;
+ }
+
+ /**
+ * @return Returns the servicePolicy.
+ */
+ public Policy getServicePolicy() {
+ return servicePolicy;
+ }
+
+ /**
+ * @param servicePolicy The servicePolicy to set.
+ */
+ public void setServicePolicy(Policy servicePolicy) {
+ this.servicePolicy = servicePolicy;
+ }
+
+
+ public static String getMessagePolicyKey(MessageContext msgCtx) {
+ if(msgCtx.getAxisOperation() != null) {
+ return createPolicyKey(msgCtx.getAxisService().getName(),
+ msgCtx.getAxisOperation().getName(),
+ msgCtx.getAxisMessage().getName());
+ }
+ return null;
+ }
+
+ /**
+ * @param msgCtx
+ * @return The key to store/pickup policy of an operation
+ */
+ public static String getOperationPolicyKey(MessageContext msgCtx) {
+ if(msgCtx.getAxisOperation() != null) {
+ return createPolicyKey(msgCtx.getAxisService().getName(),
+ msgCtx.getAxisOperation().getName(), null);
+
+ }
+ return null;
+ }
+
+ public static String getServicePolicyKey(MessageContext msgCtx) {
+ return createPolicyKey(msgCtx.getAxisService().getName(), null, null);
+ }
+
+ public static String createPolicyKey(String service, QName operation, String msg) {
+ if(operation != null) {
+ if(msg != null) {
+ return RampartMessageData.KEY_RAMPART_POLICY + service
+ + "{" + operation.getNamespaceURI() + "}"
+ + operation.getLocalPart() + ":" + msg;
+ } else {
+ return RampartMessageData.KEY_RAMPART_POLICY + service
+ + "{" + operation.getNamespaceURI() + "}"
+ + operation.getLocalPart();
+ }
+ } else {
+ return RampartMessageData.KEY_RAMPART_POLICY + service;
+ }
+ }
+
+ /**
+ * @return Returns the timestampId.
+ */
+ public String getTimestampId() {
+ return timestampId;
+ }
+
+ /**
+ * @param timestampId The timestampId to set.
+ */
+ public void setTimestampId(String timestampId) {
+ this.timestampId = timestampId;
+ }
+
+ /**
+ * @return Returns the isClientSide.
+ */
+ public boolean isInitiator() {
+ return isInitiator;
+ }
+
+ public ClassLoader getCustomClassLoader() {
+ return customClassLoader;
+ }
+
+ public SOAPConstants getSoapConstants() {
+ return soapConstants;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
new file mode 100644
index 0000000..c1ea6f1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TokenCallbackHandler implements CallbackHandler {
+
+ private TokenStorage store;
+ private CallbackHandler handler;
+
+ public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
+ this.store = store;
+ this.handler = handler;
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if(pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN &&
+ this.store != null) {
+ String id = pc.getIdentifer();
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.store.getToken(id);
+ if(tok != null) {
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+ } else {
+ //Handle other types of callbacks with the usual handler
+ if(this.handler != null) {
+ handler.handle(new Callback[]{pc});
+ }
+ }
+
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java b/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
new file mode 100644
index 0000000..57b096a
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import java.util.ArrayList;
+
+public class ValidatorData {
+
+ private RampartMessageData rmd;
+ ArrayList encryptedDataRefIds = new ArrayList();
+ private String bodyEncrDataId;
+
+ public ValidatorData(RampartMessageData rmd) {
+ this.rmd = rmd;
+ this.extractEncryptedPartInformation();
+ }
+
+ private void extractEncryptedPartInformation() {
+ Node start = rmd.getDocument().getDocumentElement();
+ while(start != null) {
+ Element elem = (Element) WSSecurityUtil.findElement(start,
+ EncryptionConstants._TAG_ENCRYPTEDDATA, WSConstants.ENC_NS);
+ if(elem != null) {
+ Element parentElem = (Element)elem.getParentNode();
+ if(parentElem != null && parentElem.getLocalName().equals(SOAP11Constants.BODY_LOCAL_NAME) &&
+ parentElem.getNamespaceURI().equals(rmd.getSoapConstants().getEnvelopeURI())) {
+ this.bodyEncrDataId = elem.getAttribute("Id");
+ } else {
+ encryptedDataRefIds.add(elem.getAttribute("Id"));
+ }
+
+ if(elem.getNextSibling() != null) {
+ start = elem.getNextSibling();
+ } else {
+ start = elem.getParentNode().getNextSibling();
+ }
+ } else {
+ if(start.getNextSibling() != null) {
+ start = start.getNextSibling();
+ } else {
+ start = start.getParentNode().getNextSibling();
+ }
+ }
+
+ }
+
+ }
+
+ public ArrayList getEncryptedDataRefIds() {
+ return encryptedDataRefIds;
+ }
+
+ public RampartMessageData getRampartMessageData() {
+ return rmd;
+ }
+
+ public String getBodyEncrDataId() {
+ return bodyEncrDataId;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..54c54c7
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -0,0 +1,606 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class AsymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
+
+ private Token sigToken;
+
+ private WSSecSignature sig;
+
+ private WSSecEncryptedKey encrKey;
+
+ private String encryptedKeyId;
+
+ private byte[] encryptedKeyValue;
+
+ private Vector signatureValues = new Vector();
+
+ private Element encrTokenElement;
+
+ private Element sigDKTElement;
+
+ private Element encrDKTElement;
+
+ private Vector sigParts = new Vector();
+
+ private Element signatureElement;
+
+ public void build(RampartMessageData rmd) throws RampartException {
+ log.debug("AsymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if (rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+ log.debug("AsymmetricBindingBuilder build invoked : DONE");
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd)
+ throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+ RampartConfig config = rpd.getRampartConfig();
+
+ /*
+ * We need to hold on to these two element to use them as refence in the
+ * case of encypting the signature
+ */
+ Element encrDKTokenElem = null;
+ WSSecEncrypt encr = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+
+ /*
+ * We MUST use keys derived from the same token
+ */
+ Token encryptionToken = rpd.getRecipientToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if (encryptionToken != null && encrParts.size() > 0) {
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+ this.setupEncryptedKey(rmd, encryptionToken);
+ // Create the DK encryption builder
+ dkEncr = new WSSecDKEncrypt();
+ dkEncr.setParts(encrParts);
+ dkEncr.setExternalKey(this.encryptedKeyValue,
+ this.encryptedKeyId);
+ dkEncr.prepare(doc);
+
+ // Get and add the DKT element
+ this.encrDKTElement = dkEncr.getdktElement();
+ encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr", e);
+ }
+ } else {
+ try {
+ encr = new WSSecEncrypt();
+ encr.setParts(encrParts);
+ encr.setWsConfig(rmd.getConfig());
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
+
+ Element bstElem = encr.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ this.encrTokenElement = encr.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ this.sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if (rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd
+ .getSignedSupportingTokens();
+
+ sigSuppTokMap = this
+ .handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd
+ .getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if(rpd.getInitiatorToken() != null) {
+ this.doSignature(rmd);
+ }
+
+ if (rmd.isInitiator()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ // Check for signature protection
+ if (rpd.isSignatureProtection() && this.mainSigId != null) {
+
+ Vector secondEncrParts = new Vector();
+
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
+ "Element"));
+
+ Element secondRefList = null;
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
+ secondRefList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey",
+ e);
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+
+ // Insert the ref list after the encrypted key elem
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd, encrTokenElement,
+ secondRefList));
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+ }
+
+ }
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd)
+ throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ sigParts = RampartUtil.getSignedParts(rmd);
+
+ //Add timestamp
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if (rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if(rpd.getInitiatorToken() != null) {
+ // Do signature
+ this.doSignature(rmd);
+ }
+
+ //Do endorsed signature
+
+ if (rmd.isInitiator()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
+ }
+
+ //Do encryption
+ Token encrToken = rpd.getRecipientToken();
+ if(encrToken != null && encrParts.size() > 0) {
+ Element refList = null;
+ if(encrToken.isDerivedKeys()) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(this.encrKey == null) {
+ this.setupEncryptedKey(rmd, encrToken);
+ }
+
+ dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ dkEncr.prepare(doc);
+
+
+ if(this.encrTokenElement != null) {
+ this.encrDKTElement = RampartUtil.insertSiblingAfter(
+ rmd, this.encrTokenElement, dkEncr.getdktElement());
+ } else {
+ this.encrDKTElement = RampartUtil.insertSiblingBefore(
+ rmd, this.sigDKTElement, dkEncr.getdktElement());
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ this.encrDKTElement,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+
+ if(encrToken.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ if(rpd.getWss10() != null && rpd.getWss10().isMustSupportRefKeyIdentifier()) {
+ encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(rpd.getWss11() != null && rpd.getWss11().isMustSupportRefThumbprint()) {
+ encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ encr.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ if(this.timestampElement != null){
+ this.setInsertionLocation(this.timestampElement);
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(encr.getBSTTokenId() != null) {
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encr.getBinarySecurityTokenElement()));
+ }
+
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encryptedKeyElement));
+
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForInternalRef(null, encrParts);
+
+ //Add internal refs
+ encryptedKeyElement.appendChild(refList);
+// RampartUtil.insertSiblingAfter(rmd,
+// this.getInsertionLocation(),
+// refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ }
+
+ private void doSignature(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ sigToken = rpd.getInitiatorToken();
+
+ if (sigToken.isDerivedKeys()) {
+ // Set up the encrypted key to use
+ if(this.encrKey == null) {
+ setupEncryptedKey(rmd, sigToken);
+ }
+
+ WSSecDKSign dkSign = new WSSecDKSign();
+ dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+
+ // Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
+ .getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
+ .getMinimumSymmetricKeyLength() / 8);
+
+ try {
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if (rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // Do signature
+ dkSign.computeSignature();
+
+ ;
+ // Add elements to header
+ this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign.getdktElement());
+ this.setInsertionLocation(this.sigDKTElement);
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign
+ .getSignatureElement()));
+
+ this.mainSigId = RampartUtil
+ .addWsuIdToElement((OMElement) dkSign
+ .getSignatureElement());
+
+ signatureValues.add(dkSign.getSignatureValue());
+
+ signatureElement = dkSign.getSignatureElement();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ sig = this.getSignatureBuider(rmd, sigToken);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+
+ if (rmd.getPolicyData().isTokenProtection()
+ && sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ signatureElement = sig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd, this.getInsertionLocation(), signatureElement));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ signatureValues.add(sig.getSignatureValue());
+ }
+
+ }
+
+ /**
+ * @param rmd
+ * @throws RampartException
+ */
+ private void setupEncryptedKey(RampartMessageData rmd, Token token)
+ throws RampartException {
+ if(!rmd.isInitiator() && token.isDerivedKeys()) {
+
+ //If we already have them, simply return
+ if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
+ return;
+ }
+
+ //Use the secret from the incoming EncryptedKey element
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
+ encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
+
+ //In the case where we don't have the EncryptedKey in the
+ //request, for the control to have reached this state,
+ //the scenario MUST be a case where this is the response
+ //message by a listener created for an async client
+ //Therefor we will create a new EncryptedKey
+ if(encryptedKeyId == null && encryptedKeyValue == null) {
+ createEncryptedKey(rmd, token);
+ }
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ createEncryptedKey(rmd, token);
+ }
+ }
+
+ /**
+ * Create an encrypted key element
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
+ //Set up the encrypted key to use
+ encrKey = this.getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ // If a BST is available then use it
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ // Add the EncryptedKey
+ encrTokenElement = encrKey.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+ encryptedKeyValue = encrKey.getEphemeralKey();
+ encryptedKeyId = encrKey.getId();
+
+ //Store the token for client - response verification
+ // and server - response creation
+ try {
+ org.apache.rahas.Token tok = new org.apache.rahas.Token(
+ encryptedKeyId, (OMElement)encrTokenElement , null, null);
+ tok.setSecret(encryptedKeyValue);
+ rmd.getTokenStorage().add(tok);
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore", e);
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
new file mode 100644
index 0000000..7850e87
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -0,0 +1,631 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+import java.util.Map.Entry;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecSignatureConfirmation;
+import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public abstract class BindingBuilder {
+ private static Log log = LogFactory.getLog(BindingBuilder.class);
+
+ private Element insertionLocation;
+
+ protected String mainSigId = null;
+
+ protected Element timestampElement;
+
+ /**
+ * @param rmd
+ */
+ protected void addTimestamp(RampartMessageData rmd) {
+ log.debug("Adding timestamp");
+
+ WSSecTimestamp timestampBuilder = new WSSecTimestamp();
+ timestampBuilder.setWsConfig(rmd.getConfig());
+
+ timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
+
+ // add the Timestamp to the SOAP Enevelope
+
+ timestampBuilder.build(rmd.getDocument(), rmd
+ .getSecHeader());
+
+ log.debug("Timestamp id: " + timestampBuilder.getId());
+
+ rmd.setTimestampId(timestampBuilder.getId());
+
+ this.timestampElement = timestampBuilder.getElement();
+ log.debug("Adding timestamp: DONE");
+ }
+
+ /**
+ * Add a UsernameToken to the security header
+ * @param rmd
+ * @return The <code>WSSecUsernameToken</code> instance
+ * @throws RampartException
+ */
+ protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd) throws RampartException {
+
+ log.debug("Adding a UsernameToken");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Get the user
+ String user = rpd.getRampartConfig().getUser();
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.USERNAME_TOKEN) };
+
+ try {
+ handler.handle(cb);
+
+ //get the password
+ String password = cb[0].getPassword();
+
+ log.debug("Password : " + password);
+
+ if(password != null && !"".equals(password)) {
+ //If the password is available then build the token
+
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+
+ //TODO Get the UT type, only WS-SX spec supports this
+ utBuilder.setUserInfo(user, password);
+
+ return utBuilder;
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ }
+
+
+ /**
+ * @param rmd
+ * @param token
+ * @return
+ * @throws WSSecurityException
+ * @throws RampartException
+ */
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ if(rpd.getWss11() != null) {
+ //Use thumbprint
+ encrKey.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ } else {
+ //Use SKI
+ encrKey.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ }
+ } else {
+ encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+ try {
+ RampartUtil.setEncryptionUser(rmd, encrKey);
+ encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
+ encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
+
+ return encrKey;
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ }
+ }
+
+
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+
+ log.debug("Token inclusion: " + token.getInclusion());
+ if(token.getInclusion().equals(Constants.INCLUDE_NEVER) ||
+ (!rmd.isInitiator() && token.getInclusion().equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT))) {
+ if(rpd.getWss11() != null) {
+ //Use thumbprint
+ sig.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ } else {
+ //Use SKI
+ sig.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ }
+ } else {
+ sig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ //Get the user
+ String user = rpd.getRampartConfig().getUser();
+ String password = null;
+
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.SIGNATURE) };
+
+ try {
+ handler.handle(cb);
+ if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
+ password = cb[0].getPassword();
+ log.debug("Password : " + password);
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ sig.setUserInfo(user, password);
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+
+ try {
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+ return sig;
+ }
+
+ /**
+ * @param rmd
+ * @param suppTokens
+ * @throws RampartException
+ */
+ protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
+ throws RampartException {
+
+ //Create the list to hold the tokens
+ HashMap endSuppTokMap = new HashMap();
+
+ if(suppTokens != null && suppTokens.getTokens() != null &&
+ suppTokens.getTokens().size() > 0) {
+ log.debug("Processing supporting tokens");
+
+ ArrayList tokens = suppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ org.apache.rahas.Token endSuppTok = null;
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+ try {
+ endSuppTok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id}, e);
+ }
+
+ if(endSuppTok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id});
+ }
+
+ //Add the token to the header
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ (Element) endSuppTok.getToken());
+ this.setInsertionLocation(siblingElem);
+
+ //Add the extracted token
+ endSuppTokMap.put(token, endSuppTok);
+
+ } else if(token instanceof X509Token) {
+ //Get the to be added
+ if(token.isDerivedKeys()) {
+ //We have to use an EncryptedKey
+ try {
+ WSSecEncryptedKey encrKey = this
+ .getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ bstElem);
+ this.setInsertionLocation(siblingElem);
+ }
+
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ encrKey.getEncryptedKeyElement());
+
+ this.setInsertionLocation(siblingElem);
+
+ Date now = new Date();
+ endSuppTok =
+ new org.apache.rahas.Token(encrKey.getId(),
+ (OMElement)encrKey.getEncryptedKeyElement(),
+ now, new Date(now.getTime() + 300000));
+
+ endSuppTokMap.put(token, endSuppTok);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ } else {
+ //We have to use a cert
+ //Prepare X509 signature
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+ endSuppTokMap.put(token, sig);
+ }
+ } else if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ Element elem = utBuilder.getUsernameTokenElement();
+ RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), elem);
+
+ //Move the insert location to th enext element
+ this.setInsertionLocation(elem);
+ Date now = new Date();
+ try {
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ utBuilder.getId(), (OMElement) elem, now,
+ new Date(now.getTime() + 300000));
+ endSuppTokMap.put(token, tempTok);
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ }
+ }
+ }
+
+ return endSuppTokMap;
+ }
+ /**
+ * @param tokenMap
+ * @param sigParts
+ * @throws RampartException
+ */
+ protected Vector addSignatureParts(HashMap tokenMap, Vector sigParts) throws RampartException {
+
+ Set entrySet = tokenMap.entrySet();
+
+ for (Iterator iter = entrySet.iterator(); iter.hasNext();) {
+ Object tempTok = ((Entry)iter.next()).getValue();
+ WSEncryptionPart part = null;
+
+ if(tempTok instanceof org.apache.rahas.Token) {
+
+ part = new WSEncryptionPart(
+ ((org.apache.rahas.Token) tempTok).getId());
+
+ } else if(tempTok instanceof WSSecSignature) {
+ WSSecSignature tempSig = (WSSecSignature) tempTok;
+ if(tempSig.getBSTTokenId() != null) {
+ part = new WSEncryptionPart(tempSig.getBSTTokenId());
+ }
+ } else {
+
+ throw new RampartException("UnsupportedTokenInSupportingToken");
+ }
+ sigParts.add(part);
+ }
+
+ return sigParts;
+ }
+
+
+ public Element getInsertionLocation() {
+ return insertionLocation;
+ }
+
+ public void setInsertionLocation(Element insertionLocation) {
+ this.insertionLocation = insertionLocation;
+ }
+
+
+ protected Vector doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
+
+ Set tokenSet = tokenMap.keySet();
+
+ Vector sigValues = new Vector();
+
+ for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
+
+ Token token = (Token)iter.next();
+
+ Object tempTok = tokenMap.get(token);
+
+ Vector sigParts = new Vector();
+ sigParts.add(new WSEncryptionPart(this.mainSigId));
+
+ if (tempTok instanceof org.apache.rahas.Token) {
+ org.apache.rahas.Token tok = (org.apache.rahas.Token)tempTok;
+ if(rmd.getPolicyData().isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(tok.getId()));
+ }
+
+ this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
+
+ } else if (tempTok instanceof WSSecSignature) {
+ WSSecSignature sig = (WSSecSignature)tempTok;
+ if(rmd.getPolicyData().isTokenProtection() &&
+ sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ sigValues.add(sig.getSignatureValue());
+ }
+ }
+
+ return sigValues;
+
+ }
+
+
+ protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+
+ Document doc = rmd.getDocument();
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if(policyToken.isDerivedKeys() || policyToken instanceof SecureConversationToken) {
+ try {
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(tok.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ //Add elements to header
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ dkSign.getdktElement()));
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ dkSign.getSignatureElement()));
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+ } else {
+ //TODO : Example SAMLTOken Signature
+ throw new UnsupportedOperationException("TODO");
+ }
+ }
+
+ /**
+ * Get hold of the token from the token storage
+ * @param rmd
+ * @param tokenId
+ * @return token from the token storage
+ * @throws RampartException
+ */
+ protected org.apache.rahas.Token getToken(RampartMessageData rmd,
+ String tokenId) throws RampartException {
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(tokenId);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId}, e);
+ }
+
+ if(tok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId});
+ }
+ return tok;
+ }
+
+
+ protected void addSignatureConfirmation(RampartMessageData rmd, Vector sigParts) {
+
+ if(!rmd.getPolicyData().isSignatureConfirmation()) {
+
+ //If we don't require sig confirmation simply go back :-)
+ return;
+ }
+
+ Document doc = rmd.getDocument();
+
+ Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ /*
+ * loop over all results gathered by all handlers in the chain. For each
+ * handler result get the various actions. After that loop we have all
+ * signature results in the signatureActions vector
+ */
+ Vector signatureActions = new Vector();
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.SIGN, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.ST_SIGNED, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.UT_SIGN, signatureActions);
+ }
+
+ // prepare a SignatureConfirmation token
+ WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ if (signatureActions.size() > 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("Signature Confirmation: number of Signature results: "
+ + signatureActions.size());
+ }
+ for (int i = 0; i < signatureActions.size(); i++) {
+ WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
+ .get(i);
+ byte[] sigVal = wsr.getSignatureValue();
+ wsc.setSignatureValue(sigVal);
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ } else {
+ //No Sig value
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..c62b846
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -0,0 +1,657 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+
+public class SymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);
+
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("SymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if(rmd.isInitiator()) {
+ //Setup required tokens
+ initializeTokens(rmd);
+ }
+
+
+ if(Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+
+ log.debug("SymmetricBindingBuilder build invoked : DONE");
+
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ Vector signatureValues = new Vector();
+
+ Token encryptionToken = rpd.getEncryptionToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if(encryptionToken != null && encrParts.size() > 0) {
+ //The encryption token can be an IssuedToken or a
+ //SecureConversationToken
+ String tokenId = null;
+ org.apache.rahas.Token tok = null;
+
+ if(encryptionToken instanceof IssuedToken) {
+ tokenId = rmd.getIssuedEncryptionTokenId();
+ log.debug("Issued EncryptionToken Id : " + tokenId);
+ } else if(encryptionToken instanceof SecureConversationToken) {
+ tokenId = rmd.getSecConvTokenId();
+ log.debug("SCT Id : " + tokenId);
+ } else if (encryptionToken instanceof X509Token) {
+ tokenId = setupEncryptedKey(rmd, encryptionToken);
+ } //TODO SAMLToken
+
+ if(tokenId == null || tokenId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ /*
+ * Get hold of the token from the token storage
+ */
+ tok = this.getToken(rmd, tokenId);
+
+ /*
+ * Attach the token into the message based on token inclusion
+ * values
+ */
+ boolean attached = false;
+ Element encrTokenElement = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+ WSSecEncrypt encr = null;
+ Element encrDKTokenElem = null;
+
+ if(Constants.INCLUDE_ALWAYS.equals(encryptionToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(encryptionToken.getInclusion()) ||
+ (rmd.isInitiator() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encryptionToken.getInclusion()))) {
+ encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ attached = true;
+ }
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(encryptionToken instanceof X509Token) {
+ RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ }
+ Document doc = rmd.getDocument();
+
+ if(encryptionToken.isDerivedKeys()) {
+ log.debug("Use drived keys");
+
+ dkEncr = new WSSecDKEncrypt();
+
+ if(attached && tok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getAttachedReference(),
+ true));
+
+ } else if(tok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(tok.getSecret(), tok.getId());
+ }
+ try {
+ dkEncr.prepare(doc);
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ log.debug("NO derived keys, use the shared secret");
+ encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setEphemeralKey(tok.getSecret());
+ encr.setDocument(doc);
+
+ try {
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ //Sign the message
+ //We should use the same key in the case of EncryptBeforeSig
+ signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+
+ if(rmd.isInitiator()) {
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+
+ Vector secondEncrParts = new Vector();
+
+ //Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+
+ Element secondRefList = null;
+
+ if(encryptionToken.isDerivedKeys()) {
+ try {
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrDKTokenElem,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrTokenElement,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ } else {
+ throw new RampartException("encryptionTokenMissing");
+ }
+ }
+
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ Token sigToken = rpd.getSignatureToken();
+
+ String encrTokId = null;
+ String sigTokId = null;
+
+ org.apache.rahas.Token encrTok = null;
+ org.apache.rahas.Token sigTok = null;
+
+ Element sigTokElem = null;
+
+ Vector signatureValues = new Vector();
+
+ if(sigToken != null) {
+ if(sigToken instanceof SecureConversationToken) {
+ sigTokId = rmd.getSecConvTokenId();
+ } else if(sigToken instanceof IssuedToken) {
+ sigTokId = rmd.getIssuedSignatureTokenId();
+ } else if(sigToken instanceof X509Token) {
+ sigTokId = setupEncryptedKey(rmd, sigToken);
+ }
+ } else {
+ throw new RampartException("signatureTokenMissing");
+ }
+
+ if(sigTokId == null || sigTokId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ sigTok = this.getToken(rmd, sigTokId);
+
+ if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(sigToken.getInclusion()) ||
+ (rmd.isInitiator() &&
+ Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(
+ sigToken.getInclusion()))) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd,
+ sigTok.getToken());
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(sigToken instanceof X509Token) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+
+ //Set the insertion location
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+ //Sign the message
+ signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+ if(rmd.isInitiator()) {
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ //Encryption
+ Token encrToken = rpd.getEncryptionToken();
+ Element encrTokElem = null;
+ if(sigToken.equals(encrToken)) {
+ //Use the same token
+ encrTokId = sigTokId;
+ encrTok = sigTok;
+ encrTokElem = sigTokElem;
+ } else {
+ encrTokId = rmd.getIssuedEncryptionTokenId();
+ encrTok = this.getToken(rmd, encrTokId);
+
+ if(Constants.INCLUDE_ALWAYS.equals(encrToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(encrToken.getInclusion()) ||
+ (rmd.isInitiator() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encrToken.getInclusion()))) {
+ encrTokElem = (Element)encrTok.getToken();
+
+ //Add the encrToken element before the sigToken element
+ RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem);
+ }
+
+ }
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ //Now encrypt the signature using the above token
+ encrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ }
+ Element refList = null;
+
+ if(encrToken.isDerivedKeys() || encrToken instanceof SecureConversationToken) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(encrTokElem != null && encrTok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getAttachedReference(),
+ true));
+
+ } else if(encrTok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ }
+
+ dkEncr.prepare(doc);
+ Element encrDKTokenElem = null;
+ encrDKTokenElem = dkEncr.getdktElement();
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
+ } else {
+ RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem);
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrDKTokenElem,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setEphemeralKey(encrTok.getSecret());
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setDocument(doc);
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrTokElem,
+ refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ /**
+ * @param rmd
+ * @param sigToken
+ * @return
+ * @throws RampartException
+ */
+ private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
+ throws RampartException {
+ try {
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
+ sigToken);
+ String id = encrKey.getId();
+ //Create a rahas token from this info and store it so we can use
+ //it in the next steps
+
+ Date created = new Date();
+ Date expires = new Date();
+ //TODO make this lifetime configurable ???
+ expires.setTime(System.currentTimeMillis() + 300000);
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ id,
+ (OMElement) encrKey.getEncryptedKeyElement(),
+ created,
+ expires);
+ tempTok.setSecret(encrKey.getEphemeralKey());
+
+ rmd.getTokenStorage().add(tempTok);
+
+ String bstTokenId = encrKey.getBSTTokenId();
+ //If direct ref is used to refer to the cert
+ //then add the cert to the sec header now
+ if(bstTokenId != null && bstTokenId.length() > 0) {
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrKey.getBinarySecurityTokenElement());
+ }
+
+ return id;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
+ }
+ }
+
+ /**
+ * Setup the required tokens
+ * @param rmd
+ * @param rpd
+ * @throws RampartException
+ */
+ private void initializeTokens(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ MessageContext msgContext = rmd.getMsgContext();
+ if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
+ log.debug("Procesing symmentric binding: " +
+ "Setting up encryption token and signature token");
+ //Setting up encryption token and signature token
+
+ Token sigTok = rpd.getSignatureToken();
+ Token encrTok = rpd.getEncryptionToken();
+ if(sigTok instanceof IssuedToken) {
+
+ log.debug("SignatureToken is an IssuedToken");
+
+ if(rmd.getIssuedSignatureTokenId() == null) {
+ log.debug("No Issuedtoken found, requesting a new token");
+
+ IssuedToken issuedToken = (IssuedToken)sigTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedSignatureTokenId(id);
+
+
+ }
+
+ } else if(sigTok instanceof SecureConversationToken) {
+
+ log.debug("SignatureToken is a SecureConversationToken");
+
+ //TODO check for an existing token and use it
+
+ String secConvTokenId = rmd.getSecConvTokenId();
+
+ //The RSTR has to be secured with the cancelled token
+ String action = msgContext.getOptions().getAction();
+ boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
+
+ //In the case of the cancel req or resp we should mark the token as cancelled
+ if(secConvTokenId != null && cancelReqResp) {
+ try {
+ rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
+ msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
+
+ //remove from the local map of contexts
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
+ RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ if (secConvTokenId == null
+ || (secConvTokenId != null &&
+ (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
+
+ log.debug("No SecureConversationToken found, " +
+ "requesting a new token");
+
+ SecureConversationToken secConvTok =
+ (SecureConversationToken) sigTok;
+
+ try {
+
+ String id = RampartUtil.getSecConvToken(rmd, secConvTok);
+ rmd.setSecConvTokenId(id);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingSct", e);
+ }
+ }
+ }
+
+ //If it was the ProtectionToken assertion then sigTok is the
+ //same as encrTok
+ if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
+
+ log.debug("Symmetric binding uses a ProtectionToken, both" +
+ " SignatureToken and EncryptionToken are the same");
+
+ rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
+ } else {
+ //Now we'll have to obtain the encryption token as well :-)
+ //ASSUMPTION: SecureConversationToken is used as a
+ //ProtectionToken therefore we only have to process a issued
+ //token here
+
+ log.debug("Obtaining the Encryption Token");
+ if(rmd.getIssuedEncryptionTokenId() != null) {
+
+ log.debug("EncrytionToken not alredy set");
+
+ IssuedToken issuedToken = (IssuedToken)encrTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedEncryptionTokenId(id);
+
+ }
+
+ }
+ }
+
+ //TODO : Support processing IssuedToken and SecConvToken assertoins
+ //in supporting tokens, right now we only support UsernameTokens and
+ //X.509 Tokens
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
new file mode 100644
index 0000000..535b5ac
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -0,0 +1,344 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class TransportBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("TransportBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (rpd.isIncludeTimestamp()) {
+ addTimestamp(rmd);
+ }
+
+ /*
+ * Process Supporting tokens
+ */
+ if(rmd.isInitiator()) {
+ Vector signatureValues = new Vector();
+
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
+ sgndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing signed supporting tokens");
+
+ ArrayList tokens = sgndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd);
+ utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ utBuilder.appendToHeader(rmd.getSecHeader());
+
+ } else {
+ throw new RampartException("unsupportedSignedSupportingToken",
+ new String[]{"{" +token.getName().getNamespaceURI()
+ + "}" + token.getName().getLocalPart()});
+ }
+ }
+ }
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
+ sgndEndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing endorsing signed supporting tokens");
+
+ ArrayList tokens = sgndEndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()) {
+ signatureValues.add(doIssuedTokenSignature(rmd, token));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token));
+ }
+ }
+ }
+
+ SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ if(endSupptokens != null && endSupptokens.getTokens() != null &&
+ endSupptokens.getTokens().size() > 0) {
+ log.debug("Processing endorsing supporting tokens");
+ ArrayList tokens = endSupptokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ signatureValues.add(doIssuedTokenSignature(rmd, token));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token));
+ }
+ }
+ }
+
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+
+ //Store the signature values vector
+ rmd.getMsgContext().setProperty(WSHandlerConstants.SEND_SIGV, signatureValues);
+ } else {
+ addSignatureConfirmation(rmd, null);
+ }
+ }
+
+
+
+ /**
+ * X.509 signature
+ * @param rmd
+ * @param token
+ */
+ private byte[] doX509TokenSignature(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ if(token.isDerivedKeys()) {
+ //In this case we will have to encrypt the ephmeral key with the
+ //other party's key and then use it as the parent key of the
+ // derived keys
+ try {
+
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ encrKey.appendToHeader(rmd.getSecHeader());
+
+ WSSecDKSign dkSig = new WSSecDKSign();
+
+ dkSig.setWsConfig(rmd.getConfig());
+
+ dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
+ dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+
+ dkSig.prepare(doc, rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
+ }
+
+ dkSig.setParts(sigParts);
+
+ dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSig.computeSignature();
+
+ dkSig.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSig.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+
+ try {
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+
+
+ sig.appendBSTElementToHeader(rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null ){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if (rpd.isTokenProtection()
+ && !Constants.INCLUDE_NEVER
+ .equals(token.getInclusion())) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ sig.appendToHeader(rmd.getSecHeader());
+
+ sig.computeSignature();
+
+ return sig.getSignatureValue();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+
+ }
+
+ }
+
+
+ /**
+ * IssuedToken signature
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc= rmd.getDocument();
+
+ //Get the issued token
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+
+ String inclusion = token.getInclusion();
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",
+ new String[]{id} ,e);
+ }
+
+ boolean tokenIncluded = false;
+
+ if(inclusion.equals(Constants.INCLUDE_ALWAYS) ||
+ ((inclusion.equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)
+ || inclusion.equals(Constants.INCLUDE_ONCE))
+ && rmd.isInitiator())) {
+
+ //Add the token
+ rmd.getSecHeader().getSecurityHeader().appendChild(
+ doc.importNode((Element) tok.getToken(), true));
+
+ tokenIncluded = true;
+ }
+
+ //check for dirived keys
+ if(token.isDerivedKeys()) {
+ //Create a derived key and add
+ try {
+
+ //Do Signature with derived keys
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+
+
+ dkSign.prepare(doc);
+
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(rpd.isTokenProtection() && tokenIncluded) {
+ sigParts.add(new WSEncryptionPart(id));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ dkSign.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ //TODO: Do signature withtout derived keys with the Issuedtoken ??
+ return null;
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationCallbackHandler.java
new file mode 100644
index 0000000..4b43b48
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationCallbackHandler.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import org.apache.rahas.Token;
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+/**
+ * This is ths callback handler used to extract he secure conversation
+ * session key for a given context identifier
+ * @deprecated
+ */
+public class ConversationCallbackHandler implements CallbackHandler {
+
+ private ConversationConfiguration config;
+
+ public ConversationCallbackHandler(ConversationConfiguration config) {
+ this.config = config;
+ }
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ String id = pc.getIdentifer();
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.config.getTokenStore().getToken(id);
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ //Register the security context in the current configuration
+ Util.resgisterContext(id, config);
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationConfiguration.java
new file mode 100644
index 0000000..210bc5b
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/ConversationConfiguration.java
@@ -0,0 +1,688 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TokenStorage;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * Configuration manager for Ramapart-SecConv
+ * @deprecated
+ */
+public class ConversationConfiguration {
+
+ public final static String SC_CONFIG = "sc-configuration";
+
+ public final static String SCOPE_SERVICE = "service";
+
+ public final static String SCOPE_OPERATION = "operation";
+
+ public final static QName SCOPE = new QName("scope");
+
+ public final static QName STS_EPR_ADDRESS = new QName("stsEprAddress");
+
+ public final static QName DERIVED_KEY_LENGTH = new QName("derivedKeyLength");
+
+ public final static QName KEY_DERIVATION_ALGORITHM_CLASS =
+ new QName("keyDerivationAlgorithmClass");
+
+ public final static QName TOKEN_STORE_CLASS = new QName("tokenStoreClass");
+
+ public final static QName CRYPTO_PROPERTIES_FILE = new QName(
+ "cryptoProperties");
+
+ public final static QName ENCRYPTION_USER = new QName("encryptionUser");
+
+ public final static QName PW_CALLBACK_CLASS = new QName(
+ WSHandlerConstants.PW_CALLBACK_CLASS);
+
+ private static final QName PROVIDE_ENTROPY = new QName("provideEntropy");
+
+ private String scope = SCOPE_SERVICE;
+
+ private String stsEPRAddress;
+
+ private String derivedKeyLength;
+
+ private String keyDerivationAlgorithmClass;
+
+ private Hashtable contextMap;
+
+ private String tokenStoreClass;
+
+ private TokenStorage tokenStore;
+
+ private MessageContext msgCtx;
+
+ private String contextIdentifier;
+
+ /**
+ * This is the properties of a particular <code>Crypto</code> impl
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ */
+ private Properties cryptoProperties;
+
+ /**
+ * This is the <code>Crypto</code> impl class name.
+ *
+ * This will ONLY be set via the message context as a property using
+ * <code>org.apache.rampart.WSSHandlerConstants#CRYPTO_PROPERTIES_KEY<code>.
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ * @see org.apache.ws.security.components.crypto.Merlin
+ */
+ private String cryptoClassName;
+
+ /**
+ * This is the crypto properties file to be used
+ * In this case the <code>Crypto</code> impl and its properties
+ * MUST be listed in this
+ * @see org.apache.ws.security.components.crypto.CryptoFactory#getInstance(String)
+ */
+ private String cryptoPropertiesFile;
+
+ private String passwordCallbackClass;
+
+ /**
+ * WSPasswordCallback handler reference
+ */
+ private CallbackHandler passwordCallbackRef;
+
+ /**
+ * Whether this configuration instance is created/used by the sender
+ * handler or not
+ */
+ private boolean sender;
+
+ private Document doc;
+
+ private Crypto crypto;
+
+ private ClassLoader classLoader;
+
+ private SecurityContextToken sct;
+
+ private String encryptionUser;
+
+ private boolean provideEntropy;
+
+ /**
+ * WS-Trust version to use
+ * Default is RahasConstants.VERSION_05_02
+ */
+ private int wstVersion = RahasConstants.VERSION_05_02;
+
+ /**
+ * Builds the configuration from an Axis2 parameter.
+ * @param msgCtx
+ * @param sender
+ * @return If there is an Axis2 parameter available in the context
+ * hierarchy or the configuration hierarchy then return the populated
+ * <code>ConversationConfiguration</code> instance. If the parameter is not
+ * found then
+ * @throws Exception
+ */
+ public static ConversationConfiguration load(MessageContext msgCtx, boolean sender)
+ throws Exception {
+ Parameter param = getParameter(msgCtx);
+ if(param != null) {
+ OMElement elem = param.getParameterElement();
+ if (elem != null
+ && elem.getFirstElement() != null
+ && elem.getFirstElement().getLocalName().equals(
+ SC_CONFIG)) {
+
+ OMElement confElem = elem.getFirstElement();
+
+ ConversationConfiguration config = new ConversationConfiguration();
+
+ config.msgCtx = msgCtx;
+ msgCtx.setProperty(SC_CONFIG, config);
+
+ config.scope = getStringValue(confElem.getFirstChildWithName(SCOPE));
+
+ config.stsEPRAddress = getStringValue(confElem
+ .getFirstChildWithName(STS_EPR_ADDRESS));
+
+ config.keyDerivationAlgorithmClass = getStringValue(confElem
+ .getFirstChildWithName(KEY_DERIVATION_ALGORITHM_CLASS));
+
+ config.tokenStoreClass = getStringValue(confElem
+ .getFirstChildWithName(TOKEN_STORE_CLASS));
+
+ config.cryptoPropertiesFile = getStringValue(confElem
+ .getFirstChildWithName(CRYPTO_PROPERTIES_FILE));
+
+ config.passwordCallbackClass = getStringValue(confElem
+ .getFirstChildWithName(PW_CALLBACK_CLASS));
+
+ config.encryptionUser = getStringValue(confElem
+ .getFirstChildWithName(ENCRYPTION_USER));
+
+ config.provideEntropy = confElem
+ .getFirstChildWithName(PROVIDE_ENTROPY) != null;
+
+ //Get the action<->ctx-identifier map
+ config.contextMap = (Hashtable) msgCtx
+ .getProperty(WSSHandlerConstants.CONTEXT_MAP_KEY);
+
+ //Convert the Envelop to DOOM
+ config.doc = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx
+ .getEnvelope(), true);
+
+ //Token store
+ config.tokenStore = (TokenStorage) msgCtx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY);
+
+ // Context identifier
+ if(sender) {
+ if(!msgCtx.isServerSide()) {
+ //Client side sender
+ if (config.scope.equals(ConversationConfiguration.SCOPE_OPERATION)) {
+ // Operation scope
+ String action = msgCtx.getSoapAction();
+ config.contextIdentifier = (String) config.getContextMap()
+ .get(action);
+ } else {
+ // Service scope
+ String serviceAddress = msgCtx.getTo().getAddress();
+ config.contextIdentifier = (String) config.getContextMap()
+ .get(serviceAddress);
+ }
+ if(config.sct == null && config.contextIdentifier != null) {
+ OMElement tokElem = config.getTokenStore().getToken(config.contextIdentifier).getToken();
+ config.sct = new SecurityContextToken((Element)config.doc.importNode((Element)tokElem, true));
+ }
+
+ } else {
+ //Server side sender
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ ConversationConfiguration inConfig = null;
+ if(opCtx != null && (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ inConfig = (ConversationConfiguration)inMsgCtx.getProperty(SC_CONFIG);
+ }
+ if(inConfig != null && inConfig.contextIdentifier != null) {
+ config.contextIdentifier = inConfig.contextIdentifier;
+ config.tokenStore = inConfig.tokenStore;
+ OMElement token = config.tokenStore.getToken(config.contextIdentifier).getToken();
+ config.sct = new SecurityContextToken((Element)config.doc.importNode((Element)token, true));
+ } else {
+ throw new RampartException("canotFindContextIdentifier");
+ }
+
+ config.setClassLoader(msgCtx.getAxisService().getClassLoader());
+ }
+ }
+
+ //Crypto properties
+ config.cryptoProperties = (Properties)msgCtx
+ .getProperty(WSSHandlerConstants.CRYPTO_PROPERTIES_KEY);
+
+ config.cryptoClassName = (String) msgCtx
+ .getProperty(WSSHandlerConstants.CRYPTO_CLASS_KEY);
+
+ config.passwordCallbackRef = (CallbackHandler)msgCtx
+ .getProperty(WSHandlerConstants.PW_CALLBACK_REF);
+
+ config.sender = sender;
+
+ return config;
+ } else {
+ throw new RampartException("missingConfiguration",
+ new String[] { SC_CONFIG });
+ }
+ } else {
+ //If there's no configuration return null
+ return null;
+ }
+
+ }
+
+ /**
+ * @param msgCtx
+ * @return The configuration parameter from the given message context
+ */
+ public static Parameter getParameter(MessageContext msgCtx) {
+ Parameter param = msgCtx.getParameter(SC_CONFIG);
+ if(param == null) {
+ param = (Parameter)msgCtx.getProperty(SC_CONFIG);
+ }
+ return param;
+ }
+
+ /**
+ * @param elem
+ * @throws RampartException
+ */
+ private static String getStringValue(OMElement elem) throws RampartException {
+ if(elem != null) {
+ return elem.getText();
+ }
+ return null;
+ }
+
+ /**
+ * Generate the Axis2 parameter representing ConversationConfiguration
+ * @return The Axis2 parameter representing ConversationConfiguration
+ */
+ public Parameter getParameter() {
+ Parameter param = new Parameter();
+ OMElement element = this.getOMElement();
+ OMElement paramElem = element.getOMFactory().createOMElement("parameter", null);
+ paramElem.addAttribute("name", ConversationConfiguration.SC_CONFIG, null);
+ paramElem.addChild(element);
+ param.setParameterElement(paramElem);
+ return param;
+ }
+
+ private OMElement getOMElement() {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(SC_CONFIG, null);
+ if (this.scope != null) {
+ OMElement tempElem = factory.createOMElement(SCOPE, elem);
+ tempElem.setText(this.scope);
+ elem.addChild(tempElem);
+ }
+ if (this.stsEPRAddress != null) {
+ OMElement tempElem = factory.createOMElement(STS_EPR_ADDRESS, elem);
+ tempElem.setText(this.stsEPRAddress);
+ elem.addChild(tempElem);
+ }
+ if (this.derivedKeyLength != null) {
+ OMElement tempElem = factory.createOMElement(DERIVED_KEY_LENGTH, elem);
+ tempElem.setText(this.derivedKeyLength);
+ elem.addChild(tempElem);
+ }
+ if (this.keyDerivationAlgorithmClass != null) {
+ OMElement tempElem = factory.createOMElement(KEY_DERIVATION_ALGORITHM_CLASS, elem);
+ tempElem.setText(this.keyDerivationAlgorithmClass);
+ elem.addChild(tempElem);
+ }
+ if (this.passwordCallbackClass != null) {
+ OMElement tempElem = factory.createOMElement(PW_CALLBACK_CLASS, elem);
+ tempElem.setText(this.passwordCallbackClass);
+ elem.addChild(tempElem);
+ }
+ if(this.cryptoPropertiesFile != null) {
+ OMElement tempElem = factory.createOMElement(CRYPTO_PROPERTIES_FILE, elem);
+ tempElem.setText(this.cryptoPropertiesFile);
+ elem.addChild(tempElem);
+ }
+ if(this.encryptionUser != null) {
+ OMElement tempElem = factory.createOMElement(ENCRYPTION_USER, elem);
+ tempElem.setText(this.encryptionUser);
+ elem.addChild(tempElem);
+ }
+ if(this.provideEntropy) {
+ factory.createOMElement(PROVIDE_ENTROPY, elem);
+ }
+ return elem;
+ }
+
+// /**
+// * This registers the security context mapping ?e context identifier to
+// * the wsa:Action/soapAction or the service address, depending on the scope.
+// *
+// * @param identifier The security context identifier
+// * @throws RampartException
+// * If scope is "operation" and the wsa:Action is not available.
+// * If scope is "service" and the wsa:To is missing.
+// */
+// protected void resgisterContext(String identifier) throws RampartException {
+// this.contextIdentifier = identifier;
+//
+// if(this.scope.equals(SCOPE_OPERATION)) {
+// String action = msgCtx.getSoapAction();
+// if(action != null) {
+// this.getContextMap().put(action, identifier);
+// } else {
+// throw new RampartException("missingWSAAction");
+// }
+// } else {
+// String to = msgCtx.getTo().getAddress();
+// if(to != null) {
+// this.getContextMap().put(to, identifier);
+// } else {
+// throw new RampartException("missingWSATo");
+// }
+// }
+// //TODO
+// //this.contextMap
+// }
+
+ /**
+ * @return Returns the scope.
+ */
+ public String getScope() {
+ return scope;
+ }
+
+ /**
+ * @return Returns the stsEPR.
+ */
+ public String getStsEPRAddress() {
+ return stsEPRAddress;
+ }
+
+ /**
+ * @return Returns the derivedKeyLength.
+ */
+ public String getDerivedKeyLength() {
+ return derivedKeyLength;
+ }
+
+ /**
+ * @return Returns the keyDerivationAlgorithmClass.
+ */
+ public String getKeyDerivationAlgorithmClass() {
+ return keyDerivationAlgorithmClass;
+ }
+
+ /**
+ * @param derivedKeyLength The derivedKeyLength to set.
+ */
+ public void setDerivedKeyLength(String derivedKeyLength) {
+ this.derivedKeyLength = derivedKeyLength;
+ }
+
+ /**
+ * @param keyDerivationAlgorithmClass The keyDerivationAlgorithmClass to set.
+ */
+ public void setKeyDerivationAlgorithmClass(String keyDerivationAlgorithmClass) {
+ this.keyDerivationAlgorithmClass = keyDerivationAlgorithmClass;
+ }
+
+ /**
+ * @param scope The scope to set.
+ */
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+
+ /**
+ * @param stsEPRAddress The stsEPRAddress to set.
+ */
+ public void setStsEPRAddress(String stsEPRAddress) {
+ this.stsEPRAddress = stsEPRAddress;
+ }
+
+ /**
+ * @return Returns the contextMap.
+ */
+ protected Hashtable getContextMap() {
+ if(contextMap == null) {
+ contextMap = new Hashtable();
+
+ //Context map should be global
+ this.msgCtx.getConfigurationContext().setProperty(
+ WSSHandlerConstants.CONTEXT_MAP_KEY, contextMap);
+ }
+
+ return contextMap;
+ }
+
+ /**
+ * @return Returns the tokenStore.
+ */
+ public TokenStorage getTokenStore() throws Exception {
+ if(this.tokenStore == null) {
+
+ //First check the context hierarchy
+ this.tokenStore = (TokenStorage) this.msgCtx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY
+ + msgCtx.getWSAAction());
+ if(this.tokenStore == null) {
+ this.tokenStore = (TokenStorage) this.msgCtx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY
+ + msgCtx.getAxisService().getName());
+ }
+
+ //Create a new store
+ if(this.tokenStore == null) {
+ if(this.tokenStoreClass != null) {
+ this.tokenStore = (TokenStorage) Class
+ .forName(this.tokenStoreClass).newInstance();
+ } else {
+ this.tokenStore = new SimpleTokenStore();
+ }
+ }
+
+ if(SCOPE_SERVICE.equals(this.scope)) {
+ this.msgCtx.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStore);
+ } else {
+ this.msgCtx.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStore);
+ }
+ }
+ return tokenStore;
+ }
+
+ /**
+ * @return Returns the tokenStoreClass.
+ */
+ public String getTokenStoreClass() {
+ return tokenStoreClass;
+ }
+
+
+ /**
+ * @return Returns the cryptoProperties.
+ */
+ public Properties getCryptoProperties() {
+ return cryptoProperties;
+ }
+
+ /**
+ * @param cryptoProperties The cryptoProperties to set.
+ */
+ public void setCryptoProperties(Properties cryptoProperties) {
+ this.cryptoProperties = cryptoProperties;
+ }
+
+ /**
+ * @param tokenStoreClass The tokenStoreClass to set.
+ */
+ public void setTokenStoreClass(String tokenStoreClass) {
+ this.tokenStoreClass = tokenStoreClass;
+ }
+
+ /**
+ * @return Returns the cryptoPropertiesFile.
+ */
+ public String getCryptoPropertiesFile() {
+ return cryptoPropertiesFile;
+ }
+
+ /**
+ * @param cryptoPropertiesFile The cryptoPropertiesFile to set.
+ */
+ public void setCryptoPropertiesFile(String cryptoPropertiesFile) {
+ this.cryptoPropertiesFile = cryptoPropertiesFile;
+ }
+
+ /**
+ * @return Returns the cryptoClassName.
+ */
+ public String getCryptoClassName() {
+ return cryptoClassName;
+ }
+
+ /**
+ * @param cryptoClassName The cryptoClassName to set.
+ */
+ public void setCryptoClassName(String cryptoClassName) {
+ this.cryptoClassName = cryptoClassName;
+ }
+
+ /**
+ * @return Returns the sender.
+ */
+ protected boolean isSender() {
+ return sender;
+ }
+
+ /**
+ * @return Returns the doc.
+ */
+ public Document getDocument() {
+ return doc;
+ }
+
+ /**
+ * @param doc The doc to set.
+ */
+ protected void setDocument(Document doc) {
+ this.doc = doc;
+ }
+
+ /**
+ * @return Returns the passwordCallbackClass.
+ */
+ public String getPasswordCallbackClass() {
+ return passwordCallbackClass;
+ }
+
+ /**
+ * @return Returns the passwordCallbackRef.
+ */
+ public CallbackHandler getPasswordCallbackRef() {
+ return passwordCallbackRef;
+ }
+
+ /**
+ * @param passwordCallbackClass The passwordCallbackClass to set.
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.passwordCallbackClass = passwordCallbackClass;
+ }
+
+ /**
+ * @return Returns the encryptionUser.
+ */
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ /**
+ * @param encryptionUser The encryptionUser to set.
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ /**
+ * @return Returns the provideEntropy.
+ */
+ public boolean isProvideEntropy() {
+ return provideEntropy;
+ }
+
+ /**
+ * @param provideEntropy The provideEntropy to set.
+ */
+ public void setProvideEntropy(boolean provideEntropy) {
+ this.provideEntropy = provideEntropy;
+ }
+
+ /**
+ * @return Returns the crypto.
+ */
+ public Crypto getCrypto() {
+ return crypto;
+ }
+
+ /**
+ * @param crypto The crypto to set.
+ */
+ protected void setCrypto(Crypto crypto) {
+ this.crypto = crypto;
+ }
+
+ /**
+ * @return Returns the classLoader.
+ */
+ protected ClassLoader getClassLoader() {
+ return classLoader;
+ }
+
+ /**
+ * @param classLoader The classLoader to set.
+ */
+ protected void setClassLoader(ClassLoader classLoader) {
+ this.classLoader = classLoader;
+ }
+
+ /**
+ * @return Returns the msgCtx.
+ */
+ public MessageContext getMsgCtx() {
+ return msgCtx;
+ }
+
+ /**
+ * @return Returns the contextIdentifier.
+ */
+ public String getContextIdentifier() {
+ return contextIdentifier;
+ }
+
+ /**
+ * @param contextIdentifier The contextIdentifier to set.
+ */
+ protected void setContextIdentifier(String contextIdentifier) {
+ this.contextIdentifier = contextIdentifier;
+ }
+
+ /**
+ * @return Returns the wstVersion.
+ */
+ public int getWstVersion() {
+ return wstVersion;
+ }
+
+ /**
+ * @param wstVersion The wstVersion to set.
+ */
+ public void setWstVersion(int wstVersion) {
+ this.wstVersion = wstVersion;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/STSRequester.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/STSRequester.java
new file mode 100644
index 0000000..2c7ea8f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/STSRequester.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.description.Parameter;
+import org.apache.axiom.om.util.Base64;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+
+/**
+ * @deprecated
+ */
+public class STSRequester {
+
+
+ //TODO: Remove when policy support is completed
+ public static void issueRequest(ConversationConfiguration config) throws RampartException, AxisFault, TrustException {
+ MessageContext msgCtx = config.getMsgCtx();
+ AxisService axisService = new AxisService("SecurityTokenService");
+ QName rstQn = new QName("requestSecurityToken");
+ OutInAxisOperation operation = new OutInAxisOperation(rstQn);
+ axisService.addOperation(operation);
+ ServiceClient client = new ServiceClient(msgCtx
+ .getConfigurationContext(), axisService);
+
+ Options options = new Options();
+ options.setTo(new EndpointReference(config.getStsEPRAddress()));
+
+ options.setAction(TrustUtil.getActionValue(config.getWstVersion(), RahasConstants.RST_ACTION_SCT));
+
+ //Get the security configurations
+ Parameter outFlowParam = msgCtx
+ .getParameter(WSSHandlerConstants.STS_OUTFLOW_SECURITY);
+ Parameter inFlowParam = msgCtx
+ .getParameter(WSSHandlerConstants.STS_INFLOW_SECURITY);
+
+ if(outFlowParam == null) {
+ outFlowParam = (Parameter) msgCtx
+ .getProperty(WSSHandlerConstants.STS_OUTFLOW_SECURITY);
+ }
+ if(inFlowParam == null) {
+ inFlowParam = (Parameter) msgCtx
+ .getProperty(WSSHandlerConstants.STS_INFLOW_SECURITY);
+ }
+
+
+ //Set the STS specific config config
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, outFlowParam);
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, inFlowParam);
+
+ client.engageModule(new QName(WSSHandlerConstants.SECURITY_MODULE_NAME));
+
+ client.setOptions(options);
+
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(config.getWstVersion());
+ TrustUtil.createRequestTypeElement(config.getWstVersion(), rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(config.getWstVersion(), rstElem);
+ tokenTypeElem.setText(ConversationConstants.getWSCNs(ConversationConstants.DEFAULT_VERSION) + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN);
+
+ if(config.isProvideEntropy()) {
+ //TODO Option to get the nonce lenght and
+ //keysize from the the configuration
+
+ // Length of nonce in bytes
+ int nonceLength = 16;
+
+ OMElement entropyElem = TrustUtil.createEntropyElement(config.getWstVersion(), rstElem);
+
+ byte[] nonce = WSSecurityUtil.generateNonce(nonceLength);
+ OMElement elem = TrustUtil.createBinarySecretElement(config.getWstVersion(), entropyElem, RahasConstants.BIN_SEC_TYPE_NONCE);
+
+ elem.setText(Base64.encode(nonce));
+
+ TrustUtil.createKeySizeElement(config.getWstVersion(), rstElem, nonceLength * 8);
+ }
+
+ OMElement tempResult = client.sendReceive(rstQn, rstElem);
+ Axis2Util.useDOOM(true);
+ OMElement tempelem = Axis2Util.toDOOM(DOOMAbstractFactory.getOMFactory(), tempResult);
+ OMElement elem = (OMElement)config.getDocument().importNode((Element)tempelem, true);
+ Util.processRSTR(elem, config);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RampartException("errorInObtainingSct",
+ new String[] { config.getStsEPRAddress() }, e);
+ }
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java
new file mode 100644
index 0000000..1bcfbbf
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/conversation/Util.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.conversation;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axis2.util.Loader;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import java.util.Vector;
+
+public class Util {
+
+ /**
+ * Returns the crypto instance of this configuration. If one is not
+ * availabale then it will try to create a <code>Crypto</code> instance
+ * using available configuration information and will set it as the
+ * <code>Crypto</code> instance of the configuration.
+ *
+ * @param config
+ * @return The crypto instance of this configuration
+ * @throws RahasException
+ */
+ public static Crypto getCryptoInstace(ConversationConfiguration config)
+ throws RampartException {
+ if (config.getCrypto() != null) {
+ return config.getCrypto();
+ } else {
+ Crypto crypto = null;
+ if (config.getCryptoClassName() != null
+ && config.getCryptoProperties() != null) {
+ crypto = CryptoFactory.getInstance(config.getCryptoClassName(),
+ config.getCryptoProperties());
+ } else if (config.getCryptoPropertiesFile() != null) {
+ if (config.getClassLoader() != null) {
+ crypto = CryptoFactory
+ .getInstance(config.getCryptoPropertiesFile(),
+ config.getClassLoader());
+ } else {
+ crypto = CryptoFactory.getInstance(config
+ .getCryptoPropertiesFile());
+ }
+ } else {
+ throw new RampartException("cannotCrateCryptoInstance");
+ }
+ config.setCrypto(crypto);
+ return crypto;
+ }
+ }
+
+ public static void processRSTR(OMElement rstr, ConversationConfiguration config)
+ throws Exception {
+ // Extract the SecurityContextToken
+
+ String ns = null;
+
+ OMElement rstElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ if (rstElem != null) {
+ ns = RahasConstants.WST_NS_05_02;
+ } else {
+ //At this point we certainthe version is the WS-SX version
+ rstElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ ns = RahasConstants.WST_NS_05_12;
+ }
+ Token token = null;
+ if (rstElem != null) {
+ OMElement sctElem = rstElem.getFirstElement();
+ if (sctElem != null) {
+ SecurityContextToken sct = new SecurityContextToken(
+ (Element) sctElem);
+ token = new Token(sct.getIdentifier(), sctElem, rstr
+ .getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ LIFETIME)));
+ resgisterContext(sct.getIdentifier(), config);
+ } else {
+ throw new RampartException("sctMissingInResponse");
+ }
+ } else {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ // Process RequestedProofToken and extract the secret
+ byte[] secret = null;
+ OMElement rpt = rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.LocalNames.
+ REQUESTED_PROOF_TOKEN));
+ if (rpt != null) {
+ OMElement elem = rpt.getFirstElement();
+
+ if (WSConstants.ENC_KEY_LN.equals(elem.getLocalName())
+ && WSConstants.ENC_NS.equals(elem.getNamespace().getNamespaceURI())) {
+ // Handle the xenc:EncryptedKey case
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+ processor.handleToken((Element) elem, null, Util
+ .getCryptoInstace(config),
+ getCallbackHandlerInstance(config), null, new Vector(),
+ null);
+ secret = processor.getDecryptedBytes();
+ } else if (RahasConstants.LocalNames.BINARY_SECRET.equals(elem.getLocalName()) &&
+ RahasConstants.WST_NS_05_02.equals(elem.getNamespace().getNamespaceURI()))
+ {
+ // Handle the wst:BinarySecret case
+ secret = Base64.decode(elem.getText());
+ } else {
+ throw new TrustException("notSupported", new String[]{"{"
+ + elem.getNamespace().getNamespaceURI() + "}"
+ + elem.getLocalName()});
+ }
+ } else {
+ throw new TrustException("rptMissing");
+ }
+
+ // Check for attached ref
+ OMElement reqAttElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_ATTACHED_REFERENCE));
+ OMElement reqAttRef = reqAttElem == null ? null : reqAttElem
+ .getFirstElement();
+
+ OMElement reqUnattElem =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE));
+ OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem
+ .getFirstElement();
+
+ token.setAttachedReference(reqAttRef);
+ token.setUnattachedReference(reqUnattRef);
+ token.setSecret(secret);
+ config.getTokenStore().add(token);
+ }
+
+ private static CallbackHandler getCallbackHandlerInstance(
+ ConversationConfiguration config) throws Exception {
+ if (config.getPasswordCallbackRef() != null) {
+ return config.getPasswordCallbackRef();
+ } else if (config.getPasswordCallbackClass() != null) {
+ if (config.getClassLoader() != null) {
+ Class clazz = Loader.loadClass(config.getClassLoader(), config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ } else {
+ Class clazz = Loader.loadClass(config
+ .getPasswordCallbackClass());
+ return (CallbackHandler) clazz.newInstance();
+ }
+ } else {
+ throw new RampartException("noInfoForCBhandler");
+ }
+ }
+
+ /**
+ * This registers the security context mapping ?e context identifier to
+ * the wsa:Action/soapAction or the service address, depending on the scope.
+ *
+ * @param identifier The security context identifier
+ * @param config The ConversationConfiguration instance
+ * @throws RampartException If scope is "operation" and the wsa:Action is not available.
+ * If scope is "service" and the wsa:To is missing.
+ */
+ public static void resgisterContext(String identifier, ConversationConfiguration config) throws RampartException {
+ config.setContextIdentifier(identifier);
+
+ if (config.getScope().equals(ConversationConfiguration.SCOPE_OPERATION)) {
+ String action = config.getMsgCtx().getSoapAction();
+ if (action != null) {
+ config.getContextMap().put(action, identifier);
+ } else {
+ throw new RampartException("missingWSAAction");
+ }
+ } else {
+ String to = config.getMsgCtx().getTo().getAddress();
+ if (to != null) {
+ config.getContextMap().put(to, identifier);
+ } else {
+ throw new RampartException("missingWSATo");
+ }
+ }
+ //TODO
+ //this.contextMap
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
new file mode 100644
index 0000000..47467d1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -0,0 +1,84 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+missingConfiguration = Missing or malformed configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+missingScopeValue = Missing or incorrect scope value
+canotFindContextIdentifier = Cannot find context identifier
+missingWSAAction = wsa:Action value missing
+missingWSATo = wsa:To address value missing
+cannotCrateCryptoInstance = Cannot create Crypto instace
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
+missingEncryptionUser=Encryption user not specified (The context is created by the initiating party)
+
+missingSignatureCrypto=Signature crypto information not available
+missingEncryptionCrypto=Encryption crypto information not available
+missingCallbackHandler=Password callback handler cannot be located
+errorInObtainingSct=Error in obtaining SCT from \"{0}\"
+errorInObtainingToken=Error in obtaining a token
+errorInExtractingMsgProps = Error in extracting message properties
+userMissing = No user value in the rampart configuration policy
+cbHandlerMissing = Password CallbackHandler not speficied in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
+errorInGettingPasswordForUser = Error in getting password for user : \"{0}\"
+noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
+unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
+errorExtractingToken = Error extracting token : \"{0}\"
+errorInAddingTokenIntoStore = Error in adding token into store
+errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
+errorInSignatureWithX509Token = Error in signature with X509Token
+errorCreatingEncryptedKey = Error in creating an encrypted key
+errorGettingSignatureValuesForSigconf = Error in getting signature values for signature confirmation
+cannotLoadPWCBClass = Cannot load password callback class: {0}
+cannotCreatePWCBInstance = Cannot create instance of password callback : {0}
+pwcbFailed = password callback failed
+unknownKeyRefSpeficier = Unknown key reference specifier for X509Token
+errorInRetrievingTokenId = Error in retrieving token : {0}
+errorInEncryption = Error in encryption
+errorInDKEncr = Error in encryption with a derived key
+errorCreatingRahasToken = Error in creating a org.apache.rahas.Token instance
+UnsupportedTokenInSupportingToken = Unsupported token in supporting tokens
+encryptionTokenMissing = Encryption token missing
+signatureTokenMissing = Signature token missging
+errorInEncryption = Error during encryption
+sctIssuerPolicyMissing = sct-issuer-policy parameter missing
+errorInTokenCancellation = Error in cancelling token
+tokenToBeCancelledInvalid = Token to be cancelled is invalid or expired
+errorCreatingRSTTemplateForSCT=Error in creating RST template for SCT
+noSecurityToken = Missing security token
+noSecurityResults= No security processing results from the incoming message
+missingEncryptedKeyInRequest=There was no EncryptedKey in the request message
+rampartConigMissing = Please include configured RampartConfiguration assertion in policy
+
+#Errors in processors
+errorProcessingUT = Error in processing UsernameToken
+
+cannotValidateTimestamp = The timestamp could not be validated
+trustVerificationError = The certificate used for the signature is not trusted
+cannotFindAliasForCert = Could not get alias for certificate with {0}
+noCertForAlias = Could not get certificates for alias {0}
+certPathVerificationFailed = Certificate path verification failed for certificate with subject
+
+#Rampart Results Validation Errors
+timestampMissing = Missing Timestamp
+encryptedPartMissing = Missing encryption result for id : {0}
+invalidNumberOfEncryptedParts = Invalid number of encrypted parts
+protectionOrderMismatch = Protection order mismatch
+usernameTokenMissing = UsernameToken missing in request
+signatureMissing = Message is not signed
+unexprectedEncryptedPart = Unexpected encrypted data found, no encryption required
+encryptionMissing = Expected encrypted part missing
+signedPartHeaderNotSigned = Soap Header must be signed : {0}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
new file mode 100644
index 0000000..14bb6e0
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -0,0 +1,136 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.RampartEngine;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.Iterator;
+import java.util.Vector;
+
+
+public class RampartReceiver implements Handler {
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("deafult Handler");
+
+ private HandlerDescription handlerDesc;
+
+
+ public RampartReceiver() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ RampartEngine engine = new RampartEngine();
+ Vector wsResult;
+ try {
+ wsResult = engine.process(msgContext);
+
+ } catch (WSSecurityException e) {
+ e.printStackTrace();
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ e.printStackTrace();
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ e.printStackTrace();
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ if(wsResult == null) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ Vector results = null;
+ if ((results = (Vector) msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult("", wsResult);
+ results.add(0, rResult);
+
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "RampartReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.getChildElements();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+ return InvocationResponse.CONTINUE;
+
+ }
+
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart inflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
new file mode 100644
index 0000000..28a08d2
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.MessageBuilder;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+
+
+public class RampartSender implements Handler {
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("deafult Handler");
+
+ private HandlerDescription handlerDesc;
+
+
+ public RampartSender() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ MessageBuilder builder = new MessageBuilder();
+ try {
+ builder.build(msgContext);
+ } catch (WSSecurityException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart outflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
new file mode 100644
index 0000000..15b6bd1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.handler.WSHandler;
+
+/**
+ * Class WSDoAllHandler
+ */
+public abstract class WSDoAllHandler extends WSHandler implements Handler {
+
+ /**
+ * Field EMPTY_HANDLER_METADATA
+ */
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("deafult Handler");
+
+ private final static String WSS_PASSWORD = "password";
+
+ private final static String WSS_USERNAME = "username";
+
+ /**
+ * Field handlerDesc
+ */
+ protected HandlerDescription handlerDesc;
+
+ /**
+ * In Axis2, the user cannot set inflow and outflow parameters.
+ * Therefore, we need to map the Axis2 specific inflow and outflow
+ * parameters to WSS4J params,
+ * <p/>
+ * Knowledge of inhandler and out handler is used to get the mapped value.
+ */
+ protected boolean inHandler;
+
+ /**
+ * Constructor AbstractHandler.
+ */
+ public WSDoAllHandler() {
+ handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public abstract void processMessage(MessageContext msgContext) throws AxisFault;
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.engine.Handler#invoke(org.apache.axis2.context.MessageContext)
+ */
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+ //If the security module is not engaged for this service
+ //do not do any processing
+ if (msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ this.processMessage(msgContext);
+ }
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ /**
+ * Method getName.
+ *
+ * @return Returns name.
+ */
+ public String getName() {
+ return handlerDesc.getName();
+ }
+
+ /**
+ * Method cleanup.
+ */
+ public void cleanup() {
+ }
+
+ /**
+ * Method getParameter.
+ *
+ * @param name
+ * @return Returns parameter.
+ */
+ public Parameter getParameter(String name) {
+ return handlerDesc.getParameter(name);
+ }
+
+ /**
+ * Method init.
+ *
+ * @param handlerdesc
+ */
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ /**
+ * Gets the handler description.
+ *
+ * @return Returns handler description.
+ */
+ public HandlerDescription getHandlerDesc() {
+ return handlerDesc;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ String name = this.getName();
+ return (name != null) ? name : null;
+ }
+
+
+ public Object getProperty(Object msgContext, String axisKey) {
+
+ int repetition = getCurrentRepetition(msgContext);
+
+ String key = Axis2Util.getKey(axisKey, inHandler, repetition);
+ Object property = ((MessageContext) msgContext).getProperty(key);
+ if (property == null) {
+ //Try the description hierarchy
+ Parameter parameter = ((MessageContext) msgContext).getParameter(key);
+ if (parameter != null) {
+ property = parameter.getValue();
+ }
+ }
+ return property;
+ }
+
+ /**
+ * Returns the repetition number from the message context
+ *
+ * @param msgContext
+ * @return Returns int.
+ */
+ protected int getCurrentRepetition(Object msgContext) {
+ //get the repetition from the message context
+ int repetition = 0;
+ if (!inHandler) {//We only need to repete the out handler
+ Integer count = (Integer) ((MessageContext) msgContext).getProperty(WSSHandlerConstants.CURRENT_REPETITON);
+ if (count != null) { //When we are repeting the handler
+ repetition = count.intValue();
+ }
+ }
+ return repetition;
+ }
+
+ public String getPassword(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_PASSWORD);
+ }
+
+ public void setPassword(Object msgContext, String password) {
+ ((MessageContext) msgContext).setProperty(WSS_PASSWORD, password);
+ }
+
+ public String getUsername(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_USERNAME);
+ }
+
+ public void setUsername(Object msgContext, String username) {
+ ((MessageContext) msgContext).setProperty(WSS_USERNAME, username);
+ }
+
+ /**
+ * Gets optoin. Extracts the configuration values from the service.xml
+ * and/or axis2.xml. Values set in the service.xml takes prority over
+ * values of the axis2.xml
+ */
+ public Object getOption(String axisKey) {
+ Parameter parameter = this.handlerDesc.getParameter(axisKey);
+ return (parameter == null) ? null : parameter.getValue();
+ }
+
+ public void setProperty(Object msgContext, String key, Object value) {
+ ((MessageContext) msgContext).setProperty(key, value);
+ }
+
+ /**
+ * Overrides the class loader used to load the PW callback class.
+ *
+ * @param msgCtx MessageContext
+ * @return Returns class loader.
+ */
+ public java.lang.ClassLoader getClassLoader(Object msgCtx) {
+ try {
+ return ((MessageContext) msgCtx).getAxisService().getClassLoader();
+ } catch (Throwable t) {
+ return super.getClassLoader(msgCtx);
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
new file mode 100644
index 0000000..4baa49f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
@@ -0,0 +1,453 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.conversation.ConversationCallbackHandler;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.conversation.Util;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllReceiver extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllReceiver.class);
+
+ public WSDoAllReceiver() {
+ super();
+ inHandler = true;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: enter invoke() ");
+ }
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+
+ Parameter param = ConversationConfiguration
+ .getParameter(msgContext);
+
+ if (param == null
+ || WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext
+ .getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext
+ .getWSAAction())) {
+ this.processBasic(msgContext, useDoom, reqData);
+ } else {
+ this.processSecConv(msgContext);
+ }
+ } catch (AxisFault axisFault) {
+ setAddressingInformationOnFault(msgContext);
+ throw axisFault;
+ } catch (Exception e) {
+ setAddressingInformationOnFault(msgContext);
+ throw new AxisFault(e.getMessage(), e);
+ } finally {
+
+ if (reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: exit invoke()");
+ }
+ }
+
+ }
+
+ /**
+ * Use WS-SecureConversation to secure messages
+ * @param msgContext
+ * @throws Exception
+ */
+ private void processSecConv(MessageContext msgContext) throws Exception {
+ // Parse the configuration
+ ConversationConfiguration config = ConversationConfiguration
+ .load(msgContext, false);
+
+ // check if there's an RSTR in the msg and process it if exists
+ SOAPEnvelope env = (SOAPEnvelope) config.getDocument()
+ .getDocumentElement();
+ SOAPHeader header = env.getHeader();
+ if (header != null
+ && header
+ .getFirstChildWithName(new QName(
+ WSSHandlerConstants.WST_NS,
+ WSSHandlerConstants.REQUEST_SECURITY_TOKEN_RESPONSE_LN)) != null) {
+ OMElement elem = header
+ .getFirstChildWithName(new QName(
+ WSSHandlerConstants.WST_NS,
+ WSSHandlerConstants.REQUEST_SECURITY_TOKEN_RESPONSE_LN));
+ Util.processRSTR(elem, config);
+ }
+
+ secEngine.processSecurityHeader(config.getDocument(), null,
+ new ConversationCallbackHandler(config), config
+ .getCrypto());
+
+
+ // Convert back to llom since the inflow cannot use llom
+ msgContext.setEnvelope(Axis2Util
+ .getSOAPEnvelopeFromDOMDocument(config.getDocument(), true));
+
+ SOAPHeader soapHeader = null;
+ try {
+ soapHeader = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "WSDoAllReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = soapHeader.examineAllHeaderBlocks();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+
+
+ }
+
+ private void processBasic(MessageContext msgContext, boolean useDoom, RequestData reqData)
+ throws Exception {
+
+ // populate the properties
+ try {
+ HandlerParameterDecoder.processParameters(msgContext, true);
+ } catch (Exception e) {
+ throw new AxisFault("Configuration error", e);
+ }
+
+ reqData = new RequestData();
+
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.INFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext,
+ WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ String actor = (String) getOption(WSHandlerConstants.ACTOR);
+
+ Document doc = null;
+
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext
+ .getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault(
+ "WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+
+ // Do not process faults
+ SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+ .getDocumentElement());
+ if (WSSecurityUtil.findElement(doc.getDocumentElement(), "Fault",
+ soapConstants.getEnvelopeURI()) != null) {
+ return;
+ }
+
+ /*
+ * To check a UsernameToken or to decrypt an encrypted message we need a
+ * password.
+ */
+ CallbackHandler cbHandler = null;
+ if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
+ cbHandler = getPasswordCB(reqData);
+ }
+
+ // Copy the WSHandlerConstants.SEND_SIGV over to the new message
+ // context - if it exists, if signatureConfirmation in the response msg
+ String sigConfEnabled = null;
+ if ((sigConfEnabled = (String) getOption(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION)) == null) {
+ sigConfEnabled = (String) getProperty(msgContext,
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ // To handle sign confirmation of a sync response
+ // TODO Async response
+ if (!msgContext.isServerSide()
+ && !"false".equalsIgnoreCase(sigConfEnabled)) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ if (outMsgCtx != null) {
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ } else {
+ throw new WSSecurityException(
+ "Cannot obtain request message context");
+ }
+ }
+
+ /*
+ * Get and check the Signature specific parameters first because they
+ * may be used for encryption too.
+ */
+
+ doReceiverAction(doAction, reqData);
+
+ Vector wsResult = null;
+ try {
+ wsResult = secEngine.processSecurityHeader(doc, actor, cbHandler,
+ reqData.getSigCrypto(), reqData.getDecCrypto());
+ } catch (WSSecurityException ex) {
+ throw new AxisFault("WSDoAllReceiver: security processing failed",
+ ex);
+ }
+ if (wsResult == null) { // no security header found
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ } else {
+ throw new AxisFault(
+ "WSDoAllReceiver: Incoming message does not contain required Security header");
+ }
+ }
+
+ if (reqData.getWssConfig().isEnableSignatureConfirmation()
+ && !msgContext.isServerSide()) {
+ checkSignatureConfirmation(reqData, wsResult);
+ }
+
+ /**
+ * Set the new SOAPEnvelope
+ */
+
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+
+ /*
+ * After setting the new current message, probably modified because of
+ * decryption, we need to locate the security header. That is, we force
+ * Axis (with getSOAPEnvelope()) to parse the string, build the new
+ * header. Then we examine, look up the security header and set the
+ * header as processed.
+ *
+ * Please note: find all header elements that contain the same actor
+ * that was given to processSecurityHeader(). Then check if there is a
+ * security header with this actor.
+ */
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "WSDoAllReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.examineHeaderBlocks(actor);
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ wsResult, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = actionResult.getCertificate();
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, reqData)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The certificate used for the signature is not trusted");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header. In the following implementation the timestamp is valid if it
+ * was created after (now-ttl), where ttl is set on server side, not by
+ * the client.
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(wsResult,
+ WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = actionResult.getTimestamp();
+
+ if (timestamp != null) {
+ String ttl = null;
+ if ((ttl = (String) getOption(WSHandlerConstants.TTL_TIMESTAMP)) == null) {
+ ttl = (String) getProperty(msgContext,
+ WSHandlerConstants.TTL_TIMESTAMP);
+ }
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = reqData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = reqData.getTimeToLive();
+ }
+
+ if (!verifyTimestamp(timestamp, reqData.getTimeToLive())) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The timestamp could not be validated");
+ }
+ }
+ }
+
+ /*
+ * now check the security actions: do they match, in right order?
+ */
+ if (!checkReceiverResults(wsResult, actions)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: security processing failed (actions mismatch)");
+
+ }
+ /*
+ * All ok up to this point. Now construct and setup the security result
+ * structure. The service may fetch this and check it. Also the
+ * DoAllSender will use this in certain situations such as:
+ * USE_REQ_SIG_CERT to encrypt
+ */
+ Vector results = null;
+ if ((results = (Vector) getProperty(msgContext,
+ WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
+ results.add(0, rResult);
+ }
+
+ private void setAddressingInformationOnFault(MessageContext msgContext) {
+ SOAPEnvelope env = msgContext.getEnvelope();
+ SOAPHeader header = env.getHeader();
+
+ if (header != null) {
+ OMElement msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Final.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ if (msgIdElem == null) {
+ msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Submission.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ }
+ if (msgIdElem != null && msgIdElem.getText() != null) {
+ msgContext.getOptions().setMessageId(msgIdElem.getText());
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
new file mode 100644
index 0000000..ba35ade
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -0,0 +1,444 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.conversation.STSRequester;
+import org.apache.rampart.conversation.Util;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllSender extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllSender.class);
+
+
+ public WSDoAllSender() {
+ super();
+ inHandler = false;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+ Parameter param = ConversationConfiguration.getParameter(msgContext);
+
+ if(param == null || WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction()) ||
+ WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction()) ||
+ WSSHandlerConstants.RSTR_ACTON_ISSUE.equals(msgContext.getWSAAction())) {
+ //If the msgs are msgs to an STS then use basic WS-Sec
+ processBasic(msgContext, useDoom, reqData);
+ } else {
+ processSecConv(msgContext);
+ }
+
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+ finally {
+ if(reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+ }
+ }
+
+ /**
+ * Use WS-SecureConversation to secure the messages
+ * @param msgContext
+ * @throws Exception
+ */
+ private void processSecConv(MessageContext msgContext) throws Exception {
+ //Parse the Conversation configuration
+ ConversationConfiguration config = ConversationConfiguration.load(msgContext, true);
+ if(config != null)
+ msgContext.setEnvelope((SOAPEnvelope) config.getDocument()
+ .getDocumentElement());
+
+ if(!config.getMsgCtx().isServerSide()) {
+ if(config.getContextIdentifier() == null && !config.getMsgCtx().isServerSide()) {
+
+ String sts = config.getStsEPRAddress();
+ if(sts != null) {
+ //Use a security token service
+ Axis2Util.useDOOM(false);
+ STSRequester.issueRequest(config);
+ Axis2Util.useDOOM(true);
+ } else {
+ //Create an an SCT, include it in an RSTR
+ // and add the RSTR to the header
+ this.createRSTR(config);
+ }
+
+ }
+ }
+ this.constructMessage(config);
+ }
+
+ /**
+ * This will carryout the WS-Security related operations.
+ *
+ * @param msgContext
+ * @param useDoom
+ * @throws WSSecurityException
+ * @throws AxisFault
+ */
+ private void processBasic(MessageContext msgContext, boolean useDoom,
+ RequestData reqData) throws WSSecurityException, AxisFault {
+ boolean doDebug = log.isDebugEnabled();
+
+ try {
+ HandlerParameterDecoder.processParameters(msgContext,false);
+ } catch (Exception e) {
+ throw new AxisFault("Configureation error", e);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: enter invoke()");
+ }
+
+ /*
+ * Copy the RECV_RESULTS over to the current message context
+ * - IF available
+ */
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+
+
+
+ reqData.setNoSerialization(false);
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext, WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ /*
+ * For every action we need a username, so get this now. The
+ * username defined in the deployment descriptor takes precedence.
+ */
+ reqData.setUsername((String) getOption(WSHandlerConstants.USER));
+ if (reqData.getUsername() == null || reqData.getUsername().length() == 0) {
+ String username = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.USER);
+ if (username != null) {
+ reqData.setUsername(username);
+ }
+ }
+
+ /*
+ * Now we perform some set-up for UsernameToken and Signature
+ * functions. No need to do it for encryption only. Check if
+ * username is available and then get a passowrd.
+ */
+ if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0) {
+ /*
+ * We need a username - if none throw an AxisFault. For
+ * encryption there is a specific parameter to get a username.
+ */
+ if (reqData.getUsername() == null
+ || reqData.getUsername().length() == 0) {
+ throw new AxisFault(
+ "WSDoAllSender: Empty username for specified action");
+ }
+ }
+
+ /*
+ * Now get the SOAPEvelope from the message context and convert it
+ * into a Document
+ *
+ * Now we can perform our security operations on this request.
+ */
+
+
+ Document doc = null;
+ /*
+ * If the message context property conatins a document then this is
+ * a chained handler.
+ */
+ if ((doc = (Document) ((MessageContext)reqData.getMsgContext())
+ .getProperty(WSHandlerConstants.SND_SECURITY)) == null) {
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext.getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault("WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+ }
+
+
+ doSenderAction(doAction, doc, reqData, actions, !msgContext.isServerSide());
+
+ /*
+ * If noSerialization is false, this handler shall be the last (or
+ * only) one in a handler chain. If noSerialization is true, just
+ * set the processed Document in the transfer property. The next
+ * Axis WSS4J handler takes it and performs additional security
+ * processing steps.
+ *
+ */
+ if (reqData.isNoSerialization()) {
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+ doc);
+ } else {
+ if(useDoom) {
+ msgContext.setEnvelope((SOAPEnvelope)doc.getDocumentElement());
+ } else {
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+ }
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY, null);
+ }
+
+
+ /**
+ * If the optimizeParts parts are set then optimize them
+ */
+ String optimizeParts;
+
+ if((optimizeParts = (String) getOption(WSSHandlerConstants.OPTIMIZE_PARTS)) == null) {
+ optimizeParts = (String)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+ if(optimizeParts != null) {
+ // Optimize the Envelope
+ MessageOptimizer.optimize(msgContext.getEnvelope(),optimizeParts);
+ }
+
+ //Enable handler repetition
+ Integer repeat;
+ int repeatCount;
+ if ((repeat = (Integer)getOption(WSSHandlerConstants.SENDER_REPEAT_COUNT)) == null) {
+ repeat = (Integer)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.SENDER_REPEAT_COUNT);
+ }
+
+ repeatCount = repeat.intValue();
+
+ //Get the current repetition from message context
+ int repetition = this.getCurrentRepetition(msgContext);
+
+ if(repeatCount > 0 && repetition < repeatCount) {
+
+ reqData.clear();
+ reqData = null;
+
+ // Increment the repetition to indicate the next repetition
+ // of the same handler
+ repetition++;
+ msgContext.setProperty(WSSHandlerConstants.CURRENT_REPETITON,
+ new Integer(repetition));
+
+ this.invoke(msgContext);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: exit invoke()");
+ }
+ }
+
+
+ /**
+ * Create the self created <code>wsc:SecurityContextToken</code> and
+ * add it to a <code>wst:RequestSecurityTokenResponse</code>.
+ *
+ * This is called in the case where the security context establishment
+ * is done by one of the parties with out the use of an STS
+ * and the creted SCT is sent across to the other party in an unsolicited
+ * <code>wst:RequestSecurityTokenResponse</code>
+ *
+ * @param config
+ * @throws Exception
+ */
+ private void createRSTR(ConversationConfiguration config) throws Exception {
+
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto = org.apache.rampart.conversation.Util.getCryptoInstace(config);
+ String encryptionUser = config.getEncryptionUser();
+ if(encryptionUser == null) {
+ throw new RampartException("missingEncryptionUser");
+ }
+ X509Certificate cert = crypto.getCertificates(encryptionUser)[0];
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(cert);
+ encrKeyBuilder.prepare(config.getDocument(), crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { cert.getSubjectDN().getName()}, e);
+ }
+
+ SecurityContextToken sct = new SecurityContextToken(config.getDocument());
+ Util.resgisterContext(sct.getIdentifier(), config);
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + 300000);
+
+ Token token = new Token(sct.getIdentifier(), (OMElement)sct.getElement(), creationTime, expirationTime);
+ token.setSecret(encrKeyBuilder.getEphemeralKey());
+
+ config.getTokenStore().add(token);
+
+ SOAPEnvelope env = config.getMsgCtx().getEnvelope();
+
+ SOAPHeader header = env.getHeader();
+ if(header == null) {
+ header = ((SOAPFactory)env.getOMFactory()).createSOAPHeader(env);
+ }
+
+ OMElement rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(config.getWstVersion(), header);
+
+ OMElement rstElem = TrustUtil.createRequestedSecurityTokenElement(config.getWstVersion(), rstrElem);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(config.getWstVersion(), rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ rstElem.addChild((OMElement)sct.getElement());
+
+ TrustUtil.createRequestedAttachedRef(config.getWstVersion(), rstrElem,
+ "#" + sct.getID(), WSSHandlerConstants.TOK_TYPE_SCT);
+
+ TrustUtil
+ .createRequestedUnattachedRef(config.getWstVersion(), rstrElem,
+ sct.getIdentifier(), WSSHandlerConstants.TOK_TYPE_SCT);
+
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+
+ OMElement reqProofTok = TrustUtil.createRequestedProofTokenElement(
+ config.getWstVersion(), rstrElem);
+
+ if(bstElem != null) {
+ reqProofTok.addChild((OMElement)bstElem);
+ }
+
+ reqProofTok.addChild((OMElement)encryptedKeyElem);
+
+ }
+
+ private void constructMessage(ConversationConfiguration config) throws Exception {
+
+ Document doc = config.getDocument();
+
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Token tempToken = config.getTokenStore().getToken(
+ config.getContextIdentifier());
+ byte[] tempSecret = tempToken.getSecret();
+
+ SecurityContextToken sct = new SecurityContextToken((Element) doc
+ .importNode((Element) tempToken.getToken(), true));
+
+ // Derived key encryption
+ WSSecDKEncrypt encrBuilder = new WSSecDKEncrypt();
+ encrBuilder.setSymmetricEncAlgorithm(WSConstants.AES_128);
+ OMElement attachedReference = tempToken.getAttachedReference();
+ if(attachedReference != null) {
+ encrBuilder.setExternalKey(tempSecret, (Element) doc.importNode(
+ (Element) attachedReference, true));
+ } else {
+ String tokenId = sct.getID();
+ encrBuilder.setExternalKey(tempSecret, tokenId);
+ }
+ encrBuilder.build(doc, secHeader);
+
+ WSSecurityUtil.prependChildElement(doc, secHeader.getSecurityHeader(),
+ sct.getElement(), false);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
new file mode 100644
index 0000000..b03cc00
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+/**
+ * Constants specific to the Axis2 security module
+ */
+public class WSSHandlerConstants {
+
+ private WSSHandlerConstants() {
+ }
+
+ /**
+ * Name of the .mar file
+ */
+ public final static String SECURITY_MODULE_NAME = "rampart";
+
+ /**
+ * Inflow security parameter
+ */
+ public static final String INFLOW_SECURITY = "InflowSecurity";
+
+ public static final String INFLOW_SECURITY_SERVER = "InflowSecurity-server";
+ public static final String INFLOW_SECURITY_CLIENT = "InflowSecurity-client";
+
+ /**
+ * Outflow security parameter
+ */
+ public static final String OUTFLOW_SECURITY = "OutflowSecurity";
+
+ public static final String OUTFLOW_SECURITY_SERVER = "OutflowSecurity-server";
+ public static final String OUTFLOW_SECURITY_CLIENT = "OutflowSecurity-client";
+
+
+ /**
+ * Inflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_INFLOW_SECURITY = "STSInflowSecurity";
+
+ /**
+ * Outflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_OUTFLOW_SECURITY = "STSOutflowSecurity";
+
+
+ public static final String ACTION = "action";
+
+ public static final String ACTION_ITEMS = "items";
+
+
+ /**
+ * Repetition count
+ */
+ public static final String SENDER_REPEAT_COUNT = "senderRepeatCount";
+
+ /**
+ * The current repetition
+ */
+ public static final String CURRENT_REPETITON = "currentRepetition";
+
+ /**
+ * This is used to indicate the XPath expression used to indicate the
+ * Elements whose first child (must be a text node) is to be optimized
+ */
+ public static final String OPTIMIZE_PARTS = "optimizeParts";
+
+ public static final String PRESERVE_ORIGINAL_ENV = "preserveOriginalEnvelope";
+
+
+ /*
+ * These are useful in configuring using the OutflowConfiguration
+ * and InflowConfiguration
+ * The set of possible key identifiers
+ */
+
+ public static final String BST_DIRECT_REFERENCE = "DirectReference";
+
+ public static final String ISSUER_SERIAL = "IssuerSerial";
+
+ public static final String X509_KEY_IDENTIFIER = "X509KeyIdentifier";
+
+ public static final String SKI_KEY_IDENTIFIER = "SKIKeyIdentifier";
+
+ public static final String EMBEDDED_KEYNAME = "EmbeddedKeyName";
+
+ public static final String THUMBPRINT_IDENTIFIER = "Thumbprint";
+
+
+ public final static String SIGN_ALL_HEADERS = "signAllHeaders";
+ public final static String SIGN_BODY = "signBody";
+ public final static String ENCRYPT_BODY = "encryptBody";
+
+ /**
+ * Key to be used to set a flag in msg ctx to enable/disable using doom
+ */
+ public final static String USE_DOOM = "useDoom";
+
+
+ ///
+ /// WS-SecureConversation constants
+ ///
+
+
+ /**
+ * Key to hod the map of security context identifiers against the
+ * service epr addresses (service scope) or wsa:Action values (operation
+ * scope).
+ */
+ public final static String CONTEXT_MAP_KEY = "contextMap";
+
+ /**
+ * The <code>java.util.Properties</code> object holding the properties
+ * of a <code>org.apache.ws.security.components.crypto.Crypto</code> impl.
+ *
+ * This should ONLY be used when the CRYPTO_CLASS_KEY is specified.
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ */
+ public final static String CRYPTO_PROPERTIES_KEY = "cryptoPropertiesRef";
+
+ /**
+ * The class that implements
+ * <code>org.apache.ws.security.components.crypto.Crypto</code>.
+ */
+ public final static String CRYPTO_CLASS_KEY = "cryptoClass";
+
+ //TODO: Get these constants from the WS-Trust impl's constants
+ public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
+ public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
+ public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
+
+ public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+
+ public final static String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE_LN = "RequestSecurityTokenResponse";
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
new file mode 100644
index 0000000..61d8df5
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the inflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class InflowConfiguration {
+
+ private HashMap action = new HashMap();
+
+ /**
+ * Returns the configuration as an OMElement.
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+ if (! action.containsKey("items")) {
+ return null;
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.INFLOW_SECURITY));
+
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.INFLOW_SECURITY);
+
+ return param;
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String)this.action.get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the action items.
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.action.put(WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the decryption property file.
+ * @return Returns String.
+ */
+ public String getDecryptionPropFile() {
+ return (String)this.action.get(WSHandlerConstants.DEC_PROP_FILE);
+ }
+
+ /**
+ * Sets the decryption property file.
+ * @param decryptionPropFile
+ */
+ public void setDecryptionPropFile(String decryptionPropFile) {
+ this.action.put(WSHandlerConstants.DEC_PROP_FILE,decryptionPropFile);
+ }
+
+ /**
+ * Sets the decryption property ref key.
+ * @param decryptionPropRefKey
+ */
+ public void setDecryptionPropRefKey(String decryptionPropRefKey) {
+ this.action.put(WSHandlerConstants.DEC_PROP_REF_ID,decryptionPropRefKey);
+ }
+
+ /**
+ * Returns the password callback class name.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String)this.action.get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the password callback class name.
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.action.put(WSHandlerConstants.PW_CALLBACK_CLASS,passwordCallbackClass);
+ }
+
+ /**
+ * Returns the signature property file.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String)this.action.get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signature property file.
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.action.put(WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key.
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.action.put(WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.action.put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.action
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
new file mode 100644
index 0000000..0fe5212
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
@@ -0,0 +1,600 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the outflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class OutflowConfiguration {
+
+ private HashMap[] actionList;
+
+ private int currentAction = 0;
+
+ /**
+ * Creates a default outflow configuration instance with an action.
+ */
+ public OutflowConfiguration() {
+ this.actionList = new HashMap[1];
+ this.actionList[0] = new HashMap();
+ }
+
+ /**
+ * Creates a new outflow configuration instance with the given number of
+ * actions.
+ *
+ * @param actionCount
+ */
+ public OutflowConfiguration(int actionCount) {
+ this.actionList = new HashMap[actionCount];
+ for (int i = 0; i < actionCount; i++) {
+ this.actionList[i] = new HashMap();
+ }
+ }
+
+ /**
+ * Returns the configuration as an Parameter
+ *
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+
+ for (int i = 0; i < actionList.length; i++) {
+ HashMap action = actionList[i];
+
+ if (! action.keySet().contains("items")) {
+ return null;
+ }
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.OUTFLOW_SECURITY));
+
+
+ for (int i = 0; i < this.actionList.length; i++) {
+ // Create the action element
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the current action
+ HashMap action = this.actionList[i];
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+ }
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.OUTFLOW_SECURITY);
+ return param;
+ }
+
+ /**
+ * Moves to the next action. If this is called when the current action is the
+ * last action then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void nextAction() {
+ if (currentAction < this.actionList.length - 1) {
+ this.currentAction++;
+ }
+ }
+
+ /**
+ * Moves to previous action. If this is called when the current action is the
+ * first option then then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void previousAction() {
+ if (this.currentAction > 0) {
+ this.currentAction--;
+ }
+ }
+
+ /**
+ * Sets the action items.
+ *
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the user of the current action.
+ *
+ * @param user
+ */
+ public void setUser(String user) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.USER, user);
+ }
+
+ /**
+ * Returns the user of the current action.
+ * @return Returns String.
+ */
+ public String getUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.USER);
+ }
+
+ /**
+ * Sets the name of the password callback class of the current action.
+ *
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PW_CALLBACK_CLASS, passwordCallbackClass);
+ }
+
+ /**
+ * Returns the name of the password callback class of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the signature property file of the current action.
+ *
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key of the current action.
+ *
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Returns the signature property file of the current action.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signatue key identifier of the current action.
+ *
+ * @param signatureKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setSignatureKeyIdentifier(String signatureKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_KEY_ID,
+ signatureKeyIdentifier);
+ }
+
+ /**
+ * Returns the signatue key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_KEY_ID);
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgo) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_ALGO,
+ signatureAlgo);
+ }
+
+ public String getSignatureAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_ALGO);
+ }
+
+ /**
+ * Sets the encrypted key identifier of the current action.
+ * <br/>
+ * @param encryptionKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>EmbeddedKeyName - {@link WSSHandlerConstants#EMBEDDED_KEYNAME}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setEncryptionKeyIdentifier(String encryptionKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.ENC_KEY_ID,
+ encryptionKeyIdentifier);
+ }
+
+ /**
+ * Returns the encrypted key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_ID);
+ }
+
+ /**
+ * Sets the encryption user of the current action.
+ *
+ * @param encryptionUser
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_USER, encryptionUser);
+ }
+
+ /**
+ * Returns the encryption user of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_USER);
+ }
+
+ /**
+ * Sets the signature parts of the current action.
+ *
+ * @param signatureParts
+ */
+ public void setSignatureParts(String signatureParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIGNATURE_PARTS, signatureParts);
+ }
+
+ /**
+ * Returns the signature parts of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIGNATURE_PARTS);
+ }
+
+ /**
+ * Sets the encryption parts of the current action.
+ *
+ * @param encryptionParts
+ */
+ public void setEncryptionParts(String encryptionParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_PARTS, encryptionParts);
+ }
+
+ /**
+ * Returns the encryption parts of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_PARTS);
+ }
+
+ /**
+ * Sets the password type of the current action
+ *
+ * @param passwordType
+ */
+ public void setPasswordType(String passwordType) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PASSWORD_TYPE, passwordType);
+ }
+
+ /**
+ * Returns the password type of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordType() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PASSWORD_TYPE);
+ }
+
+ /**
+ * Sets the encryption symmetric algorithm of the current action
+ *
+ * @param encryptionSymAlgorithm
+ */
+ public void setEncryptionSymAlgorithm(String encryptionSymAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_SYM_ALGO, encryptionSymAlgorithm);
+ }
+
+ /**
+ * Returns the encryption symmetric algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionSymAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_SYM_ALGO);
+ }
+
+ /**
+ * Sets the encryption key transport algorithm of the current action
+ *
+ * @param encryptionKeyTransportAlgorithm
+ */
+ public void setEncryptionKeyTransportAlgorithm(
+ String encryptionKeyTransportAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_TRANSPORT,
+ encryptionKeyTransportAlgorithm);
+ }
+
+ /**
+ * Returns the encryption key transport algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyTransportAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_TRANSPORT);
+ }
+
+ /**
+ * Sets the embedded key callback class of the current action
+ *
+ * @param embeddedKeyCallbackClass
+ */
+ public void setEmbeddedKeyCallbackClass(String embeddedKeyCallbackClass) {
+ this.actionList[this.currentAction]
+ .put(WSHandlerConstants.ENC_CALLBACK_CLASS,
+ embeddedKeyCallbackClass);
+ }
+
+ /**
+ * Returns the embedded key callback class of the current action.
+ *
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the XPath expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @param optimizePartsXPathExpr
+ */
+ public void setOptimizeParts(String optimizePartsXPathExpr) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.OPTIMIZE_PARTS, optimizePartsXPathExpr);
+ }
+
+ /**
+ * Returns the Path expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @return Returns String.
+ */
+ public String getOptimizeParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+
+ /**
+ * Sets the SAML property file of the current action.
+ * @param samlPropFile
+ */
+ public void setSamlPropFile(String samlPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SAML_PROP_FILE, samlPropFile);
+ }
+
+ /**
+ * Returns the SAML property file of the current action.
+ * @return Returns String.
+ */
+ public String getSamlPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SAML_PROP_FILE);
+ }
+
+ /**
+ * Sets the encryption property file.
+ * @param encPropFile
+ */
+ public void setEncryptionPropFile(String encPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_FILE, encPropFile);
+ }
+
+ /**
+ * Sets the encryption property ref key of the current action.
+ *
+ * @param encryptionPropRefId
+ */
+ public void setEncryptionPropRefId(String encryptionPropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_REF_ID, encryptionPropRefId);
+ }
+
+ /**
+ * Returns the encryption property file.
+ * @return Returns String.
+ */
+ public String getEncryptionPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_PROP_FILE);
+ }
+
+ /**
+ * Enable/Disable PrecisionInMilliseconds
+ * @param value
+ */
+ public void setPrecisionInMilliseconds(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.TIMESTAMP_PRECISION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether PrecisionInMilliseconds is enabled or not
+ * @return Returns String.
+ */
+ public String getPrecisionInMilliseconds() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.TIMESTAMP_PRECISION);
+ }
+
+ /**
+ * Option to add additional elements in the username token element.
+ * Example: Nonce and Create elements
+ * @param addUTElements
+ */
+ public void setAddUTElements(String addUTElements) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ADD_UT_ELEMENTS, addUTElements);
+ }
+
+ /**
+ * Returns the additional elements to be added to the username token element.
+ */
+ public String getAddUTElements() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ADD_UT_ELEMENTS);
+ }
+
+ /**
+ * Sets the text of the key name that needs to be sent.
+ * @param embeddedKeyName
+ */
+ public void setEmbeddedKeyName(String embeddedKeyName) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_NAME, embeddedKeyName);
+ }
+
+ /**
+ * Returns the text of the key name that needs to be sent.
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyName() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_NAME);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not
+ * @param value
+ */
+ public void setPreserveOriginalEnvelope(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.PRESERVE_ORIGINAL_ENV, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getPreserveOriginalEnvelope() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
+ }
+
+
+ public void setSignAllHeadersAndBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_ALL_HEADERS, "true");
+ this.setSignBody();
+ }
+
+ public void setSignBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_BODY, "true");
+ }
+
+ public void setEncryptBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.ENCRYPT_BODY, "true");
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
new file mode 100755
index 0000000..2efb731
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -0,0 +1,323 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.EncryptionToken;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.SignatureToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+import org.apache.ws.secpolicy.model.TokenWrapper;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class RampartPolicyBuilder {
+
+ private static Log log = LogFactory.getLog(RampartPolicyBuilder.class);
+
+ /**
+ * Compile the parsed security data into one Policy data block.
+ *
+ * This methods loops over all top level Policy Engine data elements,
+ * extracts the parsed parameters and sets them into a single data block.
+ * During this processing the method prepares the parameters in a format
+ * that is ready for processing by the WSS4J functions.
+ *
+ * <p/>
+ *
+ * The WSS4J policy enabled handler takes this data block to control the
+ * setup of the security header.
+ *
+ * @param topLevelAssertions
+ * The iterator of the top level policy assertions
+ * @return The compile Poilcy data block.
+ * @throws WSSPolicyException
+ */
+ public static RampartPolicyData build(List topLevelAssertions)
+ throws WSSPolicyException {
+
+ RampartPolicyData rpd = new RampartPolicyData();
+
+ for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if (assertion instanceof Binding) {
+ if (assertion instanceof SymmetricBinding) {
+ processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
+ } else if(assertion instanceof AsymmetricBinding) {
+ processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd);
+ } else {
+ processTransportBinding((TransportBinding) assertion, rpd);
+ }
+
+ /*
+ * Don't change the order of Wss11 / Wss10 instance checks
+ * because Wss11 extends Wss10 - thus first check Wss11.
+ */
+ } else if (assertion instanceof Wss11) {
+ processWSS11((Wss11) assertion, rpd);
+ } else if (assertion instanceof Wss10) {
+ processWSS10((Wss10) assertion, rpd);
+ } else if (assertion instanceof SignedEncryptedElements) {
+ processSignedEncryptedElements((SignedEncryptedElements) assertion,
+ rpd);
+ } else if (assertion instanceof SignedEncryptedParts) {
+ processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd);
+ } else if (assertion instanceof SupportingToken) {
+ processSupportingTokens((SupportingToken) assertion, rpd);
+ } else if (assertion instanceof Trust10) {
+ processTrust10((Trust10)assertion, rpd);
+ } else if (assertion instanceof RampartConfig) {
+ processRampartConfig((RampartConfig)assertion, rpd);
+ } else if (assertion instanceof MTOMAssertion){
+ processMTOMSerialization((MTOMAssertion)assertion, rpd);
+ } else {
+ log.debug("Unknown top level PED found: "
+ + assertion.getClass().getName());
+ }
+ }
+
+ return rpd;
+ }
+
+
+
+ /**
+ * @param binding
+ * @param rpd
+ */
+ private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
+ binding(binding, rpd);
+ rpd.setTransportBinding(true);
+ }
+
+ /**
+ * Add TRust10 assertion info into rampart policy data
+ * @param trust10
+ * @param rpd
+ */
+ private static void processTrust10(Trust10 trust10, RampartPolicyData rpd) {
+ rpd.setTrust10(trust10);
+ }
+
+ /**
+ * Add the rampart configuration information into rampart policy data.
+ * @param config
+ * @param rpd
+ */
+ private static void processRampartConfig(RampartConfig config, RampartPolicyData rpd) {
+ rpd.setRampartConfig(config);
+ }
+
+ /**
+ * Evaluate the symmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processSymmetricPolicyBinding(
+ SymmetricBinding symmBinding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(true);
+ binding(symmBinding, rpd);
+ symmAsymmBinding(symmBinding, rpd);
+ symmetricBinding(symmBinding, rpd);
+ }
+
+ private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) {
+ rpd.setWss10(wss10);
+ }
+
+ /**
+ * Evaluate the asymmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processAsymmetricPolicyBinding(
+ AsymmetricBinding binding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(false);
+ binding(binding, rpd);
+ symmAsymmBinding(binding, rpd);
+ asymmetricBinding(binding, rpd);
+ }
+
+ private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
+ rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation());
+ rpd.setWss11(wss11);
+ }
+
+ /**
+ * Populate elements to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the elements (XPath)
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedElements(
+ SignedEncryptedElements see, RampartPolicyData rpd) {
+ Iterator it = see.getXPathExpressions().iterator();
+ if (see.isSignedElemets()) {
+ while (it.hasNext()) {
+ rpd.setSignedElements((String) it.next());
+ }
+ } else {
+ while (it.hasNext()) {
+ rpd.setEncryptedElements((String) it.next());
+ }
+ }
+ }
+
+ /**
+ * Populate parts to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the parts
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedParts(SignedEncryptedParts sep,
+ RampartPolicyData rpd) {
+ Iterator it = sep.getHeaders().iterator();
+ if (sep.isSignedParts()) {
+ rpd.setSignBody(sep.isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.addSignedPart(header.getNamespace(), header.getName());
+ }
+ } else {
+ rpd.setEncryptBody(sep.isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.setEncryptedParts(header.getNamespace(), header.getName());
+ }
+ }
+ }
+
+ /**
+ * Evaluate policy data that is common to all bindings.
+ *
+ * @param binding
+ * The common binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void binding(Binding binding, RampartPolicyData rpd) {
+ rpd.setLayout(binding.getLayout().getValue());
+ rpd.setIncludeTimestamp(binding.isIncludeTimestamp());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is common to symmetric and asymmetric bindings.
+ *
+ * @param binding
+ * The symmetric/asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmAsymmBinding(
+ SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) {
+ rpd.setEntireHeadersAndBodySignatures(binding
+ .isEntireHeadersAndBodySignatures());
+ rpd.setProtectionOrder(binding.getProtectionOrder());
+ rpd.setSignatureProtection(binding.isSignatureProtection());
+ rpd.setTokenProtection(binding.isTokenProtection());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is specific to symmetric binding.
+ *
+ * @param binding
+ * The symmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmetricBinding(SymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ Assertion token = binding.getProtectionToken();
+
+ if (token != null) {
+ rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());
+ } else {
+ token = binding.getEncryptionToken();
+ Assertion token1 = binding.getSignatureToken();
+ if (token == null && token1 == null) {
+ // this is an error - throw something
+ }
+ rpd.setEncryptionToken(
+ ((EncryptionToken) token).getEncryptionToken());
+ rpd.setSignatureToken(((SignatureToken) token).getSignatureToken());
+ }
+ }
+
+ /**
+ * Evaluate policy data that is specific to asymmetric binding.
+ *
+ * @param binding
+ * The asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void asymmetricBinding(AsymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ TokenWrapper tokWrapper = binding.getRecipientToken();
+ TokenWrapper tokWrapper1 = binding.getInitiatorToken();
+ if (tokWrapper == null && tokWrapper1 == null) {
+ // this is an error - throw something
+ }
+ rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken());
+ rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken());
+ }
+
+ private static void processSupportingTokens(SupportingToken token,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ rpd.setSupportingTokens(token);
+ }
+
+
+ private static void processMTOMSerialization(MTOMAssertion mtomAssertion, RampartPolicyData rpd)
+ {
+ rpd.setMTOMAssertion(mtomAssertion);
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
new file mode 100755
index 0000000..63943f4
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -0,0 +1,670 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.neethi.Policy;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.security.WSEncryptionPart;
+
+import java.util.HashMap;
+import java.util.Vector;
+
+public class RampartPolicyData {
+
+ /*
+ * Global settings for overall security processing
+ */
+ private boolean symmetricBinding;
+
+ private boolean transportBinding;
+
+ private String layout;
+
+ private boolean includeTimestamp;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ private String protectionOrder;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean signatureConfirmation;
+
+ /*
+ * Message tokens for symmetrical binding
+ */
+ private Token encryptionToken;
+
+ private Token signatureToken;
+
+ /*
+ * Message tokens for asymmetrical binding
+ */
+ private Token recipientToken; // used to encrypt data to
+
+ // receipient
+
+ private Token initiatorToken; // used to sign data by
+
+ // initiator
+
+ /*
+ * Which parts or elements of the message to sign/encrypt with the messagen
+ * tokens. Parts or elements to sign/encrypt with supporting tokens are
+ * stored together with the tokens (see WSS4JPolicyToken).
+ */
+ private boolean signBody;
+
+ private boolean encryptBody;
+
+ private Vector signedParts = new Vector();
+
+ private Vector signedElements = new Vector();
+
+ private Vector encryptedParts = new Vector();
+
+ private Vector encryptedElements = new Vector();
+
+ /*
+ * Holds the supporting tokens elements
+ */
+ private SupportingToken supportingTokens;
+
+ private SupportingToken signedSupportingTokens;
+
+ private SupportingToken endorsingSupportingTokens;
+
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private RampartConfig rampartConfig;
+
+ private MTOMAssertion mtomAssertion;
+
+ private Trust10 trust10;
+
+ private HashMap supportingTokensIdMap;
+ private HashMap signedSupportingTokensIdMap;
+ private HashMap endorsingSupportingTokensIdMap;
+ private HashMap signedEndorsingSupportingTokensIdMap;
+
+ private Wss10 wss10;
+ private Wss11 wss11;
+
+ private Policy issuerPolicy;
+
+ /**
+ * @return Returns the symmetricBinding.
+ */
+ public boolean isSymmetricBinding() {
+ return symmetricBinding;
+ }
+
+ /**
+ * @param symmetricBinding
+ * The symmetricBinding to set.
+ */
+ public void setSymmetricBinding(boolean symmetricBinding) {
+ this.symmetricBinding = symmetricBinding;
+ }
+
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures
+ * The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp
+ * The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public String getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout
+ * The layout to set.
+ */
+ public void setLayout(String layout) {
+ this.layout = layout;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder
+ * The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ this.protectionOrder = protectionOrder;
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection
+ * The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection
+ * The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+ /**
+ * @return Returns the signatureConfirmation.
+ */
+ public boolean isSignatureConfirmation() {
+ return signatureConfirmation;
+ }
+
+ /**
+ * @param signatureConfirmation
+ * The signatureConfirmation to set.
+ */
+ public void setSignatureConfirmation(boolean signatureConfirmation) {
+ this.signatureConfirmation = signatureConfirmation;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public Vector getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encElement
+ * The encrypted Element (XPath) to set.
+ */
+ public void setEncryptedElements(String encElement) {
+
+ encryptedElements.add(encElement);
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public Vector getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void setEncryptedParts(String namespace, String element) {
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Element");
+ encryptedParts.add(wep);
+ }
+
+ /**
+ * @return Returns the encryptBody.
+ */
+ public boolean isEncryptBody() {
+ return encryptBody;
+ }
+
+ /**
+ * @param encryptBody
+ * The encryptBody to set.
+ */
+ public void setEncryptBody(boolean encryptBody) {
+ this.encryptBody = encryptBody;
+ }
+
+ /**
+ * @return Returns the signBody.
+ */
+ public boolean isSignBody() {
+ return signBody;
+ }
+
+ /**
+ * @param signBody
+ * The signBody to set.
+ */
+ public void setSignBody(boolean signBody) {
+ this.signBody = signBody;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public Vector getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param sigElement
+ * The signed Element (XPath) to set.
+ */
+ public void setSignedElements(String sigElement) {
+
+ signedElements.add(sigElement);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public Vector getSignedParts() {
+ return signedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void addSignedPart(String namespace, String element) {
+
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Content");
+ signedParts.add(wep);
+ }
+
+ public void addSignedPart(WSEncryptionPart part) {
+ signedParts.add(part);
+ }
+
+ public void setSignedParts(Vector signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ public void setSupportingTokens(SupportingToken suppTokens)
+ throws WSSPolicyException {
+
+ int tokenType = suppTokens.getTokenType();
+ if (tokenType == Constants.SUPPORTING_TOKEN_SUPPORTING) {
+ supportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED) {
+ signedSupportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_ENDORSING) {
+ endorsingSupportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING) {
+ signedEndorsingSupportingTokens = suppTokens;
+ }
+ }
+
+
+
+ /**
+ * @return Returns the rampartConfig.
+ */
+ public RampartConfig getRampartConfig() {
+ return rampartConfig;
+ }
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ this.extractIssuerPolicy(encryptionToken);
+ }
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public Token getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken The recipientToken to set.
+ */
+ public void setRecipientToken(Token recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public void setProtectionToken(Token protectionToken) {
+ this.setEncryptionToken(protectionToken);
+ this.setSignatureToken(protectionToken);
+ this.extractIssuerPolicy(protectionToken);
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ this.extractIssuerPolicy(signatureToken);
+ }
+
+ /**
+ * @return Returns the signedEndorsingSupportingToken.
+ */
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @param signedEndorsingSupportingTokens The signedEndorsingSupportingToken to set.
+ */
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the signedSupportingToken.
+ */
+ public SupportingToken getSignedSupportingTokens() {
+ return signedSupportingTokens;
+ }
+
+ /**
+ * @param signedSupportingTokens The signedSupportingToken to set.
+ */
+ public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) {
+ this.signedSupportingTokens = signedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the supportingToken.
+ */
+ public SupportingToken getSupportingTokens() {
+ return supportingTokens;
+ }
+
+ /**
+ * @param endorsingSupportingTokens The endorsingSupportingToken to set.
+ */
+ public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) {
+ this.endorsingSupportingTokens = endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the endorsingSupportingToken.
+ */
+ public SupportingToken getEndorsingSupportingTokens() {
+ return endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the trust10.
+ */
+ public Trust10 getTrust10() {
+ return trust10;
+ }
+
+ /**
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * @param rampartConfig The rampartConfig to set.
+ */
+ public void setRampartConfig(RampartConfig rampartConfig) {
+ this.rampartConfig = rampartConfig;
+ }
+
+ /**
+ * @return Returns the transportBinding.
+ */
+ public boolean isTransportBinding() {
+ return transportBinding;
+ }
+
+ /**
+ * @param transportBinding The transportBinding to set.
+ */
+ public void setTransportBinding(boolean transportBinding) {
+ this.transportBinding = transportBinding;
+ }
+
+
+ /**
+ * Add the given token and id to the map.
+ * @param token
+ * @param id
+ */
+ public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
+
+ HashMap tokenMap = null;
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap == null) {
+ this.supportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.supportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap == null) {
+ this.signedSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap == null) {
+ this.endorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.endorsingSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedEndorsingSupportingTokensIdMap;
+ break;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+
+ tokenMap.put(token, id);
+ }
+
+ public String getSupportingTokenID(Token token, int type)
+ throws RampartException {
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap != null) {
+ return (String)this.supportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap != null) {
+ return (String)this.signedSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap != null) {
+ return (String)this.endorsingSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ return null;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+ }
+
+ public Wss10 getWss10() {
+ return wss10;
+ }
+
+ public void setWss10(Wss10 wss10) {
+ this.wss10 = wss10;
+ }
+
+ public Wss11 getWss11() {
+ return wss11;
+ }
+
+ public void setWss11(Wss11 wss11) {
+ this.wss11 = wss11;
+ }
+
+ private void extractIssuerPolicy(Token token) {
+ if(token instanceof SecureConversationToken && this.issuerPolicy == null) {
+ this.issuerPolicy = ((SecureConversationToken)token).getBootstrapPolicy();
+ }
+ }
+
+ public Policy getIssuerPolicy() {
+ return issuerPolicy;
+ }
+
+ public void setMTOMAssertion(MTOMAssertion mtomAssertion){
+ this.mtomAssertion = mtomAssertion;
+ }
+
+ public MTOMAssertion getMTOMAssertion(){
+ return mtomAssertion;
+ }
+
+ public boolean isMTOMSerialize(){
+ if(mtomAssertion == null){
+ return false;
+ }
+ else if(mtomAssertion.isOptional()==false){
+ return true;
+ }
+ else
+ return false;
+ }
+
+ public String getOptimizeParts(){
+ return rampartConfig.getOptimizeParts();
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
new file mode 100644
index 0000000..dc70b03
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+public class CryptoConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ CryptoConfig cryptoCofig = new CryptoConfig();
+
+ OMAttribute attribute = element.getAttribute(new QName(CryptoConfig.PROVIDER_ATTR));
+ cryptoCofig.setProvider(attribute.getAttributeValue().trim());
+
+ Properties properties = new Properties();
+
+ OMElement childElement;
+ OMAttribute name;
+ String value;
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ /*
+ * In this senario we could have used
+ * element.getChildrenWithQName(USER); Unfortunately we can't do
+ * that due to a bug in this method. TODO Need to get it fixed
+ */
+
+ childElement = (OMElement) iterator.next();
+
+ QName prop = new QName(RampartConfig.NS, CryptoConfig.PROPERTY_LN);
+
+ if (prop.equals(childElement.getQName())) {
+ name = childElement.getAttribute(new QName(CryptoConfig.PROPERTY_NAME_ATTR));
+ value = childElement.getText();
+
+ properties.put(name.getAttributeValue(), value.trim());
+ }
+
+ }
+
+ cryptoCofig.setProp(properties);
+ return cryptoCofig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, CryptoConfig.CRYPTO_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
new file mode 100644
index 0000000..ec4601d
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+import javax.xml.namespace.QName;
+
+public class RampartConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ RampartConfig rampartConfig = new RampartConfig();
+
+ OMElement childElement;
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.USER_LN));
+ if (childElement != null) {
+ rampartConfig.setUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.ENCRYPTION_USER_LN));
+ if (childElement != null) {
+ rampartConfig.setEncryptionUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.PW_CB_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setPwCbClass(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.SIG_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setSigCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_TTL_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampTTL(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_MAX_SKEW_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampMaxSkew(childElement.getText().trim());
+ }
+
+ return rampartConfig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, RampartConfig.RAMPART_CONFIG_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
new file mode 100644
index 0000000..69e7361
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+/**
+ * Policy model bean to capture crypto information.
+ *
+ * Example:
+<pre>
+<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+</ramp:crypto>
+</pre>
+ */
+public class CryptoConfig implements Assertion {
+
+ public final static String CRYPTO_LN = "crypto";
+ public final static String PROVIDER_ATTR = "provider";
+ public final static String PROPERTY_LN = "property";
+ public final static String PROPERTY_NAME_ATTR = "name";
+
+ private String provider;
+ private Properties prop;
+
+ public Properties getProp() {
+ return prop;
+ }
+ public void setProp(Properties prop) {
+ this.prop = prop;
+ }
+ public String getProvider() {
+ return provider;
+ }
+ public void setProvider(String provider) {
+ this.provider = provider;
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, CRYPTO_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ writer.writeStartElement(prefix, CRYPTO_LN, RampartConfig.NS);
+
+ if (getProvider() != null) {
+ writer.writeAttribute(PROVIDER_ATTR, getProvider());
+ }
+
+ String key;
+ String value;
+
+ for (Iterator iterator = prop.keySet().iterator(); iterator.hasNext();) {
+ key = (String) iterator.next();
+ value = prop.getProperty(key);
+ writer.writeStartElement(RampartConfig.NS, PROPERTY_LN);
+
+ writer.writeAttribute("name", key);
+
+ writer.writeCharacters(value);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
new file mode 100644
index 0000000..448db4f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -0,0 +1,315 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Rampart policy model bean to capture Rampart configuration assertion info.
+ *
+ * Example:
+ *
+ * <pre>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ * <ramp:user>alice</ramp:user>
+ * <ramp:encryptionUser>bob</ramp:encryptionUser>
+ * <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+ * <ramp:timestampTTL>300</ramp:timestampTTL>
+ * <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
+ * <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
+ *
+ * <ramp:signatureCrypto>
+ * <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ * <ramp:property name="keystoreType">JKS</ramp:property>
+ * <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ * <ramp:property name="keystorePassword">password</ramp:property>
+ * </ramp:crypto>
+ * </ramp:signatureCrypto>
+ *
+ * <ramp:tokenIssuerPolicy>
+ * <wsp:Policy>
+ * ....
+ * ....
+ * </wsp:Policy>
+ * </ramp:tokenIssuerPolicy>
+ * </ramp:RampartConfig>
+ *
+ * </pre>
+ *
+ */
+public class RampartConfig implements Assertion {
+
+ public static final int DEFAULT_TIMESTAMP_TTL = 300;
+
+ public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 0;
+
+ public final static String NS = "http://ws.apache.org/rampart/policy";
+
+ public final static String PREFIX = "rampart";
+
+ public final static String RAMPART_CONFIG_LN = "RampartConfig";
+
+ public final static String USER_LN = "user";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public final static String PW_CB_CLASS_LN = "passwordCallbackClass";
+
+ public final static String SIG_CRYPTO_LN = "signatureCrypto";
+
+ public final static String ENCR_CRYPTO_LN = "encryptionCypto";
+
+ public final static String DEC_CRYPTO_LN = "decryptionCrypto";
+
+ public final static String TS_TTL_LN = "timestampTTL";
+
+ public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
+
+ public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+
+ public final static String OPTIMISE_PARTS_LN = "OptimizeParts";
+
+ private String user;
+
+ private String encryptionUser;
+
+ private String pwCbClass;
+
+ private CryptoConfig sigCryptoConfig;
+
+ private CryptoConfig encrCryptoConfig;
+
+ private CryptoConfig decCryptoConfig;
+
+ private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL);
+
+ private String timestampMaxSkew = Integer.toString(DEFAULT_TIMESTAMP_MAX_SKEW);
+
+ private String optimizeParts;
+
+ private String tokenStoreClass;
+
+ /**
+ * @return Returns the tokenStoreClass.
+ */
+ public String getTokenStoreClass() {
+ return tokenStoreClass;
+ }
+
+ /**
+ * @param tokenStoreClass
+ * The tokenStoreClass to set.
+ */
+ public void setTokenStoreClass(String tokenStoreClass) {
+ this.tokenStoreClass = tokenStoreClass;
+ }
+
+ public CryptoConfig getDecCryptoConfig() {
+ return decCryptoConfig;
+ }
+
+ public void setDecCryptoConfig(CryptoConfig decCrypto) {
+ this.decCryptoConfig = decCrypto;
+ }
+
+ public CryptoConfig getEncrCryptoConfig() {
+ return encrCryptoConfig;
+ }
+
+ public void setEncrCryptoConfig(CryptoConfig encrCrypto) {
+ this.encrCryptoConfig = encrCrypto;
+ }
+
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ public String getPwCbClass() {
+ return pwCbClass;
+ }
+
+ public void setPwCbClass(String pwCbClass) {
+ this.pwCbClass = pwCbClass;
+ }
+
+ public CryptoConfig getSigCryptoConfig() {
+ return sigCryptoConfig;
+ }
+
+ public void setSigCryptoConfig(CryptoConfig sigCryptoConfig) {
+ this.sigCryptoConfig = sigCryptoConfig;
+ }
+
+ public String getUser() {
+ return user;
+ }
+
+ public void setUser(String user) {
+ this.user = user;
+ }
+
+ public QName getName() {
+ return new QName(NS, RAMPART_CONFIG_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(NS);
+
+ if (prefix == null) {
+ prefix = PREFIX;
+ writer.setPrefix(PREFIX, NS);
+ }
+
+ writer.writeStartElement(PREFIX, RAMPART_CONFIG_LN, NS);
+ writer.writeNamespace(prefix, NS);
+
+ if (getUser() != null) {
+ writer.writeStartElement(NS, USER_LN);
+ writer.writeCharacters(getUser());
+ writer.writeEndElement();
+ }
+
+ if (getEncryptionUser() != null) {
+ writer.writeStartElement(NS, ENCRYPTION_USER_LN);
+ writer.writeCharacters(getEncryptionUser());
+ writer.writeEndElement();
+ }
+
+ if (getPwCbClass() != null) {
+ writer.writeStartElement(NS, PW_CB_CLASS_LN);
+ writer.writeCharacters(getPwCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampTTL() != null) {
+ writer.writeStartElement(NS, TS_TTL_LN);
+ writer.writeCharacters(getTimestampTTL());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampMaxSkew() != null) {
+ writer.writeStartElement(NS, TS_MAX_SKEW_LN);
+ writer.writeCharacters(getTimestampMaxSkew());
+ writer.writeEndElement();
+ }
+
+ if (getTokenStoreClass() != null) {
+ writer.writeStartElement(NS, TOKEN_STORE_CLASS_LN);
+ writer.writeCharacters(getTokenStoreClass());
+ writer.writeEndElement();
+ }
+
+ if (encrCryptoConfig != null) {
+ writer.writeStartElement(NS, ENCR_CRYPTO_LN);
+ encrCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+
+ }
+
+ if (decCryptoConfig != null) {
+ writer.writeStartElement(NS, DEC_CRYPTO_LN);
+ decCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (sigCryptoConfig != null) {
+ writer.writeStartElement(NS, SIG_CRYPTO_LN);
+ sigCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ /**
+ * @return Returns the timestampTTL.
+ */
+ public String getTimestampTTL() {
+ return timestampTTL;
+ }
+
+ /**
+ * @param timestampTTL
+ * The timestampTTL to set.
+ */
+ public void setTimestampTTL(String timestampTTL) {
+ this.timestampTTL = timestampTTL;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public String getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew
+ * The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(String timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ /**
+ * @param strOptimizeParts
+ * The xpath of elements that should be optimized
+ */
+ public void setOptimizeParts(String strOptimizeParts){
+ optimizeParts = strOptimizeParts;
+ }
+
+ /**
+ *
+ * @return The Xpath string of indicating elements to be optimized or null.
+ */
+
+ public String getOptimizeParts(){
+ return optimizeParts;
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
new file mode 100644
index 0000000..c54e01b
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+
+/**
+ * Utility class for the Axis2-WSS4J Module
+ */
+public class Axis2Util {
+
+ private static ThreadLocal doomTacker = new ThreadLocal();
+
+ public static boolean isUseDOOM() {
+ Object value = doomTacker.get();
+ return (value != null);
+ }
+
+ public static void useDOOM(boolean isDOOMRequired) {
+//TODO Enable this when we have DOOM fixed to be able to flow in and out of Axis2
+// if(isDOOMRequired) {
+// if(!isUseDOOM()) {
+// System.setProperty(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY, SOAP11Factory.class.getName());
+// System.setProperty(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY, SOAP12Factory.class.getName());
+// System.setProperty(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY, OMDOMFactory.class.getName());
+// doomTacker.set(new Object());
+// }
+// } else {
+// System.getProperties().remove(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY);
+// doomTacker.set(null);
+// }
+ }
+
+
+ /**
+ * Creates a DOM Document using the SOAP Envelope.
+ * @param env An org.apache.axiom.soap.SOAPEnvelope instance
+ * @return Returns the DOM Document of the given SOAP Envelope.
+ * @throws Exception
+ */
+ public static Document getDocumentFromSOAPEnvelope(SOAPEnvelope env, boolean useDoom)
+ throws WSSecurityException {
+ try {
+ if(env instanceof Element) {
+ return ((Element)env).getOwnerDocument();
+ }
+
+ if (useDoom) {
+ env.build();
+
+ // Workaround to prevent a bug in AXIOM where
+ // there can be an incomplete OMElement as the first child body
+ OMElement firstElement = env.getBody().getFirstElement();
+ if (firstElement != null) {
+ firstElement.build();
+ }
+
+ //Get processed headers
+ Iterator headerBlocs = env.getHeader().getChildElements();
+ ArrayList processedHeaderQNames = new ArrayList();
+ while (headerBlocs.hasNext()) {
+ SOAPHeaderBlock element = (SOAPHeaderBlock) headerBlocs.next();
+ if(element.isProcessed()) {
+ processedHeaderQNames.add(element.getQName());
+ }
+ }
+
+ // Check the namespace and find SOAP version and factory
+ String nsURI = null;
+ SOAPFactory factory;
+ if (env.getNamespace().getNamespaceURI().equals(
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ nsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ factory = DOOMAbstractFactory.getSOAP11Factory();
+ } else {
+ nsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ factory = DOOMAbstractFactory.getSOAP12Factory();
+ }
+
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
+ env.getXMLStreamReader(), factory, nsURI);
+ SOAPEnvelope envelope = (stAXSOAPModelBuilder)
+ .getSOAPEnvelope();
+ ((OMNode) envelope.getParent()).build();
+
+ //Set the processed flag of the processed headers
+ SOAPHeader header = envelope.getHeader();
+ for (Iterator iter = processedHeaderQNames.iterator(); iter
+ .hasNext();) {
+ QName name = (QName) iter.next();
+ Iterator omKids = header.getChildrenWithName(name);
+ if(omKids.hasNext()) {
+ ((SOAPHeaderBlock)omKids.next()).setProcessed();
+ }
+ }
+
+ Element envElem = (Element) envelope;
+ return envElem.getOwnerDocument();
+ } else {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ env.build();
+ env.serialize(baos);
+ ByteArrayInputStream bais = new ByteArrayInputStream(baos
+ .toByteArray());
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().parse(bais);
+ }
+ } catch (Exception e) {
+ throw new WSSecurityException(
+ "Error in converting SOAP Envelope to Document", e);
+ }
+ }
+
+ public static SOAPEnvelope getSOAPEnvelopeFromDOMDocument(Document doc, boolean useDoom)
+ throws WSSecurityException {
+
+ if(useDoom) {
+ try {
+ //Get processed headers
+ SOAPEnvelope env = (SOAPEnvelope)doc.getDocumentElement();
+ Iterator headerBlocs = env.getHeader().getChildElements();
+ ArrayList processedHeaderQNames = new ArrayList();
+ while (headerBlocs.hasNext()) {
+ SOAPHeaderBlock element = (SOAPHeaderBlock) headerBlocs.next();
+ if(element.isProcessed()) {
+ processedHeaderQNames.add(element.getQName());
+ }
+ }
+
+ XMLStreamReader reader = ((OMElement) doc.getDocumentElement())
+ .getXMLStreamReader();
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
+ reader, null);
+ SOAPEnvelope envelope = stAXSOAPModelBuilder.getSOAPEnvelope();
+
+ //Set the processed flag of the processed headers
+ SOAPHeader header = envelope.getHeader();
+ for (Iterator iter = processedHeaderQNames.iterator(); iter
+ .hasNext();) {
+ QName name = (QName) iter.next();
+ Iterator omKids = header.getChildrenWithName(name);
+ if(omKids.hasNext()) {
+ ((SOAPHeaderBlock)omKids.next()).setProcessed();
+ }
+ }
+
+ envelope.build();
+ return envelope;
+
+ } catch (FactoryConfigurationError e) {
+ throw new WSSecurityException(e.getMessage());
+ }
+ } else {
+ try {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ XMLUtils.outputDOM(doc.getDocumentElement(), os, true);
+ ByteArrayInputStream bais = new ByteArrayInputStream(os.toByteArray());
+
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(XMLInputFactory.newInstance().createXMLStreamReader(bais), null);
+ return stAXSOAPModelBuilder.getSOAPEnvelope();
+ } catch (Exception e) {
+ throw new WSSecurityException(e.getMessage());
+ }
+ }
+ }
+
+
+ /**
+ * Provides the appropriate key to pickup config params from the message context.
+ * This is acutally used when the outflow handler (WSDoAllSender)
+ * is repeated n number of times.
+ * @param originalKey The default key
+ * @param inHandler Whether the handler is the inflow handler or not
+ * @param repetition The current repetition number
+ * @return Returns the key to be used internally in the security module to pick
+ * up the config params.
+ */
+ public static String getKey(String originalKey, boolean inHandler, int repetition) {
+
+ if(repetition > 0 && !inHandler &&
+ !originalKey.equals(WSSHandlerConstants.OUTFLOW_SECURITY)&&
+ !originalKey.equals(WSSHandlerConstants.SENDER_REPEAT_COUNT)) {
+
+ return originalKey + repetition;
+ }
+ return originalKey;
+ }
+
+ /**
+ * This will build a DOOM Element that is of the same <code>Document</code>
+ * @param factory
+ * @param element
+ * @return
+ */
+ public static OMElement toDOOM(OMFactory factory, OMElement element){
+ StAXOMBuilder builder = new StAXOMBuilder(factory, element.getXMLStreamReader());
+ OMElement elem = builder.getDocumentElement();
+ elem.build();
+ return elem;
+ }
+
+}
+
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
new file mode 100644
index 0000000..8b0a227
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import javax.xml.namespace.QName;
+import java.util.Iterator;
+
+/**
+ * This is used to process the security parameters from the configuration files
+ *
+ * Example: <code>
+ <br>
+
+ </code>
+ *
+ */
+public class HandlerParameterDecoder {
+
+ /**
+ *
+ * @param msgCtx
+ * @param inflow
+ * @throws WSSecurityException
+ */
+ public static void processParameters(MessageContext msgCtx, boolean inflow)
+ throws Exception {
+ Parameter inFlowSecParam;
+ Parameter outFlowSecParam;
+
+ if(msgCtx.isServerSide()){
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_SERVER);
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER);
+ }else{
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_CLIENT);
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT);
+ }
+
+ //TODO: check whether policy is available
+ if(inFlowSecParam == null){
+ inFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+
+ if(outFlowSecParam == null){
+ outFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+
+ //If the configs are not availabale in the file
+ if(inFlowSecParam == null) {
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+ if(outFlowSecParam == null) {
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+
+ int repetitionCount = -1;
+
+ /*
+ * Populate the inflow parameters
+ */
+ if (inFlowSecParam != null && inflow) {
+ OMElement inFlowParamElem = inFlowSecParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new Exception(
+ "Inflow configurtion must contain an 'action' "
+ + "elementas the child of 'InflowSecurity' element");
+ }
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+ msgCtx.setProperty(element.getLocalName(), element.getText().trim());
+ }
+
+ }
+
+ /*
+ * Populate the outflow parameters
+ */
+ if (outFlowSecParam != null && !inflow) {
+ OMElement outFlowParamElem = outFlowSecParam.getParameterElement();
+
+ Iterator childElements = outFlowParamElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ if(!element.getLocalName().equals(WSSHandlerConstants.ACTION)) {
+ throw new Exception(
+ "Alian element '"
+ + element.getLocalName()
+ + "' in the 'OutFlowSecurity' element, "
+ + "only 'action' elements can be present");
+ }
+
+ boolean signAllHeaders = false;
+ boolean signBody = false;
+ boolean encryptBody = false;
+
+ repetitionCount++;
+ Iterator paramElements = element.getChildElements();
+ while (paramElements.hasNext()) {
+ OMElement elem = (OMElement) paramElements.next();
+ String localName = elem.getLocalName();
+ String text = elem.getText().trim();
+ if(localName.equals(WSSHandlerConstants.SIGN_ALL_HEADERS)) {
+ signAllHeaders = true;
+ } else if(localName.equals(WSSHandlerConstants.SIGN_BODY)) {
+ signBody = true;
+ } else if(localName.equals(WSSHandlerConstants.ENCRYPT_BODY)) {
+ encryptBody = true;
+ } else {
+ msgCtx.setProperty(Axis2Util.getKey(localName,
+ inflow,repetitionCount), text);
+ }
+ }
+
+ if(signAllHeaders || signBody || encryptBody) {
+ handleSignEncrParts(signAllHeaders, signBody, encryptBody,
+ msgCtx, repetitionCount);
+ }
+
+
+ }
+
+ msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT,
+ new Integer(repetitionCount));
+ }
+ }
+
+ public static OutflowConfiguration getOutflowConfiguration(Parameter outflowConfigParam) throws AxisFault {
+ if (outflowConfigParam != null) {
+ OMElement outflowParamElem = outflowConfigParam.getParameterElement();
+
+ OMElement actionElem = outflowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new AxisFault(
+ "Inflow configurtion must contain an 'action' "
+ + "elementas the child of 'InflowSecurity' element");
+ }
+
+ OutflowConfiguration outflowConfiguration = new OutflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ String text = element.getText().trim();
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ outflowConfiguration.setPasswordCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ outflowConfiguration.setSignaturePropFile(text);
+ } else if(localName.equals(WSHandlerConstants.ENC_PROP_FILE)) {
+ outflowConfiguration.setEncryptionPropFile(text);
+ } else if(localName.equals(WSHandlerConstants.ENC_CALLBACK_CLASS)) {
+ outflowConfiguration.setEmbeddedKeyCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.USER)) {
+ outflowConfiguration.setUser(text);
+ } else if(localName.equals(WSHandlerConstants.ENCRYPTION_USER)) {
+ outflowConfiguration.setEncryptionUser(text);
+ }
+ }
+ return outflowConfiguration;
+ }
+ return null;
+ }
+
+ public static InflowConfiguration getInflowConfiguration(Parameter inflowConfigParam) throws AxisFault {
+
+ if (inflowConfigParam != null) {
+ OMElement inFlowParamElem = inflowConfigParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new AxisFault(
+ "Inflow configurtion must contain an 'action' "
+ + "elementas the child of 'InflowSecurity' element");
+ }
+
+ InflowConfiguration inflowConfiguration = new InflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ String text = element.getText().trim();
+
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ inflowConfiguration.setPasswordCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ inflowConfiguration.setSignaturePropFile(text);
+ } else if(localName.equals(WSHandlerConstants.DEC_PROP_FILE)) {
+ inflowConfiguration.setDecryptionPropFile(text);
+ } else if (WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION
+ .equals(localName)) {
+ if ("false".equals(text)
+ || "0".equals(text)) {
+ inflowConfiguration
+ .setEnableSignatureConfirmation(false);
+ }
+ }
+ }
+ return inflowConfiguration;
+ }
+ return null;
+ }
+
+ private static void handleSignEncrParts(boolean signAllHeaders,
+ boolean signBody, boolean encrBody, MessageContext msgCtx,
+ int repetition) {
+ String soapNs = msgCtx.getEnvelope().getNamespace().getNamespaceURI();
+ if(signBody) {
+ //Add body signPart
+ String sigBodySigPart = "{Element}{" + soapNs + "}Body";
+ addSigPart(sigBodySigPart, msgCtx, repetition);
+ }
+ if(encrBody) {
+ //Encrypt body content
+ String encrBodyEncrPart = "{}{" + soapNs + "}Body";
+ addEncrPart(encrBodyEncrPart, msgCtx, repetition);
+ }
+ if(signAllHeaders) {
+ Iterator children = msgCtx.getEnvelope().getHeader().getChildElements();
+ while (children.hasNext()) {
+ OMElement element = (OMElement) children.next();
+ //Sign only the quilified headers
+ //TODO check whether we can sign the unqualified header elements
+ String ns = element.getNamespace().getNamespaceURI();
+ if(ns != null && ns.length() > 0) {
+ addSigPart("{Element}{" + ns + "}" + element.getLocalName(),msgCtx, repetition);
+ }
+ }
+ }
+
+ }
+
+ private static void addSigPart(String sigPart, MessageContext msgCtx, int repetition) {
+ String key = Axis2Util.getKey(WSHandlerConstants.SIGNATURE_PARTS, false, repetition);
+ String existingSignParts = (String) msgCtx.getProperty(key);
+ if (existingSignParts != null && existingSignParts.length() > 0) {
+ // If the part is not already there as a sign part
+ if (existingSignParts.indexOf(sigPart) != -1) {
+ msgCtx.setProperty(key, existingSignParts + ";" + sigPart);
+ }
+ } else {
+ // If there are no signed parts
+ msgCtx.setProperty(key, sigPart);
+ }
+ }
+
+ private static void addEncrPart(String encrPart, MessageContext msgCtx, int repetition) {
+ String key = Axis2Util.getKey(WSHandlerConstants.ENCRYPTION_PARTS, false, repetition);
+ String existingEncrParts = (String) msgCtx.getProperty(key);
+ if (existingEncrParts != null && existingEncrParts.length() > 0) {
+ if (existingEncrParts.indexOf(encrPart) != -1) {
+ msgCtx.setProperty(key, existingEncrParts + ";" + encrPart);
+ }
+ } else {
+ msgCtx.setProperty(key, encrPart);
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
new file mode 100644
index 0000000..10a1d58
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMText;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.jaxen.JaxenException;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.XPath;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.StringTokenizer;
+
+/**
+ * Utility class to handle MTOM-Optimizing Base64 Text values
+ */
+public class MessageOptimizer {
+
+ /**
+ * Mark the requied Base64 text values as optimized
+ * @param env
+ * @param optimizeParts This is a set of xPath expressions
+ *
+ * @throws WSSecurityException
+ */
+ public static void optimize(SOAPEnvelope env, String optimizeParts) throws WSSecurityException {
+ String separater = "<>";
+ StringTokenizer tokenizer = new StringTokenizer(optimizeParts, separater);
+
+ while(tokenizer.hasMoreTokens()) {
+
+ String xpathExpr = tokenizer.nextToken();
+
+ //Find binary content
+ List list = findElements(env,xpathExpr);
+
+ Iterator cipherValueElements = list.iterator();
+
+ while (cipherValueElements.hasNext()) {
+ OMElement element = (OMElement) cipherValueElements.next();
+ OMText text = (OMText)element.getFirstOMChild();
+ System.out.println(text.getText().length());
+ text.setOptimize(true);
+ }
+ }
+ }
+
+
+ private static List findElements(OMElement elem, String expression) throws WSSecurityException {
+ try {
+ XPath xp = new AXIOMXPath(expression);
+
+ //Set namespaces
+ SimpleNamespaceContext nsCtx = new SimpleNamespaceContext();
+ nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS);
+ nsCtx.addNamespace(WSConstants.SIG_PREFIX,WSConstants.SIG_NS);
+ nsCtx.addNamespace(WSConstants.WSSE_PREFIX,WSConstants.WSSE_NS);
+ nsCtx.addNamespace(WSConstants.WSU_PREFIX,WSConstants.WSU_NS);
+
+ xp.setNamespaceContext(nsCtx);
+
+ return xp.selectNodes(elem);
+
+ } catch (JaxenException e) {
+ throw new WSSecurityException(e.getMessage(), e);
+ }
+
+ }
+
+
+
+}
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
new file mode 100644
index 0000000..a56aa49
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -0,0 +1,933 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Hashtable;
+import java.util.Properties;
+import java.util.Vector;
+
+import javax.crypto.KeyGenerator;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.crypto.KeyGenerator;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Loader;
+import org.jaxen.JaxenException;
+import org.jaxen.XPath;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+public class RampartUtil {
+
+ private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
+ private static Log log = LogFactory.getLog(RampartUtil.class);
+
+
+ public static CallbackHandler getPasswordCB(RampartMessageData rmd) throws RampartException {
+
+ MessageContext msgContext = rmd.getMsgContext();
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ return getPasswordCB(msgContext, rpd);
+ }
+
+ /**
+ * @param msgContext
+ * @param rpd
+ * @return The <code>CallbackHandler</code> instance
+ * @throws RampartException
+ */
+ public static CallbackHandler getPasswordCB(MessageContext msgContext, RampartPolicyData rpd) throws RampartException {
+
+ CallbackHandler cbHandler;
+
+ if (rpd.getRampartConfig() != null && rpd.getRampartConfig().getPwCbClass() != null) {
+
+ String cbHandlerClass = rpd.getRampartConfig().getPwCbClass();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+
+ log.debug("loading class : " + cbHandlerClass);
+
+ Class cbClass;
+ try {
+ cbClass = Loader.loadClass(classLoader, cbHandlerClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadPWCBClass",
+ new String[]{cbHandlerClass}, e);
+ }
+ try {
+ cbHandler = (CallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException("cannotCreatePWCBInstance",
+ new String[]{cbHandlerClass}, e);
+ }
+ } else {
+ cbHandler = (CallbackHandler) msgContext.getProperty(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ if(cbHandler == null) {
+ Parameter param = msgContext.getParameter(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ cbHandler = (CallbackHandler)param.getValue();
+ }
+ }
+
+ return cbHandler;
+ }
+
+ /**
+ * Perform a callback to get a password.
+ * <p/>
+ * The called back function gets an indication why to provide a password:
+ * to produce a UsernameToken, Signature, or a password (key) for a given
+ * name.
+ */
+ public static WSPasswordCallback performCallback(CallbackHandler cbHandler,
+ String username,
+ int doAction)
+ throws RampartException {
+
+ WSPasswordCallback pwCb;
+ int reason = 0;
+
+ switch (doAction) {
+ case WSConstants.UT:
+ case WSConstants.UT_SIGN:
+ reason = WSPasswordCallback.USERNAME_TOKEN;
+ break;
+ case WSConstants.SIGN:
+ reason = WSPasswordCallback.SIGNATURE;
+ break;
+ case WSConstants.ENCR:
+ reason = WSPasswordCallback.KEY_NAME;
+ break;
+ }
+ pwCb = new WSPasswordCallback(username, reason);
+ Callback[] callbacks = new Callback[1];
+ callbacks[0] = pwCb;
+ /*
+ * Call back the application to get the password
+ */
+ try {
+ cbHandler.handle(callbacks);
+ } catch (Exception e) {
+ throw new RampartException("pwcbFailed", e);
+ }
+ return pwCb;
+ }
+
+ /**
+ * Create the <code>Crypto</code> instance for encryption using information
+ * from the rampart configuration assertion
+ *
+ * @param config
+ * @return The <code>Crypto</code> instance to be used for encryption
+ * @throws RampartException
+ */
+ public static Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader)
+ throws RampartException {
+ log.debug("Loading encryption crypto");
+
+ if(config != null && config.getEncrCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ return CryptoFactory.getInstance(prop, loader);
+ } else {
+ log.debug("Trying the signature crypto info");
+
+ //Try using signature crypto infomation
+ if(config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ return CryptoFactory.getInstance(prop, loader);
+ } else {
+ return null;
+ }
+ }
+ }
+
+ /**
+ * Create the <code>Crypto</code> instance for signature using information
+ * from the rampart configuration assertion
+ *
+ * @param config
+ * @return The <code>Crypto</code> instance to be used for signature
+ * @throws RampartException
+ */
+ public static Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader)
+ throws RampartException {
+ log.debug("Loading Signature crypto");
+
+ if(config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ return CryptoFactory.getInstance(prop, loader);
+ } else {
+ return null;
+ }
+ }
+
+
+ /**
+ * figureout the key identifier of a give X509Token
+ * @param token
+ * @return The key identifier of a give X509Token
+ * @throws RampartException
+ */
+ public static int getKeyIdentifier(X509Token token) throws RampartException {
+ if (token.isRequireIssuerSerialReference()) {
+ return WSConstants.ISSUER_SERIAL;
+ } else if (token.isRequireThumbprintReference()) {
+ return WSConstants.THUMBPRINT_IDENTIFIER;
+ } else if (token.isRequireEmbeddedTokenReference()) {
+ return WSConstants.BST_DIRECT_REFERENCE;
+ } else {
+ throw new RampartException(
+ "unknownKeyRefSpeficier");
+
+ }
+ }
+
+ /**
+ * Process a give issuer address element and return the address.
+ * @param issuerAddress
+ * @return The address of an issuer address element
+ * @throws RampartException If the issuer address element is malformed.
+ */
+ public static String processIssuerAddress(OMElement issuerAddress)
+ throws RampartException {
+ if(issuerAddress != null && issuerAddress.getText() != null &&
+ !"".equals(issuerAddress.getText())) {
+ return issuerAddress.getText().trim();
+ } else {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { issuerAddress.toString() });
+ }
+ }
+
+
+ public static OMElement createRSTTempalteForSCT(int conversationVersion,
+ int wstVersion) throws RampartException {
+ try {
+ log.debug("Creating RSTTemplate for an SCT request");
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+
+ OMNamespace wspNs = fac.createOMNamespace(Constants.SP_NS, "wsp");
+ OMElement rstTempl = fac.createOMElement(
+ Constants.REQUEST_SECURITY_TOKEN_TEMPLATE.getLocalPart(),
+ wspNs);
+
+ //Create TokenType element and set the value
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(
+ wstVersion, rstTempl);
+ String tokenType = ConversationConstants
+ .getWSCNs(conversationVersion)
+ + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN;
+ tokenTypeElem.setText(tokenType);
+
+ return rstTempl;
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRSTTemplateForSCT", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorCreatingRSTTemplateForSCT", e);
+ }
+ }
+
+
+ public static int getTimeToLive(RampartMessageData messageData) {
+
+ RampartConfig rampartConfig = messageData.getPolicyData().getRampartConfig();
+ if (rampartConfig != null) {
+ String ttl = rampartConfig.getTimestampTTL();
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ return ttl_i;
+ } else {
+ return RampartConfig.DEFAULT_TIMESTAMP_TTL;
+ }
+ }
+
+ public static int getTimestampMaxSkew(RampartMessageData messageData) {
+
+ RampartConfig rampartConfig = messageData.getPolicyData().getRampartConfig();
+ if (rampartConfig != null) {
+ String maxSkew = rampartConfig.getTimestampMaxSkew();
+ int maxSkew_i = 0;
+ if (maxSkew != null) {
+ try {
+ maxSkew_i = Integer.parseInt(maxSkew);
+ } catch (NumberFormatException e) {
+ maxSkew_i = messageData.getTimestampMaxSkew();
+ }
+ }
+ if (maxSkew_i < 0) {
+ maxSkew_i = 0;
+ }
+ return maxSkew_i;
+ } else {
+ return RampartConfig.DEFAULT_TIMESTAMP_MAX_SKEW;
+ }
+ }
+
+ /**
+ * Obtain a security context token.
+ * @param rmd
+ * @param secConvTok
+ * @return Return the SecurityContextidentifier of the token
+ * @throws TrustException
+ * @throws RampartException
+ */
+ public static String getSecConvToken(RampartMessageData rmd,
+ SecureConversationToken secConvTok) throws TrustException,
+ RampartException {
+ String action = TrustUtil.getActionValue(
+ rmd.getWstVersion(),
+ RahasConstants.RST_ACTION_SCT);
+
+ // Get sts epr
+ OMElement issuerEpr = secConvTok.getIssuerEpr();
+ String issuerEprAddress = rmd.getMsgContext().getTo().getAddress();
+ if(issuerEpr != null) {
+ issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr);
+ }
+
+ //Find SC version
+ int conversationVersion = rmd.getSecConvVersion();
+
+ OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
+ conversationVersion,
+ rmd.getWstVersion());
+
+ Policy stsPolicy = null;
+
+ //Try boot strap policy
+ Policy bsPol = secConvTok.getBootstrapPolicy();
+
+ if(bsPol != null) {
+ log.debug("BootstrapPolicy found");
+ bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
+ stsPolicy = bsPol;
+ } else {
+ //No bootstrap policy use issuer policy
+ log.debug("No bootstrap policy, using issuer policy");
+ stsPolicy = rmd.getPolicyData().getIssuerPolicy();
+ }
+
+ String id = getToken(rmd, rstTemplate,
+ issuerEprAddress, action, stsPolicy);
+
+ log.debug("SecureConversationToken obtained: id=" + id);
+ return id;
+ }
+
+
+ /**
+ * Obtain an issued token.
+ * @param rmd
+ * @param issuedToken
+ * @return The identifier of the issued token
+ * @throws RampartException
+ */
+ public static String getIssuedToken(RampartMessageData rmd,
+ IssuedToken issuedToken) throws RampartException {
+
+ try {
+
+ //TODO : Provide the overriding mechanism to prvide a custom way of
+ //obtianing a token
+
+ String action = TrustUtil.getActionValue(rmd.getWstVersion(),
+ RahasConstants.RST_ACTION_ISSUE);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
+ .getIssuerEpr());
+
+ OMElement rstTemplate = issuedToken.getRstTemplate();
+
+ // Get STS policy
+ Policy stsPolicy = rmd.getPolicyData().getIssuerPolicy();
+
+ String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
+ stsPolicy);
+
+ log.debug("Issued token obtained: id=" + id);
+ return id;
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ /**
+ * Request a token.
+ * @param rmd
+ * @param rstTemplate
+ * @param issuerEpr
+ * @param action
+ * @param issuerPolicy
+ * @return Return the identifier of the obtained token
+ * @throws RampartException
+ */
+ public static String getToken(RampartMessageData rmd, OMElement rstTemplate,
+ String issuerEpr, String action, Policy issuerPolicy) throws RampartException {
+
+ try {
+ Axis2Util.useDOOM(false);
+
+ STSClient client = new STSClient(rmd.getMsgContext()
+ .getConfigurationContext());
+ // Set request action
+ client.setAction(action);
+
+ client.setRstTemplate(rstTemplate);
+
+ // Set crypto information
+ Crypto crypto = RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
+ rmd.getMsgContext().getAxisService().getClassLoader());
+ CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
+ client.setCryptoInfo(crypto, cbh);
+
+ // Get service policy
+ Policy servicePolicy = rmd.getServicePolicy();
+
+ // Get service epr
+ String servceEprAddress = rmd.getMsgContext()
+ .getOptions().getTo().getAddress();
+
+ //Make the request
+ org.apache.rahas.Token rst =
+ client.requestSecurityToken(servicePolicy,
+ issuerEpr,
+ issuerPolicy,
+ servceEprAddress);
+
+ //Add the token to token storage
+ rst.setState(Token.ISSUED);
+ rmd.getTokenStorage().add(rst);
+ Axis2Util.useDOOM(true);
+ return rst.getId();
+ } catch (Exception e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ public static String getSoapBodyId(SOAPEnvelope env) {
+ return addWsuIdToElement(env.getBody());
+ }
+
+ public static String addWsuIdToElement(OMElement elem) {
+ String id;
+
+ //first try to get the Id attr
+ OMAttribute idAttr = elem.getAttribute(new QName("Id"));
+ if(idAttr == null) {
+ //then try the wsu:Id value
+ idAttr = elem.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+ }
+
+ if(idAttr != null) {
+ id = idAttr.getAttributeValue();
+ } else {
+ //Add an id
+ OMNamespace ns = elem.getOMFactory().createOMNamespace(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ id = "Id-" + elem.hashCode();
+ idAttr = elem.getOMFactory().createOMAttribute("Id", ns, id);
+ elem.addAttribute(idAttr);
+ }
+
+ return id;
+ }
+
+ public static Element appendChildToSecHeader(RampartMessageData rmd,
+ OMElement elem) {
+ return appendChildToSecHeader(rmd, (Element)elem);
+ }
+
+ public static Element appendChildToSecHeader(RampartMessageData rmd,
+ Element elem) {
+ Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
+ Node node = secHeaderElem.getOwnerDocument().importNode(
+ elem, true);
+ return (Element)secHeaderElem.appendChild(node);
+ }
+
+ public static Element insertSiblingAfter(RampartMessageData rmd,
+ Element child, Element sibling) {
+ if (child == null) {
+ return appendChildToSecHeader(rmd, sibling);
+ } else {
+ if (child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+
+ if (child.getParentNode() == null
+ && !child.getLocalName().equals("UsernameToken")) {
+ rmd.getSecHeader().getSecurityHeader().appendChild(child);
+ }
+ ((OMElement) child).insertSiblingAfter((OMElement) sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element) child.getOwnerDocument().importNode(
+ sibling, true);
+ ((OMElement) child).insertSiblingAfter((OMElement) newSib);
+ return newSib;
+ }
+ }
+ }
+
+ public static Element insertSiblingBefore(RampartMessageData rmd, Element child, Element sibling) {
+ if(child == null) {
+ return appendChildToSecHeader(rmd, sibling);
+ } else {
+ if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+ ((OMElement)child).insertSiblingBefore((OMElement)sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
+ ((OMElement)child).insertSiblingBefore((OMElement)newSib);
+ return newSib;
+ }
+ }
+
+ }
+
+ public static Vector getEncryptedParts(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(false, envelope, rpd.isEncryptBody(), rpd.getEncryptedParts(), rpd.getEncryptedElements() );
+ }
+
+ public static Vector getSignedParts(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(true, envelope, rpd.isSignBody(), rpd.getSignedParts(), rpd.getSignedElements() );
+ }
+
+ private static Set findAllPrefixNamespaces(OMElement currentElement)
+ {
+ Set results = new HashSet();
+ Iterator iter = null;
+
+ findPrefixNamespaces(currentElement,results);
+
+ return results;
+ }
+
+ private static void findPrefixNamespaces(OMElement e, Set results)
+ {
+
+ Iterator iter = e.getAllDeclaredNamespaces();
+
+ if (iter!=null)
+ {
+ while (iter.hasNext())
+ results.add(iter.next());
+ }
+
+ Iterator children = e.getChildElements();
+
+ while (children.hasNext())
+ {
+ findPrefixNamespaces((OMElement)children.next(), results);
+ }
+ }
+
+ private static List findDefaultPrefixNamespaces(OMElement e)
+ {
+ List namespaces = new ArrayList();
+ OMFactory factory = e.getOMFactory();
+ // put default namespaces here (sp, soapenv, wsu, etc...)
+ namespaces.add(factory.createOMNamespace(WSConstants.ENC_PREFIX, WSConstants.ENC_NS));
+ namespaces.add(factory.createOMNamespace(WSConstants.SIG_PREFIX, WSConstants.SIG_NS));
+ namespaces.add(factory.createOMNamespace(WSConstants.WSSE_PREFIX, WSConstants.WSSE_NS));
+ namespaces.add(factory.createOMNamespace(WSConstants.WSU_PREFIX, WSConstants.WSU_NS));
+
+ return namespaces;
+
+ }
+
+ private static Vector getPartsAndElements(boolean sign, SOAPEnvelope envelope, boolean includeBody, Vector parts, Vector elements) {
+
+ Vector found = new Vector();
+ Vector result = new Vector();
+
+ // check body
+ if(includeBody) {
+ if( sign ) {
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
+ } else {
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content"));
+ }
+ found.add( envelope.getBody() );
+ }
+
+ // Search envelope header for 'parts' from Policy (SignedParts/EncryptedParts)
+
+ SOAPHeader header = envelope.getHeader();
+
+ for(int i=0; i<parts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) parts.get( i );
+ if( wsep.getName() == null ) {
+ // NO name - search by namespace
+ ArrayList headerList = header.getHeaderBlocksWithNSURI( wsep.getNamespace() );
+
+ for(int j=0; j<headerList.size(); j++) {
+ SOAPHeaderBlock shb = (SOAPHeaderBlock) headerList.get( j );
+
+ // find reference in envelope
+ OMElement e = header.getFirstChildWithName( shb.getQName() );
+
+ if( ! found.contains( e ) ) {
+ // found new
+ found.add( e );
+
+ if( sign ) {
+ result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Content"));
+ } else {
+ result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element"));
+ }
+ }
+ }
+ } else {
+ // try to find
+ OMElement e = header.getFirstChildWithName( new QName(wsep.getNamespace(), wsep.getName()) );
+ if( e != null ) {
+ if( ! found.contains( e ) ) {
+ // found new (reuse wsep)
+ found.add( e );
+ result.add( wsep );
+ }
+ }
+ }
+ }
+
+ // ?? Search for 'Elements' here
+
+ // decide what exactly is going to be used - only the default namespaces, or the list of all declared namespaces in the message !
+ Set namespaces = findAllPrefixNamespaces(envelope);
+
+ Iterator elementsIter = elements.iterator();
+ while (elementsIter.hasNext())
+ {
+ String expression = (String)elementsIter.next();
+ try {
+ XPath xp = new AXIOMXPath(expression);
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext())
+ {
+ OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ Iterator nodesIter = selectedNodes.iterator();
+ while (nodesIter.hasNext())
+ {
+ OMElement e = (OMElement)nodesIter.next();
+
+ if (sign)
+ result.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Content"));
+ else
+ result.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Element"));
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
+ }
+
+ return result;
+ }
+
+
+ public static KeyGenerator getEncryptionKeyGenerator(String symEncrAlgo) throws WSSecurityException {
+ KeyGenerator keyGen;
+ try {
+ /*
+ * Assume AES as default, so initialize it
+ */
+ keyGen = KeyGenerator.getInstance("AES");
+ if (symEncrAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
+ keyGen = KeyGenerator.getInstance("DESede");
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ keyGen.init(128);
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
+ keyGen.init(192);
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+ keyGen.init(256);
+ } else {
+ return null;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
+ }
+ return keyGen;
+ }
+
+ /**
+ * Creates the unique (reproducible) id for to hold the context identifier
+ * of the message exchange.
+ * @return Id to hold the context identifier in the message context
+ */
+ public static String getContextIdentifierKey(MessageContext msgContext) {
+ return msgContext.getAxisService().getName();
+ }
+
+
+ /**
+ * Returns the map of security context token identifiers
+ * @return the map of security context token identifiers
+ */
+ public static Hashtable getContextMap(MessageContext msgContext) {
+ //Fist check whether its there
+ Object map = msgContext.getConfigurationContext().getProperty(
+ ConversationConstants.KEY_CONTEXT_MAP);
+
+ if(map == null) {
+ //If not create a new one
+ map = new Hashtable();
+ //Set the map globally
+ msgContext.getConfigurationContext().setProperty(
+ ConversationConstants.KEY_CONTEXT_MAP, map);
+ }
+
+ return (Hashtable)map;
+ }
+
+ public static boolean isTokenValid(RampartMessageData rmd, String id) throws RampartException {
+ try {
+ org.apache.rahas.Token token = rmd.getTokenStorage().getToken(id);
+ return token!= null && token.getState() == org.apache.rahas.Token.ISSUED;
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ public static void setEncryptionUser(RampartMessageData rmd, WSSecEncryptedKey encrKeyBuilder) throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ String encrUser = rpd.getRampartConfig().getEncryptionUser();
+ if(encrUser == null || "".equals(encrUser)) {
+ throw new RampartException("missingEncryptionUser");
+ }
+ if(encrUser.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ encrKeyBuilder.setUserInfo(encrUser);
+ }
+ }
+
+ private static X509Certificate getReqSigCert(Vector results) {
+ /*
+ * Scan the results for a matching actor. Use results only if the
+ * receiving Actor and the sending Actor match.
+ */
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() == WSConstants.SIGN) {
+ return wser.getCertificate();
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static String getRequestEncryptedKeyId(Vector results) {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() == WSConstants.ENCR &&
+ wser.getEncryptedKeyId() != null) {
+ return wser.getEncryptedKeyId();
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static byte[] getRequestEncryptedKeyValue(Vector results) {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() == WSConstants.ENCR &&
+ wser.getDecryptedKey() != null) {
+ return wser.getDecryptedKey();
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * If the child is present insert the element as a sibling after him.
+ *
+ * If the child is null, then prepend the element.
+ *
+ * @param rmd
+ * @param child
+ * @param elem - element mentioned above
+ * @return
+ */
+ public static Element insertSiblingAfterOrPrepend(RampartMessageData rmd, Element child, Element elem) {
+ Element retElem = null;
+ if(child != null){ // child is not null so insert sibling after
+ retElem = RampartUtil.insertSiblingAfter(rmd, child, elem);
+ }else{ //Prepend
+
+ Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
+ Node node = secHeaderElem.getOwnerDocument().importNode(
+ elem, true);
+ Element firstElem = (Element)secHeaderElem.getFirstChild();
+
+ if(firstElem == null){
+ retElem = (Element)secHeaderElem.appendChild(node);
+ }else{
+ if(firstElem.getOwnerDocument().equals(elem.getOwnerDocument())) {
+ ((OMElement)firstElem).insertSiblingBefore((OMElement)elem);
+ retElem = elem;
+ } else {
+ Element newSib = (Element)firstElem.getOwnerDocument().importNode(elem, true);
+ ((OMElement)firstElem).insertSiblingBefore((OMElement)newSib);
+ retElem = newSib;
+ }
+ }
+ }
+
+ return retElem;
+ }
+
+
+}
diff --git a/modules/rampart-integration/pom.xml b/modules/rampart-integration/pom.xml
new file mode 100644
index 0000000..76ca96d
--- /dev/null
+++ b/modules/rampart-integration/pom.xml
@@ -0,0 +1,769 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-integration</artifactId>
+ <packaging>jar</packaging>
+ <version>SNAPSHOT</version>
+ <name>Rampart - Integration</name>
+
+ <build>
+ <!--unitTest>
+ <excludes>
+ <exclude>**/ScenarioST1Test.class</exclude>
+ </excludes>
+ </unitTest-->
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <excludes>
+ <exclude>**/ScenarioST1Test.class</exclude>
+ </excludes>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-mars</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <version>${pom.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <version>${pom.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <version>SNAPSHOT</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>add-source</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>add-source</goal>
+ </goals>
+ <configuration>
+ <sources>
+ <source>generated-code/src</source>
+ </sources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>1.1</version>
+ <executions>
+ <execution>
+ <id>generate-source</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <tasks>
+ <mkdir dir="generated-code"/>
+ <java classname="org.apache.axis2.wsdl.WSDL2Java" fork="true">
+ <arg line="-uri src/main/resources/ping/ping.wsdl -ss -o ./generated-code -p org.apache.axis2.oasis.ping -d xmlbeans -g"/>
+ <classpath refid="maven.dependency.classpath"/>
+ <classpath refid="maven.compile.classpath"/>
+ <classpath refid="maven.runtime.classpath"/>
+ </java>
+ <!-- copy the service impl -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
+ tofile="generated-code/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
+ overwrite="yes"/>
+ <!-- Password callback class for the interop service -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java"
+ tofile="generated-code/src/org/apache/axis2/security/PWCallback.java"
+ overwrite="yes"/>
+ <!-- Interop client -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java"
+ tofile="generated-code/src/org/apache/axis2/security/InteropScenarioClient.java"
+ overwrite="yes"/>
+
+ <copy overwrite="yes" todir="src/test/resources">
+ <fileset dir="generated-code/resources">
+ <include name="**/*"/>
+ </fileset>
+ </copy>
+ </tasks>
+ </configuration>
+ </execution>
+ <execution>
+ <id>create-test-resources</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <property name="addressing.mar" value="addressing-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-classes/modules/addressing-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-classes/modules/rampart-SNAPSHOT.mar"/>
+
+ <mkdir dir="target/temp-ramp"/>
+ <mkdir dir="target/temp-ramp/META-INF"/>
+
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rampart/Service.class"
+ tofile="target/temp-ramp/org/apache/rampart/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rampart/PWCallback.class"
+ tofile="target/temp-ramp/org/apache/rampart/PWCallback.class"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/store.jks"
+ tofile="target/temp-ramp/store.jks"/>
+ <!--path id="ramp.client.props" location="test-resources/rampart"/-->
+ <!--maven:addPath id="maven.dependency.classpath" refid="ramp.client.props" -->
+ <mkdir dir="target/test-resources/rampart_client_repo"/>
+ <mkdir dir="target/test-resources/rampart_client_repo/conf"/>
+ <mkdir dir="target/test-resources/rampart_client_repo/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/addressing-SNAPSHOT.mar"/>
+ <mkdir dir="target/test-resources/rampart_service_repo"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/conf"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/services"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/addressing-SNAPSHOT.mar"/>
+
+ <!-- Service 1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService1.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 2 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService2.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 3 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-3.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService3.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 4 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-4.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService4.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 5 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-5.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService5.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 6 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-6.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService6.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 7 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-7.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 8 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-8.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService8.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 9 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-9.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService9.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 10 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-10.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService10.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 11 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-11.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService11.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service SC-1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
+ basedir="target/temp-ramp"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service classes for the SecConv tests -->
+ <mkdir dir="target/temp-sc"/>
+ <mkdir dir="target/temp-sc/META-INF"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/axis2/security/sc/Service.class"
+ tofile="target/temp-sc/org/apache/axis2/security/sc/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/axis2/security/sc/PWCallback.class"
+ tofile="target/temp-sc/org/apache/axis2/security/sc/PWCallback.class"/>
+ <copy overwrite="yes" todir="target/temp-sc">
+ <fileset dir="src/test/resources/security/sc">
+ <include name="sctIssuer.properties"/>
+ <include name="sts.jks"/>
+ </fileset>
+ </copy>
+ <!--path id="sc.client.props" location="test-resources/security/sc"/-->
+ <!-- Dimuthu addPath id="maven.dependency.classpath" refid="sc.client.props" -->
+ <mkdir dir="target/test-resources/sc_client_repo"/>
+ <mkdir dir="target/test-resources/sc_client_repo/conf"/>
+ <mkdir dir="target/test-resources/sc_client_repo/modules"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_client_repo/modules/addressing-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <!-- SecConv Test - 1 -->
+ <mkdir dir="target/test-resources/sc_service_repo_1"/>
+ <mkdir dir="target/test-resources/sc_service_repo_1/conf"/>
+ <mkdir dir="target/test-resources/sc_service_repo_1/services"/>
+ <mkdir dir="target/test-resources/sc_service_repo_1/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_1/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_1/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_1/modules/addressing-SNAPSHOT.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/security/sc/s1-services.xml"
+ tofile="target/temp-sc/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/sc_service_repo_1/services/SecureService.aar"
+ basedir="target/temp-sc"/>
+ <!-- SecConv Test - 1 :END -->
+ <!-- SecConv Test - 2 -->
+ <mkdir dir="target/test-resources/sc_service_repo_2"/>
+ <mkdir dir="target/test-resources/sc_service_repo_2/conf"/>
+ <mkdir dir="target/test-resources/sc_service_repo_2/services"/>
+ <mkdir dir="target/test-resources/sc_service_repo_2/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_2/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_2/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_2/modules/addressing-SNAPSHOT.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/security/sc/s2-services.xml"
+ tofile="target/temp-sc/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/sc_service_repo_2/services/SecureService.aar"
+ basedir="target/temp-sc"/>
+ <!-- SecConv Test - 2 :END -->
+ <!-- SecConv Test - 3 -->
+ <mkdir dir="target/test-resources/sc_service_repo_3"/>
+ <mkdir dir="target/test-resources/sc_service_repo_3/conf"/>
+ <mkdir dir="target/test-resources/sc_service_repo_3/services"/>
+ <mkdir dir="target/test-resources/sc_service_repo_3/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_3/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_3/modules/addressing-SNAPSHOT.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/security/sc/s3-services.xml"
+ tofile="target/temp-sc/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/sc_service_repo_3/services/SecureService.aar"
+ basedir="target/temp-sc"/>
+ <!-- SecConv Test - 3 :END -->
+ <!-- SecConv Test - 4 -->
+ <mkdir dir="target/test-resources/sc_service_repo_4"/>
+ <mkdir dir="target/test-resources/sc_service_repo_4/conf"/>
+ <mkdir dir="target/test-resources/sc_service_repo_4/services"/>
+ <mkdir dir="target/test-resources/sc_service_repo_4/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_4/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_4/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/sc_service_repo_4/modules/addressing-SNAPSHOT.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/security/sc/s4-services.xml"
+ tofile="target/temp-sc/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/sc_service_repo_4/services/SecureService.aar"
+ basedir="target/temp-sc"/>
+ <!-- SecConv Test - 4 :END -->
+ <!-- clean up temp sc stuff -->
+ <delete dir="target/temp-sc"/>
+ <!--
+ Set up the infra for rahas tests and the rahas client repo
+ -->
+ <mkdir dir="target/temp-rahas"/>
+ <mkdir dir="target/temp-rahas/META-INF"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rahas/Service.class"
+ tofile="target/temp-rahas/org/apache/rahas/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rahas/PWCallback.class"
+ tofile="target/temp-rahas/org/apache/rahas/PWCallback.class"/>
+ <copy overwrite="yes" todir="target/temp-rahas">
+ <fileset dir="src/test/resources/rahas">
+ <include name="issuer.properties"/>
+ <include name="rahas-sts.jks"/>
+ </fileset>
+ </copy>
+ <!--path id="rahas.client.props" location="test-resources/rahas" -->
+ <!--addPath id="maven.dependency.classpath" refid="rahas.client.props"-->
+ <mkdir dir="target/test-resources/rahas_client_repo"/>
+ <mkdir dir="target/test-resources/rahas_client_repo/conf"/>
+ <mkdir dir="target/test-resources/rahas_client_repo/modules"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/addressing-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <!-- Copying the DOM3 stuff to the endorsed dir -->
+ <mkdir dir="target/test-resources/endorsed"/>
+ <copy file="${user.home}/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar"
+ todir="target/test-resources/endorsed"/>
+ <copy file="${user.home}/.m2/repository/xml-apis/xml-apis/1.3.03/xml-apis-1.3.03.jar"
+ todir="target/test-resources/endorsed"/>
+ <!-- Rahas Test1: SAML Token test -->
+ <mkdir dir="target/test-resources/rahas_service_repo_1"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/addressing-SNAPSHOT.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s1-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_1/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+ <!-- Rahas Test1: SAML Token test : END -->
+ <!--
+ Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test
+ -->
+ <mkdir dir="target/test-resources/rahas_service_repo_3"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/rahas-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/rahas-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/addressing-SNAPSHOT.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s3-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_3/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+ <!--
+ Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test : END
+ -->
+ <mkdir dir="target/test-resources/default_security_client_repo"/>
+ <mkdir dir="target/test-resources/default_security_client_repo/conf"/>
+ <mkdir dir="target/test-resources/default_security_client_repo/modules"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/addressing-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/conf/axis2.xml"
+ tofile="target/test-resources/default_security_client_repo/conf/axis2.xml"/>
+ <!-- Scenario 1 -->
+ <mkdir dir="target/test-resources/scenario1_client_repo"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/services"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/modules"/>
+ <!-- setup scenario 1 client repository-->
+ <copy file="src/test/resources/security/s1.client.axis2.xml"
+ tofile="target/test-resources/scenario1_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario1_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <!-- setup scenario 1 service repository-->
+ <copy file="src/test/resources/security/s1.service.axis2.xml"
+ tofile="target/test-resources/scenario1_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario1_service_repo/modules/rampart-SNAPSHOT.mar"/>
+
+ <mkdir dir="target/temp-interop/META-INF"/>
+
+ <!-- Create the .aar file -->
+ <copy file="src/test/resources/security/s1.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario1_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ <!-- Scenario 2 - Setup the client and service repos -->
+ <mkdir dir="target/test-resources/scenario2_client_repo"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/ conf"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/modules"/>
+ <copy file="src/test/resources/security/s2.client.axis2.xml"
+ tofile="target/test-resources/scenario2_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario2_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s2.service.axis2.xml"
+ tofile="target/test-resources/scenario2_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario2_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s2.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario2_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 2a - set up repos -->
+ <mkdir dir="target/test-resources/scenario2a_client_repo"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/modules"/>
+ <copy file="src/test/resources/security/s2a.client.axis2.xml"
+ tofile="target/test-resources/scenario2a_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario2a_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s2a.service.axis2.xml"
+ tofile="target/test-resources/scenario2a_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario2a_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s2a.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario2a_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ <!-- Scenario 3 -->
+ <mkdir dir="target/test-resources/scenario3_client_repo"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/modules"/>
+ <copy file="src/test/resources/security/s3.client.axis2.xml"
+ tofile="target/test-resources/scenario3_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario3_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s3.service.axis2.xml"
+ tofile="target/test-resources/scenario3_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario3_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s3.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario3_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 4 -->
+ <mkdir dir="target/test-resources/scenario4_client_repo"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/modules"/>
+ <copy file="src/test/resources/security/s4.client.axis2.xml"
+ tofile="target/test-resources/scenario4_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario4_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s4.service.axis2.xml"
+ tofile="target/test-resources/scenario4_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario4_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s4.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario4_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 5 -->
+ <mkdir dir="target/test-resources/scenario5_client_repo"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/modules"/>
+ <copy file="src/test/resources/security/s5.client.axis2.xml"
+ tofile="target/test-resources/scenario5_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario5_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s5.service.axis2.xml"
+ tofile="target/test-resources/scenario5_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario5_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s5.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario5_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 6 -->
+ <mkdir dir="target/test-resources/scenario6_client_repo"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/modules"/>
+ <copy file="src/test/resources/security/s6.client.axis2.xml"
+ tofile="target/test-resources/scenario6_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario6_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s6.service.axis2.xml"
+ tofile="target/test-resources/scenario6_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario6_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s6.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario6_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 7 -->
+ <mkdir dir="target/test-resources/scenario7_client_repo"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/modules"/>
+ <copy file="src/test/resources/security/s7.client.axis2.xml"
+ tofile="target/test-resources/scenario7_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario7_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s7.service.axis2.xml"
+ tofile="target/test-resources/scenario7_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenario7_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/s7.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario7_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario ST1 -->
+ <mkdir dir="target/test-resources/scenarioST1_client_repo"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/modules"/>
+ <copy file="src/test/resources/security/sST1.client.axis2.xml"
+ tofile="target/test-resources/scenarioST1_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenarioST1_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/sST1.service.axis2.xml"
+ tofile="target/test-resources/scenarioST1_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/scenarioST1_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/sST1.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenarioST1_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- MTOM Optimized Security Test -->
+ <mkdir dir="target/test-resources/mtom_sec_client_repo"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/conf"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/modules"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/conf"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/services"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/modules"/>
+ <copy file="src/test/resources/security/secMtom.client.axis2.xml"
+ tofile="target/test-resources/mtom_sec_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/mtom_sec_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/secMtom.service.axis2.xml"
+ tofile="target/test-resources/mtom_sec_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/mtom_sec_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/secMtom.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/mtom_sec_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Test with addressing and MTOM -->
+ <mkdir dir="target/test-resources/complete_client_repo"/>
+ <mkdir dir="target/test-resources/complete_client_repo/conf"/>
+ <mkdir dir="target/test-resources/complete_client_repo/modules"/>
+ <mkdir dir="target/test-resources/complete_service_repo"/>
+ <mkdir dir="target/test-resources/complete_service_repo/conf"/>
+ <mkdir dir="target/test-resources/complete_service_repo/services"/>
+ <mkdir dir="target/test-resources/complete_service_repo/modules"/>
+ <!-- Test with addressing and MTOM client repository-->
+ <copy file="src/test/resources/security/complete.client.axis2.xml"
+ tofile="target/test-resources/complete_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/complete_client_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/complete_client_repo/modules/addressing-SNAPSHOT.mar"/>
+ <!-- Test with addressing and MTOMservice repository-->
+ <copy file="src/test/resources/security/complete.service.axis2.xml"
+ tofile="target/test-resources/complete_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-SNAPSHOT.mar"
+ tofile="target/test-resources/complete_service_repo/modules/rampart-SNAPSHOT.mar"/>
+ <copy file="target/artifacts/addressing-SNAPSHOT.mar"
+ tofile="target/test-resources/complete_service_repo/modules/addressing-SNAPSHOT.mar"/>
+ <copy file="src/test/resources/security/complete.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <!-- Create the .aar file -->
+ <jar jarfile="target/test-resources/complete_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-clean-plugin</artifactId>
+ <configuration>
+ <filesets>
+ <fileset>
+ <directory>./</directory>
+ <includes>
+ <include>generated-code</include>
+ </includes>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ <fileset>
+ <directory>./src/test/resources</directory>
+ <includes>
+ <include>schemaorg_apache_xmlbeans</include>
+ </includes>
+ <excludes>
+ <exclude>*.properties</exclude>
+ <exclude>*.jks</exclude>
+ <exclude>*.xml</exclude>
+ <exclude>*.MSFT</exclude>
+ <exclude>policy/**/*</exclude>
+ <exclude>sc/**/*</exclude>
+ </excludes>
+ <followSymlinks>false</followSymlinks>
+ </fileset>
+ </filesets>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java
new file mode 100644
index 0000000..31732ac
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+
+public class TestingUtils {
+ public static OMElement createDummyOMElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace("http://org.apache.axis2/xsd", "ns1");
+ OMElement method = fac.createOMElement("echoOM", omNs);
+ OMElement value = fac.createOMElement("myValue", omNs);
+ value.addChild(
+ fac.createOMText(value, "Isaac Asimov, The Foundation Trilogy"));
+ method.addChild(value);
+ return method;
+ }
+
+ public static OMElement createDummyOMElement(String nameSpace) {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(nameSpace, "ns1");
+ OMElement method = fac.createOMElement("echoOM", omNs);
+ OMElement value = fac.createOMElement("myValue", omNs);
+ value.addChild(
+ fac.createOMText(value, "Isaac Asimov, The Foundation Trilogy"));
+ method.addChild(value);
+ return method;
+ }
+
+
+ public static void campareWithCreatedOMElement(OMElement element) {
+ OMElement firstChild = element.getFirstElement();
+ TestCase.assertNotNull(firstChild);
+ String textValue = firstChild.getText();
+ TestCase.assertEquals(textValue, "Isaac Asimov, The Foundation Trilogy");
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java
new file mode 100644
index 0000000..40fbe74
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import junit.framework.TestCase;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.deployment.DeploymentEngine;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.description.TransportInDescription;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.http.SimpleHTTPServer;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+import java.io.FilenameFilter;
+
+public class UtilServer {
+ private static int count = 0;
+
+ private static SimpleHTTPServer receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().addService(
+ service);
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration()
+ .removeService(service.getLocalPart());
+ }
+
+ public static synchronized void unDeployClientService() throws AxisFault {
+ if (receiver.getConfigurationContext().getAxisConfiguration() != null) {
+ receiver.getConfigurationContext().getAxisConfiguration()
+ .removeService("AnonymousService");
+ }
+ }
+
+ public static synchronized void start() throws Exception {
+ start(org.apache.axis2.Constants.TESTING_REPOSITORY);
+ }
+
+ public static synchronized void start(String repository) throws Exception {
+ if (count == 0) {
+ ConfigurationContext er = getNewConfigurationContext(repository);
+
+ receiver = new SimpleHTTPServer(er, TESTING_PORT);
+
+ try {
+ receiver.start();
+ ListenerManager listenerManager = er.getListenerManager();
+ TransportInDescription trsIn = new TransportInDescription(
+ Constants.TRANSPORT_HTTP);
+ trsIn.setReceiver(receiver);
+ if (listenerManager == null) {
+ listenerManager = new ListenerManager();
+ listenerManager.init(er);
+ }
+ listenerManager.addListener(trsIn, true);
+ System.out.print("Server started on port "
+ + TESTING_PORT + ".....");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+
+
+ count++;
+ }
+
+ public static synchronized void start(String repository, String axis2xml) throws Exception {
+ if (count == 0) {
+ ConfigurationContext er = getNewConfigurationContext(repository, axis2xml);
+
+ receiver = new SimpleHTTPServer(er, TESTING_PORT);
+
+ try {
+ receiver.start();
+ System.out.print("Server started on port "
+ + TESTING_PORT + ".....");
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+
+ }
+ count++;
+ }
+
+ public static ConfigurationContext getNewConfigurationContext(
+ String repository) throws Exception {
+ File file = new File(repository);
+ if (!file.exists()) {
+ throw new Exception("repository directory "
+ + file.getAbsolutePath() + " does not exists");
+ }
+ return ConfigurationContextFactory.createConfigurationContextFromFileSystem(file.getAbsolutePath(),
+ file.getAbsolutePath() + "/conf/axis2.xml");
+ }
+
+ public static ConfigurationContext getNewConfigurationContext(
+ String repository, String axis2xml) throws Exception {
+ File file = new File(repository);
+ if (!file.exists()) {
+ throw new Exception("repository directory "
+ + file.getAbsolutePath() + " does not exists");
+ }
+ return ConfigurationContextFactory.createConfigurationContextFromFileSystem(file.getAbsolutePath(),
+ axis2xml);
+ }
+
+ public static synchronized void stop() throws AxisFault {
+ if (count == 1) {
+ receiver.stop();
+ while (receiver.isRunning()) {
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e1) {
+ //nothing to do here
+ }
+ }
+ count = 0;
+// tp.doStop();
+ System.out.print("Server stopped .....");
+ } else {
+ count--;
+ }
+ receiver.getConfigurationContext().terminate();
+ }
+
+ public static ConfigurationContext getConfigurationContext() {
+ return receiver.getConfigurationContext();
+ }
+
+ public static ServiceContext createAdressedEnabledClientSide(
+ AxisService service) throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+ ConfigurationContext configContext = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(
+ "target/test-resources/integrationRepo", null);
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+ configContext.getAxisConfiguration().addModule(axisModule);
+
+ configContext.getAxisConfiguration().addService(service);
+
+ return new ServiceGroupContext(configContext, (AxisServiceGroup) service.getParent())
+ .getServiceContext(service);
+ }
+
+ static class AddressingFilter implements FilenameFilter {
+ public boolean accept(File dir, String name) {
+ return name.startsWith("addressing") && name.endsWith(".mar");
+ }
+ }
+
+ private static File getAddressingMARFile() {
+ File dir = new File(org.apache.axis2.Constants.TESTING_REPOSITORY + "/modules");
+ File[] files = dir.listFiles(new AddressingFilter());
+ TestCase.assertTrue(files.length == 1);
+ File file = files[0];
+ TestCase.assertTrue(file.exists());
+ return file;
+ }
+
+ public static ConfigurationContext createClientConfigurationContext() throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+
+ ConfigurationContext configContext = ConfigurationContextFactory .createConfigurationContextFromFileSystem(
+ "target/test-resources/integrationRepo",
+ "target/test-resources/integrationRepo/conf/axis2.xml");
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+ configContext.getAxisConfiguration().addModule(axisModule);
+ return configContext;
+ }
+
+ public static ConfigurationContext createClientConfigurationContext(String repo) throws AxisFault {
+ return ConfigurationContextFactory .createConfigurationContextFromFileSystem(
+ repo,
+ repo + "/conf/axis2.xml");
+ }
+
+ public static ServiceContext createAdressedEnabledClientSide(
+ AxisService service, String clientHome) throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+
+ ConfigurationContext configContext = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientHome, null);
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+
+ configContext.getAxisConfiguration().addModule(axisModule);
+// sysContext.getAxisConfiguration().engageModule(moduleDesc.getName());
+
+ configContext.getAxisConfiguration().addService(service);
+
+ return new ServiceGroupContext(configContext, (AxisServiceGroup) service.getParent())
+ .getServiceContext(service);
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java
new file mode 100644
index 0000000..248ec07
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java
@@ -0,0 +1,68 @@
+/*
+* Copyright 2004-2006 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.axis2.integration;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestCase;
+
+public class UtilServerBasedTestCase extends TestCase {
+
+ public UtilServerBasedTestCase() {
+ super(UtilServerBasedTestCase.class.getName());
+ }
+
+ public UtilServerBasedTestCase(java.lang.String string) {
+ super(string);
+ }
+
+ protected static Test getTestSetup(Test test) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start();
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+
+ protected static Test getTestSetup2(Test test, final String param) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start(param);
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+
+ protected static Test getTestSetup3(Test test, final String param1, final String param2) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start(param1, param2);
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsJMSServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsJMSServer.java
new file mode 100644
index 0000000..63a3d78
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsJMSServer.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.TransportInDescription;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.jms.JMSListener;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+
+public class UtilsJMSServer {
+ private static JMSListener receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+ public static final String REPOSITORY_JMS = "target/test-resources/jms-enabled-server-repository";
+
+ private static final Log log = LogFactory.getLog(UtilsJMSServer.class);
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+
+ receiver.getConfigurationContext().getAxisConfiguration().addService(service);
+
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().removeService(
+ service.getLocalPart());
+ }
+
+ public static synchronized void start() throws Exception {
+ // start JMS Listener
+ File file = new File(REPOSITORY_JMS);
+ System.out.println(file.getAbsoluteFile());
+ if (!file.exists()) {
+ throw new Exception("Repository directory does not exist");
+ }
+
+ ConfigurationContext configurationContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
+ .getAbsolutePath(),REPOSITORY_JMS + "/conf/axis2.xml");
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+ receiver = new JMSListener();
+ ListenerManager listenerManager = configurationContext.getListenerManager();
+ TransportInDescription trsIn = configurationContext.getAxisConfiguration().getTransportIn(Constants.TRANSPORT_JMS);
+ trsIn.setReceiver(receiver);
+ if (listenerManager == null) {
+ listenerManager = new ListenerManager();
+ listenerManager.init(configurationContext);
+ }
+ listenerManager.addListener(trsIn, true);
+ receiver.init(configurationContext, trsIn);
+ receiver.start();
+ }
+
+ public static synchronized void stop() {
+ try {
+ receiver.stop();
+ System.out.print("Server stopped .....");
+ } catch (Exception e) {
+ log.error(e.getMessage(), e);
+ }
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
new file mode 100644
index 0000000..3b70d20
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.tcp.TCPServer;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+
+public class UtilsTCPServer {
+ private static int count = 0;
+
+ private static TCPServer receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+ private static final Log log = LogFactory.getLog(UtilsTCPServer.class);
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+
+ receiver.getConfigurationContext().getAxisConfiguration().addService(service);
+ ServiceGroupContext serviceGroupContext = new ServiceGroupContext(
+ receiver.getConfigurationContext(), (AxisServiceGroup) service.getParent());
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().removeService(
+ service.getLocalPart());
+ }
+
+ public static synchronized void start() throws Exception {
+ if (count == 0) {
+
+ // start tcp server
+
+ File file = new File(org.apache.axis2.Constants.TESTING_REPOSITORY);
+ System.out.println(file.getAbsoluteFile());
+ if (!file.exists()) {
+ throw new Exception("Repository directory does not exist");
+ }
+
+ ConfigurationContext er = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
+ .getAbsolutePath(), file
+ .getAbsolutePath() + "/conf/axis2.xml");
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+ receiver = new TCPServer(UtilServer.TESTING_PORT, er);
+ receiver.start();
+
+ }
+ count++;
+ }
+
+ public static synchronized void stop() throws AxisFault {
+ try {
+ if (count == 1) {
+ receiver.stop();
+ count = 0;
+ System.out.print("Server stopped .....");
+ } else {
+ count--;
+ }
+ } catch (AxisFault e) {
+ log.error(e.getMessage(), e);
+ }
+ receiver.getConfigurationContext().terminate();
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/PWCallback.java
new file mode 100755
index 0000000..2b4b845
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/PWCallback.java
@@ -0,0 +1,187 @@
+package org.apache.axis2.security.sc;
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("sts")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/Service.java b/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/Service.java
new file mode 100644
index 0000000..c687406
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/Service.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.sc;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ System.out.println("Service invoked");
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/TestClient.java b/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/TestClient.java
new file mode 100644
index 0000000..5859966
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/security/sc/TestClient.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.sc;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+import junit.framework.TestCase;
+
+public abstract class TestClient extends TestCase {
+
+ private static final String AXIS2_ECHO_STRING = "Axis2 Echo String";
+ protected int port = UtilServer.TESTING_PORT;
+
+ public TestClient(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo() ,null);
+ }
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+ /**
+ * @param args
+ */
+ public void testConversation() {
+ try {
+
+ // Get the repository location from the args
+ String repo = Constants.TESTING_PATH + "sc_client_repo";
+
+ OMElement payload = getEchoElement();
+ ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+ null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+ Options options = new Options();
+ options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/SecureService"));
+ options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
+
+
+ OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
+ if(clientOutflowConfiguration != null) {
+ options.setProperty(WSSHandlerConstants.STS_OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
+ }
+ InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
+ if(clientInflowConfiguration != null) {
+ options.setProperty(WSSHandlerConstants.STS_INFLOW_SECURITY, clientInflowConfiguration.getProperty());
+ }
+ options.setProperty(ConversationConfiguration.SC_CONFIG, getClientConversationConfiguration());
+
+ options.setAction("urn:echo");
+
+ serviceClient.engageModule(new QName("rampart"));
+
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(payload);
+
+ serviceClient.sendReceive(getEchoElement());
+
+ OMElement result = serviceClient.sendReceive(getEchoElement());
+
+ assertTrue(result.toString().indexOf(AXIS2_ECHO_STRING) > 0);
+ System.out.println("SecureService Invocation successful :-)");
+ } catch (AxisFault axisFault) {
+ axisFault.printStackTrace();
+ fail(axisFault.getMessage());
+ }
+ }
+
+ private OMElement getEchoElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("echo", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, AXIS2_ECHO_STRING));
+ method.addChild(value);
+
+ return method;
+ }
+
+ public abstract Parameter getClientConversationConfiguration();
+
+ public abstract OutflowConfiguration getClientOutflowConfiguration();
+
+ public abstract InflowConfiguration getClientInflowConfiguration();
+
+ public abstract String getServiceRepo();
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
new file mode 100755
index 0000000..6ec7792
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
@@ -0,0 +1,195 @@
+package org.apache.rahas;
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("joe")) {
+
+ pc.setPassword("eoj");
+
+ } else if(pc.getIdentifer().equals("ip")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java b/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java
new file mode 100644
index 0000000..bce2f98
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ System.out.println("Service invoked");
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java b/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
new file mode 100644
index 0000000..3d3eb88
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+import junit.framework.TestCase;
+
+public abstract class TestClient extends TestCase {
+
+ protected int port = UtilServer.TESTING_PORT;
+
+ public TestClient(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo(), null);
+ }
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+ /**
+ */
+ public void testRequest() {
+ try {
+
+ // Get the repository location from the args
+ String repo = Constants.TESTING_PATH + "rahas_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+ null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+ Options options = new Options();
+
+ System.setProperty("javax.net.ssl.keyStorePassword", "password");
+ System.setProperty("javax.net.ssl.keyStoreType", "JKS");
+ System.setProperty("javax.net.ssl.trustStore", "/home/ruchith/Desktop/interop/certs/interop2.jks");
+ System.setProperty("javax.net.ssl.trustStorePassword", "password");
+ System.setProperty("javax.net.ssl.trustStoreType","JKS");
+
+ options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/SecureService"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLHoK"));
+// options.setTo(new EndpointReference("https://www-lk.wso2.com:8443/axis2/services/UTSAMLHoK"));
+// options.setTo(new EndpointReference("https://192.18.49.133:2343/jaxws-s1-sts/sts"));
+// options.setTo(new EndpointReference("https://207.200.37.116/SxSts/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport"));
+// options.setTo(new EndpointReference("http://localhost:9090/SxSts/Scenario_4_IssuedToken_MutualCertificate10"));
+
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/MutualCertsSAMLHoK"));
+// options.setTo(new EndpointReference("http://www-lk.wso2.com:8888/axis2/services/MutualCertsSAMLHoK"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/Addressing2004/UserName"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/trust/X509WSS10"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/jaxws-s4-sts/sts"));
+// options.setTo(new EndpointReference("http://127.0.0.1:9090/jaxws-s4/simple"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLBearer"));
+
+ options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
+ options.setAction(this.getRequestAction());
+// options.setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.getWSANamespace());
+
+
+ OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
+ if (clientOutflowConfiguration != null) {
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
+ }
+ InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
+ if (clientInflowConfiguration != null) {
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, clientInflowConfiguration.getProperty());
+ }
+
+ serviceClient.engageModule(new QName("addressing"));
+ serviceClient.engageModule(new QName("rampart"));
+
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+
+ OMElement result = serviceClient.sendReceive(getRequest());
+
+ this.validateRsponse(result);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ protected String getWSANamespace() {
+ return AddressingConstants.Submission.WSA_NAMESPACE;
+ }
+
+ public abstract OMElement getRequest();
+
+ public abstract OutflowConfiguration getClientOutflowConfiguration();
+
+ public abstract InflowConfiguration getClientInflowConfiguration();
+
+ public abstract String getServiceRepo();
+
+ public abstract String getRequestAction() throws TrustException;
+
+ public abstract void validateRsponse(OMElement resp);
+
+//
+// /**
+// * This test will use WS-SecPolicy
+// */
+// public void testWithStsClient() {
+//
+// // Get the repository location from the args
+// String repo = Constants.TESTING_PATH + "rahas_client_repo";
+//
+// try {
+// ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+// null);
+//
+// STSClient client = new STSClient(configContext);
+//
+// client.setAction(this.getRequestAction());
+//
+// client.setRstTemplate(this.getRSTTemplate());
+// client.setVersion(this.getTrstVersion());
+//
+// Token tok =
+// client.requestSecurityToken(this.getServicePolicy(),
+// "http://127.0.0.1:" + port + "/axis2/services/SecureService",
+// this.getSTSPolicy(),
+// "http://localhost:5555/axis2/services/SecureService");
+//
+// assertNotNull("Response token missing", tok);
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+//
+// }
+
+ public abstract int getTrstVersion();
+
+ public abstract Policy getServicePolicy() throws Exception;
+
+ public abstract Policy getSTSPolicy() throws Exception;
+
+ public abstract OMElement getRSTTemplate() throws TrustException;
+
+ protected Policy getPolicy(String filePath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(filePath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(elem);
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
new file mode 100644
index 0000000..7b82942
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
@@ -0,0 +1,193 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("alice") && pc.getPassword().equals("password")) {
+ return;
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("joe")) {
+
+ pc.setPassword("eoj");
+
+ } else if(pc.getIdentifer().equals("ip")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java b/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java
new file mode 100644
index 0000000..122982a
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ System.out.println("Service invoked");
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/resources/ping/ping.wsdl b/modules/rampart-integration/src/main/resources/ping/ping.wsdl
new file mode 100644
index 0000000..788518d
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/ping.wsdl
@@ -0,0 +1,68 @@
+<definitions xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:s="http://www.w3.org/2001/XMLSchema"
+ xmlns:tns="http://xmlsoap.org/Ping"
+ xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
+ xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
+ targetNamespace="http://xmlsoap.org/Ping"
+ xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ <s:schema elementFormDefault="qualified" targetNamespace="http://xmlsoap.org/Ping">
+ <s:import namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
+ <s:element name="Ping" nillable="true" type="tns:ping"/>
+ <s:complexType name="ping">
+ <s:sequence>
+ <s:element minOccurs="0" maxOccurs="1" name="ticket" type="tns:ticketType"/>
+ <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+ </s:sequence>
+ </s:complexType>
+ <s:complexType name="ticketType">
+ <s:simpleContent>
+ <s:extension base="s:string">
+ <s:attribute ref="s1:Id"/>
+ </s:extension>
+ </s:simpleContent>
+ </s:complexType>
+ <s:element name="PingResponse" nillable="true" type="tns:pingResponse"/>
+ <s:complexType name="pingResponse">
+ <s:sequence>
+ <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+ </s:sequence>
+ </s:complexType>
+ </s:schema>
+ <s:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+ <s:attribute name="Id" type="s:string"/>
+ </s:schema>
+ </types>
+ <message name="PingRequest">
+ <part name="ping" element="tns:Ping"/>
+ </message>
+ <message name="PingResponse">
+ <part name="pingResponse" element="tns:PingResponse"/>
+ </message>
+ <portType name="PingPort">
+ <operation name="Ping" >
+ <input message="tns:PingRequest"/>
+ <output message="tns:PingResponse"/>
+ </operation>
+ </portType>
+ <binding name="PingBinding" type="tns:PingPort">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="Ping">
+ <soap:operation soapAction="urn:Ping" style="document"/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="PingPort">
+ <port name="Ping1" binding="tns:PingBinding">
+ <soap:address location="http://localhost:9080/pingservice/Ping1"/>
+ </port>
+ </service>
+</definitions>
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
new file mode 100644
index 0000000..f63b844
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
@@ -0,0 +1,74 @@
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.axis2.oasis.ping;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.xmlsoap.ping.PingDocument;
+import org.xmlsoap.ping.PingResponse;
+import org.xmlsoap.ping.PingResponseDocument;
+
+import java.util.Vector;
+
+/**
+ * Auto generated java skeleton for the service by the Axis code generator
+ */
+public class PingPortSkeleton{
+ /**
+ * Auto generated method signature
+ *
+ * @param param0
+ */
+ public PingResponseDocument Ping
+ (PingDocument param0) {
+ Vector results = null;
+ MessageContext msgCtx = MessageContext.getCurrentMessageContext();
+ if ((results =
+ (Vector) msgCtx.getProperty(WSHandlerConstants.RECV_RESULTS))
+ == null) {
+ System.out.println("No security results!!");
+ throw new RuntimeException("No security results!!");
+ } else {
+ System.out.println("Number of results: " + results.size());
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() != WSConstants.ENCR && wser.getPrincipal() != null) {
+ System.out.println(wser.getPrincipal().getName());
+ }
+ }
+ }
+ PingResponseDocument response = PingResponseDocument.Factory.newInstance();
+ PingResponse pingRes = response.addNewPingResponse();
+ pingRes.setText("Response: " + param0.getPing().getText());
+ return response;
+ }
+ }
+
+}
+
\ No newline at end of file
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
new file mode 100644
index 0000000..c8a3e79
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.oasis.ping.PingPortStub;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.xmlsoap.ping.Ping;
+import org.xmlsoap.ping.PingDocument;
+import org.xmlsoap.ping.PingResponse;
+import org.xmlsoap.ping.PingResponseDocument;
+import org.xmlsoap.ping.TicketType;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * Client for the interop service This MUST be used with the codegen'ed classes
+ */
+public class InteropScenarioClient {
+
+ String soapNsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+
+ public InteropScenarioClient(boolean useSOAP12InStaticConfigTest) {
+ if (useSOAP12InStaticConfigTest) {
+ soapNsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ }
+ }
+
+ public void invokeWithStaticConfig(String clientRepo, String url)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ ConfigurationContext configCtx = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml");
+ PingPortStub stub = new PingPortStub(configCtx, url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ stub._getServiceClient().getOptions().setSoapVersionURI(soapNsURI);
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+
+ PingResponseDocument pingResDoc = stub.Ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ }
+
+ public void invokeWithGivenConfig(String clientRepo, String url,
+ OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ PingPortStub stub = new PingPortStub(ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml"), url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ // Engage the security module
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+ if (outflowConfig != null) {
+ stub._getServiceClient().getOptions().setProperty(
+ WSSHandlerConstants.OUTFLOW_SECURITY,
+ outflowConfig.getProperty());
+ }
+ if (inflowConfig != null) {
+ stub._getServiceClient().getOptions().setProperty(
+ WSSHandlerConstants.INFLOW_SECURITY,
+ inflowConfig.getProperty());
+ }
+ PingResponseDocument pingResDoc = stub.Ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ stub = null;
+ }
+
+ public void invokeWithGivenConfigWithProRefs(String clientRepo, String url,
+ OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig,
+ Hashtable propRefs)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ PingPortStub stub = new PingPortStub(ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml"), url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ // Engage the security module
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+ if (outflowConfig != null) {
+ stub._getServiceClient().getOptions().setProperty(
+ WSSHandlerConstants.OUTFLOW_SECURITY,
+ outflowConfig.getProperty());
+ }
+ if (inflowConfig != null) {
+ stub._getServiceClient().getOptions().setProperty(
+ WSSHandlerConstants.INFLOW_SECURITY,
+ inflowConfig.getProperty());
+ }
+
+ if(propRefs != null) {
+ Enumeration keysEnum = propRefs.keys();
+ while (keysEnum.hasMoreElements()) {
+ String refKey = (String) keysEnum.nextElement();
+
+ stub._getServiceClient().getOptions().setProperty(refKey,
+ propRefs.get(refKey));
+ }
+ }
+
+ PingResponseDocument pingResDoc = stub.Ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ stub = null;
+ }
+}
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
new file mode 100644
index 0000000..df9d4de
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java
new file mode 100644
index 0000000..4de2640
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axis2.Constants;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+
+public class AddressingMTOMSecurityTest extends InteropTestBase {
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts("{Element}{" + ADDR_NS + "}To;" +
+ "{Element}{" + ADDR_NS + "}ReplyTo;" +
+ "{Element}{" + ADDR_NS + "}MessageID;" +
+ "{Element}{" + WSU_NS + "}Timestamp");
+ ofc.setOptimizeParts(
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return COMPLETE_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return COMPLETE_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts("{Element}{" + ADDR_NS + "}To;" +
+ "{Element}{" + ADDR_NS + "}ReplyTo;" +
+ "{Element}{" + ADDR_NS + "}MessageID;" +
+ "{Element}{" + WSU_NS + "}Timestamp");
+ ofc.setOptimizeParts(
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java
new file mode 100644
index 0000000..407a71e
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.util.Hashtable;
+
+import junit.framework.TestCase;
+
+public abstract class InteropTestBase extends TestCase {
+
+ protected static final String SCENARIO1_SERVICE_REPOSITORY =
+ "scenario1_service_repo";
+
+ protected static final String SCENARIO1_CLIENT_REPOSITORY =
+ "scenario1_client_repo";
+
+ protected static final String SCENARIO2_SERVICE_REPOSITORY =
+ "scenario2_service_repo";
+
+ protected static final String SCENARIO2_CLIENT_REPOSITORY =
+ "scenario2_client_repo";
+
+ protected static final String SCENARIO2a_SERVICE_REPOSITORY =
+ "scenario2a_service_repo";
+
+ protected static final String SCENARIO2a_CLIENT_REPOSITORY =
+ "scenario2a_client_repo";
+
+ protected static final String SCENARIO3_SERVICE_REPOSITORY =
+ "scenario3_service_repo";
+
+ protected static final String SCENARIO3_CLIENT_REPOSITORY =
+ "scenario3_client_repo";
+
+ protected static final String SCENARIO4_SERVICE_REPOSITORY =
+ "scenario4_service_repo";
+
+ protected static final String SCENARIO4_CLIENT_REPOSITORY =
+ "scenario4_client_repo";
+
+ protected static final String SCENARIO5_SERVICE_REPOSITORY =
+ "scenario5_service_repo";
+
+ protected static final String SCENARIO5_CLIENT_REPOSITORY =
+ "scenario5_client_repo";
+
+ protected static final String SCENARIO6_SERVICE_REPOSITORY =
+ "scenario6_service_repo";
+
+ protected static final String SCENARIO6_CLIENT_REPOSITORY =
+ "scenario6_client_repo";
+
+ protected static final String SCENARIO7_SERVICE_REPOSITORY =
+ "scenario7_service_repo";
+
+ protected static final String SCENARIO7_CLIENT_REPOSITORY =
+ "scenario7_client_repo";
+
+ protected static final String SCENARIO_ST1_SERVICE_REPOSITORY =
+ "scenarioST1_service_repo";
+
+ protected static final String SCENARIO_ST1_CLIENT_REPOSITORY =
+ "scenarioST1_client_repo";
+
+ protected static final String SCENARIO_ST3_SERVICE_REPOSITORY =
+ "scenarioST3_service_repo";
+
+ protected static final String SCENARIO_ST3_CLIENT_REPOSITORY =
+ "scenarioST3_client_repo";
+
+ protected static final String SCENARIO_ST4_SERVICE_REPOSITORY =
+ "scenarioST4_service_repo";
+
+ protected static final String SCENARIO_ST4_CLIENT_REPOSITORY =
+ "scenarioST4_client_repo";
+
+ protected static final String MTOM_SEC_SERVICE_REPOSITORY =
+ "mtom_sec_service_repo";
+
+ protected static final String MTOM_SEC_CLIENT_REPOSITORY =
+ "mtom_sec_client_repo";
+
+ protected static final String COMPLETE_SERVICE_REPOSITORY =
+ "complete_service_repo";
+
+ protected static final String COMPLETE_CLIENT_REPOSITORY =
+ "complete_client_repo";
+
+ protected static final String DEFAULT_CLIENT_REPOSITORY =
+ "default_security_client_repo";
+
+ protected static final String WSSE_NS = WSConstants.WSSE_NS;
+
+ protected static final String WSU_NS = WSConstants.WSU_NS;
+
+ protected static final String ADDR_NS =
+ AddressingConstants.Final.WSA_NAMESPACE;
+
+ private String targetEpr = "http://127.0.0.1:" +
+// 5556 +
+ UtilServer.TESTING_PORT +
+ "/axis2/services/PingPort";
+
+ public InteropTestBase() {
+ super();
+ }
+
+ public InteropTestBase(String arg0) {
+ super(arg0);
+ }
+
+ public void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo());
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ /**
+ * Do test
+ */
+ public void testInteropWithConfigFiles() {
+ try {
+
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithStaticConfig", new Class[]{String.class,
+ String.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + getClientRepo(), targetEpr});
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+ }
+
+ public void testInteropWithDynamicConfig() {
+ try {
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithGivenConfig", new Class[]{String.class,
+ String.class, OutflowConfiguration.class,
+ InflowConfiguration.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + DEFAULT_CLIENT_REPOSITORY,
+ targetEpr, getOutflowConfiguration(),
+ getInflowConfiguration()});
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+
+ }
+
+ public void testInteropWithDynamicConfigWithProfRefs() {
+ if(getPropertyRefs() != null) {
+ try {
+
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithGivenConfigWithProRefs", new Class[]{
+ String.class,
+ String.class, OutflowConfiguration.class,
+ InflowConfiguration.class, Hashtable.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + DEFAULT_CLIENT_REPOSITORY,
+ targetEpr, getOutflowConfigurationWithRefs(),
+ getInflowConfigurationWithRefs(),
+ getPropertyRefs()});
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+ }
+ }
+
+ protected abstract OutflowConfiguration getOutflowConfiguration();
+
+ protected abstract InflowConfiguration getInflowConfiguration();
+
+ protected abstract OutflowConfiguration getOutflowConfigurationWithRefs();
+
+ protected abstract InflowConfiguration getInflowConfigurationWithRefs();
+
+ protected abstract Hashtable getPropertyRefs();
+
+ protected abstract String getClientRepo();
+
+ protected abstract String getServiceRepo();
+
+ protected abstract boolean isUseSOAP12InStaticConfigTest();
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java
new file mode 100644
index 0000000..e96599e
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+
+/**
+ * Testing optimizing the base 64 elements with
+ * <code><parameter name="optimizeParts" locked="false">//xenc:Encrypted
+ * Data/xenc:CipherData/xenc:CipherValue</parameter></code>
+ */
+public class MTOMOptimizedSecurityTest extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setOptimizeParts("//xenc:EncryptedData/xenc:CipherData/" +
+ "xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return MTOM_SEC_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return MTOM_SEC_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setOptimizeParts("//xenc:EncryptedData/xenc:CipherData/" +
+ "xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java
new file mode 100644
index 0000000..505b507
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+
+
+/**
+ * WS-Security interop scenario 1
+ */
+public class Scenario1Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+ ofc.setActionItems("UsernameToken");
+ ofc.setUser("Chris");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setPasswordType("PasswordText");
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO1_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO1_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ return null;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java
new file mode 100644
index 0000000..2e626b7
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security inteorp scenario 2
+ */
+public class Scenario2Test extends InteropTestBase {
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Encrypt");
+ ofc.setUser("Chris");
+ ofc.setAddUTElements("Nonce Created");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO2_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO2_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getOutflowConfigurationWithRefs()
+ */
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Encrypt");
+ ofc.setUser("Chris");
+ ofc.setAddUTElements("Nonce Created");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ ofc.setEncryptionPropRefId("key1");
+
+ return ofc;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getInflowConfigurationWithRefs()
+ */
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java
new file mode 100644
index 0000000..2cbf860
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+
+/**
+ * WS-Security interop scenario 2a
+ */
+public class Scenario2aTest extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameTokenSignature Encrypt Timestamp");
+ ofc.setUser("Chris");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO2a_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO2a_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameTokenSignature Encrypt Timestamp");
+ ofc.setUser("Chris");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ ofc.setEncryptionPropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ return table;
+
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java
new file mode 100644
index 0000000..679cdce
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 3
+ */
+public class Scenario3Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEnableSignatureConfirmation(false);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+ ifc.setEnableSignatureConfirmation(false);
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO3_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO3_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEnableSignatureConfirmation(false);
+
+ ofc.setSignaturePropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setEnableSignatureConfirmation(false);
+
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
new file mode 100644
index 0000000..99c2d0e
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 4
+ */
+public class Scenario4Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.EMBEDDED_KEYNAME);
+ ofc.setEmbeddedKeyName("SessionKey");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO4_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO4_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.EMBEDDED_KEYNAME);
+ ofc.setEmbeddedKeyName("SessionKey");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
+
+ ofc.setSignaturePropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
new file mode 100644
index 0000000..d9ee697
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 5
+ */
+public class Scenario5Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ ofc.setActionItems("Signature NoSerialization");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setSignatureParts("{}{http://xmlsoap.org/Ping}ticket");
+
+ ofc.nextAction();
+
+ ofc.setActionItems("Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO5_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO5_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ ofc.setActionItems("Signature NoSerialization");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setSignatureParts("{}{http://xmlsoap.org/Ping}ticket");
+
+ ofc.nextAction();
+
+ ofc.setActionItems("Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key2");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ //IMPORTANT: Note that the key of the first repetition has "1" appended to it
+ table.put("key21", prop2);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java
new file mode 100644
index 0000000..3a5033d
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 6
+ */
+public class Scenario6Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Encrypt Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Encrypt Signature Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO6_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO6_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Encrypt Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Encrypt Signature Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java
new file mode 100644
index 0000000..af3e63f
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 7
+ */
+public class Scenario7Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+ ofc.setSignatureParts("{}{" +
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI +
+ "}Body;STRTransform");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+ ifc.setDecryptionPropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO7_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO7_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return false;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setEncryptionPropRefId("key2");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+ ofc.setSignatureParts("{}{" +
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI +
+ "}Body;STRTransform");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key3");
+ ifc.setDecryptionPropRefKey("key4");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop3 = new Properties();
+ prop3.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop4 = new Properties();
+ prop4.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+ table.put("key3", prop3);
+ table.put("key4", prop4);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/ScenarioST1Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/ScenarioST1Test.java
new file mode 100644
index 0000000..ebdb50f
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/ScenarioST1Test.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+
+/**
+ * SAML Scenario 1
+ */
+public class ScenarioST1Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ // TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ // TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO_ST1_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO_ST1_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getOutflowConfigurationWithRefs()
+ */
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getInflowConfigurationWithRefs()
+ */
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getPropertyRefs()
+ */
+ protected Hashtable getPropertyRefs() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario1Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario1Test.java
new file mode 100644
index 0000000..5947fda
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario1Test.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.sc;
+
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+/**
+ * The RequestedProofToken is an EncryptedKey
+ * which holds the secret of security context.
+ */
+public class ConversationScenario1Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public ConversationScenario1Test(String name) {
+ super(name);
+ }
+
+ public Parameter getClientConversationConfiguration() {
+ ConversationConfiguration config = new ConversationConfiguration();
+
+ config.setCryptoPropertiesFile("sec.properties");
+ config.setScope(ConversationConfiguration.SCOPE_SERVICE);
+ config.setPasswordCallbackClass(PWCallback.class.getName());
+ config.setStsEPRAddress("http://localhost:" + port + "/axis2/services/SecureService");
+
+ return config.getParameter();
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "sc_service_repo_1";
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario2Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario2Test.java
new file mode 100644
index 0000000..1e29cfb
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario2Test.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.sc;
+
+/**
+ * The RSTR will hold a RequestedProofToken with a base64 encoded
+ * secret held in a BinarySecret element.
+ */
+public class ConversationScenario2Test extends ConversationScenario1Test {
+
+ public ConversationScenario2Test(String name) {
+ super(name);
+ }
+
+ public String getServiceRepo() {
+ return "sc_service_repo_2";
+ }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario3Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario3Test.java
new file mode 100644
index 0000000..22b1d73
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario3Test.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.sc;
+
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+/**
+ * This tests security context establishment when there's no STS involved.
+ * Note that we are not setting the STS endpoint address in the rahas config.
+ *
+ * The client side rahas outflow handler will create the RSTR with the SCT
+ * and RPT with a secret in a EncryptedKey and will send it over to the service.
+ */
+public class ConversationScenario3Test extends TestClient {
+
+ public ConversationScenario3Test(String name) {
+ super(name);
+ }
+
+ public Parameter getClientConversationConfiguration() {
+ ConversationConfiguration config = new ConversationConfiguration();
+
+ config.setCryptoPropertiesFile("sec.properties");
+ config.setScope(ConversationConfiguration.SCOPE_SERVICE);
+ config.setPasswordCallbackClass(PWCallback.class.getName());
+ config.setEncryptionUser("sts");
+
+ return config.getParameter();
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ return null;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ return null;
+ }
+
+ public String getServiceRepo() {
+ return "sc_service_repo_3";
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario4Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario4Test.java
new file mode 100644
index 0000000..d98ea88
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/sc/ConversationScenario4Test.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security.sc;
+
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.conversation.ConversationConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+/**
+ * This tests the use computed keys when the requester provides entropy
+ */
+public class ConversationScenario4Test extends TestClient {
+
+ public ConversationScenario4Test(String name) {
+ super(name);
+ // TODO Auto-generated constructor stub
+ }
+
+ public Parameter getClientConversationConfiguration() {
+ ConversationConfiguration config = new ConversationConfiguration();
+
+ config.setCryptoPropertiesFile("sec.properties");
+ config.setScope(ConversationConfiguration.SCOPE_SERVICE);
+ config.setPasswordCallbackClass(PWCallback.class.getName());
+ config.setProvideEntropy(true);
+ config.setStsEPRAddress("http://localhost:" + port + "/axis2/services/SecureService");
+
+ return config.getParameter();
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "sc_service_repo_4";
+ }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
new file mode 100644
index 0000000..fd60bc3
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.rahas.PWCallback;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+
+public class RahasSAMLTokenCertForHoKTest extends TestClient {
+
+ public RahasSAMLTokenCertForHoKTest(String name) {
+ super(name);
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+"http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
new file mode 100644
index 0000000..ff8af42
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenCertForHoKV1205Test extends TestClient {
+
+
+ public RahasSAMLTokenCertForHoKV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+"http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+// ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyTransportAlgorithm(XMLCipher.RSA_OAEP);
+// ofc.setEncryptionSymAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ ofc.setEnableSignatureConfirmation(false);
+// ofc.setSignatureParts("{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}To;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}ReplyTo;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}MessageID;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}Action;" +
+// "{Element}{" + WSConstants.WSU_NS + "}Timestamp");
+
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ifc.setEnableSignatureConfirmation(false);
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr =
+ resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem =
+ factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(),
+ factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(), "wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).
+ setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem,
+ RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
new file mode 100644
index 0000000..20d6574
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.rahas.PWCallback;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenTest extends TestClient {
+
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenTest(String name) {
+ super(name);
+ }
+
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
new file mode 100644
index 0000000..241f954
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class RahasSAMLTokenUTForBearerTest extends TestClient {
+
+ public RahasSAMLTokenUTForBearerTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_BEARER);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
new file mode 100644
index 0000000..09d8084
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenUTForBearerV1205Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenUTForBearerV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_BEARER);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
new file mode 100644
index 0000000..17c0b85
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenUTForHoKTest extends TestClient {
+
+ public RahasSAMLTokenUTForHoKTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
new file mode 100644
index 0000000..17142d3
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.opensaml.XML;
+
+public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
+
+ byte[] clientEntr;
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenUTForHoKV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "https://207.200.37.116/Ping/Scenario1", this.getWSANamespace());
+ "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ byte[] nonce = WSSecurityUtil.generateNonce(16);
+ clientEntr = nonce;
+ OMElement entrElem = TrustUtil.createEntropyElement(RahasConstants.VERSION_05_12, rstElem);
+ TrustUtil.createBinarySecretElement(RahasConstants.VERSION_05_12, entrElem, RahasConstants.BIN_SEC_TYPE_NONCE).setText(Base64.encode(nonce));
+ TrustUtil.createComputedKeyAlgorithm(RahasConstants.VERSION_05_12,rstElem, RahasConstants.COMPUTED_KEY_PSHA1);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_12, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityTokenResponse missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+
+ //Uncomment for inteorp - START
+// String respEntrB64 = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.ENTROPY_LN)).getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.BINARY_SECRET_LN)).getText().trim();
+//
+//
+//
+// OMElement attrStmtElem = elem.getFirstChildWithName(new QName(XML.SAML_NS, "AttributeStatement"));
+// OMElement kiElem = attrStmtElem.getFirstChildWithName(new QName(XML.SAML_NS,"Subject")).getFirstChildWithName(new QName(XML.SAML_NS,"SubjectConfirmation")).getFirstChildWithName(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"));
+// OMElement encrKey = kiElem.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"));
+//
+//
+// String cipherValue = encrKey.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherData")).getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherValue")).getText();
+//
+// byte[] serviceEntr = Base64.decode(respEntrB64);
+
+// try {
+// this.requestService(elem, clientEntr, serviceEntr);
+// } catch (Exception e) {
+// e.printStackTrace();
+// }
+
+ //Uncomment for inteorp - END
+
+
+
+ }
+
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+// private void requestService(OMElement assertion, byte[] reqEnt, byte[] respEnt) throws Exception {
+//
+// StAXOMBuilder builder = new StAXOMBuilder(new OMDOMFactory(), assertion.getXMLStreamReader());
+// Element domAssertionElem = (Element)builder.getDocumentElement();
+//
+// DocumentBuilderFactoryImpl.setDOOMRequired(true);
+// Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+//
+// SOAPFactory fac = new SOAP11Factory((DocumentImpl)doc);
+// SOAPEnvelope envelope = fac.getDefaultEnvelope();
+// this.addPayload(envelope);
+//
+// WSSecHeader secHeader = new WSSecHeader();
+// secHeader.insertSecurityHeader(doc);
+//
+// WSSecTimestamp ts = new WSSecTimestamp();
+// ts.prepare(doc);
+// ts.prependToHeader(secHeader);
+//
+// WSSecDKSign sig = new WSSecDKSign();
+// sig.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+// P_SHA1 p_sha1 = new P_SHA1();
+// SecurityTokenReference ref = new SecurityTokenReference(doc);
+// ref.setSAMLKeyIdentifier(assertion.getAttributeValue(new QName("AssertionID")));
+//
+// System.out.println("\nRequest Entropy: " + Base64.encode(reqEnt));
+// System.out.println("Response Entropy: " + Base64.encode(respEnt));
+//
+// byte[] ephmeralKey = p_sha1.createKey(reqEnt, respEnt, 0, 32);
+//
+// System.out.println( ephmeralKey.length * 8 + " bit Key: " + Base64.encode(ephmeralKey));
+//
+// sig.setExternalKey(ephmeralKey, ref.getElement());
+//
+// WSEncryptionPart part = new WSEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN, WSConstants.WSU_NS, "Element");
+// Vector partsVector = new Vector();
+// partsVector.add(part);
+// sig.setParts(partsVector);
+//
+// sig.prepare(doc, secHeader);
+// sig.addReferencesToSign(partsVector, secHeader);
+// sig.computeSignature();
+//
+// Element importedAssertionElement = (Element) doc.importNode(domAssertionElem, true);
+// WSSecurityUtil.appendChildElement(doc, secHeader.getSecurityHeader(), importedAssertionElement);
+// sig.appendDKElementToHeader(secHeader);
+// sig.appendSigToHeader(secHeader);
+//
+//
+// System.out.println(envelope);
+//
+//
+// //Create a service client and send the request
+// AxisService service = new AxisService("ping");
+// AxisOperation op = new OutInAxisOperation(new QName("Ping"));
+// service.addChild(op);
+//
+// ServiceClient client = new ServiceClient(ConfigurationContextFactory.createConfigurationContextFromFileSystem(Constants.TESTING_PATH + "rahas_client_repo", null), service);
+//
+//
+// OperationClient opClient = client.createClient(new QName("Ping"));
+// MessageContext mc = new MessageContext();
+// mc.setEnvelope(envelope);
+//
+// client.engageModule(new QName("addressing"));
+// client.engageModule(new QName("rampart"));
+//
+// opClient.addMessageContext(mc);
+//// opClient.getOptions().setTo(new EndpointReference("https://131.107.72.15/PingService/OasisScenario1"));
+// opClient.getOptions().setTo(new EndpointReference("https://207.200.37.116/Ping/Scenario1"));
+//
+// opClient.getOptions().setAction("http://example.org/Ping");
+//// opClient.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, AddressingConstants.Submission.WSA_NAMESPACE);
+//
+// opClient.execute(true);
+// MessageContext response = opClient.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+// System.out.println("------------------------------RESPONSE------------------------------\n" + response.getEnvelope());
+//
+// }
+//
+// private void addPayload(SOAPEnvelope env) {
+// //<Ping xmlns="http://example.org/Ping">Ping</Ping>
+// OMNamespace ns = env.getOMFactory().createOMNamespace("http://example.org/Ping", "");
+// OMElement elem = env.getOMFactory().createOMElement("Ping", ns);
+// elem.setText("Ping");
+//
+// env.getBody().addChild(elem);
+// }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
new file mode 100644
index 0000000..5924f80
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rahas.PWCallback;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+/**
+ * RahasSAMLTokenTest with the WS-SX namespaces
+ */
+public class RahasSAMLTokenV1205Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_12, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
new file mode 100644
index 0000000..d7129d1
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+import javax.xml.namespace.QName;
+
+import junit.framework.TestCase;
+
+
+public class RampartTest extends TestCase {
+
+ public final static int PORT = UtilServer.TESTING_PORT;
+
+ public RampartTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + "rampart_service_repo" ,null);
+ }
+
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+
+ public void testWithPolicy() {
+ try {
+
+ String repo = Constants.TESTING_PATH + "rampart_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.
+ createConfigurationContextFromFileSystem(repo, null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+
+
+ serviceClient.engageModule(new QName("addressing"));
+ serviceClient.engageModule(new QName("rampart"));
+
+ //TODO : figure this out !!
+ boolean basic256Supported = true;
+
+ if(basic256Supported) {
+ System.out.println("\nWARNING: We are using key sizes from JCE " +
+ "Unlimited Strength Jurisdiction Policy !!!");
+ }
+
+ for (int i = 1; i <= 11; i++) { //<-The number of tests we have
+ if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
+ //Skip the Basic256 tests
+ continue;
+ }
+ Options options = new Options();
+ System.out.println("Testing WS-Sec: custom scenario " + i);
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference("http://127.0.0.1:" +
+ PORT +
+ "/axis2/services/SecureService" + i));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
+ loadPolicy("/rampart/policy/" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ }
+
+
+ for (int i = 1; i <= 2; i++) { //<-The number of tests we have
+
+ Options options = new Options();
+ System.out.println("Testing WS-SecConv: custom scenario " + i);
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/rampart/policy/sc-" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ serviceClient.sendReceive(getEchoElement());
+
+ //Cancel the token
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ serviceClient.sendReceive(getEchoElement());
+
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_FALSE);
+ serviceClient.sendReceive(getEchoElement());
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ serviceClient.sendReceive(getEchoElement());
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private OMElement getEchoElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("echo", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, "Testing Rampart with WS-SecPolicy"));
+ method.addChild(value);
+
+ return method;
+ }
+
+ private Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(RampartTest.class.getResourceAsStream(xmlPath));
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+
+
+}
diff --git a/modules/rampart-integration/src/test/resources/conf/axis2.xml b/modules/rampart-integration/src/test/resources/conf/axis2.xml
new file mode 100755
index 0000000..8039da8
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/conf/axis2.xml
@@ -0,0 +1,280 @@
+<axisconfig name="AxisJava2.0">
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+ <parameter name="enableSwA" locked="false">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments" locked="false">true</parameter>
+ <parameter name="attachmentDIR" locked="false"></parameter>
+ <parameter name="sizeThreshold" locked="false">4000</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in seconds-->
+ <parameter name="ConfigContextTimeoutInterval" locked="false">30</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the expcetion-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distingiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+
+ <!--Set the flag to true if you want to enable transport level session mangment-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">false</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+ <!-- If you have a frontend host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl" locked="false">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL" locked="false">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Deafult Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovride this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills us (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname" locked="false">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer" locked="false">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout" locked="false">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay" locked="false">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize" locked="false">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize" locked="false">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime" locked="false">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit" locked="false">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have SMTP transport support-->
+ <!--<transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">-->
+ <!--<parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>-->
+ <!--<parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>-->
+ <!--<parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>-->
+ <!--<parameter name="transport.mail.pop3.port" locked="false">110</parameter>-->
+ <!--<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>-->
+ <!--</transportReceiver>-->
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncommet following paramter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/interop.properties b/modules/rampart-integration/src/test/resources/interop.properties
new file mode 100644
index 0000000..0d6de68
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/interop.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=interop2.jks
+
diff --git a/modules/rampart-integration/src/test/resources/interop2.jks b/modules/rampart-integration/src/test/resources/interop2.jks
new file mode 100644
index 0000000..a7d1a3f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/interop2.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rahas/issuer.properties b/modules/rampart-integration/src/test/resources/rahas/issuer.properties
new file mode 100755
index 0000000..40abfa2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/issuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rahas-sts.jks
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
new file mode 100644
index 0000000..ff9595d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
new file mode 100644
index 0000000..275cbec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/store.jks b/modules/rampart-integration/src/test/resources/rahas/policy/store.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/store.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
new file mode 100644
index 0000000..7827334
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
@@ -0,0 +1,66 @@
+<wsp:Policy wsu:Id="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
new file mode 100644
index 0000000..a539223
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
new file mode 100644
index 0000000..357b1ec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
@@ -0,0 +1,63 @@
+<wsp:Policy wsu:Id="2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties b/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties
new file mode 100755
index 0000000..9a97673
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rahas/rahas-sts.jks
+
diff --git a/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks b/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rahas/s1-services.xml b/modules/rampart-integration/src/test/resources/rahas/s1-services.xml
new file mode 100644
index 0000000..1bc8b06
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/s1-services.xml
@@ -0,0 +1,74 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <signaturePropFile>issuer.properties</signaturePropFile>
+ <decryptionPropFile>issuer.properties</decryptionPropFile>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>ip</user>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile xmlns="">issuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rahas/s3-services.xml b/modules/rampart-integration/src/test/resources/rahas/s3-services.xml
new file mode 100644
index 0000000..5d81ffd
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/s3-services.xml
@@ -0,0 +1,70 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ <user>ip</user>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties b/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties
new file mode 100644
index 0000000..90487b1
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties
@@ -0,0 +1,9 @@
+org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
+org.apache.ws.security.saml.issuer.cryptoProp.file=sctIssuer.properties
+org.apache.ws.security.saml.issuer.key.name=bob
+org.apache.ws.security.saml.issuer.key.password=security
+org.apache.ws.security.saml.issuer=www.example.com
+org.apache.ws.security.saml.subjectNameId.name=uid=joe,ou=people,ou=saml-demo,o=example.com
+org.apache.ws.security.saml.subjectNameId.qualifier=www.example.com
+org.apache.ws.security.saml.authenticationMethod=password
+#org.apache.ws.security.saml.confirmationMethod=senderVouches
diff --git a/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties b/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-integration/src/test/resources/rahas/sec.jks b/modules/rampart-integration/src/test/resources/rahas/sec.jks
new file mode 100755
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/sec.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rampart/issuer.properties b/modules/rampart-integration/src/test/resources/rampart/issuer.properties
new file mode 100755
index 0000000..51d7b00
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/issuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rampart/store.jks
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
new file mode 100644
index 0000000..0ac2b8c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
@@ -0,0 +1,52 @@
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/10.xml b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
new file mode 100644
index 0000000..ddd0585
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <!--No timestamp test-->
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/11.xml b/modules/rampart-integration/src/test/resources/rampart/policy/11.xml
new file mode 100644
index 0000000..704b32b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/11.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigEncrXPath" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
+ </sp:EncryptedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
new file mode 100644
index 0000000..a3bf1bb
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
new file mode 100644
index 0000000..651188d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/4.xml b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
new file mode 100644
index 0000000..4ad5d3b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/5.xml b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
new file mode 100644
index 0000000..368d94e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/6.xml b/modules/rampart-integration/src/test/resources/rampart/policy/6.xml
new file mode 100644
index 0000000..5a0092f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/6.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/7.xml b/modules/rampart-integration/src/test/resources/rampart/policy/7.xml
new file mode 100644
index 0000000..e1a4548
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/7.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/8.xml b/modules/rampart-integration/src/test/resources/rampart/policy/8.xml
new file mode 100644
index 0000000..fb2a6b0
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/8.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/9.xml b/modules/rampart-integration/src/test/resources/rampart/policy/9.xml
new file mode 100644
index 0000000..8545c0f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/9.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
new file mode 100644
index 0000000..9739b9b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
@@ -0,0 +1,123 @@
+<wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml
new file mode 100644
index 0000000..f3311cf
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml
@@ -0,0 +1,131 @@
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
new file mode 100644
index 0000000..aa00dea
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
@@ -0,0 +1,51 @@
+<service name="SecureService1">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-10.xml b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
new file mode 100644
index 0000000..d101098
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
@@ -0,0 +1,76 @@
+<service name="SecureService10">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <!--sp:IncludeTimestamp/-->
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-11.xml b/modules/rampart-integration/src/test/resources/rampart/services-11.xml
new file mode 100644
index 0000000..8866ea2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-11.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService11">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrXPath" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
+ </sp:EncryptedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-2.xml b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
new file mode 100644
index 0000000..d03d8a4
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
@@ -0,0 +1,76 @@
+<service name="SecureService2">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
new file mode 100644
index 0000000..e231681
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
@@ -0,0 +1,88 @@
+<service name="SecureService3">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-4.xml b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
new file mode 100644
index 0000000..dfe5e62
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
@@ -0,0 +1,89 @@
+<service name="SecureService4">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-5.xml b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
new file mode 100644
index 0000000..807f41c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
@@ -0,0 +1,89 @@
+<service name="SecureService5">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-6.xml b/modules/rampart-integration/src/test/resources/rampart/services-6.xml
new file mode 100644
index 0000000..bc656ec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-6.xml
@@ -0,0 +1,86 @@
+<service name="SecureService6">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-7.xml b/modules/rampart-integration/src/test/resources/rampart/services-7.xml
new file mode 100644
index 0000000..5b14f7b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-7.xml
@@ -0,0 +1,89 @@
+<service name="SecureService7">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-8.xml b/modules/rampart-integration/src/test/resources/rampart/services-8.xml
new file mode 100644
index 0000000..92d8f72
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-8.xml
@@ -0,0 +1,89 @@
+<service name="SecureService8">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-9.xml b/modules/rampart-integration/src/test/resources/rampart/services-9.xml
new file mode 100644
index 0000000..6654929
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-9.xml
@@ -0,0 +1,87 @@
+<service name="SecureService9">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
new file mode 100644
index 0000000..e3e029c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
@@ -0,0 +1,176 @@
+<service name="SecureServiceSC1">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml
new file mode 100644
index 0000000..b6207cf
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml
@@ -0,0 +1,186 @@
+<service name="SecureServiceSC2">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/store.jks b/modules/rampart-integration/src/test/resources/rampart/store.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/store.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rampart/sts.jks b/modules/rampart-integration/src/test/resources/rampart/sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/sts.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/sctIssuer.properties b/modules/rampart-integration/src/test/resources/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-integration/src/test/resources/sec.jks b/modules/rampart-integration/src/test/resources/sec.jks
new file mode 100755
index 0000000..7af24b2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sec.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/sec.properties b/modules/rampart-integration/src/test/resources/sec.properties
new file mode 100755
index 0000000..3c3298d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sec.jks
+
diff --git a/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml
new file mode 100644
index 0000000..f8738e6
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml
@@ -0,0 +1,133 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- Test with addressing and MTOM: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>bob</encryptionUser>
+ <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Test with addressing and MTOM: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
new file mode 100644
index 0000000..c1680c9
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
@@ -0,0 +1,148 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+ <parameter name="enableMTOM" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the addressing module -->
+ <module ref="addressing"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/complete.service.xml b/modules/rampart-integration/src/test/resources/security/complete.service.xml
new file mode 100644
index 0000000..6782fd5
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/complete.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>alice</encryptionUser>
+ <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml
new file mode 100644
index 0000000..af0bed0
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml
@@ -0,0 +1,110 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 1: Client's Configuration:START-->
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <user>Chris</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ </action>
+ </parameter>
+ <!-- Scenario 1: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
new file mode 100644
index 0000000..07674c3
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s1.service.xml b/modules/rampart-integration/src/test/resources/security/s1.service.xml
new file mode 100644
index 0000000..d6afa98
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s1.service.xml
@@ -0,0 +1,15 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml
new file mode 100644
index 0000000..16ee305
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml
@@ -0,0 +1,118 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 2: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken Encrypt</items>
+ <user>Chris</user>
+ <addUTElements>Nonce Created</addUTElements>
+ <encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
+ <encryptionUser>bob</encryptionUser>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ </action>
+ </parameter>
+
+ <!-- Scenario 2: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
new file mode 100644
index 0000000..fc44410
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2.service.xml b/modules/rampart-integration/src/test/resources/security/s2.service.xml
new file mode 100644
index 0000000..77c8eac
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml
new file mode 100644
index 0000000..494f4c5
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml
@@ -0,0 +1,116 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 2: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameTokenSignature Encrypt Timestamp</items>
+ <user>Chris</user>
+ <encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
+ <encryptionUser>bob</encryptionUser>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ </action>
+ </parameter>
+
+ <!-- Scenario 2: Client's Configuration:END-->
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+<phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
new file mode 100644
index 0000000..a27d32c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.xml
new file mode 100644
index 0000000..d2e7727
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameTokenSignature UsernameToken Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml
new file mode 100644
index 0000000..9cc2819
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml
@@ -0,0 +1,127 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 3: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <!-- Scenario 3: Client's Configuration:END-->
+
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
new file mode 100644
index 0000000..f11dde5
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+<phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s3.service.xml b/modules/rampart-integration/src/test/resources/security/s3.service.xml
new file mode 100644
index 0000000..12cf1c7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s3.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
new file mode 100644
index 0000000..7964d12
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
@@ -0,0 +1,124 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 4: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 4: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
new file mode 100644
index 0000000..1d6c0ca
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.xml b/modules/rampart-integration/src/test/resources/security/s4.service.xml
new file mode 100644
index 0000000..7f422a9
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.xml
@@ -0,0 +1,30 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
new file mode 100644
index 0000000..108bcf5
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
@@ -0,0 +1,122 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 5: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+
+ <action>
+ <items>Signature NoSerialization</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signatureParts>{}{http://xmlsoap.org/Ping}ticket</signatureParts>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+
+ <action>
+ <items>Signature Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+
+ </parameter>
+
+ <!-- Scenario 5: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
new file mode 100644
index 0000000..eb24922
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s5.service.xml b/modules/rampart-integration/src/test/resources/security/s5.service.xml
new file mode 100644
index 0000000..6c9089d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s5.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml
new file mode 100644
index 0000000..81c941c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml
@@ -0,0 +1,125 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 6: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 6: Client's Configuration:END-->
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
new file mode 100644
index 0000000..eb24922
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s6.service.xml b/modules/rampart-integration/src/test/resources/security/s6.service.xml
new file mode 100644
index 0000000..c67c3d8
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s6.service.xml
@@ -0,0 +1,29 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml
new file mode 100644
index 0000000..5ce9e5a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml
@@ -0,0 +1,126 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 7: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform</signatureParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 7: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
new file mode 100644
index 0000000..57786d1
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s7.service.xml b/modules/rampart-integration/src/test/resources/security/s7.service.xml
new file mode 100644
index 0000000..f8111e7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s7.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml
new file mode 100644
index 0000000..8721034
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml
@@ -0,0 +1,108 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario ST1: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp SAMLTokenUnsigned</items>
+ <samlPropFile>axis2.saml.properties</samlPropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario ST1: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
new file mode 100644
index 0000000..d1dbcb2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.service.xml b/modules/rampart-integration/src/test/resources/security/sST1.service.xml
new file mode 100644
index 0000000..1bb5dc7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sST1.service.xml
@@ -0,0 +1,14 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp SAMLTokenUnsigned</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml
new file mode 100644
index 0000000..1d92054
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml
@@ -0,0 +1,84 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <!-- <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </sct-issuer-config>
+ </parameter>-->
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <addRequestedAttachedRef/>
+ <addRequestedUnattachedRef/>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>EncryptedKey</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml
new file mode 100644
index 0000000..8c942a6
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml
@@ -0,0 +1,64 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml
new file mode 100644
index 0000000..754a0ca
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml
@@ -0,0 +1,66 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml
new file mode 100644
index 0000000..50b850a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml
@@ -0,0 +1,67 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties b/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sec.jks b/modules/rampart-integration/src/test/resources/security/sc/sec.jks
new file mode 100755
index 0000000..7af24b2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sec.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sec.properties b/modules/rampart-integration/src/test/resources/security/sc/sec.properties
new file mode 100755
index 0000000..3c3298d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sec.jks
+
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sts.jks b/modules/rampart-integration/src/test/resources/security/sc/sts.jks
new file mode 100644
index 0000000..2db0a7c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sts.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml
new file mode 100644
index 0000000..52f80c7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml
@@ -0,0 +1,126 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 3 with MTOM: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>bob</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 3 with MTOM: Client's Configuration:END-->
+
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
new file mode 100644
index 0000000..7c83d87
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
@@ -0,0 +1,141 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+ <parameter name="enableMTOM" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.engine.RequestURIOperationDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.service.xml b/modules/rampart-integration/src/test/resources/security/secMtom.service.xml
new file mode 100644
index 0000000..45f7a1f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>alice</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/sts.jks b/modules/rampart-integration/src/test/resources/sts.jks
new file mode 100644
index 0000000..2db0a7c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sts.jks
Binary files differ
diff --git a/modules/rampart-mar/module.xml b/modules/rampart-mar/module.xml
new file mode 100644
index 0000000..8482ba9
--- /dev/null
+++ b/modules/rampart-mar/module.xml
@@ -0,0 +1,29 @@
+<module name="rampart" class="org.apache.rampart.Rampart">
+
+ <Description>This module provides the WS-Security and WS-SecureConversation
+ functionalities for Axis2, based on Apache WSS4J, Apache XML-Security
+ and Apache Rahas implementations.
+ </Description>
+
+ <InFlow>
+ <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
+ <order phase="Security" phaseFirst="true"/>
+ </handler>
+ <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
+ <order phase="Security"/>
+ </handler>
+ </InFlow>
+
+ <OutFlow>
+ <handler name="SecurityOutHandler" class="org.apache.rampart.handler.WSDoAllSender">
+ <order phase="Security"/>
+ </handler>
+ <handler name="PolicyBasedSecurityOutHandler" class="org.apache.rampart.handler.RampartSender">
+ <order phase="Security" phaseLast="true"/>
+ </handler>
+ </OutFlow>
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <local-policy-assertions>
+ <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy" />
+ </local-policy-assertions>
+</module>
diff --git a/modules/rampart-mar/pom.xml b/modules/rampart-mar/pom.xml
new file mode 100644
index 0000000..74f2fb4
--- /dev/null
+++ b/modules/rampart-mar/pom.xml
@@ -0,0 +1,105 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <packaging>mar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Mar</name>
+
+ <scm>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.2</version>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>apache-m2</id>
+ <name>Apache M2 Repository</name>
+ <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Snapshots Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
diff --git a/modules/rampart-policy/pom.xml b/modules/rampart-policy/pom.xml
new file mode 100644
index 0000000..d177fef
--- /dev/null
+++ b/modules/rampart-policy/pom.xml
@@ -0,0 +1,50 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.21</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-policy</artifactId>
+ <packaging>jar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Policy</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..ddebc4b
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,22 @@
+org.apache.ws.secpolicy.builders.AlgorithmSuiteBuilder
+org.apache.ws.secpolicy.builders.AsymmetricBindingBuilder
+org.apache.ws.secpolicy.builders.EncryptedElementsBuilder
+org.apache.ws.secpolicy.builders.EncryptedPartsBuilder
+org.apache.ws.secpolicy.builders.InitiatorTokenBuilder
+org.apache.ws.secpolicy.builders.LayoutBuilder
+org.apache.ws.secpolicy.builders.ProtectionTokenBuilder
+org.apache.ws.secpolicy.builders.RecipientTokenBuilder
+org.apache.ws.secpolicy.builders.SignedElementsBuilder
+org.apache.ws.secpolicy.builders.SignedPartsBuilder
+org.apache.ws.secpolicy.builders.SupportingTokensBuilder
+org.apache.ws.secpolicy.builders.TransportBindingBuilder
+org.apache.ws.secpolicy.builders.TransportTokenBuilder
+org.apache.ws.secpolicy.builders.UsernameTokenBuilder
+org.apache.ws.secpolicy.builders.WSS10Builder
+org.apache.ws.secpolicy.builders.WSS11Builder
+org.apache.ws.secpolicy.builders.X509TokenBuilder
+org.apache.ws.secpolicy.builders.Trust10Builder
+org.apache.ws.secpolicy.builders.SecurityContextTokenBuilder
+org.apache.ws.secpolicy.builders.SecureConversationTokenBuilder
+org.apache.ws.secpolicy.builders.SymmetricBindingBuilder
+org.apache.ws.secpolicy.builders.IssuedTokenBuilder
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
new file mode 100644
index 0000000..be7066a
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
@@ -0,0 +1,435 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+import javax.xml.namespace.QName;
+
+public class Constants {
+
+ public static final String P_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+
+ public static final String P_PREFIX = "wsp";
+
+ public static final QName POLICY = new QName(P_NS, "Policy", P_PREFIX);
+
+ public final static String SP_NS = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+
+ public final static String SP_PREFIX = "sp";
+
+ public final static String ATTR_INCLUDE_TOKEN = "IncludeToken";
+
+ public final static String INCLUDE_NEVER = Constants.SP_NS
+ + "/IncludeToken/Never";
+
+ public final static String INCLUDE_ONCE = Constants.SP_NS
+ + "/IncludeToken/Once";
+
+ public final static String INCLUDE_ALWAYS_TO_RECIPIENT = Constants.SP_NS
+ + "/IncludeToken/AlwaysToRecipient";
+
+ public final static String INCLUDE_ALWAYS = Constants.SP_NS
+ + "/IncludeToken/Always";
+
+ public final static int SUPPORTING_TOKEN_SUPPORTING = 1;
+
+ public final static int SUPPORTING_TOKEN_ENDORSING = 2;
+
+ public final static int SUPPORTING_TOKEN_SIGNED = 3;
+
+ public final static int SUPPORTING_TOKEN_SIGNED_ENDORSING = 4;
+
+ /**
+ * Security Header Layout : Strict
+ */
+ public final static String LAYOUT_STRICT = "Strict";
+
+ /**
+ * Security Header Layout : Lax
+ */
+ public final static String LAYOUT_LAX = "Lax";
+
+ /**
+ * Security Header Layout : LaxTimestampFirst
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_FIRST = "LaxTimestampFirst";
+
+ /**
+ * Security Header Layout : LaxTimestampLast
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_LAST = "LaxTimestampLast";
+
+ /**
+ * Protection Order : EncryptBeforeSigning
+ */
+ public final static String ENCRYPT_BEFORE_SIGNING = "EncryptBeforeSigning";
+
+ /**
+ * Protection Order : SignBeforeEncrypting
+ */
+ public final static String SIGN_BEFORE_ENCRYPTING = "SignBeforeEncrypting";
+
+ public final static String ONLY_SIGN_ENTIRE_HEADERS_AND_BODY = "OnlySignEntireHeadersAndBody";
+
+ public final static String WSS_X509_V1_TOKEN10 = "WssX509V1Token10";
+
+ public final static String WSS_X509_V3_TOKEN10 = "WssX509V3Token10";
+
+ public final static String WSS_X509_PKCS7_TOKEN10 = "WssX509Pkcs7Token10";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN10 = "WssX509PkiPathV1Token10";
+
+ public final static String WSS_X509_V1_TOKEN11 = "WssX509V1Token11";
+
+ public final static String WSS_X509_V3_TOKEN11 = "WssX509V3Token11";
+
+ public final static String WSS_X509_PKCS7_TOKEN11 = "WssX509Pkcs7Token11";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN11 = "WssX509PkiPathV1Token11";
+
+ // /
+ // /Algorithm Suites
+ // /
+ public final static String ALGO_SUITE_BASIC256 = "Basic256";
+
+ public final static String ALGO_SUITE_BASIC192 = "Basic192";
+
+ public final static String ALGO_SUITE_BASIC128 = "Basic128";
+
+ public final static String ALGO_SUITE_TRIPLE_DES = "TripleDes";
+
+ public final static String ALGO_SUITE_BASIC256_RSA15 = "Basic256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_RSA15 = "Basic192Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_RSA15 = "Basic128Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_RSA15 = "TripleDesRsa15";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256 = "Basic256Sha256";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256 = "Basic192Sha256";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256 = "Basic128Sha256";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256 = "TripleDesSha256";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256_RSA15 = "Basic256Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256_RSA15 = "Basic192Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256_RSA15 = "Basic128Sha256Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256_RSA15 = "TripleDesSha256Rsa15";
+
+ // /
+ // /Algorithms
+ // /
+ public final static String HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+
+ public final static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
+
+ public final static String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
+
+ public final static String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
+
+ public final static String AES128 = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+
+ public final static String AES192 = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+
+ public final static String AES256 = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+
+ public final static String TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+ public final static String KW_AES128 = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
+
+ public final static String KW_AES192 = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
+
+ public final static String KW_AES256 = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
+
+ public final static String KW_TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
+
+ public final static String KW_RSA_OAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+
+ public final static String KW_RSA15 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+
+ public final static String P_SHA1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L128 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L192 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L256 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String XPATH = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
+ public final static String XPATH20 = "http://www.w3.org/2002/06/xmldsig-filter2";
+
+ public final static String C14N = "http://www.w3.org/2001/10/xml-c14n#";
+
+ public final static String EX_C14N = "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+ public final static String SNT = "http://www.w3.org/TR/soap12-n11n";
+
+ public final static String STRT10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
+
+ // //////////////////////////////////////////////////////////////////////
+
+ public static final String INCLUSIVE_C14N = "InclusiveC14N";
+
+ public static final String SOAP_NORMALIZATION_10 = "SoapNormalization10";
+
+ public static final String STR_TRANSFORM_10 = "STRTransform10";
+
+ public static final String XPATH10 = "XPath10";
+
+ public static final String XPATH_FILTER20 = "XPathFilter20";
+
+ // /////////////////////////////////////////////////////////////////////
+
+ public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, "XPathVersion", Constants.SP_PREFIX);
+
+ ////////////////////////////////////////////////////////////////////////
+ public static final QName INCLUDE_TOKEN = new QName(SP_NS, "IncludeToken",
+ Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_BINDING = new QName(SP_NS,
+ "TransportBinding", Constants.SP_PREFIX);
+
+ public static final QName ALGORITHM_SUITE = new QName(SP_NS,
+ "AlgorithmSuite", Constants.SP_PREFIX);
+
+ public static final QName LAYOUT = new QName(SP_NS, "Layout", SP_PREFIX);
+
+ // ///////////////////
+
+ public static final QName STRICT = new QName(Constants.SP_NS, "Strict",
+ Constants.SP_PREFIX);
+
+ public static final QName LAX = new QName(Constants.SP_NS, "Lax",
+ Constants.SP_PREFIX);
+
+ public static final QName LAXTSFIRST = new QName(Constants.SP_NS,
+ "LaxTsFirst", Constants.SP_PREFIX);
+
+ public static final QName LAXTSLAST = new QName(Constants.SP_NS,
+ "LaxTsLast", Constants.SP_PREFIX);
+
+ // ////////////////
+
+ public static final QName INCLUDE_TIMESTAMP = new QName(SP_NS,
+ "IncludeTimestamp", Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_TOKEN = new QName(SP_NS,
+ "TransportToken", Constants.SP_PREFIX);
+
+ public static final QName HTTPS_TOKEN = new QName(Constants.SP_NS,
+ "HttpsToken", Constants.SP_PREFIX);
+
+ public static final QName SECURITY_CONTEXT_TOKEN = new QName(
+ Constants.SP_NS, "SecurityContextToken", Constants.SP_PREFIX);
+
+ public static final QName SECURE_CONVERSATION_TOKEN = new QName(
+ Constants.SP_NS, "SecureConversationToken", Constants.SP_PREFIX);
+
+ public static final QName SIGNATURE_TOKEN = new QName(Constants.SP_NS,
+ "SignatureToken", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_PARTS = new QName(Constants.SP_NS,
+ "SignedParts", Constants.SP_PREFIX);
+
+ public static final QName USERNAME_TOKEN = new QName(Constants.SP_NS,
+ "UsernameToken", Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN10 = new QName(Constants.SP_NS,
+ "WssUsernameToken10", Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN11 = new QName(Constants.SP_NS,
+ "WssUsernameToken11", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_PARTS = new QName(Constants.SP_NS,
+ "EncryptedParts", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ELEMENTS = new QName(Constants.SP_NS,
+ "SignedElements", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_ELEMENTS = new QName(Constants.SP_NS,
+ "EncryptedElements", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTION_TOKEN = new QName(Constants.SP_NS,
+ "EncryptionToken", Constants.SP_PREFIX);
+
+ public static final QName X509_TOKEN = new QName(Constants.SP_NS,
+ "X509Token", Constants.SP_PREFIX);
+
+ public static final QName ISSUED_TOKEN = new QName(Constants.SP_NS,
+ "IssuedToken", Constants.SP_PREFIX);
+
+ public static final QName SUPPORIING_TOKENS = new QName(Constants.SP_NS,
+ "SupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "SignedSupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName ENDORSING_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "EndorsingSupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENDORSING_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "SignedEndorsingSupportingTokens",
+ Constants.SP_PREFIX);
+
+ public static final QName PROTECTION_TOKEN = new QName(Constants.SP_NS,
+ "ProtectionToken", Constants.SP_PREFIX);
+
+ public static final QName ASYMMETRIC_BINDING = new QName(Constants.SP_NS,
+ "AsymmetricBinding", Constants.SP_PREFIX);
+
+ public static final QName SYMMETRIC_BINDING = new QName(Constants.SP_NS,
+ "SymmetricBinding", Constants.SP_PREFIX);
+
+ public static final QName INITIATOR_TOKEN = new QName(Constants.SP_NS,
+ "InitiatorToken", Constants.SP_PREFIX);
+
+ public static final QName RECIPIENT_TOKEN = new QName(Constants.SP_NS,
+ "RecipientToken", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPT_SIGNATURE = new QName(Constants.SP_NS,
+ "EncryptSignature", Constants.SP_PREFIX);
+
+ public static final QName PROTECT_TOKENS = new QName(Constants.SP_NS,
+ "ProtectTokens", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KEY_IDENTIFIRE_REFERENCE = new QName(
+ Constants.SP_NS, "RequireKeyIdentifireReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_ISSUER_SERIAL_REFERENCE = new QName(
+ Constants.SP_NS, "RequireIssuerSerializerReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EMBEDDED_TOKEN_REFERENCE = new QName(
+ Constants.SP_NS, "RequireEmbeddedTokenReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_THUMBPRINT_REFERENCE = new QName(
+ Constants.SP_NS, "RequireThumbprintReference", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_10 = new QName(Constants.SP_NS,
+ "WssX509V1Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_10 = new QName(Constants.SP_NS,
+ "WssX509V3Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_10 = new QName(
+ Constants.SP_NS, "WssX509Pkcs7Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_10 = new QName(
+ Constants.SP_NS, "WssX509PkiPathV1Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_11 = new QName(Constants.SP_NS,
+ "WssX509V1Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_11 = new QName(Constants.SP_NS,
+ "WssX509V3Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_11 = new QName(
+ Constants.SP_NS, "WssX509Pkcs7Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_11 = new QName(
+ Constants.SP_NS, "WssX509PkiPathV1Token11", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_KEY_IDENTIFIER = new QName(
+ Constants.SP_NS, "MustSupportRefKeyIdentifier", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ISSUER_SERIAL = new QName(
+ Constants.SP_NS, "MustSupportRefIssuerSerial", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EXTERNAL_URI = new QName(
+ Constants.SP_NS, "MustSupportRefExternalURI", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EMBEDDED_TOKEN = new QName(
+ Constants.SP_NS, "MustSupportRefEmbeddedToken", Constants.SP_PREFIX);
+
+ public static final QName WSS10 = new QName(Constants.SP_NS, "Wss10",
+ Constants.SP_PREFIX);
+
+ public static final QName WSS11 = new QName(Constants.SP_NS, "Wss11",
+ Constants.SP_PREFIX);
+
+ public static final QName TRUST_10 = new QName(Constants.SP_NS, "Trust10",
+ Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_THUMBPRINT = new QName(
+ Constants.SP_NS, "MustSupportRefThumbprint", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ENCRYPTED_KEY = new QName(
+ Constants.SP_NS, "MustSupportRefEncryptedkey", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SIGNATURE_CONFIRMATION = new QName(
+ Constants.SP_NS, "RequireSignatureConfirmation",
+ Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_CLIENT_CHALLENGE = new QName(
+ Constants.SP_NS, "MustSupportClientChanllenge", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_SERVER_CHALLENGE = new QName(
+ Constants.SP_NS, "MustSupportServerChanllenge", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_CLIENT_ENTROPY = new QName(
+ Constants.SP_NS, "RequireClientEntropy", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SERVER_ENTROPY = new QName(
+ Constants.SP_NS, "RequireServerEntropy", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_ISSUED_TOKENS = new QName(
+ Constants.SP_NS, "MustSupportIssuedTokens", Constants.SP_PREFIX);
+
+ public static final QName ISSUER = new QName(Constants.SP_NS, "Issuer",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_DERIVED_KEYS = new QName(Constants.SP_NS,
+ "RequireDerivedKeys", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_URI_REFERNCE = new QName(
+ Constants.SP_NS, "RequireExternalUriReference", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_REFERNCE = new QName(
+ Constants.SP_NS, "RequireExternalReference", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_INTERNAL_REFERNCE = new QName(
+ Constants.SP_NS, "RequireInternalReference", Constants.SP_PREFIX);
+
+ public static final QName REQUEST_SECURITY_TOKEN_TEMPLATE = new QName(
+ Constants.SP_NS, "RequestSecurityTokenTemplate",
+ Constants.SP_PREFIX);
+
+ public static final QName SC10_SECURITY_CONTEXT_TOKEN = new QName(
+ Constants.SP_NS, "SC10SecurityContextToken", Constants.SP_PREFIX);
+
+ public static final QName BOOTSTRAP_POLICY = new QName(Constants.SP_NS,
+ "BootstrapPolicy", Constants.SP_PREFIX);
+
+ public static final QName RST_TEMPLATE = new QName(Constants.SP_NS,
+ "RequestSecurityTokenTemplate", Constants.SP_PREFIX);
+
+ public final static QName REQUIRE_CLIENT_CERTIFICATE = new QName(
+ "RequireClientCertificate");
+
+ public final static QName XPATH_ = new QName(Constants.SP_NS, "XPath",
+ Constants.SP_PREFIX);
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
new file mode 100644
index 0000000..7f7ef32
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+public class WSSPolicyException extends Exception {
+
+ private static final long serialVersionUID = 5904800255533588133L;
+
+ public WSSPolicyException(String message, Throwable e) {
+ super(message, e);
+ }
+
+ public WSSPolicyException(String message) {
+ super(message);
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java
new file mode 100644
index 0000000..9613b32
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+
+import javax.xml.namespace.QName;
+
+public class AlgorithmSuiteBuilder implements AssertionBuilder {
+
+ public static final String INCLUSIVE_C14N = "InclusiveC14N";
+ public static final String SOAP_NORMALIZATION_10 = "SoapNormalization10";
+ public static final String STR_TRANSFORM_10 = "STRTransform10";
+ public static final String XPATH10 = "XPath10";
+ public static final String XPATH_FILTER20 = "XPathFilter20";
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite();
+
+ OMElement policyElem = element.getFirstElement();
+ algorithmSuite.setAlgorithmSuite(policyElem.getFirstElement().getLocalName());
+
+ return algorithmSuite;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.ALGORITHM_SUITE};
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..ab41eff
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.RecipientToken;
+
+public class AsymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ AsymmetricBinding asymmetricBinding = new AsymmetricBinding();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), asymmetricBinding);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return asymmetricBinding;
+ }
+
+ private void processAlternative(List assertions, AsymmetricBinding asymmetricBinding) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.INITIATOR_TOKEN.equals(name)) {
+ asymmetricBinding.setInitiatorToken((InitiatorToken) assertion);
+
+ } else if (Constants.RECIPIENT_TOKEN.equals(name)){
+ asymmetricBinding.setRecipientToken((RecipientToken) assertion);
+
+ } else if (Constants.ALGORITHM_SUITE.equals(name)) {
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (Constants.LAYOUT.equals(name)) {
+ asymmetricBinding.setLayout((Layout) assertion);
+
+ } else if (Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ asymmetricBinding.setIncludeTimestamp(true);
+
+ } else if (Constants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
+ asymmetricBinding.setProtectionOrder(Constants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (Constants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
+ asymmetricBinding.setProtectionOrder(Constants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ asymmetricBinding.setSignatureProtection(true);
+
+ } else if (Constants.PROTECT_TOKENS.equals(name)) {
+ asymmetricBinding.setTokenProtection(true);
+
+ } else if (Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
+ asymmetricBinding.setEntireHeadersAndBodySignatures(true);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[]{Constants.ASYMMETRIC_BINDING};
+ }
+
+}
+
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java
new file mode 100644
index 0000000..bc0d982
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class EncryptedElementsBuilder implements AssertionBuilder {
+
+ public static final QName ATTR_XPATH_VERSION = new QName(Constants.SP_NS, "XPathVersion");
+ public static final QName XPATH = new QName(Constants.SP_NS, "XPath");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(false);
+
+ OMAttribute attribute = element.getAttribute(ATTR_XPATH_VERSION);
+ if (attribute != null) {
+ signedEncryptedElements.setXPathVersion(attribute.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.ENCRYPTED_ELEMENTS};
+ }
+
+
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ if (XPATH.equals(element.getQName())) {
+ parent.addXPathExpression(element.getText());
+ }
+ }
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java
new file mode 100644
index 0000000..efc8e87
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class EncryptedPartsBuilder implements AssertionBuilder {
+
+ public static final QName HEADER = new QName(Constants.SP_NS, "Header");
+ public static final QName NAME = new QName(Constants.SP_NS, "Name");
+ public static final QName NAMESPACE = new QName(Constants.SP_NS, "Namespace");
+ public static final QName BODY = new QName(Constants.SP_NS, "Body");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(false);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedParts);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.ENCRYPTED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ } else if (BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java
new file mode 100644
index 0000000..6657d06
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class InitiatorTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ InitiatorToken initiatorToken = new InitiatorToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), initiatorToken);
+ break; // TODO process all the token that must be set ..
+ }
+
+ return initiatorToken;
+ }
+
+ private void processAlternative(List assertions, InitiatorToken parent) {
+
+ Object token;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ token = iterator.next();
+
+ if (token instanceof Token) {
+ parent.setInitiatorToken((Token) token);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.INITIATOR_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java
new file mode 100644
index 0000000..74904fa
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class IssuedTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ IssuedToken issuedToken = new IssuedToken();
+
+ // Extract Issuer
+ OMElement issuerElem = element.getFirstChildWithName(Constants.ISSUER);
+ if (issuerElem != null && issuerElem.getFirstElement() != null) {
+ issuedToken.setIssuerEpr(issuerElem.getFirstElement());
+ }
+
+ // Extract RSTTemplate
+ OMElement rstTmplElem = element.getFirstChildWithName(Constants.ISSUER);
+ if (rstTmplElem != null) {
+ issuedToken.setIssuerEpr(rstTmplElem);
+ }
+
+ OMElement policyElement = element.getFirstElement();
+
+ if (policyElement != null
+ && policyElement.getQName().equals(
+ org.apache.neethi.Constants.Q_ELEM_POLICY)) {
+
+ Policy policy = PolicyEngine.getPolicy(policyElement);
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), issuedToken);
+ break; // since there should be only one alternative ..
+ }
+ }
+
+ return issuedToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { Constants.ISSUED_TOKEN };
+ }
+
+ private void processAlternative(List assertions, IssuedToken parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.REQUIRE_DERIVED_KEYS.equals(name)) {
+ parent.setDerivedKeys(true);
+ } else if (Constants.REQUIRE_EXTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireExternalReference(true);
+ } else if (Constants.REQUIRE_INTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireInternalReference(true);
+ }
+ }
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java
new file mode 100644
index 0000000..6899bb6
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Layout;
+
+public class LayoutBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ Layout layout = new Layout();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext(); ) {
+ processAlternative((List) iterator.next(), layout);
+ break; // there should be only one alternative
+ }
+
+ return layout;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.LAYOUT};
+ }
+
+ public void processAlternative(List assertions, Layout parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (Constants.STRICT.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_STRICT);
+ } else if (Constants.LAX.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_LAX);
+ } else if (Constants.LAXTSFIRST.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_LAX_TIMESTAMP_FIRST);
+ } else if (Constants.LAXTSLAST.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_LAX_TIMESTAMP_LAST);
+ }
+
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java
new file mode 100644
index 0000000..59f0f1d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class ProtectionTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ ProtectionToken protectionToken = new ProtectionToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), protectionToken);
+ break; // since there should be only one alternative ..
+ }
+
+ return protectionToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.PROTECTION_TOKEN};
+ }
+
+ private void processAlternative(List assertions, ProtectionToken parent) {
+ Object token = assertions.get(0);
+
+ if (token instanceof Token) {
+ parent.setToken((Token) token);
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java
new file mode 100644
index 0000000..81667c5
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class RecipientTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ RecipientToken recipientToken = new RecipientToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), recipientToken);
+
+ /*
+ * for the moment we will pick the first token specified in the policy
+ */
+ break;
+ }
+
+ return recipientToken;
+ }
+
+ private void processAlternative(List assertions, RecipientToken parent) {
+
+ Assertion assertion;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+
+ if (assertion instanceof Token) {
+ parent.setToken((Token) assertion);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.RECIPIENT_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java
new file mode 100644
index 0000000..85386d9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+
+public class SecureConversationTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ SecureConversationToken conversationToken = new SecureConversationToken();
+
+ OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if (attribute == null) {
+ throw new IllegalArgumentException(
+ "SecurityContextToken doesn't contain any sp:IncludeToken attribute");
+ }
+
+ String inclusionValue = attribute.getAttributeValue().trim();
+
+ if (inclusionValue.endsWith(Constants.INCLUDE_NEVER)) {
+ conversationToken.setInclusion(Constants.INCLUDE_NEVER);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ONCE)) {
+ conversationToken.setInclusion(Constants.INCLUDE_ONCE);
+
+ } else if (inclusionValue
+ .endsWith(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)) {
+ conversationToken.setInclusion(Constants.INCLUDE_ALWAYS_TO_RECIPIENT);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ALWAYS)) {
+ conversationToken.setInclusion(Constants.INCLUDE_ALWAYS);
+ }
+
+ OMElement issuer = element.getFirstChildWithName(Constants.ISSUER);
+ if ( issuer != null) {
+ conversationToken.setIssuerEpr(issuer.getFirstElement());
+ }
+
+ element = element.getFirstChildWithName(Constants.POLICY);
+ if (element != null) {
+ if (element.getFirstChildWithName(Constants.REQUIRE_DERIVED_KEYS) != null) {
+ conversationToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ conversationToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ conversationToken.setSc10SecurityContextToken(true);
+ }
+
+ OMElement bootstrapPolicyElement = element.getFirstChildWithName(Constants.BOOTSTRAP_POLICY);
+ if (bootstrapPolicyElement != null) {
+ Policy policy = PolicyEngine.getPolicy(bootstrapPolicyElement.getFirstElement());
+ conversationToken.setBootstrapPolicy(policy);
+ }
+ }
+
+ return conversationToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SECURE_CONVERSATION_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java
new file mode 100644
index 0000000..6c352ec
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SecurityContextToken;
+
+public class SecurityContextTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ SecurityContextToken contextToken = new SecurityContextToken();
+
+ OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if (attribute == null) {
+ throw new IllegalArgumentException(
+ "SecurityContextToken doesn't contain any sp:IncludeToken attribute");
+ }
+
+ String inclusionValue = attribute.getAttributeValue().trim();
+
+ if (inclusionValue.endsWith(Constants.INCLUDE_NEVER)) {
+ contextToken.setInclusion(Constants.INCLUDE_NEVER);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ONCE)) {
+ contextToken.setInclusion(Constants.INCLUDE_ONCE);
+
+ } else if (inclusionValue
+ .endsWith(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)) {
+ contextToken.setInclusion(Constants.INCLUDE_ALWAYS_TO_RECIPIENT);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ALWAYS)) {
+ contextToken.setInclusion(Constants.INCLUDE_ALWAYS);
+ }
+
+ element = element.getFirstChildWithName(Constants.POLICY);
+
+ if (element != null) {
+
+ if (element.getFirstChildWithName(Constants.REQUIRE_DERIVED_KEYS) != null) {
+ contextToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ contextToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ contextToken.setSc10SecurityContextToken(true);
+ }
+ }
+
+ return contextToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SECURE_CONVERSATION_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
new file mode 100644
index 0000000..bcc0494
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class SignedElementsBuilder implements AssertionBuilder {
+
+ public static final QName ATTR_XPATH_VERSION = new QName(Constants.SP_NS, "XPathVersion");
+ public static final QName XPATH = new QName(Constants.SP_NS, "XPath");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(true);
+ OMAttribute attrXPathVersion = element.getAttribute(ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ signedEncryptedElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SIGNED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ QName name = element.getQName();
+ if (XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java
new file mode 100644
index 0000000..eb7fb76
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class SignedPartsBuilder implements AssertionBuilder {
+ public static final QName HEADER = new QName(Constants.SP_NS, "Header");
+ public static final QName NAME = new QName("Name");
+ public static final QName NAMESPACE = new QName("Namespace");
+ public static final QName BODY = new QName(Constants.SP_NS, "Body");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedParts);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SIGNED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ } else if (BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java
new file mode 100644
index 0000000..0e8cca5
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class SupportingTokensBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ QName name = element.getQName();
+ SupportingToken supportingToken = null;
+
+ if (Constants.SUPPORIING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_SUPPORTING);
+ } else if (Constants.SIGNED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_SIGNED);
+ } else if (Constants.ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_ENDORSING);
+ } else if (Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), supportingToken);
+ /*
+ * for the moment we will say there should be only one alternative
+ */
+ break;
+ }
+
+ return supportingToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { Constants.SUPPORIING_TOKENS,
+ Constants.SIGNED_SUPPORTING_TOKENS,
+ Constants.ENDORSING_SUPPORTING_TOKENS,
+ Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS};
+ }
+
+ private void processAlternative(List assertions, SupportingToken supportingToken) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName qname = primitive.getName();
+
+ if (Constants.ALGORITHM_SUITE.equals(qname)) {
+ supportingToken.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (Constants.SIGNED_PARTS.equals(qname)) {
+ supportingToken
+ .setSignedParts((SignedEncryptedParts) primitive);
+
+ } else if (Constants.SIGNED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setSignedElements((SignedEncryptedElements) primitive);
+
+ } else if (Constants.ENCRYPTED_PARTS.equals(qname)) {
+ supportingToken
+ .setEncryptedParts((SignedEncryptedParts) primitive);
+
+ } else if (Constants.ENCRYPTED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setEncryptedElements((SignedEncryptedElements) primitive);
+
+ } else if (primitive instanceof Token) {
+ supportingToken.addToken((Token) primitive);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..7ead454
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+
+public class SymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SymmetricBinding symmetricBinding = new SymmetricBinding();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternatives((List) iterator.next(), symmetricBinding);
+
+ /*
+ * since there should be only one alternative ..
+ */
+ break;
+ }
+ return symmetricBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SYMMETRIC_BINDING};
+ }
+
+ private void processAlternatives(List assertions, SymmetricBinding symmetricBinding) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.ALGORITHM_SUITE.equals(name)) {
+ symmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (Constants.LAYOUT.equals(name)) {
+ symmetricBinding.setLayout((Layout) assertion);
+
+ } else if (Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ symmetricBinding.setIncludeTimestamp(true);
+
+ } else if (Constants.PROTECTION_TOKEN.equals(name)) {
+ symmetricBinding.setProtectionToken((ProtectionToken) assertion);
+
+ } else if (Constants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
+ symmetricBinding.setProtectionOrder(Constants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (Constants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
+ symmetricBinding.setProtectionOrder(Constants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
+ symmetricBinding.setEntireHeadersAndBodySignatures(true);
+ } else if (Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ symmetricBinding.setSignatureProtection(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java
new file mode 100644
index 0000000..064e9ae
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportBinding transportBinding = new TransportBinding();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportBinding, factory);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return transportBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.TRANSPORT_BINDING};
+ }
+
+ private void processAlternative(List assertionList, TransportBinding parent, AssertionBuilderFactory factory) {
+
+ for (Iterator iterator = assertionList.iterator(); iterator.hasNext(); ) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName name = primitive.getName();
+
+ if (name.equals(Constants.ALGORITHM_SUITE)) {
+ parent.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (name.equals(Constants.TRANSPORT_TOKEN)) {
+ parent.setTransportToken(((TransportToken) primitive));
+
+ } else if (name.equals(Constants.INCLUDE_TIMESTAMP)) {
+ parent.setIncludeTimestamp(true);
+
+ } else if (name.equals(Constants.LAYOUT)) {
+ parent.setLayout((Layout) primitive);
+
+ } else if (name.equals(Constants.SIGNED_SUPPORTING_TOKENS)) {
+ parent.setSignedSupportingToken((SupportingToken) primitive);
+
+ } else if (name.equals(Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
+ parent.setSignedEndorsingSupportingTokens((SupportingToken) primitive);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java
new file mode 100644
index 0000000..905dbf9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.HttpsToken;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportTokenBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportToken transportToken = new TransportToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportToken);
+ break; // since there should be only one alternative
+ }
+
+ return transportToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.TRANSPORT_TOKEN};
+ }
+
+ private void processAlternative(List assertions, TransportToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ XmlPrimtiveAssertion primtive = (XmlPrimtiveAssertion) iterator.next();
+ QName qname = primtive.getName();
+
+ if (Constants.HTTPS_TOKEN.equals(qname)) {
+ HttpsToken httpsToken = new HttpsToken();
+ OMAttribute attr = primtive.getValue().getAttribute(Constants.REQUIRE_CLIENT_CERTIFICATE);
+ if(attr != null) {
+ httpsToken.setRequireClientCertificate("true".equals(attr.getAttributeValue()));
+ }
+ parent.setToken(httpsToken);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java
new file mode 100644
index 0000000..7a92b24
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Trust10;
+
+public class Trust10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ element = element.getFirstChildWithName(Constants.POLICY);
+
+ if (element == null) {
+ throw new IllegalArgumentException(
+ "Trust10 assertion doesn't contain any Policy");
+ }
+
+ Trust10 trust10 = new Trust10();
+
+ if (element
+ .getFirstChildWithName(Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
+ trust10.setMustSupportClientChallenge(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
+ trust10.setMustSupportServerChallenge(true);
+ }
+
+ if (element.getFirstChildWithName(Constants.REQUIRE_CLIENT_ENTROPY) != null) {
+ trust10.setRequireClientEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(Constants.REQUIRE_SERVER_ENTROPY) != null) {
+ trust10.setRequireServerEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
+ trust10.setMustSupportIssuedTokens(true);
+ }
+
+ return trust10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.TRUST_10};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java
new file mode 100644
index 0000000..a708466
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.UsernameToken;
+
+public class UsernameTokenBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ UsernameToken usernameToken = new UsernameToken();
+
+ OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
+ String inclusionValue = attribute.getAttributeValue();
+
+ if (inclusionValue.endsWith(Constants.INCLUDE_NEVER)) {
+ usernameToken.setInclusion(Constants.INCLUDE_NEVER);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ONCE)) {
+ usernameToken.setInclusion(Constants.INCLUDE_ONCE);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)) {
+ usernameToken.setInclusion(Constants.INCLUDE_ALWAYS_TO_RECIPIENT);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ALWAYS)) {
+ usernameToken.setInclusion(Constants.INCLUDE_ALWAYS);
+ }
+
+
+ OMElement policyElement = element.getFirstElement();
+
+ if (policyElement != null && !policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLICY)) {
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), usernameToken);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+
+ return usernameToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.USERNAME_TOKEN};
+ }
+
+ private void processAlternative(List assertions, UsernameToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (Constants.WSS_USERNAME_TOKEN10.equals(qname)) {
+ parent.setUseUTProfile10(true);
+
+ } else if (Constants.WSS_USERNAME_TOKEN11.equals(qname)) {
+ parent.setUseUTProfile11(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java
new file mode 100644
index 0000000..dcbcbd0
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Wss10;
+
+public class WSS10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ Wss10 wss10 = new Wss10();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss10);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.WSS10};
+ }
+
+ private void processAlternative(List assertions, Wss10 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext(); ) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java
new file mode 100644
index 0000000..f787171
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Wss11;
+
+public class WSS11Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ Wss11 wss11 = new Wss11();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss11);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss11;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.WSS11};
+ }
+
+ private void processAlternative(List assertions, Wss11 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_THUMBPRINT.equals(name)) {
+ parent.setMustSupportRefThumbprint(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY.equals(name)) {
+ parent.setMustSupportRefEncryptedKey(true);
+
+ } else if (Constants.REQUIRE_SIGNATURE_CONFIRMATION.equals(name)) {
+ parent.setRequireSignatureConfirmation(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
new file mode 100644
index 0000000..96e35df
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.X509Token;
+
+public class X509TokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ X509Token x509Token = new X509Token();
+
+ OMElement policyElement = element.getFirstElement();
+
+ //Process token inclusion
+ OMAttribute includeAttr = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ x509Token.setInclusion(includeAttr.getAttributeValue());
+ }
+
+ if (policyElement != null) {
+
+ if (policyElement.getFirstChildWithName(Constants.REQUIRE_DERIVED_KEYS) != null) {
+ x509Token.setDerivedKeys(true);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), x509Token);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+ return x509Token;
+ }
+
+ private void processAlternative(List assertions, X509Token parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+ parent.setRequireKeyIdentifierReference(true);
+
+ } else if (Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(name)) {
+ parent.setRequireIssuerSerialReference(true);
+
+ } else if (Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(name)) {
+ parent.setRequireEmbeddedTokenReference(true);
+
+ } else if (Constants.REQUIRE_THUMBPRINT_REFERENCE.equals(name)) {
+ parent.setRequireThumbprintReference(true);
+
+ } else if (Constants.WSS_X509_V1_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V1_TOKEN10);
+
+ } else if (Constants.WSS_X509_V1_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V1_TOKEN11);
+
+ } else if (Constants.WSS_X509_V3_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V3_TOKEN10);
+
+ } else if (Constants.WSS_X509_V3_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V3_TOKEN11);
+
+ } else if (Constants.WSS_X509_PKCS7_TOKEN_10.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKCS7_TOKEN10);
+
+ } else if (Constants.WSS_X509_PKCS7_TOKEN_11.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKCS7_TOKEN11);
+
+ } else if (Constants.WSS_X509_PKI_PATH_V1_TOKEN_10.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKI_PATH_V1_TOKEN10);
+
+ } else if (Constants.WSS_X509_PKI_PATH_V1_TOKEN_11.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKI_PATH_V1_TOKEN11);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.X509_TOKEN};
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
new file mode 100644
index 0000000..7f088d6
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.neethi.Assertion;
+
+public abstract class AbstractConfigurableSecurityAssertion extends AbstractSecurityAssertion {
+
+ protected ArrayList configurations = null;
+
+ public void addConfiguration(Assertion assertion) {
+ if (configurations == null) {
+ configurations = new ArrayList();
+ }
+ configurations.add(assertion);
+ }
+
+ public List getConfigurations() {
+ return configurations;
+ }
+
+ public Assertion getDefaultAssertion() {
+ if (configurations != null) {
+ return (Assertion) configurations.get(0);
+ }
+ return null;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
new file mode 100644
index 0000000..0f2d125
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+public abstract class AbstractSecurityAssertion implements Assertion {
+
+ private boolean isOptional;
+
+ private boolean normalized = false;
+
+ public boolean isOptional() {
+ return isOptional;
+ }
+
+ public void setOptional(boolean isOptional) {
+ this.isOptional = isOptional;
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setNormalized(boolean normalized) {
+ this.normalized = normalized;
+ }
+
+ public boolean isNormalized() {
+ return true;
+ }
+
+ public PolicyComponent normalize() {
+
+ /*
+ * TODO: Handling the isOptional:TRUE case
+ */
+ return this;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
new file mode 100644
index 0000000..318be2e
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
@@ -0,0 +1,452 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+
+public class AlgorithmSuite extends AbstractConfigurableSecurityAssertion {
+
+ private String algoSuiteString;
+
+ private String symmetricSignature = Constants.HMAC_SHA1;
+
+ private String asymmetricSignature = Constants.RSA_SHA1;
+
+ private String computedKey = Constants.P_SHA1;
+
+ private int maximumSymmetricKeyLength = 256;
+
+ private int minimumAsymmetricKeyLength = 1024;
+
+ private int maximumAsymmetricKeyLength = 4096;
+
+ private String digest;
+
+ private String encryption;
+
+ private String symmetricKeyWrap;
+
+ private String asymmetricKeyWrap;
+
+ private String encryptionKeyDerivation;
+
+ private String signatureKeyDerivation;
+
+ private int minimumSymmetricKeyLength;
+
+ private String c14n = Constants.EX_C14N;
+
+ private String soapNormalization;
+
+ private String strTransform;
+
+ private String xPath;
+
+ /**
+ * Set the algorithm suite
+ *
+ * @param algoSuite
+ * @throws WSSPolicyException
+ * @see Constants#ALGO_SUITE_BASIC128
+ * @see Constants#ALGO_SUITE_BASIC128_RSA15
+ * @see Constants#ALGO_SUITE_BASIC128_SHA256
+ * @see Constants#ALGO_SUITE_BASIC128_SHA256_RSA15
+ * @see Constants#ALGO_SUITE_BASIC192
+ * @see Constants#ALGO_SUITE_BASIC192_RSA15
+ * @see Constants#ALGO_SUITE_BASIC192_SHA256
+ * @see Constants#ALGO_SUITE_BASIC192_SHA256_RSA15
+ * @see Constants#ALGO_SUITE_BASIC256
+ * @see Constants#ALGO_SUITE_BASIC256_RSA15
+ * @see Constants#ALGO_SUITE_BASIC256_SHA256
+ * @see Constants#ALGO_SUITE_BASIC256_SHA256_RSA15
+ * @see Constants#ALGO_SUITE_TRIPLE_DES
+ * @see Constants#ALGO_SUITE_TRIPLE_DES_RSA15
+ * @see Constants#ALGO_SUITE_TRIPLE_DES_SHA256
+ * @see Constants#ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
+ */
+ public void setAlgorithmSuite(String algoSuite) {
+ setAlgoSuiteString(algoSuite);
+ this.algoSuiteString = algoSuite;
+
+ // TODO: Optimize this :-)
+ if (Constants.ALGO_SUITE_BASIC256.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC256_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC256_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
+ .equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else {
+ // throw new WSSPolicyException("Invalid algorithm suite : " +
+ // algoSuite);
+ }
+ }
+
+ /**
+ * @return Returns the asymmetricKeyWrap.
+ */
+ public String getAsymmetricKeyWrap() {
+ return asymmetricKeyWrap;
+ }
+
+ /**
+ * @return Returns the asymmetricSignature.
+ */
+ public String getAsymmetricSignature() {
+ return asymmetricSignature;
+ }
+
+ /**
+ * @return Returns the computedKey.
+ */
+ public String getComputedKey() {
+ return computedKey;
+ }
+
+ /**
+ * @return Returns the digest.
+ */
+ public String getDigest() {
+ return digest;
+ }
+
+ /**
+ * @return Returns the encryption.
+ */
+ public String getEncryption() {
+ return encryption;
+ }
+
+ /**
+ * @return Returns the encryptionKeyDerivation.
+ */
+ public String getEncryptionKeyDerivation() {
+ return encryptionKeyDerivation;
+ }
+
+ /**
+ * @return Returns the maximumAsymmetricKeyLength.
+ */
+ public int getMaximumAsymmetricKeyLength() {
+ return maximumAsymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the maximumSymmetricKeyLength.
+ */
+ public int getMaximumSymmetricKeyLength() {
+ return maximumSymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the minimumAsymmetricKeyLength.
+ */
+ public int getMinimumAsymmetricKeyLength() {
+ return minimumAsymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the minimumSymmetricKeyLength.
+ */
+ public int getMinimumSymmetricKeyLength() {
+ return minimumSymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the signatureKeyDerivation.
+ */
+ public String getSignatureKeyDerivation() {
+ return signatureKeyDerivation;
+ }
+
+ /**
+ * @return Returns the symmetricKeyWrap.
+ */
+ public String getSymmetricKeyWrap() {
+ return symmetricKeyWrap;
+ }
+
+ /**
+ * @return Returns the symmetricSignature.
+ */
+ public String getSymmetricSignature() {
+ return symmetricSignature;
+ }
+
+ /**
+ * @return Returns the c14n.
+ */
+ public String getInclusiveC14n() {
+ return c14n;
+ }
+
+ /**
+ * @param c14n
+ * The c14n to set.
+ */
+ public void setC14n(String c14n) {
+ this.c14n = c14n;
+ }
+
+ /**
+ * @return Returns the soapNormalization.
+ */
+ public String getSoapNormalization() {
+ return soapNormalization;
+ }
+
+ /**
+ * @param soapNormalization
+ * The soapNormalization to set.
+ */
+ public void setSoapNormalization(String soapNormalization) {
+ this.soapNormalization = soapNormalization;
+ }
+
+ /**
+ * @return Returns the strTransform.
+ */
+ public String getStrTransform() {
+ return strTransform;
+ }
+
+ /**
+ * @param strTransform
+ * The strTransform to set.
+ */
+ public void setStrTransform(String strTransform) {
+ this.strTransform = strTransform;
+ }
+
+ /**
+ * @return Returns the xPath.
+ */
+ public String getXPath() {
+ return xPath;
+ }
+
+ /**
+ * @param path
+ * The xPath to set.
+ */
+ public void setXPath(String path) {
+ xPath = path;
+ }
+
+ private void setAlgoSuiteString(String algoSuiteString) {
+ this.algoSuiteString = algoSuiteString;
+ }
+
+ private String getAlgoSuiteString() {
+ return algoSuiteString;
+ }
+
+ public QName getName() {
+ return Constants.ALGORITHM_SUITE;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException(
+ "AlgorithmSuite.normalize() is not supported");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = Constants.ALGORITHM_SUITE.getLocalPart();
+ String namespaceURI = Constants.ALGORITHM_SUITE.getNamespaceURI();
+
+ String prefix = writer.getPrefix(Constants.ALGORITHM_SUITE
+ .getNamespaceURI());
+
+ if (prefix == null) {
+ prefix = Constants.ALGORITHM_SUITE.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ writer.writeStartElement(prefix, localName, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY
+ .getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ //
+ writer.writeStartElement(prefix, getAlgoSuiteString(), namespaceURI);
+ writer.writeEndElement();
+
+ if (Constants.C14N.equals(getInclusiveC14n())) {
+ writer.writeStartElement(prefix, Constants.INCLUSIVE_C14N, prefix);
+ writer.writeEndElement();
+ }
+
+ if (Constants.SNT.equals(getSoapNormalization())) {
+ writer.writeStartElement(prefix, Constants.SOAP_NORMALIZATION_10,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.STRT10.equals(getStrTransform())) {
+ writer.writeStartElement(prefix, Constants.STR_TRANSFORM_10,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.XPATH.equals(getXPath())) {
+ writer.writeStartElement(prefix, Constants.XPATH10, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.XPATH20.equals(getXPath())) {
+ writer.writeStartElement(prefix, Constants.XPATH_FILTER20,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:AlgorithmSuite>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
new file mode 100644
index 0000000..d0c8c6c
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public interface AlgorithmWrapper {
+
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite);
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
new file mode 100644
index 0000000..1a085ff
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
+
+ private InitiatorToken initiatorToken;
+
+ private RecipientToken recipientToken;
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public InitiatorToken getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken
+ * The initiatorToken to set.
+ */
+ public void setInitiatorToken(InitiatorToken initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public RecipientToken getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken
+ * The recipientToken to set.
+ */
+ public void setRecipientToken(RecipientToken recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public QName getName() {
+ return Constants.ASYMMETRIC_BINDING;
+ }
+
+ public PolicyComponent normalize() {
+
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configs = algorithmSuite.getConfigurations();
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ policy.addPolicyComponent(exactlyOne);
+
+ All wrapper;
+ AsymmetricBinding asymmetricBinding;
+
+ for (Iterator iterator = configs.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ asymmetricBinding = new AsymmetricBinding();
+
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
+ .next());
+ asymmetricBinding
+ .setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
+ asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
+ asymmetricBinding.setInitiatorToken(getInitiatorToken());
+ asymmetricBinding.setLayout(getLayout());
+ asymmetricBinding.setProtectionOrder(getProtectionOrder());
+ asymmetricBinding.setRecipientToken(getRecipientToken());
+ asymmetricBinding.setSignatureProtection(isSignatureProtection());
+ asymmetricBinding
+ .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ asymmetricBinding.setTokenProtection(isTokenProtection());
+
+ asymmetricBinding.setNormalized(true);
+ wrapper.addPolicyComponent(wrapper);
+ }
+
+ return policy;
+
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.ASYMMETRIC_BINDING.getLocalPart();
+ String namespaceURI = Constants.ASYMMETRIC_BINDING.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.ASYMMETRIC_BINDING.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:AsymmetricBinding>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(),
+ Constants.POLICY.getNamespaceURI());
+
+ if (initiatorToken == null) {
+ throw new RuntimeException("InitiatorToken is not set");
+ }
+
+ // <sp:InitiatorToken>
+ initiatorToken.serialize(writer);
+ // </sp:InitiatorToken>
+
+ if (recipientToken == null) {
+ throw new RuntimeException("RecipientToken is not set");
+ }
+
+ // <sp:RecipientToken>
+ recipientToken.serialize(writer);
+ // </sp:RecipientToken>
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ if (algorithmSuite == null) {
+ throw new RuntimeException("AlgorithmSuite is not set");
+ }
+
+ // <sp:AlgorithmSuite>
+ algorithmSuite.serialize(writer);
+ // </sp:AlgorithmSuite>
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout>
+ layout.serialize(writer);
+ // </sp:Layout>
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp>
+ writer.writeStartElement(Constants.INCLUDE_TIMESTAMP.getPrefix(),
+ Constants.INCLUDE_TIMESTAMP.getLocalPart(),
+ Constants.INCLUDE_TIMESTAMP.getNamespaceURI());
+ writer.writeEndElement();
+ // </sp:IncludeTimestamp>
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
+ // <sp:EncryptBeforeSign />
+ writer.writeStartElement(prefix, Constants.ENCRYPT_BEFORE_SIGNING,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isSignatureProtection()) {
+ // <sp:EncryptSignature />
+ // FIXME move the String constants to a QName
+ writer.writeStartElement(prefix, Constants.ENCRYPT_SIGNATURE
+ .getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isTokenProtection()) {
+ // <sp:ProtectTokens />
+ writer.writeStartElement(prefix, Constants.PROTECT_TOKENS
+ .getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isEntireHeadersAndBodySignatures()) {
+ // <sp:OnlySignEntireHeaderAndBody />
+ writer.writeStartElement(prefix,
+ Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:AsymmetircBinding>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
new file mode 100644
index 0000000..a7a2eb0
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public abstract class Binding extends AbstractSecurityAssertion implements AlgorithmWrapper {
+
+ private AlgorithmSuite algorithmSuite;
+ private boolean includeTimestamp;
+ private Layout layout = new Layout();
+ private SupportingToken signedSupportingToken;
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public Layout getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout The layout to set.
+ */
+ public void setLayout(Layout layout) {
+ this.layout = layout;
+ }
+
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ public SupportingToken getSignedSupportingToken() {
+ return signedSupportingToken;
+ }
+
+ public void setSignedSupportingToken(SupportingToken signedSupportingToken) {
+ this.signedSupportingToken = signedSupportingToken;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
new file mode 100644
index 0000000..7af329d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+
+public class EncryptionToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token encryptionToken;
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setEncryptionToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.ENCRYPTION_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.ENCRYPTION_TOKEN.getLocalPart();
+ String namespaceURI = Constants.ENCRYPTION_TOKEN.getNamespaceURI();
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.ENCRYPTION_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:EncryptionToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String wspNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, Constants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (encryptionToken == null) {
+ throw new RuntimeException("EncryptionToken is not set");
+ }
+
+ encryptionToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:EncryptionToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
new file mode 100644
index 0000000..8e95a29
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public class Header {
+
+ private String name;
+ private String namespace;
+
+ /**
+ * @return Returns the name.
+ */
+ public String getName() {
+ return name;
+ }
+ /**
+ * @param name The name to set.
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+ /**
+ * @return Returns the namespace.
+ */
+ public String getNamespace() {
+ return namespace;
+ }
+ /**
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ this.namespace = namespace;
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
new file mode 100644
index 0000000..af1f4a3
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class HttpsToken extends Token {
+
+ private boolean requireClientCertificate = false;
+
+ public boolean isRequireClientCertificate() {
+ return requireClientCertificate;
+ }
+
+ public void setRequireClientCertificate(boolean requireClientCertificate) {
+ this.requireClientCertificate = requireClientCertificate;
+ }
+
+ public QName getName() {
+ return Constants.HTTPS_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.HTTPS_TOKEN.getLocalPart();
+ String namespaceURI = Constants.HTTPS_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.HTTPS_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:HttpsToken
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // RequireClientCertificate=".."
+ writer
+ .writeAttribute(Constants.REQUIRE_CLIENT_CERTIFICATE
+ .getLocalPart(), Boolean
+ .toString(isRequireClientCertificate()));
+
+ writer.writeEndElement();
+ // </sp:HttpsToken>
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
new file mode 100644
index 0000000..6f7570f
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class InitiatorToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token initiatorToken;
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setInitiatorToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.INITIATOR_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.INITIATOR_TOKEN.getLocalPart();
+ String namespaceURI = Constants.INITIATOR_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.INITIATOR_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:InitiatorToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ Token token = getInitiatorToken();
+ if (token == null) {
+ throw new RuntimeException("InitiatorToken doesn't contain any token assertions");
+ }
+ token.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:InitiatorToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
new file mode 100644
index 0000000..dd98c25
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model bean for the IssuedToken assertion.
+ */
+public class IssuedToken extends Token {
+
+ private OMElement issuerEpr;
+
+ private OMElement rstTemplate;
+
+ boolean requireExternalReference;
+
+ boolean requireInternalReference;
+
+ /**
+ * @return Returns the issuerEpr.
+ */
+ public OMElement getIssuerEpr() {
+ return issuerEpr;
+ }
+
+ /**
+ * @param issuerEpr
+ * The issuerEpr to set.
+ */
+ public void setIssuerEpr(OMElement issuerEpr) {
+ this.issuerEpr = issuerEpr;
+ }
+
+ /**
+ * @return Returns the requireExternalReference.
+ */
+ public boolean isRequireExternalReference() {
+ return requireExternalReference;
+ }
+
+ /**
+ * @param requireExternalReference
+ * The requireExternalReference to set.
+ */
+ public void setRequireExternalReference(boolean requireExternalReference) {
+ this.requireExternalReference = requireExternalReference;
+ }
+
+ /**
+ * @return Returns the requireInternalReference.
+ */
+ public boolean isRequireInternalReference() {
+ return requireInternalReference;
+ }
+
+ /**
+ * @param requireInternalReference
+ * The requireInternalReference to set.
+ */
+ public void setRequireInternalReference(boolean requireInternalReference) {
+ this.requireInternalReference = requireInternalReference;
+ }
+
+ /**
+ * @return Returns the rstTemplate.
+ */
+ public OMElement getRstTemplate() {
+ return rstTemplate;
+ }
+
+ /**
+ * @param rstTemplate
+ * The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
+
+ public QName getName() {
+ return Constants.ISSUED_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.ISSUED_TOKEN.getLocalPart();
+ String namespaceURI = Constants.ISSUED_TOKEN.getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.ISSUED_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:IssuedToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String inclusion = getInclusion();
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI,
+ Constants.ATTR_INCLUDE_TOKEN, inclusion);
+ }
+
+ if (issuerEpr != null) {
+ writer.writeStartElement(prefix, Constants.ISSUER.getLocalPart(),
+ namespaceURI);
+ issuerEpr.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (rstTemplate != null) {
+ // <sp:RequestSecurityTokenTemplate>
+ writer.writeStartElement(prefix,
+ Constants.REQUEST_SECURITY_TOKEN_TEMPLATE.getLocalPart(),
+ namespaceURI);
+
+ rstTemplate.serialize(writer);
+
+ // </sp:RequestSecurityTokenTemplate>
+ writer.writeEndElement();
+ }
+
+ String policyLocalName = Constants.PROTECTION_TOKEN.getLocalPart();
+ String policyNamespaceURI = Constants.PROTECTION_TOKEN
+ .getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.PROTECTION_TOKEN.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ if (isRequireExternalReference() || isRequireInternalReference()) {
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName,
+ policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, policyNamespaceURI);
+ }
+
+ if (isRequireExternalReference()) {
+ // <sp:RequireExternalReference />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_EXTERNAL_REFERNCE.getLocalPart(), namespaceURI);
+ }
+
+ if (isRequireInternalReference()) {
+ // <sp:RequireInternalReference />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_INTERNAL_REFERNCE.getLocalPart(), namespaceURI);
+ }
+
+ // <wsp:Policy>
+ writer.writeEndElement();
+ }
+
+ // </sp:IssuedToken>
+ writer.writeEndElement();
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
new file mode 100644
index 0000000..59b2499
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class Layout extends AbstractSecurityAssertion {
+
+ private String value = Constants.LAYOUT_LAX;
+
+ /**
+ * @return Returns the value.
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * @param value
+ * The value to set.
+ */
+ public void setValue(String value) {
+ if (Constants.LAYOUT_LAX.equals(value)
+ || Constants.LAYOUT_STRICT.equals(value)
+ || Constants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)
+ || Constants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
+ this.value = value;
+ } else {
+ // throw new WSSPolicyException("Incorrect layout value : " +
+ // value);
+ }
+ }
+
+ public QName getName() {
+ return Constants.LAYOUT;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = Constants.LAYOUT.getLocalPart();
+ String namespaceURI = Constants.LAYOUT.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.LAYOUT.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Layout>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY
+ .getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ // .. <sp:Strict /> | <sp:Lax /> | <sp:LaxTsFirst /> | <sp:LaxTsLast /> ..
+ if (Constants.LAYOUT_STRICT.equals(value)) {
+ writer.writeStartElement(prefix, Constants.STRICT.getLocalPart(), namespaceURI);
+
+ } else if (Constants.LAYOUT_LAX.equals(value)) {
+ writer.writeStartElement(prefix, Constants.LAX.getLocalPart(), namespaceURI);
+
+ } else if (Constants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)) {
+ writer.writeStartElement(prefix, Constants.LAXTSFIRST.getLocalPart(), namespaceURI);
+
+ } else if (Constants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
+ writer.writeStartElement(prefix, Constants.LAXTSLAST.getLocalPart(), namespaceURI);
+ }
+
+ writer.writeEndElement();
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Layout>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
new file mode 100644
index 0000000..2867953
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class ProtectionToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token protectionToken;
+
+ /**
+ * @return Returns the protectionToken.
+ */
+ public Token getProtectionToken() {
+ return protectionToken;
+ }
+
+ /**
+ * @param protectionToken The protectionToken to set.
+ */
+ public void setProtectionToken(Token protectionToken) {
+ this.protectionToken = protectionToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setProtectionToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.PROTECTION_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ /*
+ * ProtectionToken can not contain multiple values. Hence we consider it
+ * to always be in the normalized format.
+ */
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.PROTECTION_TOKEN.getLocalPart();
+ String namespaceURI = Constants.PROTECTION_TOKEN.getNamespaceURI();
+
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+ if (writerPrefix == null) {
+ prefix = Constants.PROTECTION_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:ProtectionToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String policyLocalName = Constants.PROTECTION_TOKEN.getLocalPart();
+ String policyNamespaceURI = Constants.PROTECTION_TOKEN.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.PROTECTION_TOKEN.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, policyNamespaceURI);
+ }
+
+ if (protectionToken == null) {
+ throw new RuntimeException("ProtectionToken is not set");
+ }
+
+ protectionToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:ProtectionToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
new file mode 100644
index 0000000..b4ce19d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class RecipientToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token receipientToken;
+
+ /**
+ * @return Returns the receipientToken.
+ */
+ public Token getReceipientToken() {
+ return receipientToken;
+ }
+
+ /**
+ * @param receipientToken The receipientToken to set.
+ */
+ public void setReceipientToken(Token receipientToken) {
+ this.receipientToken = receipientToken;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
+ */
+ public void setToken(Token tok) {
+ this.setReceipientToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.RECIPIENT_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.RECIPIENT_TOKEN.getLocalPart();
+ String namespaceURI = Constants.RECIPIENT_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.RECIPIENT_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:RecipientToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ Token token = getReceipientToken();
+ if (token == null) {
+ throw new RuntimeException("RecipientToken doesn't contain any token assertions");
+ }
+ token.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:RecipientToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
new file mode 100644
index 0000000..f0981ab
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model class of SecureConversationToken asertion
+ */
+public class SecureConversationToken extends SecurityContextToken {
+
+ private Policy bootstrapPolicy;
+
+ private OMElement issuerEpr;
+
+ /**
+ * @return Returns the bootstrapPolicy.
+ */
+ public Policy getBootstrapPolicy() {
+ return bootstrapPolicy;
+ }
+
+ /**
+ * @param bootstrapPolicy
+ * The bootstrapPolicy to set.
+ */
+ public void setBootstrapPolicy(Policy bootstrapPolicy) {
+ this.bootstrapPolicy = bootstrapPolicy;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return Constants.SECURE_CONVERSATION_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.SECURE_CONVERSATION_TOKEN.getLocalPart();
+ String namespaceURI = Constants.SECURE_CONVERSATION_TOKEN
+ .getNamespaceURI();
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.SECURE_CONVERSATION_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SecureConversationToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String inclusion = getInclusion();
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, Constants.INCLUDE_TOKEN
+ .getLocalPart(), inclusion);
+ }
+
+ if (issuerEpr != null) {
+ // <sp:Issuer>
+ writer.writeStartElement(prefix, Constants.ISSUER.getLocalPart(),
+ namespaceURI);
+
+ issuerEpr.serialize(writer);
+
+ writer.writeEndElement();
+ }
+
+ if (isDerivedKeys() || isRequireExternalUriRef()
+ || isSc10SecurityContextToken() || (bootstrapPolicy != null)) {
+
+ String wspNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix,
+ Constants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (isDerivedKeys()) {
+ // <sp:RequireDerivedKeys />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_DERIVED_KEYS.getLocalPart(), wspWriterPrefix);
+ }
+
+ if (isRequireExternalUriRef()) {
+ // <sp:RequireExternalUriReference />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_EXTERNAL_URI_REFERNCE.getLocalPart(), namespaceURI);
+ }
+
+ if (isSc10SecurityContextToken()) {
+ // <sp:SC10SecurityContextToken />
+ writer.writeEmptyElement(prefix, Constants.SC10_SECURITY_CONTEXT_TOKEN.getLocalPart(), namespaceURI);
+ }
+
+ if (bootstrapPolicy != null) {
+ // <sp:BootstrapPolicy ..>
+ writer.writeStartElement(prefix, Constants.BOOTSTRAP_POLICY.getLocalPart(), namespaceURI);
+ bootstrapPolicy.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+ }
+
+ // </sp:SecureConversationToken>
+ writer.writeEndElement();
+ }
+
+ /**
+ * @return Returns the issuerEpr.
+ */
+ public OMElement getIssuerEpr() {
+ return issuerEpr;
+ }
+
+ /**
+ * @param issuerEpr
+ * The issuerEpr to set.
+ */
+ public void setIssuerEpr(OMElement issuerEpr) {
+ this.issuerEpr = issuerEpr;
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
new file mode 100644
index 0000000..978d525
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model class of SecurityContextToken assertion
+ */
+public class SecurityContextToken extends Token {
+
+ boolean requireExternalUriRef;
+
+ boolean sc10SecurityContextToken;
+
+ /**
+ * @return Returns the requireExternalUriRef.
+ */
+ public boolean isRequireExternalUriRef() {
+ return requireExternalUriRef;
+ }
+
+ /**
+ * @param requireExternalUriRef The requireExternalUriRef to set.
+ */
+ public void setRequireExternalUriRef(boolean requireExternalUriRef) {
+ this.requireExternalUriRef = requireExternalUriRef;
+ }
+
+ /**
+ * @return Returns the sc10SecurityContextToken.
+ */
+ public boolean isSc10SecurityContextToken() {
+ return sc10SecurityContextToken;
+ }
+
+ /**
+ * @param sc10SecurityContextToken The sc10SecurityContextToken to set.
+ */
+ public void setSc10SecurityContextToken(boolean sc10SecurityContextToken) {
+ this.sc10SecurityContextToken = sc10SecurityContextToken;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return Constants.SECURITY_CONTEXT_TOKEN;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#normalize()
+ */
+ public PolicyComponent normalize() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.PolicyComponent#serialize(javax.xml.stream.XMLStreamWriter)
+ */
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
new file mode 100644
index 0000000..257d9b1
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+
+public class SignatureToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token signatureToken;
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setSignatureToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.SIGNATURE_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.SIGNATURE_TOKEN.getLocalPart();
+ String namespaceURI = Constants.SIGNATURE_TOKEN.getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.SIGNATURE_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SignatureToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String wspNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, Constants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (signatureToken == null) {
+ throw new RuntimeException("EncryptionToken is not set");
+ }
+
+ signatureToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:SignatureToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
new file mode 100644
index 0000000..191d655
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SignedEncryptedElements extends AbstractSecurityAssertion {
+
+ private ArrayList xPathExpressions = new ArrayList();
+
+ private String xPathVersion;
+
+ /**
+ * Just a flag to identify whether this holds sign element info or encr
+ * elements info
+ */
+ private boolean signedElemets;
+
+ public SignedEncryptedElements(boolean signedElements) {
+ this.signedElemets = signedElements;
+ }
+
+ /**
+ * @return Returns the xPathExpressions.
+ */
+ public ArrayList getXPathExpressions() {
+ return xPathExpressions;
+ }
+
+ public void addXPathExpression(String expr) {
+ this.xPathExpressions.add(expr);
+ }
+
+ /**
+ * @return Returns the xPathVersion.
+ */
+ public String getXPathVersion() {
+ return xPathVersion;
+ }
+
+ /**
+ * @param pathVersion
+ * The xPathVersion to set.
+ */
+ public void setXPathVersion(String pathVersion) {
+ xPathVersion = pathVersion;
+ }
+
+ /**
+ * @return Returns the signedElemets.
+ */
+ public boolean isSignedElemets() {
+ return signedElemets;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SignedElements> | <sp:EncryptedElements>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ if (xPathVersion != null) {
+ writer.writeAttribute(prefix, namespaceURI,
+ Constants.ATTR_XPATH_VERSION.getLocalPart(), xPathVersion);
+ }
+
+ String xpathExpression;
+
+ for (Iterator iterator = xPathExpressions.iterator(); iterator
+ .hasNext();) {
+ xpathExpression = (String) iterator.next();
+ // <sp:XPath ..>
+ writer.writeStartElement(prefix, Constants.XPATH_.getLocalPart(),
+ namespaceURI);
+ writer.writeCharacters(xpathExpression);
+ writer.writeEndElement();
+ }
+
+ // </sp:SignedElements> | </sp:EncryptedElements>
+ writer.writeEndElement();
+ }
+
+ public QName getName() {
+ if (signedElemets) {
+ return Constants.SIGNED_ELEMENTS;
+ }
+
+ return Constants.ENCRYPTED_ELEMENTS;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
new file mode 100644
index 0000000..65f7501
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SignedEncryptedParts extends AbstractSecurityAssertion {
+
+ private boolean body;
+
+ private ArrayList headers = new ArrayList();
+
+ private boolean signedParts;
+
+ public SignedEncryptedParts(boolean signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ /**
+ * @return Returns the body.
+ */
+ public boolean isBody() {
+ return body;
+ }
+
+ /**
+ * @param body The body to set.
+ */
+ public void setBody(boolean body) {
+ this.body = body;
+ }
+
+ /**
+ * @return Returns the headers.
+ */
+ public ArrayList getHeaders() {
+ return this.headers;
+ }
+
+ /**
+ * @param headers The headers to set.
+ */
+ public void addHeader(Header header) {
+ this.headers.add(header);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public boolean isSignedParts() {
+ return signedParts;
+ }
+
+ public QName getName() {
+ if (signedParts) {
+ return Constants.SIGNED_PARTS;
+ }
+ return Constants.ENCRYPTED_PARTS;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:SignedParts> | <sp:EncryptedParts>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ if (isBody()) {
+ // <sp:Body />
+ // FIXME : move 'Body' to Constants
+ writer.writeStartElement(prefix, "Body", namespaceURI);
+ writer.writeEndElement();
+ }
+
+ Header header;
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ header = (Header) iterator.next();
+ // <sp:Header Name=".." Namespace=".." />
+ // FIXME move 'Header' to Constants
+ writer.writeStartElement(prefix, "Header", namespaceURI);
+
+ writer.writeAttribute("Name", header.getName());
+ writer.writeAttribute("Namespace", header.getNamespace());
+
+ writer.writeEndElement();
+ }
+
+ // </sp:SignedParts> | </sp:EncryptedParts>
+ writer.writeEndElement();
+ }
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
new file mode 100644
index 0000000..301c6d3
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SupportingToken extends AbstractSecurityAssertion implements
+ AlgorithmWrapper, TokenWrapper {
+
+ /**
+ * Type of SupportingToken
+ *
+ * @see SupportingToken#SUPPORTING
+ * @see SupportingToken#ENDORSING
+ * @see SupportingToken#SIGNED
+ * @see SupportingToken#SIGNED_ENDORSING
+ */
+ private int type;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private ArrayList tokens = new ArrayList();
+
+ private SignedEncryptedElements signedElements;
+
+ private SignedEncryptedElements encryptedElements;
+
+ private SignedEncryptedParts signedParts;
+
+ private SignedEncryptedParts encryptedParts;
+
+ public SupportingToken(int type) {
+ this.type = type;
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite
+ * The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the token.
+ */
+ public ArrayList getTokens() {
+ return tokens;
+ }
+
+ /**
+ * @param token
+ * The token to set.
+ */
+ public void addToken(Token token) {
+ this.tokens.add(token);
+ }
+
+ /**
+ * @return Returns the type.
+ */
+ public int getTokenType() {
+ return type;
+ }
+
+ /**
+ * @param type
+ * The type to set.
+ */
+ public void setTokenType(int type) {
+ this.type = type;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public SignedEncryptedElements getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encryptedElements
+ * The encryptedElements to set.
+ */
+ public void setEncryptedElements(SignedEncryptedElements encryptedElements) {
+ this.encryptedElements = encryptedElements;
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public SignedEncryptedParts getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param encryptedParts
+ * The encryptedParts to set.
+ */
+ public void setEncryptedParts(SignedEncryptedParts encryptedParts) {
+ this.encryptedParts = encryptedParts;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public SignedEncryptedElements getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param signedElements
+ * The signedElements to set.
+ */
+ public void setSignedElements(SignedEncryptedElements signedElements) {
+ this.signedElements = signedElements;
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public SignedEncryptedParts getSignedParts() {
+ return signedParts;
+ }
+
+ /**
+ * @param signedParts
+ * The signedParts to set.
+ */
+ public void setSignedParts(SignedEncryptedParts signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
+ */
+ public void setToken(Token tok) {
+ this.addToken(tok);
+ }
+
+ public QName getName() {
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ return Constants.SUPPORIING_TOKENS;
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ return Constants.SIGNED_SUPPORTING_TOKENS;
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ return Constants.ENDORSING_SUPPORTING_TOKENS;
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ return Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS;
+ default:
+ return null;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String namespaceURI = Constants.SUPPORIING_TOKENS.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.SUPPORIING_TOKENS.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ String localname = null;
+
+ switch (getTokenType()) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ localname = Constants.SUPPORIING_TOKENS.getLocalPart();
+ break;
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ localname = Constants.SIGNED_SUPPORTING_TOKENS.getLocalPart();
+ break;
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ localname = Constants.ENDORSING_SUPPORTING_TOKENS.getLocalPart();
+ break;
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ localname = Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS
+ .getLocalPart();
+ break;
+ default:
+ throw new RuntimeException("Invalid SupportingTokenType");
+ }
+
+ // <sp:SupportingToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(),
+ Constants.POLICY.getNamespaceURI());
+
+ Token token;
+ for (Iterator iterator = getTokens().iterator(); iterator.hasNext();) {
+ // [Token Assertion] +
+ token = (Token) iterator.next();
+ token.serialize(writer);
+ }
+
+
+ if (signedParts != null) {
+ signedElements.serialize(writer);
+
+ } else if (signedElements != null) {
+ signedElements.serialize(writer);
+
+ } else if (encryptedParts != null) {
+ encryptedParts.serialize(writer);
+
+ } else if (encryptedElements != null) {
+ encryptedElements.serialize(writer);
+ }
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+ // </sp:SupportingToken>
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
new file mode 100644
index 0000000..7b5fba5
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.ws.secpolicy.Constants;
+
+public abstract class SymmetricAsymmetricBindingBase extends Binding {
+
+ private String protectionOrder = Constants.SIGN_BEFORE_ENCRYPTING;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ if(Constants.ENCRYPT_BEFORE_SIGNING.equals(protectionOrder) ||
+ Constants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ this.protectionOrder = protectionOrder;
+ } else {
+// throw new WSSPolicyException("Incorrect protection order value : "
+// + protectionOrder);
+ }
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
new file mode 100644
index 0000000..1d39db2
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SymmetricBinding extends SymmetricAsymmetricBindingBase {
+
+ private EncryptionToken encryptionToken;
+
+ private SignatureToken signatureToken;
+
+ private ProtectionToken protectionToken;
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public EncryptionToken getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(EncryptionToken encryptionToken) {
+ if(this.protectionToken != null) {
+// throw new WSSPolicyException("Cannot use an EncryptionToken in a " +
+// "SymmetricBinding when there is a ProtectionToken");
+ }
+ this.encryptionToken = encryptionToken;
+ }
+
+ /**
+ * @return Returns the protectionToken.
+ */
+ public ProtectionToken getProtectionToken() {
+ return protectionToken;
+ }
+
+ /**
+ * @param protectionToken The protectionToken to set.
+ */
+ public void setProtectionToken(ProtectionToken protectionToken) {
+ if(this.encryptionToken != null || this.signatureToken != null) {
+// throw new WSSPolicyException("Cannot use a ProtectionToken in a " +
+// "SymmetricBinding when there is a SignatureToken or an" +
+// "EncryptionToken");
+ }
+ this.protectionToken = protectionToken;
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public SignatureToken getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(SignatureToken signatureToken) {
+ if(this.protectionToken != null) {
+// throw new WSSPolicyException("Cannot use a SignatureToken in a " +
+// "SymmetricBinding when there is a ProtectionToken");
+ }
+ this.signatureToken = signatureToken;
+ }
+
+ public QName getName() {
+ return Constants.SYMMETRIC_BINDING;
+ }
+
+ public PolicyComponent normalize() {
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configurations = algorithmSuite.getConfigurations();
+
+ if (configurations == null && configurations.size() == 1) {
+ setNormalized(true);
+ return this;
+ }
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ All wrapper;
+ SymmetricBinding symmetricBinding;
+
+ for (Iterator iterator = configurations.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ symmetricBinding = new SymmetricBinding();
+
+ algorithmSuite = (AlgorithmSuite) iterator.next();
+ symmetricBinding.setAlgorithmSuite(algorithmSuite);
+
+ symmetricBinding.setEncryptionToken(getEncryptionToken());
+ symmetricBinding.setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
+ symmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
+ symmetricBinding.setLayout(getLayout());
+ symmetricBinding.setProtectionOrder(getProtectionOrder());
+ symmetricBinding.setProtectionToken(getProtectionToken());
+ symmetricBinding.setSignatureProtection(isSignatureProtection());
+ symmetricBinding.setSignatureToken(getSignatureToken());
+ symmetricBinding.setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ symmetricBinding.setSignedSupportingToken(getSignedSupportingToken());
+ symmetricBinding.setTokenProtection(isTokenProtection());
+
+ symmetricBinding.setNormalized(true);
+ wrapper.addPolicyComponent(symmetricBinding);
+ exactlyOne.addPolicyComponent(wrapper);
+ }
+
+ policy.addPolicyComponent(exactlyOne);
+ return policy;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.SYMMETRIC_BINDING.getLocalPart();
+ String namespaceURI = Constants.SYMMETRIC_BINDING.getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.SYMMETRIC_BINDING.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SymmetricBinding>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String policyLocalName = Constants.POLICY.getLocalPart();
+ String policyNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+
+ if (encryptionToken != null) {
+ encryptionToken.serialize(writer);
+
+ } else if ( protectionToken != null) {
+ protectionToken.serialize(writer);
+
+ } else {
+ throw new RuntimeException("Either EncryptionToken or ProtectionToken must be set");
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+
+ if (algorithmSuite == null) {
+ throw new RuntimeException("AlgorithmSuite must be set");
+ }
+ // <sp:AlgorithmSuite />
+ algorithmSuite.serialize(writer);
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout />
+ layout.serialize(writer);
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp />
+ writer.writeStartElement(prefix, Constants.INCLUDE_TIMESTAMP.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(protectionToken)) {
+ // <sp:EncryptBeforeSigning />
+ writer.writeStartElement(prefix, Constants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isSignatureProtection()) {
+ // <sp:EncryptSignature />
+ writer.writeStartElement(prefix, Constants.ENCRYPT_SIGNATURE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (protectionToken != null) {
+ protectionToken.serialize(writer);
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:SymmetricBinding>
+ writer.writeEndElement();
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
new file mode 100644
index 0000000..1e3d993
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.ws.secpolicy.Constants;
+
+public abstract class Token extends AbstractSecurityAssertion {
+
+ /**
+ * Inclusiong property of a TokenAssertion
+ */
+ private String inclusion = Constants.INCLUDE_ALWAYS;
+
+ /**
+ * Whether to derive keys or not
+ */
+ private boolean derivedKeys;
+
+ /**
+ * @return Returns the inclusion.
+ */
+ public String getInclusion() {
+ return inclusion;
+ }
+
+ /**
+ * @param inclusion The inclusion to set.
+ */
+ public void setInclusion(String inclusion) {
+ if(Constants.INCLUDE_ALWAYS.equals(inclusion) ||
+ Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(inclusion) ||
+ Constants.INCLUDE_NEVER.equals(inclusion) ||
+ Constants.INCLUDE_ONCE.equals(inclusion)) {
+ this.inclusion = inclusion;
+ } else {
+// throw new WSSPolicyException("Incorrect inclusion value: " + inclusion);
+ }
+ }
+
+ /**
+ * @return Returns the derivedKeys.
+ */
+ public boolean isDerivedKeys() {
+ return derivedKeys;
+ }
+
+ /**
+ * @param derivedKeys The derivedKeys to set.
+ */
+ public void setDerivedKeys(boolean derivedKeys) {
+ this.derivedKeys = derivedKeys;
+ }
+
+}
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
new file mode 100644
index 0000000..1da62f7
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public interface TokenWrapper {
+
+ public void setToken(Token tok);
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
new file mode 100644
index 0000000..ffba0b3
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class TransportBinding extends Binding {
+
+ private TransportToken transportToken;
+
+ private List transportBindings;
+
+ /**
+ * @return Returns the transportToken.
+ */
+ public TransportToken getTransportToken() {
+ return transportToken;
+ }
+
+ /**
+ * @param transportToken
+ * The transportToken to set.
+ */
+ public void setTransportToken(TransportToken transportToken) {
+ this.transportToken = transportToken;
+ }
+
+ public List getConfigurations() {
+ return transportBindings;
+ }
+
+ public TransportBinding getDefaultConfiguration() {
+ if (transportBindings != null) {
+ return (TransportBinding) transportBindings.get(0);
+ }
+ return null;
+ }
+
+ public void addConfiguration(TransportBinding transportBinding) {
+ if (transportBindings == null) {
+ transportBindings = new ArrayList();
+ }
+ transportBindings.add(transportBinding);
+ }
+
+ public QName getName() {
+ return Constants.TRANSPORT_BINDING;
+ }
+
+ public PolicyComponent normalize() {
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configurations = algorithmSuite.getConfigurations();
+
+ if (configurations != null && configurations.size() == 1) {
+ setNormalized(true);
+ return this;
+ }
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ All wrapper;
+ TransportBinding transportBinding;
+
+ for (Iterator iterator = configurations.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ transportBinding = new TransportBinding();
+
+ algorithmSuite = (AlgorithmSuite) iterator.next();
+ transportBinding.setAlgorithmSuite(algorithmSuite);
+ transportBinding.setIncludeTimestamp(isIncludeTimestamp());
+ transportBinding.setLayout(getLayout());
+ transportBinding
+ .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ transportBinding
+ .setSignedSupportingToken(getSignedSupportingToken());
+ transportBinding.setTransportToken(getTransportToken());
+
+ wrapper.addPolicyComponent(transportBinding);
+ exactlyOne.addPolicyComponent(wrapper);
+ }
+
+ policy.addPolicyComponent(exactlyOne);
+ return policy;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.TRANSPORT_BINDING.getLocalPart();
+ String namespaceURI = Constants.TRANSPORT_BINDING.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.TRANSPORT_BINDING.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:TransportBinding>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+
+ if (transportToken == null) {
+ // TODO more meaningful exception
+ throw new RuntimeException("no TransportToken found");
+ }
+
+ // <sp:TransportToken>
+ transportToken.serialize(writer);
+ // </sp:TransportToken>
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ if (algorithmSuite == null) {
+ throw new RuntimeException("no AlgorithmSuite found");
+ }
+
+ // <sp:AlgorithmSuite>
+ algorithmSuite.serialize(writer);
+ // </sp:AlgorithmSuite>
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout>
+ layout.serialize(writer);
+ // </sp:Layout>
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp>
+ writer.writeStartElement(Constants.INCLUDE_TIMESTAMP.getPrefix(),
+ Constants.INCLUDE_TIMESTAMP.getLocalPart(),
+ Constants.INCLUDE_TIMESTAMP.getNamespaceURI());
+ writer.writeEndElement();
+ // </sp:IncludeTimestamp>
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:TransportBinding>
+ writer.writeEndElement();
+
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
new file mode 100644
index 0000000..65fce43
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+
+public class TransportToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token transportToken;
+
+ /**
+ * @return Returns the transportToken.
+ */
+ public Token getTransportToken() {
+ return transportToken;
+ }
+
+ public QName getName() {
+ return new QName(Constants.SP_NS, "TransportToken");
+ }
+
+ public boolean isOptional() {
+ throw new UnsupportedOperationException();
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = Constants.TRANSPORT_TOKEN.getLocalPart();
+ String namespaceURI = Constants.TRANSPORT_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:TransportToken>
+
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (wspPrefix == null) {
+ writer.setPrefix(wspPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ // serialization of the token ..
+ transportToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ writer.writeEndElement();
+ // </sp:TransportToken>
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.ws.secpolicy.model.TokenWrapper#setToken(org.apache.ws.secpolicy.model.Token)
+ */
+ public void setToken(Token tok) {
+ this.transportToken = tok;
+ }
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
new file mode 100644
index 0000000..ce6d9e2
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+/**
+ * Model bean to capture Trust10 assertion info
+ */
+public class Trust10 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportClientChallenge;
+ private boolean mustSupportServerChallenge;
+ private boolean requireClientEntropy;
+ private boolean requireServerEntropy;
+ private boolean mustSupportIssuedTokens;
+
+ /**
+ * @return Returns the mustSupportClientChallenge.
+ */
+ public boolean isMustSupportClientChallenge() {
+ return mustSupportClientChallenge;
+ }
+
+ /**
+ * @param mustSupportClientChallenge The mustSupportClientChallenge to set.
+ */
+ public void setMustSupportClientChallenge(boolean mustSupportClientChallenge) {
+ this.mustSupportClientChallenge = mustSupportClientChallenge;
+ }
+
+ /**
+ * @return Returns the mustSupportIssuedTokens.
+ */
+ public boolean isMustSupportIssuedTokens() {
+ return mustSupportIssuedTokens;
+ }
+
+ /**
+ * @param mustSupportIssuedTokens The mustSupportIssuedTokens to set.
+ */
+ public void setMustSupportIssuedTokens(boolean mustSupportIssuedTokens) {
+ this.mustSupportIssuedTokens = mustSupportIssuedTokens;
+ }
+
+ /**
+ * @return Returns the mustSupportServerChallenge.
+ */
+ public boolean isMustSupportServerChallenge() {
+ return mustSupportServerChallenge;
+ }
+
+ /**
+ * @param mustSupportServerChallenge The mustSupportServerChallenge to set.
+ */
+ public void setMustSupportServerChallenge(boolean mustSupportServerChallenge) {
+ this.mustSupportServerChallenge = mustSupportServerChallenge;
+ }
+
+ /**
+ * @return Returns the requireClientEntropy.
+ */
+ public boolean isRequireClientEntropy() {
+ return requireClientEntropy;
+ }
+
+ /**
+ * @param requireClientEntropy The requireClientEntropy to set.
+ */
+ public void setRequireClientEntropy(boolean requireClientEntropy) {
+ this.requireClientEntropy = requireClientEntropy;
+ }
+
+ /**
+ * @return Returns the requireServerEntropy.
+ */
+ public boolean isRequireServerEntropy() {
+ return requireServerEntropy;
+ }
+
+ /**
+ * @param requireServerEntropy The requireServerEntropy to set.
+ */
+ public void setRequireServerEntropy(boolean requireServerEntropy) {
+ this.requireServerEntropy = requireServerEntropy;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return Constants.TRUST_10;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#isOptional()
+ */
+ public boolean isOptional() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.TRUST_10.getLocalPart();
+ String namespaceURI = Constants.TRUST_10.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.TRUST_10.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Trust10>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (wspPrefix == null) {
+ writer.setPrefix(wspPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ if (isMustSupportClientChallenge()) {
+ // <sp:MustSupportClientChallenge />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_CLIENT_CHALLENGE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportServerChallenge()) {
+ // <sp:MustSupportServerChallenge />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_SERVER_CHALLENGE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireClientEntropy()) {
+ // <sp:RequireClientEntropy />
+ writer.writeStartElement(prefix, Constants.REQUIRE_CLIENT_ENTROPY.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+
+ if (isRequireServerEntropy()) {
+ // <sp:RequireServerEntropy />
+ writer.writeStartElement(prefix, Constants.REQUIRE_SERVER_ENTROPY.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportIssuedTokens()) {
+ // <sp:MustSupportIssuedTokens />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_ISSUED_TOKENS.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ // </sp:Trust10>
+ writer.writeEndElement();
+
+
+
+
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
new file mode 100644
index 0000000..56318cd
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class UsernameToken extends Token {
+
+ private boolean useUTProfile10 = false;
+
+ private boolean useUTProfile11 = false;
+
+ /**
+ * @return Returns the useUTProfile11.
+ */
+ public boolean isUseUTProfile11() {
+ return useUTProfile11;
+ }
+
+ /**
+ * @param useUTProfile11
+ * The useUTProfile11 to set.
+ */
+ public void setUseUTProfile11(boolean useUTProfile11) {
+ this.useUTProfile11 = useUTProfile11;
+ }
+
+ public boolean isUseUTProfile10() {
+ return useUTProfile10;
+ }
+
+ public void setUseUTProfile10(boolean useUTProfile10) {
+ this.useUTProfile10 = useUTProfile10;
+ }
+
+ public QName getName() {
+ return Constants.USERNAME_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.USERNAME_TOKEN.getLocalPart();
+ String namespaceURI = Constants.USERNAME_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.USERNAME_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:UsernameToken
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String inclusion = getInclusion();
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, Constants.INCLUDE_TOKEN
+ .getLocalPart(), inclusion);
+ }
+
+ if (isUseUTProfile10() || isUseUTProfile11()) {
+ String pPrefix = writer.getPrefix(Constants.POLICY
+ .getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(Constants.POLICY.getPrefix(), Constants.POLICY
+ .getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, Constants.POLICY.getLocalPart(),
+ Constants.POLICY.getNamespaceURI());
+
+ // CHECKME
+ if (isUseUTProfile10()) {
+ // <sp:WssUsernameToken10 />
+ writer.writeStartElement(prefix, Constants.WSS_USERNAME_TOKEN10
+ .getLocalPart(), namespaceURI);
+ } else {
+ // <sp:WssUsernameToken11 />
+ writer.writeStartElement(prefix, Constants.WSS_USERNAME_TOKEN11
+ .getLocalPart(), namespaceURI);
+ }
+ writer.writeEndElement();
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ }
+
+ writer.writeEndElement();
+ // </sp:UsernameToken>
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
new file mode 100644
index 0000000..43fbcc9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class Wss10 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportRefKeyIdentifier;
+ private boolean MustSupportRefIssuerSerial;
+ private boolean MustSupportRefExternalURI;
+ private boolean MustSupportRefEmbeddedToken;
+
+ /**
+ * @return Returns the mustSupportRefEmbeddedToken.
+ */
+ public boolean isMustSupportRefEmbeddedToken() {
+ return MustSupportRefEmbeddedToken;
+ }
+ /**
+ * @param mustSupportRefEmbeddedToken The mustSupportRefEmbeddedToken to set.
+ */
+ public void setMustSupportRefEmbeddedToken(boolean mustSupportRefEmbeddedToken) {
+ MustSupportRefEmbeddedToken = mustSupportRefEmbeddedToken;
+ }
+ /**
+ * @return Returns the mustSupportRefExternalURI.
+ */
+ public boolean isMustSupportRefExternalURI() {
+ return MustSupportRefExternalURI;
+ }
+ /**
+ * @param mustSupportRefExternalURI The mustSupportRefExternalURI to set.
+ */
+ public void setMustSupportRefExternalURI(boolean mustSupportRefExternalURI) {
+ MustSupportRefExternalURI = mustSupportRefExternalURI;
+ }
+ /**
+ * @return Returns the mustSupportRefIssuerSerial.
+ */
+ public boolean isMustSupportRefIssuerSerial() {
+ return MustSupportRefIssuerSerial;
+ }
+ /**
+ * @param mustSupportRefIssuerSerial The mustSupportRefIssuerSerial to set.
+ */
+ public void setMustSupportRefIssuerSerial(boolean mustSupportRefIssuerSerial) {
+ MustSupportRefIssuerSerial = mustSupportRefIssuerSerial;
+ }
+ /**
+ * @return Returns the mustSupportRefKeyIdentifier.
+ */
+ public boolean isMustSupportRefKeyIdentifier() {
+ return mustSupportRefKeyIdentifier;
+ }
+ /**
+ * @param mustSupportRefKeyIdentifier The mustSupportRefKeyIdentifier to set.
+ */
+ public void setMustSupportRefKeyIdentifier(boolean mustSupportRefKeyIdentifier) {
+ this.mustSupportRefKeyIdentifier = mustSupportRefKeyIdentifier;
+ }
+
+ public QName getName() {
+ return Constants.WSS10;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.WSS10.getLocalPart();
+ String namespaceURI = Constants.WSS10.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.WSS10.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Wss10>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(Constants.POLICY.getPrefix(), Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ if (isMustSupportRefKeyIdentifier()) {
+ // <sp:MustSupportRefKeyIdentifier />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefIssuerSerial()) {
+ // <sp:MustSupportRefIssuerSerial />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefExternalURI()) {
+ // <sp:MustSupportRefExternalURI />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EXTERNAL_URI.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEmbeddedToken()) {
+ // <sp:MustSupportRefEmbeddedToken />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+
+
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Wss10>
+ writer.writeEndElement();
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
new file mode 100644
index 0000000..e64042d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+
+public class Wss11 extends Wss10 {
+
+ private boolean MustSupportRefThumbprint;
+ private boolean MustSupportRefEncryptedKey;
+ private boolean RequireSignatureConfirmation;
+
+ /**
+ * @return Returns the mustSupportRefEncryptedKey.
+ */
+ public boolean isMustSupportRefEncryptedKey() {
+ return MustSupportRefEncryptedKey;
+ }
+ /**
+ * @param mustSupportRefEncryptedKey The mustSupportRefEncryptedKey to set.
+ */
+ public void setMustSupportRefEncryptedKey(boolean mustSupportRefEncryptedKey) {
+ MustSupportRefEncryptedKey = mustSupportRefEncryptedKey;
+ }
+ /**
+ * @return Returns the mustSupportRefThumbprint.
+ */
+ public boolean isMustSupportRefThumbprint() {
+ return MustSupportRefThumbprint;
+ }
+ /**
+ * @param mustSupportRefThumbprint The mustSupportRefThumbprint to set.
+ */
+ public void setMustSupportRefThumbprint(boolean mustSupportRefThumbprint) {
+ MustSupportRefThumbprint = mustSupportRefThumbprint;
+ }
+ /**
+ * @return Returns the requireSignatureConfirmation.
+ */
+ public boolean isRequireSignatureConfirmation() {
+ return RequireSignatureConfirmation;
+ }
+ /**
+ * @param requireSignatureConfirmation The requireSignatureConfirmation to set.
+ */
+ public void setRequireSignatureConfirmation(boolean requireSignatureConfirmation) {
+ RequireSignatureConfirmation = requireSignatureConfirmation;
+ }
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.WSS11.getLocalPart();
+ String namespaceURI = Constants.WSS11.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.WSS11.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Wss11>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(Constants.POLICY.getPrefix(), Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ // <sp:MustSupportRefKeyIndentifier />
+ if (isMustSupportRefKeyIdentifier()) {
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefIssuerSerial()) {
+ // <sp:MustSupportRefIssuerSerial />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefExternalURI()) {
+ // <sp:MustSupportRefExternalURI />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EXTERNAL_URI.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEmbeddedToken()) {
+ // <sp:MustSupportRefEmbeddedToken />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefThumbprint()) {
+ // <sp:MustSupportRefThumbprint />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_THUMBPRINT.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEncryptedKey()) {
+ // <sp:MustSupportRefEncryptedKey />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireSignatureConfirmation()) {
+ // <sp:RequireSignatureConfirmation />
+ writer.writeStartElement(prefix, Constants.REQUIRE_SIGNATURE_CONFIRMATION.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Wss11>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
new file mode 100644
index 0000000..753bfb1
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class X509Token extends Token {
+
+ private boolean requireKeyIdentifierReference;
+
+ private boolean requireIssuerSerialReference;
+
+ private boolean requireEmbeddedTokenReference;
+
+ private boolean requireThumbprintReference;
+
+ private String tokenVersionAndType;
+
+ /**
+ * @return Returns the requireEmbeddedTokenReference.
+ */
+ public boolean isRequireEmbeddedTokenReference() {
+ return requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @param requireEmbeddedTokenReference The requireEmbeddedTokenReference to set.
+ */
+ public void setRequireEmbeddedTokenReference(
+ boolean requireEmbeddedTokenReference) {
+ this.requireEmbeddedTokenReference = requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @return Returns the requireIssuerSerialReference.
+ */
+ public boolean isRequireIssuerSerialReference() {
+ return requireIssuerSerialReference;
+ }
+
+ /**
+ * @param requireIssuerSerialReference The requireIssuerSerialReference to set.
+ */
+ public void setRequireIssuerSerialReference(boolean requireIssuerSerialReference) {
+ this.requireIssuerSerialReference = requireIssuerSerialReference;
+ }
+
+ /**
+ * @return Returns the requireKeyIdentifierReference.
+ */
+ public boolean isRequireKeyIdentifierReference() {
+ return requireKeyIdentifierReference;
+ }
+
+ /**
+ * @param requireKeyIdentifierReference The requireKeyIdentifierReference to set.
+ */
+ public void setRequireKeyIdentifierReference(
+ boolean requireKeyIdentifierReference) {
+ this.requireKeyIdentifierReference = requireKeyIdentifierReference;
+ }
+
+ /**
+ * @return Returns the requireThumbprintReference.
+ */
+ public boolean isRequireThumbprintReference() {
+ return requireThumbprintReference;
+ }
+
+ /**
+ * @param requireThumbprintReference The requireThumbprintReference to set.
+ */
+ public void setRequireThumbprintReference(boolean requireThumbprintReference) {
+ this.requireThumbprintReference = requireThumbprintReference;
+ }
+
+ /**
+ * @return Returns the tokenVersionAndType.
+ */
+ public String getTokenVersionAndType() {
+ return tokenVersionAndType;
+ }
+
+ /**
+ * @param tokenVersionAndType The tokenVersionAndType to set.
+ */
+ public void setTokenVersionAndType(String tokenVersionAndType) {
+ this.tokenVersionAndType = tokenVersionAndType;
+ }
+
+ public QName getName() {
+ return Constants.X509_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.X509_TOKEN.getLocalPart();
+ String namespaceURI = Constants.X509_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.X509_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:X509Token>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String inclusion = getInclusion();
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, Constants.INCLUDE_TOKEN
+ .getLocalPart(), inclusion);
+ }
+
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ if (isRequireKeyIdentifierReference()) {
+ // <sp:RequireKeyIdentifierReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireIssuerSerialReference()) {
+ // <sp:RequireIssuerSerialReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireEmbeddedTokenReference()) {
+ // <sp:RequireEmbeddedTokenReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireThumbprintReference()) {
+ // <sp:RequireThumbprintReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_THUMBPRINT_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (tokenVersionAndType != null) {
+ // <sp:WssX509V1Token10 /> | ..
+ writer.writeStartElement(prefix, tokenVersionAndType, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if(isDerivedKeys()) {
+ // <sp:RequireDerivedKeys/>
+ writer.writeStartElement(prefix, Constants.REQUIRE_DERIVED_KEYS.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:X509Token>
+ writer.writeEndElement();
+ }
+
+}
diff --git a/modules/rampart-samples/README.txt b/modules/rampart-samples/README.txt
new file mode 100644
index 0000000..0c66132
--- /dev/null
+++ b/modules/rampart-samples/README.txt
@@ -0,0 +1,15 @@
+********************************************************************************
+**************************** Apache Rampart Samples ****************************
+********************************************************************************
+
+This directory contains three sub directories:
+
+ - basic - A set of samples that uses basic rampart configuration using
+ parameters
+
+ - policy - A set of samples that uses rampart with WS-SecurityPolicy
+
+ - keys - The keystore files that contains the keys used by the samples
+
+Please use Apache Ant with the build.xml file available here to copy all jars
+and mars to required places.
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/README.txt b/modules/rampart-samples/basic/README.txt
new file mode 100644
index 0000000..18f66b1
--- /dev/null
+++ b/modules/rampart-samples/basic/README.txt
@@ -0,0 +1,44 @@
+********************************************************************************
+**************************** Apache Rampart Samples ****************************
+********************************************************************************
+
+This is a set of Apache Rampart samples which uses configuraiton parameters
+to configure rampart.
+
+Each "sampleX" directory contains :
+
+ - client.axis2.xml - Client configuration
+ - services.xml - Service configuration
+ - src - Source of the sample
+ - README.txt - you have to read this :-)
+
+We use two parameters named "InflowSecurity" and "OutflowSecurity" within
+these files to configure rampart.
+
+01.) Rampart Engaged and no configuration
+02.) UsernameToken authentication
+03.) UsernameToken authentication with a plain text password
+04.) Message integrity and non-repudiation with signature
+05.) Encryption
+06.) Sign and encrypt a messages
+07.) Encrypt and sign messages
+08.) Signing twice
+09.) Encryption with a key known to both parties
+10.) MTOM Optimizing base64 content in the secured message
+11.) Dynamic configuration : Get rid of the config files ... let's use code!
+
+You can use the ant build script provided here to run these samples.
+
+Exmaple: Running sample - 01
+ - Start two shell instnaces and change to the directory where this file is
+ - To start the service:
+ $ ant service.01
+ - To run client:
+ $ ant client.01
+
+--------------------------------------------------------------------------------
+NOTE: To view the messages exchanged
+ - Change the "client.port" property in the "build.xml" to an available port
+ E.g. : <property name="client.port" value="9080"/>
+ - Setup tcpmon (http://ws.apache.org/commons/tcpmon/) to listen on the above
+ port and to point to port 8080 (value of the service.port property)
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/build.xml b/modules/rampart-samples/basic/build.xml
new file mode 100644
index 0000000..47396ab
--- /dev/null
+++ b/modules/rampart-samples/basic/build.xml
@@ -0,0 +1,259 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="clean">
+
+ <property name="service.repos.dir" value="build/service_repositories"/>
+ <property name="client.repos.dir" value="build/client_repositories"/>
+ <property name="temp.dir" value="build/temp"/>
+ <property name="keys.dir" value="../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.2.mar"/>
+ <property name="rampart.mar" value="rampart-1.2.mar"/>
+
+ <property name="client.port" value="8080"/>
+ <property name="server.port" value="8080"/>
+
+ <property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Sample Service 01 -->
+ <target name="service.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="01"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="01"/>
+ </target>
+
+ <!-- Sample Service 02 -->
+ <target name="service.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="02"/>
+ </target>
+
+ <!-- Sample Client 02 -->
+ <target name="client.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="02"/>
+ </target>
+
+ <!-- Sample Service 03 -->
+ <target name="service.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="03"/>
+ </target>
+
+ <!-- Sample Client 03 -->
+ <target name="client.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="03"/>
+ </target>
+
+ <!-- Sample Service 04 -->
+ <target name="service.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="04"/>
+ </target>
+
+ <!-- Sample Client 04 -->
+ <target name="client.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="04"/>
+ </target>
+
+ <!-- Sample Service 05 -->
+ <target name="service.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="05"/>
+ </target>
+
+ <!-- Sample Client 05 -->
+ <target name="client.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="05"/>
+ </target>
+
+ <!-- Sample Service 06 -->
+ <target name="service.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="06"/>
+ </target>
+
+ <!-- Sample Client 06 -->
+ <target name="client.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="06"/>
+ </target>
+
+ <!-- Sample Service 07 -->
+ <target name="service.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="07"/>
+ </target>
+
+ <!-- Sample Client 07 -->
+ <target name="client.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="07"/>
+ </target>
+
+ <!-- Sample Service 08 -->
+ <target name="service.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="08"/>
+ </target>
+
+ <!-- Sample Client 08 -->
+ <target name="client.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="08"/>
+ </target>
+
+ <!-- Sample Service 09 -->
+ <target name="service.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="09"/>
+ </target>
+
+ <!-- Sample Client 09 -->
+ <target name="client.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="09"/>
+ </target>
+
+ <!-- Sample Service 10 -->
+ <target name="service.10" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="10"/>
+ </target>
+
+ <!-- Sample Client 10 -->
+ <target name="client.10" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="10"/>
+ </target>
+
+ <!-- Sample Service 11 -->
+ <target name="service.11" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="11"/>
+ </target>
+
+ <!-- Sample Client 11 -->
+ <target name="client.11" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="11"/>
+ </target>
+
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <macrodef name="create.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="create.and.run.client">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/conf"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- Copy axis2.xml file -->
+ <copy file="sample@{sample.number}/client.axis2.xml" tofile="${client.repos.dir}/sample@{sample.number}/conf/axis2.xml" overwrite="true"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Compile client -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
+ <copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
+
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.samples.sample@{sample.number}.Client" fork="true">
+ <arg value="${sample.services.url}/sample@{sample.number}"/>
+ <arg value="${client.repos.dir}/sample@{sample.number}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+
+<!-- <delete dir="${temp.client.dir}"/> -->
+ </sequential>
+ </macrodef>
+
+</project>
diff --git a/modules/rampart-samples/basic/sample01/README.txt b/modules/rampart-samples/basic/sample01/README.txt
new file mode 100644
index 0000000..a4c35f9
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/README.txt
@@ -0,0 +1,6 @@
+Rampart Engaged and no configuration
+
+This sample shows that Apache Rampart does not work on the messages when simply
+engagd without any configuration
+
+Note: <module ref="rampart"/> in both client.axis2.xml and services.xml
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample01/client.axis2.xml b/modules/rampart-samples/basic/sample01/client.axis2.xml
new file mode 100644
index 0000000..f16592e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/client.axis2.xml
@@ -0,0 +1,221 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample01/services.xml b/modules/rampart-samples/basic/sample01/services.xml
new file mode 100644
index 0000000..f76daf9
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/services.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : No Security-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample01.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+</service>
diff --git a/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java
new file mode 100644
index 0000000..3d2067b
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample01;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample01.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java
new file mode 100644
index 0000000..3247722
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.sample01;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample02/README.txt b/modules/rampart-samples/basic/sample02/README.txt
new file mode 100644
index 0000000..de24747
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/README.txt
@@ -0,0 +1,10 @@
+UsernameToken authentication
+
+The client is configured to add a UsernameToken to the outgoing message.
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml
+
+Note how org.apache.rampart.samples.sample02.PWCBHandler supplies the password
+to wss4j to compute the digest for comparison.
diff --git a/modules/rampart-samples/basic/sample02/client.axis2.xml b/modules/rampart-samples/basic/sample02/client.axis2.xml
new file mode 100644
index 0000000..85625b0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/client.axis2.xml
@@ -0,0 +1,228 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample02/services.xml b/modules/rampart-samples/basic/sample02/services.xml
new file mode 100644
index 0000000..ac94b4b
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/services.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Timestamp and UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample02.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java
new file mode 100644
index 0000000..8c38db0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample02;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample02.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java
new file mode 100644
index 0000000..35074f4
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample02;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("bob".equals(id)) {
+ pwcb.setPassword("bobPW");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java
new file mode 100644
index 0000000..3249257
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.rampart.samples.sample02;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample03/README.txt b/modules/rampart-samples/basic/sample03/README.txt
new file mode 100644
index 0000000..1446348
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/README.txt
@@ -0,0 +1,12 @@
+UsernameToken authentication with a plain text password
+
+The client is configured to add a UsernameToken to the outgoing message.
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+ - Note the <passwordType>PasswordText</passwordType> element
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml
+
+Note how org.apache.rampart.samples.sample03.PWCBHandler authenticates the
+password
+
diff --git a/modules/rampart-samples/basic/sample03/client.axis2.xml b/modules/rampart-samples/basic/sample03/client.axis2.xml
new file mode 100644
index 0000000..e864e46
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/client.axis2.xml
@@ -0,0 +1,229 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample03.PWCBHandler</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample03/services.xml b/modules/rampart-samples/basic/sample03/services.xml
new file mode 100644
index 0000000..1d0e6c5
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/services.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-3 : Timestamp and UsernameToken (with plaintext password)-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample03.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample03.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java
new file mode 100644
index 0000000..bac19c0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample03;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample03.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java
new file mode 100644
index 0000000..cb52caf
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample03;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("bob") && pwcb.getPassword().equals("bobPW")) {
+ //If authentication successful, simply return
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java
new file mode 100644
index 0000000..630cf80
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.sample03;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.Vector;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample04/README.txt b/modules/rampart-samples/basic/sample04/README.txt
new file mode 100644
index 0000000..df4599d
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/README.txt
@@ -0,0 +1,7 @@
+Message integrity and non-repudiation with signature
+
+Both client and servce are configured to sign the outgoing message and to verify
+the signature of the incoming message using their key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample04/client.axis2.xml b/modules/rampart-samples/basic/sample04/client.axis2.xml
new file mode 100644
index 0000000..0b05648
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/client.axis2.xml
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <user>client</user>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample04/services.xml b/modules/rampart-samples/basic/sample04/services.xml
new file mode 100644
index 0000000..daff4d3
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/services.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-4 : Signature only -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample04.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java
new file mode 100644
index 0000000..3b3dce8
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample04;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample04.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java
new file mode 100644
index 0000000..557755c
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample04;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java
new file mode 100644
index 0000000..9132949
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample04;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample05/README.txt b/modules/rampart-samples/basic/sample05/README.txt
new file mode 100644
index 0000000..8ca2fd8
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/README.txt
@@ -0,0 +1,7 @@
+Encrypting messages
+
+Both client and servce are configured to encrypt the outgoing message and to
+decrypt incoming message using their key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample05/client.axis2.xml b/modules/rampart-samples/basic/sample05/client.axis2.xml
new file mode 100644
index 0000000..eec3aa0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/client.axis2.xml
@@ -0,0 +1,236 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <encryptionUser>service</encryptionUser>
+ <encryptionPropFile>client.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>client.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample05/services.xml b/modules/rampart-samples/basic/sample05/services.xml
new file mode 100644
index 0000000..2b329a8
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/services.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-5 : Encryption only -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample05.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>service.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <encryptionUser>client</encryptionUser>
+ <encryptionPropFile>service.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+
+
+</service>
diff --git a/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java
new file mode 100644
index 0000000..b775eb1
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample05;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample05.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java
new file mode 100644
index 0000000..b5f97d4
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample05;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java
new file mode 100644
index 0000000..083a322
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample05;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample06/README.txt b/modules/rampart-samples/basic/sample06/README.txt
new file mode 100644
index 0000000..54642b5
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/README.txt
@@ -0,0 +1,8 @@
+Sign and encrypt messages
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample06/client.axis2.xml b/modules/rampart-samples/basic/sample06/client.axis2.xml
new file mode 100644
index 0000000..d40948f
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/client.axis2.xml
@@ -0,0 +1,242 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <!--Signature and Encryption : Using the request's certificate-->
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample06/services.xml b/modules/rampart-samples/basic/sample06/services.xml
new file mode 100644
index 0000000..2c9b865
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/services.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-6 : Signature and Encryption : Using the request's certificate-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java
new file mode 100644
index 0000000..6984030
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample06;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample06.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java
new file mode 100644
index 0000000..148b24d
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample06;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java
new file mode 100644
index 0000000..185825e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample06;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample07/README.txt b/modules/rampart-samples/basic/sample07/README.txt
new file mode 100644
index 0000000..f524604
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/README.txt
@@ -0,0 +1,8 @@
+Encrypt and sign messages
+
+Both client and servce are configured to first encrypt and then sign the
+outgoing message and to verify and decrypt the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample07/client.axis2.xml b/modules/rampart-samples/basic/sample07/client.axis2.xml
new file mode 100644
index 0000000..ab26716
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/client.axis2.xml
@@ -0,0 +1,240 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample07/services.xml b/modules/rampart-samples/basic/sample07/services.xml
new file mode 100644
index 0000000..0b12f2b
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-7 : Encryption and Signature -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample07.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java
new file mode 100644
index 0000000..8d9295e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample07;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample07.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java
new file mode 100644
index 0000000..2169966
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample07;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java
new file mode 100644
index 0000000..cd14fc0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample07;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample08/README.txt b/modules/rampart-samples/basic/sample08/README.txt
new file mode 100644
index 0000000..4643e47
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/README.txt
@@ -0,0 +1,10 @@
+Signing twice
+
+The client is configured to sign the outgoing message twice
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+ - Note the aditional <action> element that defines the second signature.
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml. Not that we
+ simply use "Signature Signature" as action items.
+
diff --git a/modules/rampart-samples/basic/sample08/client.axis2.xml b/modules/rampart-samples/basic/sample08/client.axis2.xml
new file mode 100644
index 0000000..626fc25
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/client.axis2.xml
@@ -0,0 +1,241 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- sample-8 : Double Signature -->
+ <parameter name="OutflowSecurity">
+
+ <action>
+ <items>Timestamp Signature NoSerialization</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+
+ <action>
+ <items>Signature</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample08/services.xml b/modules/rampart-samples/basic/sample08/services.xml
new file mode 100644
index 0000000..38a8ce2
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/services.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-8 : Double Signature -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample08.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java
new file mode 100644
index 0000000..dec9168
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample08;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample08.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java
new file mode 100644
index 0000000..98c13be
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample08;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java
new file mode 100644
index 0000000..a61f706
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample08;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample09/README.txt b/modules/rampart-samples/basic/sample09/README.txt
new file mode 100644
index 0000000..7202cc6
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/README.txt
@@ -0,0 +1,8 @@
+Encryption with a key known to both parties
+
+Both client and servce are configured to encrypt the outgoing message and to
+decrypt incoming message using a known named key
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+ - Note the use of <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ - Note that org.apache.rampart.samples.sample09.PWCBHandler sets the key
diff --git a/modules/rampart-samples/basic/sample09/client.axis2.xml b/modules/rampart-samples/basic/sample09/client.axis2.xml
new file mode 100644
index 0000000..34dcae5
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/client.axis2.xml
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <user>client</user>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
+ <encryptionPropFile>client.properties</encryptionPropFile>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>client.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample09/services.xml b/modules/rampart-samples/basic/sample09/services.xml
new file mode 100644
index 0000000..9c2f5c0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-9 : Encryption using a known key -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample09.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>service.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <user>service</user>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionPropFile>service.properties</encryptionPropFile>
+ <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java
new file mode 100644
index 0000000..7592cd8
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample09;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample09.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java
new file mode 100644
index 0000000..92adde4
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample09;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e };
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
+
+ if (pwcb.getUsage() == WSPasswordCallback.KEY_NAME) {
+ pwcb.setKey(key);
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java
new file mode 100644
index 0000000..7862caf
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample09;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample10/README.txt b/modules/rampart-samples/basic/sample10/README.txt
new file mode 100644
index 0000000..0ad0c6a
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/README.txt
@@ -0,0 +1,8 @@
+Sign and encrypt messages
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+ - Note the use of <optimizeParts>[xpath expression]</optimizeParts>
diff --git a/modules/rampart-samples/basic/sample10/client.axis2.xml b/modules/rampart-samples/basic/sample10/client.axis2.xml
new file mode 100644
index 0000000..b6cad86
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/client.axis2.xml
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- sample-10 : MTOM optimize encrypted content -->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample10/services.xml b/modules/rampart-samples/basic/sample10/services.xml
new file mode 100644
index 0000000..8cada6d
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/services.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-10 : MTOM optimize encrypted content -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample10.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java
new file mode 100644
index 0000000..acd09c6
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample10;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample10.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java
new file mode 100644
index 0000000..2675cdb
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample10;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java
new file mode 100644
index 0000000..93743ea
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample10;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample11/README.txt b/modules/rampart-samples/basic/sample11/README.txt
new file mode 100644
index 0000000..2a60545
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/README.txt
@@ -0,0 +1,8 @@
+Dynamic configuration : Get rid of the config files ... let's use code!
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - Note that we don't use any parameters in the client.axis2.xml
+ - See org.apache.rampart.samples.sample11.Client's getOutflowConfiguration()
+ getInflowConfiguration() methods and their usage.
diff --git a/modules/rampart-samples/basic/sample11/client.axis2.xml b/modules/rampart-samples/basic/sample11/client.axis2.xml
new file mode 100644
index 0000000..ba44dab
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/client.axis2.xml
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample11/services.xml b/modules/rampart-samples/basic/sample11/services.xml
new file mode 100644
index 0000000..28715e1
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-11 : Dynamic client configuration -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample11.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
new file mode 100644
index 0000000..c37c47e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample11;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+
+ //Set the rampart parameters
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, getOutflowConfiguration());
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, getInflowConfiguration());
+
+ client.setOptions(options);
+
+ //Engage rampart
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample11.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+ private static Parameter getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("client");
+ ofc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandler");
+ ofc.setSignaturePropFile("client.properties");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
+ ofc.setEncryptionUser("service");
+
+ return ofc.getProperty();
+ }
+
+ private static Parameter getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandler");
+ ifc.setSignaturePropFile("client.properties");
+
+ return ifc.getProperty();
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java
new file mode 100644
index 0000000..1e10288
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample11;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java
new file mode 100644
index 0000000..012bd62
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample11;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/build.xml b/modules/rampart-samples/build.xml
new file mode 100644
index 0000000..b277846
--- /dev/null
+++ b/modules/rampart-samples/build.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="../lib"/>
+ <property name="modules.dir" value="../"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
diff --git a/modules/rampart-samples/keys/client.jks b/modules/rampart-samples/keys/client.jks
new file mode 100644
index 0000000..9011b2c
--- /dev/null
+++ b/modules/rampart-samples/keys/client.jks
Binary files differ
diff --git a/modules/rampart-samples/keys/client.properties b/modules/rampart-samples/keys/client.properties
new file mode 100644
index 0000000..985250f
--- /dev/null
+++ b/modules/rampart-samples/keys/client.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=apache
+org.apache.ws.security.crypto.merlin.file=client.jks
\ No newline at end of file
diff --git a/modules/rampart-samples/keys/service.jks b/modules/rampart-samples/keys/service.jks
new file mode 100644
index 0000000..0c5ab81
--- /dev/null
+++ b/modules/rampart-samples/keys/service.jks
Binary files differ
diff --git a/modules/rampart-samples/keys/service.properties b/modules/rampart-samples/keys/service.properties
new file mode 100644
index 0000000..cdd231c
--- /dev/null
+++ b/modules/rampart-samples/keys/service.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=apache
+org.apache.ws.security.crypto.merlin.file=service.jks
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
new file mode 100644
index 0000000..a5812fa
--- /dev/null
+++ b/modules/rampart-samples/policy/build.xml
@@ -0,0 +1,189 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="clean">
+
+ <property name="service.repos.dir" value="build/service_repositories"/>
+ <property name="client.repos.dir" value="build/client_repositories"/>
+ <property name="temp.dir" value="build/temp"/>
+ <property name="keys.dir" value="../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.2.mar"/>
+ <property name="rampart.mar" value="rampart-1.2.mar"/>
+ <property name="rahas.mar" value="rahas-1.2.mar"/>
+
+ <property name="client.port" value="8080"/>
+ <property name="server.port" value="8080"/>
+
+ <property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Sample Service 01 -->
+ <target name="service.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="01"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="01"/>
+ </target>
+
+ <!-- Sample Service 02 -->
+ <target name="service.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="02"/>
+ </target>
+
+ <!-- Sample Client 02 -->
+ <target name="client.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="02"/>
+ </target>
+
+ <!-- Sample Service 03 -->
+ <target name="service.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="03"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="03"/>
+ </target>
+
+ <!-- Sample Service 04 -->
+ <target name="service.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="04"/>
+ </target>
+
+ <!-- Sample Client 04 -->
+ <target name="client.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="04"/>
+ </target>
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <macrodef name="create.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rahas.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rahas.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="create.and.run.client">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/conf"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Compile client -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
+ <copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
+
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.samples.policy.sample@{sample.number}.Client" fork="true">
+ <arg value="${sample.services.url}/sample@{sample.number}"/>
+ <arg value="${client.repos.dir}/sample@{sample.number}"/>
+ <arg value="sample@{sample.number}/policy.xml"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+
+<!-- <delete dir="${temp.client.dir}"/> -->
+ </sequential>
+ </macrodef>
+
+</project>
diff --git a/modules/rampart-samples/policy/sample01/README.txt b/modules/rampart-samples/policy/sample01/README.txt
new file mode 100644
index 0000000..ad75ce6
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/README.txt
@@ -0,0 +1,8 @@
+UsernameToken Authentication
+
+The policy uses a TransportBinding and requires a SignedSupportingToken which
+is a UsernameToken and the inclusion of a TimeStamp.
+
+Note that Rampart does not enforce the use of HTTPS transport and that
+{http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample01/policy.xml b/modules/rampart-samples/policy/sample01/policy.xml
new file mode 100644
index 0000000..7e7209d
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/policy.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample01/services.xml b/modules/rampart-samples/policy/sample01/services.xml
new file mode 100644
index 0000000..24dad18
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/services.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample01.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java
new file mode 100644
index 0000000..aa5385e
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample01;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample01.policy.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
new file mode 100644
index 0000000..a7c0011
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample01;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("alice") && pwcb.getPassword().equals("bobPW")) {
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java
new file mode 100644
index 0000000..2dd8e82
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample01;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample02/README.txt b/modules/rampart-samples/policy/sample02/README.txt
new file mode 100644
index 0000000..47a2fa7
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/README.txt
@@ -0,0 +1,7 @@
+Sign only
+
+An AsymmetricBinding is used. Entire headers and body to be signed.
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample02/policy.xml b/modules/rampart-samples/policy/sample02/policy.xml
new file mode 100644
index 0000000..f5951b9
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/policy.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample02/services.xml b/modules/rampart-samples/policy/sample02/services.xml
new file mode 100644
index 0000000..3fbcbe7
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/services.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample02.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java
new file mode 100644
index 0000000..e3e46dd
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample02;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample02.policy.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
new file mode 100644
index 0000000..684fb99
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample02;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java
new file mode 100644
index 0000000..7404669
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample02;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample03/README.txt b/modules/rampart-samples/policy/sample03/README.txt
new file mode 100644
index 0000000..57bf529
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/README.txt
@@ -0,0 +1,9 @@
+Sign and Encrypt messages
+
+An AsymmetricBinding is used. Entire headers and body to be signed.
+EncryptionParts specifies the Body to be encrypted.
+
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample03/policy.xml b/modules/rampart-samples/policy/sample03/policy.xml
new file mode 100644
index 0000000..63253ec
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/policy.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample03/services.xml b/modules/rampart-samples/policy/sample03/services.xml
new file mode 100644
index 0000000..d3a3b4d
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/services.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample03.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java
new file mode 100644
index 0000000..fda69ba
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample03;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample03.policy.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
new file mode 100644
index 0000000..2d8ef1f
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample03;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java
new file mode 100644
index 0000000..2ed33a6
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample03;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample04/README.txt b/modules/rampart-samples/policy/sample04/README.txt
new file mode 100644
index 0000000..33a0168
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/README.txt
@@ -0,0 +1,15 @@
+SecureConversation
+
+The secure session is bootstrapped using a SymetricBinding which uses
+derived keys based on an ephemeral key.
+
+Messages in the secure conversation :
+ - Includes a timestamp
+ - All headers are signed along with the timestamp
+ - Signature encrypted
+ - Body encrypted
+
+Algorithm suite is Basic128Rsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample04/policy.xml b/modules/rampart-samples/policy/sample04/policy.xml
new file mode 100644
index 0000000..07ab984
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/policy.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample04/services.xml b/modules/rampart-samples/policy/sample04/services.xml
new file mode 100644
index 0000000..61a8c12
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/services.xml
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample04.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="rahas" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SecConvPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+
+ </token-canceler-config>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java
new file mode 100644
index 0000000..586fc51
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample04;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world1"));
+ System.out.println("Response 1 : " + response);
+ response = client.sendReceive(getPayload("Hello world2"));
+ System.out.println("Response 2 : " + response);
+ response = client.sendReceive(getPayload("Hello world3"));
+ System.out.println("Response 3 : " + response);
+
+ System.out.println("Sending cancel request");
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ response = client.sendReceive(getPayload("Hello world3"));
+ System.out.println("Cancel response: " + response);
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample04.policy.samples.rampart.apache.org/xsd","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
new file mode 100644
index 0000000..c3b3a47
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample04;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java
new file mode 100644
index 0000000..d539c87
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample04;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-tests/pom.xml b/modules/rampart-tests/pom.xml
new file mode 100644
index 0000000..d0c246c
--- /dev/null
+++ b/modules/rampart-tests/pom.xml
@@ -0,0 +1,73 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.21</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-tests</artifactId>
+ <packaging>jar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Test Suite</name>
+
+ <build>
+ <sourceDirectory>src/test/java</sourceDirectory>
+ <testSourceDirectory>src/test/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>test-resources</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/*.xml</include>
+ <include>**/*.xsl</include>
+ </includes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
new file mode 100644
index 0000000..e824232
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+
+import java.util.Date;
+
+public class SimpleTokenStoreTest extends TestCase {
+
+ public void testAdd() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ store.add(getTestToken("id-1"));
+ } catch (TrustException e) {
+ fail("Adding a new token to an empty store should not fail, " +
+ "message : " + e.getMessage());
+ }
+ Token token = null;
+ try {
+ token = getTestToken("id-1");
+ store.add(token);
+ fail("Adding an existing token must throw an exception");
+ } catch (TrustException e) {
+ assertEquals("Incorrect exception message",
+ TrustException.getMessage("tokenAlreadyExists",
+ new String[]{token.getId()}), e.getMessage());
+ }
+ }
+
+ public void testGettokenIdentifiers() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ String[] ids = store.getTokenIdentifiers();
+ assertEquals("There should not be any token ids at this point", 0, ids.length);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ try {
+ store.add(getTestToken("id-1"));
+ store.add(getTestToken("id-2"));
+ store.add(getTestToken("id-3"));
+ String[] ids = store.getTokenIdentifiers();
+ assertEquals("Incorrect number fo token ids", 3, ids.length);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ public void testUpdate() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ Token token1 = null;
+ try {
+ token1 = getTestToken("id-1");
+ } catch (TrustException e) {
+ fail();
+ }
+ try {
+ store.update(token1);
+ fail("An exception must be thrown at this point : noTokenToUpdate");
+ } catch (TrustException e) {
+ assertEquals("Incorrect exception message", TrustException
+ .getMessage("noTokenToUpdate", new String[]{token1
+ .getId()}), e.getMessage());
+ }
+ try {
+ store.add(token1);
+ store.add(getTestToken("id-2"));
+ store.add(getTestToken("id-3"));
+ token1.setState(Token.EXPIRED);
+ store.update(token1);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ public void testGetValidExpiredRenewedTokens() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ Token token1 = getTestToken("id-1", new Date(System.currentTimeMillis() + 10000));
+ Token token2 = getTestToken("id-2", new Date(System.currentTimeMillis() + 10000));
+ Token token3 = getTestToken("id-3", new Date(System.currentTimeMillis() + 10000));
+ Token token4 = getTestToken("id-4", new Date(System.currentTimeMillis() + 10000));
+ Token token5 = getTestToken("id-5", new Date(System.currentTimeMillis() + 10000));
+ Token token6 = getTestToken("id-6", new Date(System.currentTimeMillis() + 10000));
+ Token token7 = getTestToken("id-7", new Date(System.currentTimeMillis() + 10000));
+
+ token1.setState(Token.ISSUED);
+ token2.setState(Token.ISSUED);
+ token3.setState(Token.ISSUED);
+ token4.setState(Token.RENEWED);
+ token5.setState(Token.RENEWED);
+ token6.setState(Token.EXPIRED);
+ token7.setState(Token.CANCELLED);
+
+ store.add(token1);
+ store.add(token2);
+ store.add(token3);
+ store.add(token4);
+ store.add(token5);
+ store.add(token6);
+ store.add(token7);
+
+ Token[] list = store.getValidTokens();
+ Token[] list2 = store.getExpiredTokens();
+ Token[] list3 = store.getRenewedTokens();
+ Token[] list4 = store.getCancelledTokens();
+
+ assertEquals("Incorrect number of valid tokens", 5, list.length);
+ assertEquals("Incorrect number of expired tokens", 1, list2.length);
+ assertEquals("Incorrect number of newed tokens", 2, list3.length);
+ assertEquals("Incorrect number of newed tokens", 1, list4.length);
+
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ private Token getTestToken(String tokenId) throws TrustException {
+ return getTestToken(tokenId, new Date());
+ }
+
+ private Token getTestToken(String tokenId, Date expiry) throws TrustException {
+ OMFactory factory = DOOMAbstractFactory.getOMFactory();
+ OMElement tokenEle = factory.createOMElement("testToken", "", "");
+ Token token = new Token(tokenId, tokenEle, new Date(), expiry);
+ token.setAttachedReference(tokenEle);
+ token.setPreviousToken(tokenEle);
+ token.setState(Token.ISSUED);
+ token.setSecret("Top secret!".getBytes());
+ return token;
+ }
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java b/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java
new file mode 100644
index 0000000..042713e
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public class TempIssuer implements TokenIssuer {
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(org.apache.axiom.om.OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationParamName(java.lang.String)
+ */
+ public void setConfigurationParamName(String configParamName) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#issue(org.apache.rahas.RahasData)
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#getResponseAction(org.apache.rahas.RahasData)
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java b/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java
new file mode 100644
index 0000000..44bbc2f
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import junit.framework.TestCase;
+
+public class TokenRequestDispatcherConfigTest extends TestCase {
+
+ public TokenRequestDispatcherConfigTest() {
+ super();
+ }
+
+ public TokenRequestDispatcherConfigTest(String arg0) {
+ super(arg0);
+ }
+
+ /**
+ * Testing a valid config file
+ */
+ public void testWithConfigFile() {
+ try {
+ TokenRequestDispatcherConfig config = TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.xml");
+
+ assertEquals("Incorrect default issuer class name",
+ "org.apache.rahas.TempIssuer", config
+ .getDefaultIssuerName());
+
+ TokenIssuer issuer = config
+ .getIssuer("http://example.org/mySpecialToken1");
+
+ assertEquals("Incorrect issuer for token type : "
+ + "http://example.org/mySpecialToken1", TempIssuer.class
+ .getName(), issuer.getClass().getName());
+
+ } catch (TrustException e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ /**
+ * Testing expected faliure when the default issuer is not specified
+ */
+ public void testInvalidCOnfigWithMissingDefaultIssuer() {
+ try {
+ TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.invalid.1.xml");
+ fail("This should fail since there's no default isser specified");
+ } catch (TrustException e) {
+ assertEquals("Incorrect error", TrustException.getMessage(
+ "defaultIssuerMissing", null), e.getMessage());
+ }
+ }
+
+ /**
+ * Testing expected faliure when the tokenType value is missing from a
+ * tokenType definition
+ */
+ public void testInvalidRequestTypeDef() {
+ try {
+ TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.invalid.2.xml");
+ fail("This should fail since there is an invalid " +
+ "requestType definition");
+ } catch (TrustException e) {
+ assertEquals("Incorrect error", TrustException.getMessage(
+ "invalidTokenTypeDefinition", new String[] { "Issuer",
+ TempIssuer.class.getName() }), e.getMessage());
+ }
+ }
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
new file mode 100644
index 0000000..ff949a9
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+import javax.xml.namespace.QName;
+
+import java.util.ArrayList;
+
+public class AsymmetricBindingBuilderTest extends MessageBuilderTestBase {
+//
+// public void testAsymmBinding() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingServerSide() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// ctx.setServerSide(true);
+// String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingWithSigDK() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-2-sig-dk.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingWithDK() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-3-dk.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingWithDKEncrBeforeSig() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+//
+// public void testAsymmBindingEncrBeforeSig() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-5-ebs.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+ public void testAsymmBindingTripleDesRSA15() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+ System.out.println(ctx.getEnvelope());
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingTripleDesRSA15DK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ System.out.println(ctx.getEnvelope());
+
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
new file mode 100644
index 0000000..59bc4d7
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.description.AxisMessage;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.ws.security.WSConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.FileInputStream;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+
+public class MessageBuilderTestBase extends TestCase {
+
+ public MessageBuilderTestBase() {
+ super();
+ }
+
+ public MessageBuilderTestBase(String arg0) {
+ super(arg0);
+ }
+
+ /**
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ protected MessageContext getMsgCtx() throws Exception {
+ MessageContext ctx = new MessageContext();
+
+ ctx.setConfigurationContext(new ConfigurationContext(new AxisConfiguration()));
+ AxisService axisService = new AxisService("TestService");
+ ServiceContext serviceContext = new ServiceContext(axisService,
+ new ServiceGroupContext(null, null));
+ ctx.setServiceContext(serviceContext);
+ ctx.setAxisService(axisService);
+ OutInAxisOperation outInAxisOperation = new OutInAxisOperation(new QName("http://rampart.org", "test"));
+ AxisMessage msg = new AxisMessage();
+ outInAxisOperation.addMessage(msg,WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ outInAxisOperation.addMessage(msg,WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+ ctx.setAxisOperation(outInAxisOperation);
+ ctx.setAxisMessage(msg);
+ Options options = new Options();
+ options.setAction("urn:testOperation");
+ ctx.setOptions(options);
+
+ XMLStreamReader reader =
+ XMLInputFactory.newInstance().
+ createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
+ ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
+ return ctx;
+ }
+
+ protected Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ protected void verifySecHeader(Iterator qnameList, SOAPEnvelope env) {
+ Iterator secHeaderChildren =
+ env.getHeader().
+ getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ WSConstants.WSSE_LN)).getChildElements();
+
+ while (secHeaderChildren.hasNext()) {
+ OMElement element = (OMElement) secHeaderChildren.next();
+ if (qnameList.hasNext()) {
+ if (!element.getQName().equals(qnameList.next())) {
+ fail("Incorrect Element" + element);
+ }
+ } else {
+ fail("Extra child in the security header: " + element.toString());
+ }
+ }
+
+ if (qnameList.hasNext()) {
+ fail("Incorrect number of children in the security header: " +
+ "next expected element" + qnameList.next().toString());
+ }
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java b/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
new file mode 100644
index 0000000..ef43f08
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TestCBHandler implements CallbackHandler {
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java
new file mode 100644
index 0000000..34d8c7d
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+import javax.xml.namespace.QName;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TransportBindingBuilderTest extends MessageBuilderTestBase {
+
+ public void testTransportBinding() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingNoBST() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-no-bst.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingWithDK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02,
+ ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingWithDKServerSide() {
+ try {
+ MessageContext ctx = getMsgCtx();
+ ctx.setServerSide(true);
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java
new file mode 100644
index 0000000..4f2ca7b
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import junit.framework.TestCase;
+
+public class InflowConfigurationTest extends TestCase {
+
+ public InflowConfigurationTest() {
+ super();
+ }
+
+ public InflowConfigurationTest(String name) {
+ super(name);
+ }
+
+ public void testGetProperty() {
+ String actionItems = "Timestamp Signature Encrypt";
+ String sigPropFile = "sig.properties";
+ String decPropFile = "enc.properties";
+ String pwcb = "org.apache.axis2.security.PWCallback";
+
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems(actionItems);
+ ifc.setSignaturePropFile(sigPropFile);
+ ifc.setDecryptionPropFile(decPropFile);
+ ifc.setPasswordCallbackClass(pwcb);
+
+ // Check whether the props are there
+ assertTrue("Action items missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ + actionItems + "</"
+ + WSSHandlerConstants.ACTION_ITEMS + ">"));
+
+ assertTrue("passwordCallbackClass missing", -1 < ifc.getProperty().getParameterElement()
+ .toString().indexOf(
+ "<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ + "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ + ">"));
+
+ assertTrue("sigPropFile missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ + sigPropFile + "</"
+ + WSHandlerConstants.SIG_PROP_FILE + ">"));
+
+ assertTrue("decPropFile missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.DEC_PROP_FILE + ">"
+ + decPropFile + "</"
+ + WSHandlerConstants.DEC_PROP_FILE + ">"));
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java
new file mode 100644
index 0000000..01f786a
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import junit.framework.TestCase;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+/**
+ * Tests the org.apache.axis2.security.handler.config.OutflowConfiguration
+ */
+public class OutflowConfigurationTest extends TestCase {
+
+ public OutflowConfigurationTest() {
+ super();
+ }
+
+ public OutflowConfigurationTest(String name) {
+ super(name);
+ }
+
+ /**
+ * This sets all the possible properties that can be set with
+ * the outflow configuration
+ */
+ public void testGetProperty() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ String actionItems = "Timestamp Signature Encrypt";
+ String user = "alice";
+ String pwcb = "org.apache.axis2.security.PWCallback";
+ String sigKeyId = "interop.properties";
+ String sigParts = "{Element}{http://schemas.xmlsoap.org/ws/2004/08/"
+ + "addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/"
+ + "2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
+ String optimizeParts = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+ String embeddedKeyCallbackClass = "org.apache.axis2.security.PWCallback";
+ String encrUser = "bob";
+ String samlPropFile = "saml.properties";
+ String sigPropFile = "sig.properties";
+ String encPropFile = "enc.properties";
+
+ // Setting the properties in the ofc
+ ofc.setActionItems(actionItems);
+ ofc.setUser(user);
+ ofc.setPasswordCallbackClass(pwcb);
+ ofc.setSignatureKeyIdentifier(sigKeyId);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts(sigParts);
+ ofc.setOptimizeParts(optimizeParts);
+ ofc.setEmbeddedKeyCallbackClass(embeddedKeyCallbackClass);
+ ofc.setEncryptionKeyTransportAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
+ ofc.setEncryptionSymAlgorithm(WSConstants.AES_128);
+ ofc.setEncryptionUser(encrUser);
+ ofc.setPasswordType(WSConstants.PW_DIGEST);
+ ofc.setSamlPropFile(samlPropFile);
+ ofc.setSignaturePropFile(sigPropFile);
+ ofc.setEncryptionPropFile(encPropFile);
+
+ // Check whether the props are there
+ assertTrue("Action items missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ + actionItems + "</"
+ + WSSHandlerConstants.ACTION_ITEMS + ">"));
+
+ assertTrue("User missing", -1 < ofc.getProperty().getParameterElement().toString().indexOf(
+ "<" + WSHandlerConstants.USER + ">" + user + "</"
+ + WSHandlerConstants.USER + ">"));
+
+ assertTrue("passwordCallbackClass missing", -1 < ofc.getProperty().getParameterElement()
+ .toString().indexOf(
+ "<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ + "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ + ">"));
+
+ assertTrue("sigKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_KEY_ID + ">" + sigKeyId
+ + "</" + WSHandlerConstants.SIG_KEY_ID + ">"));
+
+ assertTrue("encKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_KEY_ID + ">"
+ + WSSHandlerConstants.SKI_KEY_IDENTIFIER + "</"
+ + WSHandlerConstants.ENC_KEY_ID + ">"));
+
+ assertTrue("signature parts missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIGNATURE_PARTS + ">"
+ + sigParts + "</"
+ + WSHandlerConstants.SIGNATURE_PARTS + ">"));
+
+ assertTrue("optimize parts missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.OPTIMIZE_PARTS + ">"
+ + optimizeParts + "</"
+ + WSSHandlerConstants.OPTIMIZE_PARTS + ">"));
+
+ assertTrue("EmbeddedKeyCallbackClass missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"
+ + embeddedKeyCallbackClass + "</"
+ + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"));
+
+ assertTrue("encryptionKeyTransportAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"
+ + WSConstants.KEYTRANSPORT_RSA15 + "</"
+ + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"));
+
+ assertTrue("encryptionSymAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_SYM_ALGO + ">"
+ + WSConstants.AES_128 + "</"
+ + WSHandlerConstants.ENC_SYM_ALGO + ">"));
+
+ assertTrue("encrUser missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENCRYPTION_USER + ">"
+ + encrUser + "</"
+ + WSHandlerConstants.ENCRYPTION_USER + ">"));
+
+ assertTrue("passwordType missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.PASSWORD_TYPE + ">"
+ + WSConstants.PW_DIGEST + "</"
+ + WSHandlerConstants.PASSWORD_TYPE + ">"));
+
+ assertTrue("samlPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SAML_PROP_FILE + ">"
+ + samlPropFile + "</"
+ + WSHandlerConstants.SAML_PROP_FILE + ">"));
+
+ assertTrue("sigPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ + sigPropFile + "</"
+ + WSHandlerConstants.SIG_PROP_FILE + ">"));
+ assertTrue("encPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_PROP_FILE + ">"
+ + encPropFile + "</"
+ + WSHandlerConstants.ENC_PROP_FILE + ">"));
+ }
+
+ /**
+ * This tests multiple action configurations
+ */
+ public void testMultipleActions() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ String actionItems1 = "Timestamp Signature Encrypt";
+ String user1 = "alice";
+
+ String actionItems2 = "Signature Encrypt Timestamp";
+ String user2 = "alice2";
+
+ ofc.setActionItems(actionItems1);
+ ofc.setUser(user1);
+
+ ofc.nextAction();
+
+ ofc.setActionItems(actionItems2);
+ ofc.setUser(user2);
+
+ assertEquals("Action items mismatch", actionItems2, ofc.getActionItems());
+ assertEquals("Action items mismatch", user2, ofc.getUser());
+
+ ofc.previousAction();
+
+ assertEquals("Action items mismatch", actionItems1, ofc.getActionItems());
+ assertEquals("Action items mismatch", user1, ofc.getUser());
+
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
new file mode 100644
index 0000000..db78554
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+import javax.xml.namespace.QName;
+
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+public class RampartPolicyTest extends TestCase {
+
+ public final static QName RAMPART_CONFIG_NAME = new QName(RampartConfig.NS,RampartConfig.RAMPART_CONFIG_LN);
+ public final static QName CRYPTO_CONFIG_NAME = new QName(RampartConfig.NS,CryptoConfig.CRYPTO_LN);
+
+ public void testLoadPolicy() {
+ try {
+ String xmlPath = "test-resources/policy/rampart-policy-1.xml";
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+
+ OMElement elem = builder.getDocumentElement();
+
+ Policy policy = PolicyEngine.getPolicy(elem);
+
+ Assertion assertion = (Assertion)policy.getAssertions().get(0);
+
+ assertEquals("Incorrect namespace in RampartConfig",
+ RAMPART_CONFIG_NAME.getNamespaceURI(), assertion.getName()
+ .getNamespaceURI());
+ assertEquals("Incorrect localname in RampartConfig",
+ RAMPART_CONFIG_NAME.getLocalPart(), assertion.getName()
+ .getLocalPart());
+
+ RampartConfig config = (RampartConfig) assertion;
+ CryptoConfig sigCryptoConfig = config.getSigCryptoConfig();
+
+ assertNotNull("Signature Crypto missing", sigCryptoConfig);
+
+ assertEquals("Incorrect namespace in SignatureCrypto",
+ CRYPTO_CONFIG_NAME.getNamespaceURI(), sigCryptoConfig
+ .getName().getNamespaceURI());
+ assertEquals("Incorrect localname in SignatureCrypto",
+ CRYPTO_CONFIG_NAME.getLocalPart(), sigCryptoConfig.getName()
+ .getLocalPart());
+
+ assertEquals("Incorrect provider value",
+ "org.apache.ws.security.components.crypto.Merlin",
+ sigCryptoConfig.getProvider());
+
+ Properties prop = sigCryptoConfig.getProp();
+ assertEquals("Incorrect number of properties", 3, prop.size());
+
+ assertEquals("Incorrect property value", "JKS", prop
+ .getProperty("keystoreType"));
+ assertEquals("Incorrect property value", "/path/to/file.jks", prop
+ .getProperty("keystoreFile"));
+ assertEquals("Incorrect property value", "password", prop
+ .getProperty("keystorePassword"));
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
new file mode 100644
index 0000000..866e780
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.ws.secpolicy.Constants;
+
+import java.util.Iterator;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+public class SecpolicyModelTest extends TestCase {
+
+
+ public void testSymmBinding() {
+ try {
+ Policy p = this.getPolicy("test-resources/policy-symm-binding.xml");
+ List assertions = (List)p.getAlternatives().next();
+
+ boolean symmBindingFound = false;
+
+ for (Iterator iter = assertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if(assertion instanceof SymmetricBinding) {
+ symmBindingFound = true;
+ SymmetricBinding binding = (SymmetricBinding)assertion;
+ assertEquals("IncludeTimestamp assertion not processed", true, binding.isIncludeTimestamp());
+
+ ProtectionToken protectionToken = binding.getProtectionToken();
+ assertNotNull("ProtectionToken missing", protectionToken);
+
+ Token token = protectionToken.getProtectionToken();
+ if(token instanceof X509Token) {
+ assertEquals("incorrect X509 token versin and type",
+ Constants.WSS_X509_V3_TOKEN10,
+ ((X509Token) token).getTokenVersionAndType());
+ } else {
+ fail("ProtectionToken must contain a X509Token assertion");
+ }
+
+ }
+ }
+ //The Asymm binding mean is not built in the policy processing :-(
+ assertTrue("SymmetricBinding not porcessed", symmBindingFound);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBinding() {
+ try {
+ this.getPolicy("test-resources/policy-asymm-binding.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBinding() {
+ try {
+ this.getPolicy("test-resources/policy-transport-binding.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private Policy getPolicy(String filePath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(filePath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(elem);
+ }
+}
diff --git a/modules/rampart-tests/test-resources/PWCallback.java b/modules/rampart-tests/test-resources/PWCallback.java
new file mode 100644
index 0000000..df9d4de
--- /dev/null
+++ b/modules/rampart-tests/test-resources/PWCallback.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/modules/rampart-tests/test-resources/axis2.xml b/modules/rampart-tests/test-resources/axis2.xml
new file mode 100644
index 0000000..7d978b4
--- /dev/null
+++ b/modules/rampart-tests/test-resources/axis2.xml
@@ -0,0 +1,97 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+
+ <!-- This is only till we get the service specific parameters fixed in service.xml -->
+ <parameter name="InAction" locked="false">UsernameToken</parameter>
+ <parameter name="passwordCallbackClass" locked="false">
+ org.apache.axis2.security.PWCallback</parameter>
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <module ref="security"/>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-tests/test-resources/keys/interop2.jks b/modules/rampart-tests/test-resources/keys/interop2.jks
new file mode 100644
index 0000000..a7d1a3f
--- /dev/null
+++ b/modules/rampart-tests/test-resources/keys/interop2.jks
Binary files differ
diff --git a/modules/rampart-tests/test-resources/policy-asymm-binding.xml b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
new file mode 100644
index 0000000..aae3ea5
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
@@ -0,0 +1,46 @@
+<wsp:Policy wsu:Id="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy-symm-binding.xml b/modules/rampart-tests/test-resources/policy-symm-binding.xml
new file mode 100644
index 0000000..de8bd5b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy-symm-binding.xml
@@ -0,0 +1,53 @@
+<wsp:Policy wsu:Id="3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy-transport-binding.xml b/modules/rampart-tests/test-resources/policy-transport-binding.xml
new file mode 100644
index 0000000..a74b444
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy-transport-binding.xml
@@ -0,0 +1,43 @@
+<wsp:Policy wsu:Id="2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml
new file mode 100644
index 0000000..2f3e7a3
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml
@@ -0,0 +1,50 @@
+
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+<sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
+ </wsp:Policy> </sp:RecipientToken>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptBeforeSigning />
+ <sp:EncryptSignature />
+ <sp:ProtectTokens />
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:RequireSignatureConfirmation />
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:Policy>
+
+
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml
new file mode 100644
index 0000000..fb32250
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml
@@ -0,0 +1,43 @@
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+<sp:SymmetricBinding>
+<wsp:Policy>
+<sp:ProtectionToken>
+<wsp:Policy>
+<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+</wsp:Policy>
+</sp:ProtectionToken>
+<sp:AlgorithmSuite>
+<wsp:Policy>
+<sp:Basic256 />
+</wsp:Policy>
+</sp:AlgorithmSuite>
+<sp:Layout>
+<wsp:Policy>
+<sp:Strict />
+</wsp:Policy>
+</sp:Layout>
+<sp:IncludeTimestamp />
+<sp:EncryptBeforeSigning />
+<sp:EncryptSignature />
+<sp:ProtectTokens />
+<sp:SignedSupportingTokens>
+<wsp:Policy>
+<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+</wsp:Policy>
+</sp:SignedSupportingTokens>
+<!--<sp:SignedEndorsingSupportingTokens>
+<wsp:Policy>
+<sp:X509V3Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/IncludeToken/Once" />
+</wsp:Policy>
+</sp:SignedEndorsingSupportingTokens> -->
+</wsp:Policy>
+</sp:SymmetricBinding>
+<sp:Wss11>
+<wsp:Policy>
+<sp:RequireSignatureConfirmation />
+</wsp:Policy>
+</sp:Wss11>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml b/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml
new file mode 100644
index 0000000..3074acf
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml
@@ -0,0 +1,19 @@
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+
+ <!-- Example Message Policy -->
+
+ <sp:SignedParts>
+ <sp:Header Name="Header1" Namespace="uri:namespace_1" />
+ <sp:Header Name="Header2" Namespace="uri:namespace_2" />
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts>
+ <sp:Header Name="Header2" Namespace="uri:namespace_2" />
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ </wsp:Policy>
+
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
new file mode 100644
index 0000000..3930028
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
new file mode 100644
index 0000000..b2102da
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
new file mode 100644
index 0000000..8d648b2
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
@@ -0,0 +1,77 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
new file mode 100644
index 0000000..55cbb13
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
@@ -0,0 +1,85 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
new file mode 100644
index 0000000..db23288
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
@@ -0,0 +1,81 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:EncryptBeforeSigning />
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
new file mode 100644
index 0000000..735d8c5
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
new file mode 100644
index 0000000..7adeceb
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml b/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
new file mode 100644
index 0000000..5f1e907
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
@@ -0,0 +1,15 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
new file mode 100644
index 0000000..f84ada7
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
@@ -0,0 +1,68 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
new file mode 100644
index 0000000..a9c407b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
new file mode 100644
index 0000000..0ba03af
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/soapmessage.xml b/modules/rampart-tests/test-resources/policy/soapmessage.xml
new file mode 100644
index 0000000..1080754
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/soapmessage.xml
@@ -0,0 +1,57 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:axis2="http://ws.apache.org/namespaces/axis2">
+ <soapenv:Header xmlns:fabrikam="http://example.com/fabrikam">
+ <wsa:MessageID soapenv:mustUnderstand="0">
+ uuid:920C5190-0B8F-11D9-8CED-F22EDEEBF7E5</wsa:MessageID>
+ <wsa:To soapenv:mustUnderstand="0">http://localhost:8081/axis/services/BankPort</wsa:To>
+ <wsa:From axis2:AttrExt="123456789" soapenv:mustUnderstand="0" >
+ <wsa:Address>
+ http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:From>
+ <wsa:Action>http://ws.apache.org/tests/action</wsa:Action>
+ <wsa:ReplyTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/acct</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:ReplyTo>
+
+ <wsa:FaultTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/fault</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:FaultTo>
+ <wsa:RelatesTo>http://some.previous.message</wsa:RelatesTo>
+ <wsa:RelatesTo RelationshipType="axis2:some.custom.relationship">http://identifier.of.other.message/</wsa:RelatesTo>
+
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns1:getBalance soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:ns1="http://localhost:8081/axis/services/BankPort">
+ <accountNo href="#id0"/>
+ </ns1:getBalance>
+ <multiRef id="id0" soapenc:root="0"
+ soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xsi:type="xsd:int" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
+ 1001</multiRef>
+ </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml
new file mode 100644
index 0000000..74887ea
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer">
+ <tokenType>http://example.org/mySpecialToken1</tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml
new file mode 100644
index 0000000..87f6844
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer" default="true">
+ <tokenType></tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-tests/test-resources/trust/dispatcher.config.xml b/modules/rampart-tests/test-resources/trust/dispatcher.config.xml
new file mode 100644
index 0000000..1c8dea1
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/dispatcher.config.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer" default="true">
+ <tokenType>http://example.org/mySpecialToken1</tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml b/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml
new file mode 100644
index 0000000..f0a5238
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml
@@ -0,0 +1,4 @@
+<sct-issuer-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+</sct-issuer-config>
diff --git a/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties b/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-tests/test-resources/trust/impl/sts-services.xml b/modules/rampart-tests/test-resources/trust/impl/sts-services.xml
new file mode 100644
index 0000000..d3a489b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sts-services.xml
@@ -0,0 +1,29 @@
+<!-- Security token service configuration -->
+<service name="STS">
+
+ <operation name="RequestSecurityToken">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+ </operation>
+
+ <!-- Using the config file -->
+ <parameter name="token-dispatcher-configuration-file">token-dispatcher-configuration.xml</parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-tests/test-resources/trust/impl/sts.jks b/modules/rampart-tests/test-resources/trust/impl/sts.jks
new file mode 100644
index 0000000..b4514d7
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sts.jks
Binary files differ
diff --git a/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml b/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml
new file mode 100644
index 0000000..b3ca9ea
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration-file>sct-issuer-config.xml</configuration-file>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-trust-mar/module.xml b/modules/rampart-trust-mar/module.xml
new file mode 100644
index 0000000..f95ea19
--- /dev/null
+++ b/modules/rampart-trust-mar/module.xml
@@ -0,0 +1,41 @@
+<module name="rahas">
+ <Description>This module is used to STS enable a service where it adds
+ the RequestSecurityToken operation to a service that the module is engaged to</Description>
+
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+
+ <operation name="RequestSecurityToken" mep="http://www.w3.org/2006/01/wsdl/in-out">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ <parameter name="token-dispatcher-configuration">
+ <token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="parameter">sct-issuer-config</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="parameter">token-canceler-config</configuration>
+ </canceler>
+
+ </token-dispatcher-configuration>
+ </parameter>
+
+ </operation>
+
+</module>
diff --git a/modules/rampart-trust-mar/pom.xml b/modules/rampart-trust-mar/pom.xml
new file mode 100644
index 0000000..a3c42c3
--- /dev/null
+++ b/modules/rampart-trust-mar/pom.xml
@@ -0,0 +1,105 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <packaging>mar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Trust-Mar</name>
+
+ <scm>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.2</version>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>apache-m2</id>
+ <name>Apache M2 Repository</name>
+ <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Snapshots Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
diff --git a/modules/rampart-trust/pom.xml b/modules/rampart-trust/pom.xml
new file mode 100644
index 0000000..ccfbb97
--- /dev/null
+++ b/modules/rampart-trust/pom.xml
@@ -0,0 +1,63 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.21</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-trust</artifactId>
+ <packaging>jar</packaging>
+ <version>1.21</version>
+ <name>Rampart - Trust</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/*.xml</include>
+ <include>**/*.xsl</include>
+ </includes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
new file mode 100644
index 0000000..6dd1901
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+
+public class RahasConstants {
+
+ public final static int VERSION_05_02 = 1;
+ public final static int VERSION_05_12 = 2;
+
+ /**
+ * WS-Trust 2005 Feb namespace
+ */
+ public final static String WST_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+
+ /**
+ * WS-SX Namespace
+ */
+ public final static String WST_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+
+ public final static String WST_PREFIX = "wst";
+
+ public final static String WSP_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+ public final static String WSP_PREFIX = "wsp";
+
+ public static class LocalNames {
+ public static final String REQUEST_SECURITY_TOKEN = "RequestSecurityToken";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE = "RequestSecurityTokenResponse";
+ public static final String REQUEST_TYPE = "RequestType";
+ public static final String TOKEN_TYPE = "TokenType";
+ public static final String REQUESTED_PROOF_TOKEN = "RequestedProofToken";
+ public static final String
+ REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION = "RequestSecurityTokenResponseCollection";
+ public final static String BINARY_SECRET = "BinarySecret";
+ }
+
+ public static class IssuanceBindingLocalNames {
+ public static final String REQUESTED_SECURITY_TOKEN = "RequestedSecurityToken";
+ public static final String COMPUTED_KEY_ALGO = "ComputedKeyAlgorithm";
+ public static final String COMPUTED_KEY = "ComputedKey";
+ public static final String REQUESTED_ATTACHED_REFERENCE = "RequestedAttachedReference";
+ public static final String REQUESTED_UNATTACHED_REFERENCE = "RequestedUnattachedReference";
+ public static final String KEY_SIZE = "KeySize";
+ public static final String KEY_TYPE = "KeyType";
+ public static final String ENTROPY = "Entropy";
+ public static final String APPLIES_TO = "AppliesTo";
+ public static final String LIFETIME = "Lifetime";
+ public static final String CLAIMS = "Claims";
+
+ }
+
+ public static class CancelBindingLocalNames {
+ public static final String REQUESTED_TOKEN_CANCELED = "RequestedTokenCancelled";
+ public static final String CANCEL_TARGET = "CancelTarget";
+ public static final String URI = "URI";
+ }
+
+ //Key types
+ public static final String KEY_TYPE_SYMM_KEY = "/SymmetricKey";
+ public static final String KEY_TYPE_PUBLIC_KEY = "/PublicKey";
+ public static final String KEY_TYPE_BEARER = "/Bearer";
+
+ //Attr values
+ public static final String BIN_SEC_TYPE_NONCE = "/Nonce";
+
+ //ComputedKey algos
+ public static final String COMPUTED_KEY_PSHA1 = "/CK/PSHA1";
+
+ // RequestTypes
+ public static final String REQ_TYPE_ISSUE = "/Issue";
+ public static final String REQ_TYPE_VALIDATE = "/Validate";
+ public static final String REQ_TYPE_RENEW = "/Renew";
+ public static final String REQ_TYPE_CANCEL = "/Cancel";
+
+ //RST actions
+ public static final String RST_ACTION_ISSUE = "/RST" + REQ_TYPE_ISSUE;
+ public static final String RST_ACTION_VALIDATE = "/RST" + REQ_TYPE_VALIDATE;
+ public static final String RST_ACTION_RENEW = "/RST" + REQ_TYPE_RENEW;
+ public static final String RST_ACTION_CANCEL = "/RST" + REQ_TYPE_CANCEL;
+ public static final String RST_ACTION_SCT = "/RST/SCT";
+ public static final String RST_ACTION_CANCEL_SCT = "/RST/SCT" + REQ_TYPE_CANCEL;
+
+ //RSTR actions
+ public static final String RSTR_ACTION_ISSUE = "/RSTR" + REQ_TYPE_ISSUE;
+ public static final String RSTR_ACTION_VALIDATE = "/RSTR" + REQ_TYPE_VALIDATE;
+ public static final String RSTR_ACTION_RENEW = "/RSTR" + REQ_TYPE_RENEW;
+ public static final String RSTR_ACTION_CANCEL = "/RSTR" + REQ_TYPE_CANCEL;
+ public static final String RSTR_ACTION_SCT = "/RSTR/SCT";
+ public static final String RSTR_ACTION_CANCEL_SCT = "/RSTR/SCT" + REQ_TYPE_CANCEL;
+
+ //Token types
+ public static final String TOK_TYPE_SAML_10 = "http://docs.oasis-open.org/wss/" +
+ "oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+
+ //Attrs
+ public static final String ATTR_TYPE = "Type";
+ public static final String ATTR_CLAIMS_DIALECT = "Dialect";
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
new file mode 100644
index 0000000..bab7f1c
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -0,0 +1,455 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import javax.xml.namespace.QName;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+/**
+ * Common data items on WS-Trust request messages
+ */
+public class RahasData {
+
+ private MessageContext inMessageContext;
+
+ private OMElement rstElement;
+
+ private int version = -1;
+
+ private String wstNs;
+
+ private String requestType;
+
+ private String tokenType;
+
+ private int keysize = -1;
+
+ private String computedKeyAlgo;
+
+ private String keyType;
+
+ private String appliesToAddress;
+
+ private Principal principal;
+
+ private X509Certificate clientCert;
+
+ private byte[] ephmeralKey;
+
+ private byte[] requestEntropy;
+
+ private byte[] responseEntropy;
+
+ private String addressingNs;
+
+ private String soapNs;
+
+ private OMElement claimElem;
+
+ private String claimDialect;
+ /**
+ * Create a new RahasData instance and populate it with the information from
+ * the request.
+ *
+ * @throws TrustException <code>RequestSecurityToken</code> element is invalid.
+ */
+ public RahasData(MessageContext inMessageContext) throws TrustException {
+
+ this.inMessageContext = inMessageContext;
+
+ //Check for an authenticated Principal
+ this.processWSS4JSecurityResults();
+
+ // Find out the incoming addressing version
+ this.addressingNs = (String) this.inMessageContext
+ .getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+
+ this.rstElement = this.inMessageContext.getEnvelope().getBody()
+ .getFirstElement();
+
+ this.soapNs = this.inMessageContext.getEnvelope().getNamespace()
+ .getNamespaceURI();
+
+ this.wstNs = this.rstElement.getNamespace().getNamespaceURI();
+
+ int ver = TrustUtil.getWSTVersion(this.wstNs);
+
+ if (ver == -1) {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ } else {
+ this.version = ver;
+ }
+
+ this.processRequestType();
+
+ this.processTokenType();
+
+ this.processKeyType();
+
+ this.processKeySize();
+
+ this.processAppliesTo();
+
+ this.processEntropy();
+
+ this.processClaims();
+
+ }
+
+ /**
+ * Processes the authenticated user information from the WSS4J security
+ * resutls.
+ *
+ * @throws TrustException
+ */
+ private void processWSS4JSecurityResults() throws TrustException {
+
+ /*
+ * User can be identifier using a UsernameToken or a certificate - If a
+ * certificate is found then we use that to - identify the user and -
+ * encrypt the response (if required) - If a UsernameToken is found then
+ * we will not be encrypting the response
+ */
+
+ Vector results;
+ if ((results = (Vector) this.inMessageContext
+ .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ } else {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ if (wser.getAction() == WSConstants.SIGN
+ && wser.getPrincipal() != null) {
+ this.clientCert = wser.getCertificate();
+ this.principal = wser.getPrincipal();
+ } else if (wser.getAction() == WSConstants.UT
+ && wser.getPrincipal() != null) {
+ this.principal = wser.getPrincipal();
+ }
+ }
+ }
+ // If the principal is missing
+ if (principal == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ }
+ }
+ }
+
+ private void processAppliesTo() throws TrustException {
+
+ OMElement appliesToElem = this.rstElement
+ .getFirstChildWithName(new QName(RahasConstants.WSP_NS,
+ RahasConstants.IssuanceBindingLocalNames.
+ APPLIES_TO));
+
+ if (appliesToElem != null) {
+ OMElement eprElem = appliesToElem.getFirstElement();
+ // If there were no addressing headers
+ // The find the addressing version using the EPR element
+ if (this.addressingNs == null) {
+ this.addressingNs = eprElem.getNamespace()
+ .getNamespaceURI();
+ }
+
+ if (eprElem != null) {
+ OMElement addrElem = eprElem
+ .getFirstChildWithName(new QName(
+ this.addressingNs,
+ AddressingConstants.EPR_ADDRESS));
+ if (addrElem != null && addrElem.getText() != null
+ && !"".equals(addrElem.getText().trim())) {
+ this.appliesToAddress = addrElem.getText().trim();
+ } else {
+ throw new TrustException("invalidAppliesToElem");
+ }
+ } else {
+ throw new TrustException("invalidAppliesToElem");
+ }
+ }
+ }
+
+ private void processRequestType() throws TrustException {
+ OMElement reqTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.REQUEST_TYPE));
+
+ if (reqTypeElem == null ||
+ reqTypeElem.getText() == null ||
+ reqTypeElem.getText().trim().length() == 0) {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ } else {
+ this.requestType = reqTypeElem.getText().trim();
+ }
+ }
+
+ private void processTokenType() {
+ OMElement tokTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.TOKEN_TYPE));
+
+ if (tokTypeElem != null && tokTypeElem.getText() != null
+ && !"".equals(tokTypeElem.getText().trim())) {
+ this.tokenType = tokTypeElem.getText().trim();
+ }
+ }
+
+ /**
+ * Find the value of the KeyType element of the RST
+ */
+ private void processKeyType() {
+ OMElement keyTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.KEY_TYPE));
+ if (keyTypeElem != null) {
+ String text = keyTypeElem.getText();
+ if (text != null && !"".equals(text.trim())) {
+ this.keyType = text.trim();
+ }
+ }
+ }
+
+ /**
+ * Finds the KeySize and creates an empty ephmeral key.
+ *
+ * @throws TrustException
+ */
+ private void processKeySize() throws TrustException {
+ OMElement keySizeElem =
+ this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.
+ KEY_SIZE));
+ if (keySizeElem != null) {
+ String text = keySizeElem.getText();
+ if (text != null && !"".equals(text.trim())) {
+ try {
+ //Set key size
+ this.keysize = Integer.parseInt(text.trim());
+
+ //Create an empty array to hold the key
+ this.ephmeralKey = new byte[this.keysize];
+ } catch (NumberFormatException e) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[]{"invalid wst:Keysize value"}, e);
+ }
+ }
+ }
+ this.keysize = -1;
+ }
+
+ /**
+ * Processes a claims.
+ *
+ */
+ private void processClaims() throws TrustException{
+ claimElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.CLAIMS));
+
+ if(claimElem != null){
+ claimDialect = claimElem.getAttributeValue(new QName(this.wstNs,
+ RahasConstants.ATTR_CLAIMS_DIALECT));
+ if(claimDialect == null){
+ throw new TrustException(
+ "Without the Dialect Attribute Claims can't be processed");
+ }
+ }
+
+ }
+
+ /**
+ * Process wst:Entropy element in the request.
+ */
+ private void processEntropy() throws TrustException {
+ OMElement entropyElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.ENTROPY));
+
+ if (entropyElem != null) {
+ OMElement binSecElem = entropyElem.getFirstElement();
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText())) {
+ this.requestEntropy = Base64.decode(binSecElem.getText());
+ } else {
+ throw new TrustException("malformedEntropyElement",
+ new String[]{entropyElem.toString()});
+ }
+
+ }
+ }
+
+ /**
+ * @return Returns the appliesToAddress.
+ */
+ public String getAppliesToAddress() {
+ return appliesToAddress;
+ }
+
+ /**
+ * @return Returns the clientCert.
+ */
+ public X509Certificate getClientCert() {
+ return clientCert;
+ }
+
+ /**
+ * @return Returns the computedKeyAlgo.
+ */
+ public String getComputedKeyAlgo() {
+ return computedKeyAlgo;
+ }
+
+ /**
+ * @return Returns the ephmeralKey.
+ */
+ public byte[] getEphmeralKey() {
+ return ephmeralKey;
+ }
+
+ /**
+ * @return Returns the inMessageContext.
+ */
+ public MessageContext getInMessageContext() {
+ return inMessageContext;
+ }
+
+ /**
+ * @return Returns the keysize.
+ */
+ public int getKeysize() {
+ return keysize;
+ }
+
+ /**
+ * @return Returns the keyType.
+ */
+ public String getKeyType() {
+ return keyType;
+ }
+
+ /**
+ * @return Returns the principal.
+ */
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ /**
+ * @return Returns the requestEntropy.
+ */
+ public byte[] getRequestEntropy() {
+ return requestEntropy;
+ }
+
+ /**
+ * @return Returns the requestType.
+ */
+ public String getRequestType() {
+ return requestType;
+ }
+
+ /**
+ * @return Returns the responseEntropy.
+ */
+ public byte[] getResponseEntropy() {
+ return responseEntropy;
+ }
+
+ /**
+ * @return Returns the rstElement.
+ */
+ public OMElement getRstElement() {
+ return rstElement;
+ }
+
+ /**
+ * @return Returns the tokenType.
+ */
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ /**
+ * @return Returns the version.
+ */
+ public int getVersion() {
+ return version;
+ }
+
+ /**
+ * @return Returns the addressingNs.
+ */
+ public String getAddressingNs() {
+ return addressingNs;
+ }
+
+ /**
+ * @return Returns the wstNs.
+ */
+ public String getWstNs() {
+ return wstNs;
+ }
+
+ /**
+ * @return Returns the soapNs.
+ */
+ public String getSoapNs() {
+ return soapNs;
+ }
+
+ /**
+ * @param responseEntropy The responseEntropy to set.
+ */
+ public void setResponseEntropy(byte[] responseEntropy) {
+ this.responseEntropy = responseEntropy;
+ }
+
+ /**
+ * @param ephmeralKey The ephmeralKey to set.
+ */
+ public void setEphmeralKey(byte[] ephmeralKey) {
+ this.ephmeralKey = ephmeralKey;
+ }
+
+ public String getClaimDialect() {
+ return claimDialect;
+ }
+
+ public OMElement getClaimElem() {
+ return claimElem;
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java b/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java
new file mode 100644
index 0000000..bf201f8
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.receivers.AbstractInOutSyncMessageReceiver;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class STSMessageReceiver extends AbstractInOutSyncMessageReceiver {
+
+ private static final Log log = LogFactory.getLog(STSMessageReceiver.class);
+
+ public void invokeBusinessLogic(MessageContext inMessage,
+ MessageContext outMessage) throws AxisFault {
+
+ try {
+ Parameter param = inMessage
+ .getParameter(TokenRequestDispatcherConfig.CONFIG_PARAM_KEY);
+ Parameter paramFile = inMessage
+ .getParameter(TokenRequestDispatcherConfig.CONFIG_FILE_KEY);
+ TokenRequestDispatcher dispatcher = null;
+ if (param != null) {
+ dispatcher = new TokenRequestDispatcher(param
+ .getParameterElement().getFirstChildWithName(
+ new QName("token-dispatcher-configuration")));
+ } else if (paramFile != null) {
+ dispatcher = new TokenRequestDispatcher((String) paramFile
+ .getValue());
+ } else {
+ dispatcher = new TokenRequestDispatcher(
+ (OMElement) inMessage
+ .getProperty(TokenRequestDispatcherConfig.CONFIG_PARAM_KEY));
+ }
+
+ if(dispatcher != null) {
+ SOAPEnvelope responseEnv = dispatcher.handle(inMessage, outMessage);
+ outMessage.setEnvelope(responseEnv);
+ } else {
+ throw new TrustException("missingDispatcherConfiguration");
+ }
+ } catch (TrustException e) {
+ e.printStackTrace();
+ //Log the exception
+ log.error(e);
+ throw new AxisFault(e.getFaultString(), e.getFaultCode());
+ }
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
new file mode 100644
index 0000000..c1095dd
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+
+import javax.xml.namespace.QName;
+
+import java.util.List;
+import java.util.Map;
+import java.util.ArrayList;
+import java.util.Hashtable;
+import java.util.Iterator;
+
+/**
+ * In-memory implementation of the token storage
+ */
+public class SimpleTokenStore implements TokenStorage {
+
+ protected Map tokens = new Hashtable();
+
+ public void add(Token token) throws TrustException {
+ if (token != null && !"".equals(token.getId()) &&
+ token.getId() != null) {
+ if (this.tokens.keySet().size() == 0
+ || (this.tokens.keySet().size() > 0 && !this.tokens
+ .keySet().contains(token.getId()))) {
+ tokens.put(token.getId(), token);
+ } else {
+ throw new TrustException("tokenAlreadyExists",
+ new String[]{token.getId()});
+ }
+
+ }
+ }
+
+ public void update(Token token) throws TrustException {
+ if (token != null && token.getId() != null && token.getId().trim().length() != 0) {
+
+ if (!this.tokens.keySet().contains(token.getId())) {
+ throw new TrustException("noTokenToUpdate", new String[]{token.getId()});
+ }
+ this.tokens.put(token.getId(), token);
+ }
+ }
+
+ public String[] getTokenIdentifiers() throws TrustException {
+ List identifiers = new ArrayList();
+ for (Iterator iterator = tokens.keySet().iterator(); iterator.hasNext();) {
+ identifiers.add(iterator.next());
+ }
+ return (String[]) identifiers.toArray(new String[identifiers.size()]);
+ }
+
+ public Token[] getValidTokens() throws TrustException {
+ return getTokens(new int[]{Token.ISSUED, Token.RENEWED});
+ }
+
+ public Token[] getRenewedTokens() throws TrustException {
+ return getTokens(Token.RENEWED);
+ }
+
+
+ public Token[] getCancelledTokens() throws TrustException {
+ return getTokens(Token.CANCELLED);
+ }
+
+ public Token[] getExpiredTokens() throws TrustException {
+ return getTokens(Token.EXPIRED);
+ }
+
+ private Token[] getTokens(int[] states) throws TrustException {
+ processTokenExpiry();
+ List tokens = new ArrayList();
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ for (int i = 0; i < states.length; i++) {
+ if (token.getState() == states[i]) {
+ tokens.add(token);
+ break;
+ }
+ }
+ }
+ return (Token[]) tokens.toArray(new Token[tokens.size()]);
+ }
+
+ private Token[] getTokens(int state) throws TrustException {
+ processTokenExpiry();
+ List tokens = new ArrayList();
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ if (token.getState() == state) {
+ tokens.add(token);
+ }
+ }
+ return (Token[]) tokens.toArray(new Token[tokens.size()]);
+ }
+
+ public Token getToken(String id) throws TrustException {
+ processTokenExpiry();
+ Token token = (Token) this.tokens.get(id);
+
+ if(token == null) {
+ //Try the unattached refs
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token tempToken = (Token) iterator.next();
+ OMElement elem = tempToken.getAttachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ token = tempToken;
+ }
+ elem = tempToken.getUnattachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ token = tempToken;
+ }
+
+ }
+ }
+
+
+ return token;
+ }
+
+ protected void processTokenExpiry() throws TrustException {
+ for (Iterator iterator = tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ if (token.getExpires() != null &&
+ token.getExpires().getTime() < System.currentTimeMillis()) {
+ token.setState(Token.EXPIRED);
+ update(token);
+ }
+ }
+ }
+
+ private String getIdFromSTR(OMElement str) {
+// ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = str.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI")).substring(1);
+ } else {
+ return null;
+ }
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
new file mode 100644
index 0000000..5262aa8
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
@@ -0,0 +1,313 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+
+import javax.xml.namespace.QName;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Properties;
+
+/**
+ * This represents a security token which can have either one of 4 states.
+ * <ul>
+ * <li>ISSUED</li>
+ * <li>EXPIRED</li>
+ * <li>CACELLED</li>
+ * <li>RENEWED</li>
+ * </ul>
+ * Also this holds the <code>OMElement</code>s representing the token in its
+ * present state and the previous state.
+ *
+ * These tokens are stired using the storage mechanism provided via the
+ * <code>TokenStorage</code> interface.
+ * @see org.apache.rahas.TokenStorage
+ */
+public class Token {
+
+ public final static int ISSUED = 1;
+ public final static int EXPIRED = 2;
+ public final static int CANCELLED = 3;
+ public final static int RENEWED = 4;
+
+ /**
+ * Token identifier
+ */
+ private String id;
+
+ /**
+ * Current state of the token
+ */
+ private int state = -1;
+
+ /**
+ * The actual token in its current state
+ */
+ private OMElement token;
+
+ /**
+ * The token in its previous state
+ */
+ private OMElement previousToken;
+
+ /**
+ * The RequestedAttachedReference element
+ * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
+ * an extensibility mechanism for wsse:SecurityTokenReference and
+ * wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
+ * the ValueType values.
+ */
+ private OMElement attachedReference;
+
+ /**
+ * The RequestedUnattachedReference element
+ * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
+ * an extensibility mechanism for wsse:SecurityTokenRefence and
+ * wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
+ * the ValueType values.
+ */
+ private OMElement unattachedReference;
+
+ /**
+ * A bag to hold any other properties
+ */
+ private Properties properties;
+
+ /**
+ * A flag to assist the TokenStorage
+ */
+ private boolean changed;
+
+ /**
+ * The secret associated with the Token
+ */
+ private byte[] secret;
+
+ /**
+ * Created time
+ */
+ private Date created;
+
+ /**
+ * Expiration time
+ */
+ private Date expires;
+
+ public Token(String id,
+ OMElement tokenElem,
+ Date created,
+ Date expires) throws TrustException {
+ this.id = id;
+ this.token = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ tokenElem.getXMLStreamReader()).getDocumentElement();
+ this.created = created;
+ this.expires = expires;
+ }
+
+ public Token(String id,
+ OMElement tokenElem,
+ OMElement lifetimeElem) throws TrustException {
+ this.id = id;
+ this.token = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ tokenElem.getXMLStreamReader()).getDocumentElement();
+ this.processLifeTime(lifetimeElem);
+ }
+
+ /**
+ * @param lifetimeElem
+ * @throws TrustException
+ */
+ private void processLifeTime(OMElement lifetimeElem) throws TrustException {
+ try {
+ DateFormat zulu = new XmlSchemaDateFormat();
+ OMElement createdElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.CREATED_LN));
+ this.created = zulu.parse(createdElem.getText());
+
+ OMElement expiresElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN));
+ this.expires = zulu.parse(expiresElem.getText());
+ } catch (OMException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ } catch (ParseException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ }
+ }
+
+ /**
+ * @return Returns the chnaged.
+ */
+ public boolean isChanged() {
+ return changed;
+ }
+
+ /**
+ * @param chnaged The chnaged to set.
+ */
+ public void setChanged(boolean chnaged) {
+ this.changed = chnaged;
+ }
+
+ /**
+ * @return Returns the properties.
+ */
+ public Properties getProperties() {
+ return properties;
+ }
+
+ /**
+ * @param properties The properties to set.
+ */
+ public void setProperties(Properties properties) {
+ this.properties = properties;
+ }
+
+ /**
+ * @return Returns the state.
+ */
+ public int getState() {
+ return state;
+ }
+
+ /**
+ * @param state The state to set.
+ */
+ public void setState(int state) {
+ this.state = state;
+ }
+
+ /**
+ * @return Returns the token.
+ */
+ public OMElement getToken() {
+ return token;
+ }
+
+ /**
+ * @param token The token to set.
+ */
+ public void setToken(OMElement token) {
+ this.token = token;
+ }
+
+ /**
+ * @return Returns the id.
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * @return Returns the presivousToken.
+ */
+ public OMElement getPreviousToken() {
+ return previousToken;
+ }
+
+ /**
+ * @param presivousToken The presivousToken to set.
+ */
+ public void setPreviousToken(OMElement presivousToken) {
+ this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ presivousToken.getXMLStreamReader()).getDocumentElement();
+ }
+
+ /**
+ * @return Returns the secret.
+ */
+ public byte[] getSecret() {
+ return secret;
+ }
+
+ /**
+ * @param secret The secret to set.
+ */
+ public void setSecret(byte[] secret) {
+ this.secret = secret;
+ }
+
+ /**
+ * @return Returns the attachedReference.
+ */
+ public OMElement getAttachedReference() {
+ return attachedReference;
+ }
+
+ /**
+ * @param attachedReference The attachedReference to set.
+ */
+ public void setAttachedReference(OMElement attachedReference) {
+ if(attachedReference != null) {
+ this.attachedReference = new StAXOMBuilder(DOOMAbstractFactory
+ .getOMFactory(), attachedReference.getXMLStreamReader())
+ .getDocumentElement();
+ }
+ }
+
+ /**
+ * @return Returns the unattachedReference.
+ */
+ public OMElement getUnattachedReference() {
+ return unattachedReference;
+ }
+
+ /**
+ * @param unattachedReference The unattachedReference to set.
+ */
+ public void setUnattachedReference(OMElement unattachedReference) {
+ if(unattachedReference != null) {
+ this.unattachedReference = new StAXOMBuilder(DOOMAbstractFactory
+ .getOMFactory(), unattachedReference.getXMLStreamReader())
+ .getDocumentElement();
+ }
+ }
+
+ /**
+ * @return Returns the created.
+ */
+ public Date getCreated() {
+ return created;
+ }
+
+ /**
+ * @return Returns the expires.
+ */
+ public Date getExpires() {
+ return expires;
+ }
+
+ /**
+ * @param expires The expires to set.
+ */
+ public void setExpires(Date expires) {
+ this.expires = expires;
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java
new file mode 100644
index 0000000..6d427ad
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+
+public interface TokenCanceler {
+
+ /**
+ * Cancel the token specified in the request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ SOAPEnvelope cancel(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenCanceller.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenCanceller.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuation
+ */
+ void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ void setConfigurationParamName(String configParamName);
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws TrustException
+ */
+ String getResponseAction(RahasData data) throws TrustException;
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java
new file mode 100644
index 0000000..fd327c4
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+/**
+ * The <code>TokenIssuer</code>
+ */
+public interface TokenIssuer {
+
+ /**
+ * Create the response <code>soap:Envelope</code> for the given issue
+ * request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return The response <code>soap:Envelope</code> for the given issue
+ * request.
+ * @throws TrustException
+ */
+ SOAPEnvelope issue(RahasData data) throws TrustException;
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws TrustException
+ */
+ String getResponseAction(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenIssuer.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenIssuer.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuation
+ */
+ void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ void setConfigurationParamName(String configParamName);
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
new file mode 100644
index 0000000..8b06f82
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public interface TokenRenewer {
+
+ /**
+ * Renew the token specified in the given request.
+ *
+ * @param data
+ * A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ public SOAPEnvelope renew(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenRenewer.
+ *
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenRenewer.
+ *
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement
+ * <code>OMElement</code> representing the configuation
+ */
+ public void setConfigurationElement(String configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ *
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @see org.apache.axis2.description.Parameter
+ * @param configParamName
+ */
+ public void setConfigurationParamName(String configParamName);
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
new file mode 100644
index 0000000..ed1e749
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+
+public class TokenRequestDispatcher {
+
+ private TokenRequestDispatcherConfig config;
+
+ public TokenRequestDispatcher(TokenRequestDispatcherConfig config) throws TrustException {
+ this.config = config;
+ }
+
+ public TokenRequestDispatcher(OMElement config) throws TrustException {
+ this(TokenRequestDispatcherConfig.load(config));
+ }
+
+ public TokenRequestDispatcher(String configFilePath) throws TrustException {
+ this(TokenRequestDispatcherConfig.load(configFilePath));
+ }
+
+ /**
+ * Processes the incoming request and returns a SOAPEnvelope
+ * @param inMsgCtx
+ * @return The response SOAPEnvelope
+ * @throws TrustException
+ */
+ public SOAPEnvelope handle(MessageContext inMsgCtx,
+ MessageContext outMsgCtx) throws TrustException {
+
+ RahasData data = new RahasData(inMsgCtx);
+
+ String reqType = data.getRequestType();
+ String tokenType = data.getTokenType();
+ if ((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_ISSUE).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_ISSUE).equals(reqType)) {
+ TokenIssuer issuer;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ issuer = config.getDefaultIssuerInstace();
+ } else {
+ issuer = config.getIssuer(tokenType);
+ }
+
+ SOAPEnvelope response = issuer.issue(data);
+
+ //set the response wsa/soap action in teh out message context
+ outMsgCtx.getOptions().setAction(issuer.getResponseAction(data));
+
+ return response;
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType)) {
+ throw new UnsupportedOperationException("TODO: handle " +
+ "validate requests");
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_RENEW).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_RENEW).equals(reqType)) {
+ throw new UnsupportedOperationException("TODO: handle " +
+ "renew requests");
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType)) {
+
+ TokenCanceler canceler = config.getDefaultCancelerInstance();
+ SOAPEnvelope response = canceler.cancel(data);
+
+ //set the response wsa/soap action in the out message context
+ outMsgCtx.getOptions().setAction(canceler.getResponseAction(data));
+ return response;
+ } else {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ }
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
new file mode 100644
index 0000000..9e04324
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.ws.security.util.Loader;
+
+import javax.xml.namespace.QName;
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Map;
+
+public class TokenRequestDispatcherConfig {
+
+ public final static String CONFIG_PARAM_KEY = "token-dispatcher-configuration";
+ public final static String CONFIG_FILE_KEY = "token-dispatcher-configuration-file";
+
+ private final static QName DISPATCHER_CONFIG = new QName("token-dispatcher-configuration");
+ private final static QName ISSUER = new QName("issuer");
+ private final static QName CANCELER = new QName("canceler");
+ private final static QName TOKEN_TYPE = new QName("tokenType");
+ private final static QName CLASS_ATTR = new QName("class");
+ private final static QName DEFAULT_ATTR = new QName("default");
+ private final static QName CONFIGURATION_ELEMENT = new QName("configuration");
+
+ private Map issuers;
+ private Map configFiles = new Hashtable();
+ private Map configElements = new Hashtable();
+ private Map configParamNames = new Hashtable();
+
+ private String defaultIssuerClassName;
+ private String defaultCancelerClassName;
+
+ public static TokenRequestDispatcherConfig load(OMElement configElem) throws TrustException {
+
+ if (!DISPATCHER_CONFIG.equals(configElem.getQName())) {
+ throw new TrustException("incorrectConfiguration");
+ }
+ TokenRequestDispatcherConfig conf = new TokenRequestDispatcherConfig();
+
+ // Issuers
+ handleIssuers(configElem, conf);
+
+ // Cancelers
+ handleCancelers(configElem, conf);
+
+ //There must be a defulat issuer
+ if (conf.defaultIssuerClassName == null) {
+ throw new TrustException("defaultIssuerMissing");
+ }
+ return conf;
+ }
+
+ private static void handleCancelers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ OMElement cancelerEle = configElem.getFirstChildWithName(CANCELER); // support only one canceler
+ if (cancelerEle != null) {
+ //get the class attr
+ String cancelerClass = cancelerEle.getAttributeValue(CLASS_ATTR);
+ if (cancelerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ conf.defaultCancelerClassName = cancelerClass;
+ processConfiguration(cancelerEle, conf, cancelerClass);
+ }
+
+ //TODO: imple
+ }
+
+ private static void handleIssuers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+ for (Iterator issuerElems = configElem.getChildrenWithName(ISSUER);
+ issuerElems.hasNext();) {
+
+ OMElement element = (OMElement) issuerElems.next();
+
+ //get the class attr
+ String issuerClass = element.getAttributeValue(CLASS_ATTR);
+ if (issuerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultIssuerClassName == null) {
+ conf.defaultIssuerClassName = issuerClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultIssuers");
+ }
+ }
+
+ processConfiguration(element, conf, issuerClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Issuer", issuerClass});
+ }
+ if (conf.issuers == null) {
+ conf.issuers = new Hashtable();
+ }
+ //If the token type is not aleady declared then add it to the
+ //table with the issuer classname
+ if (!conf.issuers.keySet().contains(value)) {
+ conf.issuers.put(value, issuerClass);
+ }
+ }
+ }
+ }
+
+ private static void processConfiguration(OMElement element,
+ TokenRequestDispatcherConfig conf,
+ String implClass) {
+
+ for (Iterator configs = element.getChildrenWithName(CONFIGURATION_ELEMENT);
+ configs.hasNext();) {
+ OMElement configEle = (OMElement) configs.next();
+ String configType =
+ configEle.getAttribute(new QName("type")).getAttributeValue().trim();
+ if (configType.equalsIgnoreCase("file")) { //Process configuration file information
+ String issuerConfigFile = configEle.getText();
+ if (issuerConfigFile != null) {
+ conf.configFiles.put(implClass, issuerConfigFile);
+ }
+ } else if (configType.equalsIgnoreCase("element"))
+ { //Process configuration element information
+ conf.configElements.put(implClass, configEle);
+ } else if (configType.equalsIgnoreCase("parameter"))
+ { //Process configuration parameter name information
+ conf.configParamNames.put(implClass, configEle.getText());
+ }
+ }
+ }
+
+ public static TokenRequestDispatcherConfig load(String configFilePath) throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile", new String[]{configFilePath});
+ }
+ return load(builder.getDocumentElement());
+ }
+
+ public TokenIssuer getDefaultIssuerInstace() throws TrustException {
+ if (this.defaultIssuerClassName != null) {
+ try {
+ return createIssuer(this.defaultIssuerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultIssuerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public TokenCanceler getDefaultCancelerInstance() throws TrustException {
+ if (this.defaultCancelerClassName != null) {
+ try {
+ return createCanceler(this.defaultCancelerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultCancelerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public String getDefaultIssuerName() {
+ return this.defaultIssuerClassName;
+ }
+
+
+ public TokenIssuer getIssuer(String tokenType) throws TrustException {
+ String issuerClassName = null;
+ //try to find the issuer class name from the tokenType<->issuer map
+ if (this.issuers != null) {
+ issuerClassName = (String) this.issuers.get(tokenType);
+ }
+ //If a specific issuer is not found use the default issuer
+ if (issuerClassName == null) {
+ issuerClassName = this.defaultIssuerClassName;
+ }
+ try {
+ return createIssuer(issuerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultIssuerClassName}, e);
+ }
+ }
+
+ /**
+ * @param issuerClassName
+ * @return TokenIssuer
+ */
+ private TokenIssuer createIssuer(String issuerClassName) throws Exception {
+ TokenIssuer issuer = (TokenIssuer) Loader.loadClass(issuerClassName).newInstance();
+ issuer.setConfigurationElement((OMElement) this.configElements.get(issuerClassName));
+ issuer.setConfigurationFile((String) this.configFiles.get(issuerClassName));
+ issuer.setConfigurationParamName((String) this.configParamNames.get(issuerClassName));
+ return issuer;
+ }
+
+ private TokenCanceler createCanceler(String cancelerClassName) throws Exception {
+ TokenCanceler canceler = (TokenCanceler) Loader.loadClass(cancelerClassName).newInstance();
+ canceler.setConfigurationElement((OMElement) this.configElements.get(cancelerClassName));
+ canceler.setConfigurationFile((String) this.configFiles.get(cancelerClassName));
+ canceler.setConfigurationParamName((String) this.configParamNames.get(cancelerClassName));
+ return canceler;
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java
new file mode 100644
index 0000000..cc9d656
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+
+/**
+ * The storage interface to store security tokens and
+ * manipulate them
+ */
+public interface TokenStorage {
+
+ String TOKEN_STORAGE_KEY = "org.apache.rahas.TokenStorage";
+
+ /**
+ * Add the given token to the list.
+ * @param token The token to be added
+ * @throws TrustException
+ */
+ void add(Token token) throws TrustException;
+
+ /**
+ * Update an existing token.
+ * @param token
+ * @throws TrustException
+ */
+ void update(Token token) throws TrustException;
+
+ /**
+ * Return the list of all token identifiers.
+ * @return As array of token identifiers
+ * @throws TrustException
+ */
+ String[] getTokenIdentifiers() throws TrustException;
+
+ /**
+ * Return the list of <code>EXPIRED</code> tokens.
+ * If there are no <code>EXPIRED</code> tokens <code>null</code> will be
+ * returned
+ * @return An array of expired <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getExpiredTokens() throws TrustException;
+
+ /**
+ * Return the list of ISSUED and RENEWED tokens.
+ * @return An array of ISSUED and RENEWED <code>Tokens</code>.
+ * @throws TrustException
+ */
+ Token[] getValidTokens() throws TrustException;
+
+ /**
+ * Return the list of RENEWED tokens.
+ * @return An array of RENEWED <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getRenewedTokens() throws TrustException;
+
+ /**
+ * Return the list of CANCELLED tokens
+ * @return An array of CANCELLED <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getCancelledTokens() throws TrustException;
+
+ /**
+ * Returns the <code>Token</code> of the given id
+ * @param id
+ * @return The requested <code>Token</code> identified by the give id
+ * @throws TrustException
+ */
+ Token getToken(String id) throws TrustException;
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
new file mode 100644
index 0000000..9626ce7
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public interface TokenValidator {
+
+ /**
+ * Validate the token specified in the given request.
+ *
+ * @param data
+ * A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ public SOAPEnvelope validate(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenValidator.
+ *
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenValidator.
+ *
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement
+ * <code>OMElement</code> representing the configuation
+ */
+ public void setConfigurationElement(String configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ *
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @see org.apache.axis2.description.Parameter
+ * @param configParamName
+ */
+ public void setConfigurationParamName(String configParamName);
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java
new file mode 100644
index 0000000..39a6ccc
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class TrustException extends Exception {
+
+ private static final long serialVersionUID = -445341784514373965L;
+
+ public final static String INVALID_REQUEST = "InvalidRequest";
+ public final static String FAILED_AUTHENTICATION = "FailedAuthentication";
+ public final static String REQUEST_FAILED = "RequestFailed";
+ public final static String INVALID_SECURITY_TOKEN = "InvalidSecurityToken";
+ public final static String AUTHENTICATION_BAD_ELEMENTS = "AuthenticationBadElements";
+ public final static String BAD_REQUEST = "BadRequest";
+ public final static String EXPIRED_DATA = "ExpiredData";
+ public final static String INVALID_TIME_RANGE = "InvalidTimeRange";
+ public final static String INVALID_SCOPE = "InvalidScope";
+ public final static String RENEW_NEEDED = "RenewNeeded";
+ public final static String UNABLE_TO_RENEW = "UnableToRenew";
+
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rahas.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public TrustException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ if(AUTHENTICATION_BAD_ELEMENTS.equals(code) ||
+ BAD_REQUEST.equals(code) ||
+ EXPIRED_DATA.equals(code) ||
+ FAILED_AUTHENTICATION.equals(code) ||
+ INVALID_REQUEST.equals(code) ||
+ INVALID_SCOPE.equals(code) ||
+ INVALID_SECURITY_TOKEN.equals(code) ||
+ INVALID_TIME_RANGE.equals(code) ||
+ RENEW_NEEDED.equals(code) ||
+ REQUEST_FAILED.equals(code) ||
+ UNABLE_TO_RENEW.equals(code)) {
+ return RahasConstants.WST_PREFIX + ":" + code;
+ } else {
+ return code;
+ }
+ }
+
+ public TrustException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public TrustException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public TrustException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ if(msg != null) {
+ return msg;
+ } else {
+ return faultCode;
+ }
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
new file mode 100644
index 0000000..2a2135e
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
@@ -0,0 +1,519 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+
+import java.security.SecureRandom;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Properties;
+import java.util.Iterator;
+
+public class TrustUtil {
+
+ private static final QName PROVIDER = new QName("provider");
+ private static final QName NAME = new QName("name");
+
+ /**
+ * Create a wsse:Reference element with the given uri and the value type
+ *
+ * @param doc
+ * @param refUri
+ * @param refValueType
+ * @return Element
+ */
+ public static Element createSecurityTokenReference(Document doc,
+ String refUri, String refValueType) {
+
+ Reference ref = new Reference(doc);
+ ref.setURI(refUri);
+ if (refValueType != null) {
+ ref.setValueType(refValueType);
+ }
+ SecurityTokenReference str = new SecurityTokenReference(doc);
+ str.setReference(ref);
+
+ return str.getElement();
+ }
+
+ public static OMElement
+ createRequestSecurityTokenResponseElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN_RESPONSE,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement
+ createRequestSecurityTokenResponseCollectionElement(int version,
+ OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedSecurityTokenElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.REQUESTED_SECURITY_TOKEN,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestSecurityTokenElement(int version) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ return fac.
+ createOMElement(RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN,
+ ns,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedProofTokenElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.LocalNames.REQUESTED_PROOF_TOKEN,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createEntropyElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.ENTROPY,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createComputedKeyElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestTypeElement(int version,
+ OMElement parent,
+ String value) throws TrustException {
+ String ns = getWSTNamespace(version);
+
+ OMElement elem = createOMElement(parent,
+ ns,
+ RahasConstants.LocalNames.REQUEST_TYPE,
+ RahasConstants.WST_PREFIX);
+
+ if (RahasConstants.REQ_TYPE_ISSUE.equals(value)
+ || RahasConstants.REQ_TYPE_CANCEL.equals(value)
+ || RahasConstants.REQ_TYPE_RENEW.equals(value)
+ || RahasConstants.REQ_TYPE_VALIDATE.equals(value)) {
+ elem.setText(ns + value);
+ } else {
+ elem.setText(value);
+ }
+
+ return elem;
+ }
+
+ public static OMElement createTokenTypeElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.TOKEN_TYPE,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createBinarySecretElement(
+ int version,
+ OMElement parent,
+ String type) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.LocalNames.BINARY_SECRET,
+ RahasConstants.WST_PREFIX);
+ if (type != null) {
+ elem.addAttribute(elem.getOMFactory().createOMAttribute(
+ RahasConstants.ATTR_TYPE, null, ns + type));
+ }
+ return elem;
+ }
+
+ public static OMElement createComputedKeyAlgorithm(int version,
+ OMElement parent,
+ String algoId) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent,
+ ns,
+ RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY_ALGO,
+ RahasConstants.WST_PREFIX);
+ elem.setText(ns + algoId);
+ return elem;
+ }
+
+ public static OMElement
+ createRequestedUnattachedRef(int version,
+ OMElement parent,
+ String refUri,
+ String refValueType) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ public static OMElement createRequestedAttachedRef(int version,
+ OMElement parent,
+ String refUri,
+ String refValueType) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_ATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ public static OMElement createKeySizeElement(int version,
+ OMElement parent,
+ int size) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement ksElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.KEY_SIZE,
+ RahasConstants.WST_PREFIX);
+ ksElem.setText(Integer.toString(size));
+ return ksElem;
+ }
+
+ public static OMElement createKeyTypeElement(int version,
+ OMElement parent,
+ String type) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement ktElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.KEY_TYPE,
+ RahasConstants.WST_PREFIX);
+ if (RahasConstants.KEY_TYPE_BEARER.equals(type) ||
+ RahasConstants.KEY_TYPE_PUBLIC_KEY.equals(type) ||
+ RahasConstants.KEY_TYPE_SYMM_KEY.equals(type)) {
+ ktElem.setText(ns + type);
+ } else {
+ ktElem.setText(type);
+ }
+ return ktElem;
+ }
+
+ public static OMElement
+ createRequestedTokenCanceledElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createLifetimeElement(int version,
+ OMElement parent,
+ String created,
+ String expires) throws TrustException {
+
+ String ns = getWSTNamespace(version);
+
+ OMElement ltElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.LIFETIME,
+ RahasConstants.WST_PREFIX);
+
+ OMElement createdElem = createOMElement(ltElem, WSConstants.WSU_NS,
+ WSConstants.CREATED_LN,
+ WSConstants.WSU_PREFIX);
+ createdElem.setText(created);
+
+ OMElement expiresElem = createOMElement(ltElem, WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN,
+ WSConstants.WSU_PREFIX);
+ expiresElem.setText(expires);
+
+ return ltElem;
+ }
+
+ public static OMElement createLifetimeElement(int version,
+ OMElement parent,
+ long ttl) throws TrustException {
+
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + ttl);
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ return createLifetimeElement(version,
+ parent,
+ zulu.format(creationTime),
+ zulu.format(expirationTime));
+ }
+
+ public static OMElement createAppliesToElement(OMElement parent,
+ String address, String addressingNs) {
+ OMElement appliesToElem = createOMElement(parent,
+ RahasConstants.WSP_NS,
+ RahasConstants.IssuanceBindingLocalNames.
+ APPLIES_TO,
+ RahasConstants.WSP_PREFIX);
+
+ OMElement eprElem = createOMElement(appliesToElem,
+ addressingNs,
+ "EndpointReference",
+ AddressingConstants.WSA_DEFAULT_PREFIX);
+ OMElement addressElem = createOMElement(eprElem, addressingNs,
+ AddressingConstants.EPR_ADDRESS,
+ AddressingConstants.WSA_DEFAULT_PREFIX);
+ addressElem.setText(address);
+
+ return appliesToElem;
+ }
+
+ public static String getActionValue(int version, String action) throws TrustException {
+ if (RahasConstants.RST_ACTION_ISSUE.equals(action) ||
+ RahasConstants.RST_ACTION_CANCEL.equals(action) ||
+ RahasConstants.RST_ACTION_RENEW.equals(action) ||
+ RahasConstants.RST_ACTION_VALIDATE.equals(action) ||
+ RahasConstants.RST_ACTION_SCT.equals(action) ||
+ RahasConstants.RSTR_ACTION_ISSUE.equals(action) ||
+ RahasConstants.RSTR_ACTION_CANCEL.equals(action) ||
+ RahasConstants.RSTR_ACTION_RENEW.equals(action) ||
+ RahasConstants.RSTR_ACTION_VALIDATE.equals(action) ||
+ RahasConstants.RSTR_ACTION_SCT.equals(action)) {
+
+ return getWSTNamespace(version) + action;
+ }
+ return action;
+ }
+
+ /**
+ * Create a new <code>SOAPEnvelope</code> of the same version as the
+ * SOAPEnvelope in the given <code>MessageContext</code>
+ *
+ * @param nsUri
+ * @return SOAPEnvelope
+ */
+ public static SOAPEnvelope createSOAPEnvelope(String nsUri) {
+ if (nsUri != null
+ && SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(nsUri)) {
+ return DOOMAbstractFactory.getSOAP11Factory().getDefaultEnvelope();
+ } else {
+ return DOOMAbstractFactory.getSOAP12Factory().getDefaultEnvelope();
+ }
+ }
+
+
+ private static OMElement createOMElement(OMElement parent,
+ String ns,
+ String ln,
+ String prefix) {
+ return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix),
+ parent);
+ }
+
+ public static String getWSTNamespace(int version) throws TrustException {
+ switch (version) {
+ case RahasConstants.VERSION_05_02:
+ return RahasConstants.WST_NS_05_02;
+ case RahasConstants.VERSION_05_12:
+ return RahasConstants.WST_NS_05_12;
+ default:
+ throw new TrustException("unsupportedWSTVersion");
+ }
+ }
+
+ public static int getWSTVersion(String ns) throws TrustException {
+ if (RahasConstants.WST_NS_05_02.equals(ns)) {
+ return RahasConstants.VERSION_05_02;
+ } else if (RahasConstants.WST_NS_05_12.equals(ns)) {
+ return RahasConstants.VERSION_05_12;
+ } else {
+ throw new TrustException("unsupportedWSTVersion");
+ }
+ }
+
+ /**
+ * Returns the token store.
+ * If the token store is aleady available in the configuration context then
+ * fetch it and return it. If not create a new one, hook it up in the
+ * configuration context and return it
+ *
+ * @param msgCtx
+ * @return the token store
+ */
+ public static TokenStorage getTokenStore(MessageContext msgCtx) {
+ ConfigurationContext configCtx = msgCtx.getConfigurationContext();
+ TokenStorage storage =
+ (TokenStorage) configCtx.getProperty(TokenStorage.TOKEN_STORAGE_KEY);
+ if (storage == null) {
+ storage = new SimpleTokenStore();
+ configCtx.setProperty(TokenStorage.TOKEN_STORAGE_KEY, storage);
+ }
+ return storage;
+ }
+
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated ephemeral key
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated ephemeral key
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(byte[] reqEnt,
+ byte[] respEnt,
+ String algo,
+ int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ public static OMElement createCancelTargetElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.CancelBindingLocalNames.CANCEL_TARGET,
+ RahasConstants.WST_PREFIX);
+
+ }
+
+ public static OMElement createClaims(int version,
+ OMElement parent, String dialect) throws TrustException{
+ OMElement omElem = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.IssuanceBindingLocalNames.CLAIMS,
+ RahasConstants.WST_PREFIX);
+
+ OMNamespace ns = omElem.getOMFactory().createOMNamespace(getWSTNamespace(version),
+ RahasConstants.WSP_PREFIX);
+ omElem.addAttribute(RahasConstants.ATTR_CLAIMS_DIALECT , dialect, ns);
+
+
+ return omElem;
+ }
+
+
+
+ public static OMElement createCancelRequest(String tokenId,
+ int version) throws TrustException {
+ /*
+ <wst:RequestSecurityToken>
+ <wst:RequestType>
+ http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
+ </wst:RequestType>
+ <wst:CancelTarget>
+ <o:SecurityTokenReference
+ xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <o:Reference URI="urn:uuid:8e6a3a95-fd1b-4c24-96d4-28e875025ff7"
+ ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </o:SecurityTokenReference>
+ </wst:CancelTarget>
+ </wst:RequestSecurityToken>
+ */
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+ TrustUtil.createRequestTypeElement(version, rst, RahasConstants.REQ_TYPE_CANCEL);
+ OMElement cancelTargetEle = TrustUtil.createCancelTargetElement(version, rst);
+ OMFactory factory = rst.getOMFactory();
+ OMElement secTokenRefEle =
+ factory.createOMElement(SecurityTokenReference.SECURITY_TOKEN_REFERENCE,
+ WSConstants.WSSE_NS,
+ WSConstants.WSSE_PREFIX);
+ OMElement refEle =
+ factory.createOMElement(Reference.TOKEN);
+ refEle.addAttribute(factory.createOMAttribute(RahasConstants.CancelBindingLocalNames.URI,
+ null, tokenId));
+ secTokenRefEle.addChild(refEle);
+ cancelTargetEle.addChild(secTokenRefEle);
+
+ return rst;
+ }
+
+ public static Properties toProperties(OMElement cryptoElem) {
+ Properties properties = new Properties();
+
+ /*
+ Process an element similar to this;
+
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ */
+ for (Iterator propIter = cryptoElem.getChildElements(); propIter.hasNext();) {
+ OMElement propElem = (OMElement) propIter.next();
+ String name = propElem.getAttribute(NAME).getAttributeValue().trim();
+ String value = propElem.getText().trim();
+ properties.setProperty(name, value);
+ }
+ properties.setProperty("org.apache.ws.security.crypto.provider",
+ cryptoElem.getAttribute(PROVIDER).getAttributeValue().trim());
+ return properties;
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
new file mode 100644
index 0000000..4c72fee
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -0,0 +1,618 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.client;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisOperation;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.namespace.QName;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+public class STSClient {
+
+ private static final String RAMPART_POLICY = "rampartPolicy";
+
+ private static Log log = LogFactory.getLog(STSClient.class);
+
+ private String action;
+
+ private OMElement rstTemplate;
+
+ private int version = RahasConstants.VERSION_05_02;
+
+ private Options options;
+
+ private Trust10 trust10;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private byte[] requestorEntropy;
+
+ private String addressingNs = AddressingConstants.Final.WSA_NAMESPACE;
+
+ private int keySize;
+
+ private String soapVersion = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+
+ /**
+ * Life time in seconds
+ * Default is 300 seconds (5 mins)
+ */
+ private int ttl = 300;
+ private Crypto crypto;
+ private CallbackHandler cbHandler;
+ private ConfigurationContext configCtx;
+
+ public STSClient(ConfigurationContext configCtx) throws TrustException {
+ if (configCtx != null) {
+ this.configCtx = configCtx;
+ } else {
+ throw new TrustException("stsClientCfgCtxNull");
+ }
+ }
+
+ public Token requestSecurityToken(Policy servicePolicy,
+ String issuerAddress,
+ Policy issuerPolicy,
+ String appliesTo) throws TrustException {
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_ISSUE;
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getOptions().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+
+ //Process the STS and service policy policy
+ this.processPolicy(issuerPolicy, servicePolicy);
+ OMElement response = client.sendReceive(rstQn,
+ createIssueRequest(requestType, appliesTo));
+
+ return processIssueResponse(version, response);
+ } catch (AxisFault e) {
+ e.printStackTrace();
+ log.error("errorInObtainingToken", e);
+ throw new TrustException("errorInObtainingToken", new String[]{issuerAddress});
+ }
+ }
+
+ /**
+ * Cancel a particular security token
+ *
+ * @param issuerAddress
+ * @param tokenId
+ * @return true is the Token was successfully cancelled. False otherwise.
+ * @throws TrustException
+ */
+ public boolean cancelToken(String issuerAddress,
+ String tokenId,
+ String action) throws TrustException {
+ try {
+ QName rstQn = new QName("cancelSecurityToken");
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+ if(action != null) {
+ client.getOptions().setAction(action);
+ }
+
+ return processCancelResponse(client.sendReceive(rstQn,
+ createCancelRequest(tokenId)));
+ } catch (AxisFault e) {
+ log.error("errorInCancelingToken", e);
+ throw new TrustException("errorInCancelingToken", e);
+ }
+ }
+
+ private ServiceClient getServiceClient(QName rstQn,
+ String issuerAddress) throws AxisFault {
+ AxisService axisService =
+ new AxisService("SecurityTokenService" + UUIDGenerator.getUUID());
+ axisService.setClientSide(true);
+ AxisOperation operation = new OutInAxisOperation(rstQn);
+ axisService.addOperation(operation);
+ ServiceClient client = new ServiceClient(this.configCtx, axisService);
+
+ if (this.options != null) {
+ client.setOptions(options);
+ }
+
+ //Set the action
+ client.getOptions().setAction(action);
+ client.getOptions().setTo(new EndpointReference(issuerAddress));
+ client.engageModule(new QName("rampart"));
+ return client;
+ }
+
+ /**
+ * @param result
+ * @return Token
+ */
+ private Token processIssueResponse(int version, OMElement result) throws TrustException {
+ OMElement rstr = result;
+ if (version == RahasConstants.VERSION_05_12) {
+ //The WS-SX result will be an RSTRC
+ rstr = result.getFirstElement();
+ }
+
+ String ns = TrustUtil.getWSTNamespace(version);
+
+ //Get the RequestedAttachedReference
+ OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.REQUESTED_ATTACHED_REFERENCE));
+ OMElement reqAttRef = reqAttElem == null ? null : reqAttElem.getFirstElement();
+
+ //Get the RequestedUnattachedReference
+ OMElement reqUnattElem =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE));
+ OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem.getFirstElement();
+
+ //Get the security token
+ OMElement reqSecTok =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ if (reqSecTok == null) {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ OMElement tokenElem = reqSecTok.getFirstElement();
+
+ String id = this.findIdentifier(reqAttRef, reqUnattRef, tokenElem);
+
+ if (id == null) {
+ throw new TrustException("cannotObtainTokenIdentifier");
+ }
+
+ OMElement lifeTimeEle =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ LIFETIME));
+
+ Token token = new Token(id, tokenElem, lifeTimeEle);
+ token.setAttachedReference(reqAttRef);
+ token.setUnattachedReference(reqUnattRef);
+
+ //Handle proof token
+ OMElement rpt =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.LocalNames.
+ REQUESTED_PROOF_TOKEN));
+
+ byte[] secret = null;
+
+ if (rpt != null) {
+ OMElement child = rpt.getFirstElement();
+ if (child == null) {
+ throw new TrustException("invalidRPT");
+ }
+ if (child.getQName().equals(new QName(ns,
+ RahasConstants.LocalNames.
+ BINARY_SECRET))) {
+ //First check for the binary secret
+ String b64Secret = child.getText();
+ secret = Base64.decode(b64Secret);
+ } else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
+ try {
+ Element domChild = (Element) new StAXOMBuilder(
+ DOOMAbstractFactory.getOMFactory(), child
+ .getXMLStreamReader()).getDocumentElement();
+
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
+ processor.handleToken(domChild, null, this.crypto,
+ this.cbHandler, null, new Vector(),
+ null);
+
+ secret = processor.getDecryptedBytes();
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInProcessingEncryptedKey", e);
+ }
+ } else if (child.getQName().equals(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ COMPUTED_KEY))) {
+ //Handle the computed key
+
+ //Get service entropy
+ OMElement serviceEntrElem = rstr
+ .getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ ENTROPY));
+
+ OMElement binSecElem = serviceEntrElem.getFirstElement();
+
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText().trim())) {
+
+ byte[] serviceEntr = Base64.decode(binSecElem.getText());
+
+ //Right now we only use PSHA1 as the computed key algo
+ P_SHA1 p_sha1 = new P_SHA1();
+
+ int length = (this.keySize > 0) ? keySize
+ : this.algorithmSuite
+ .getMaximumSymmetricKeyLength();
+ try {
+ secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8);
+ } catch (ConversationException e) {
+ throw new TrustException("keyDerivationError", e);
+ }
+ } else {
+ //Service entropy missing
+ throw new TrustException("serviceEntropyMissing");
+ }
+ }
+
+ } else {
+ if (this.requestorEntropy != null) {
+ //Use requestor entropy as the key
+ secret = this.requestorEntropy;
+ }
+ }
+ token.setSecret(secret);
+ return token;
+ }
+
+ private boolean processCancelResponse(OMElement response) {
+ /*
+ <wst:RequestSecurityTokenResponse>
+ <wst:RequestedTokenCancelled/>
+ </wst:RequestSecurityTokenResponse>
+ */
+ return response.
+ getFirstChildWithName(new QName(RahasConstants.
+ CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED)) != null;
+ }
+
+ /**
+ * Find the token identifier.
+ *
+ * @param reqAttRef
+ * @param reqUnattRef
+ * @param token
+ * @return id
+ */
+ private String findIdentifier(OMElement reqAttRef,
+ OMElement reqUnattRef,
+ OMElement token) {
+ String id;
+ if (reqAttRef != null) {
+ //First try the attached ref
+ id = this.getIdFromSTR(reqAttRef);
+ } else if (reqUnattRef != null) {
+ //then try the unattached ref
+ id = this.getIdFromSTR(reqUnattRef);
+ } else {
+ //Return wsu:Id of the token element
+ id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
+ }
+ return id;
+ }
+
+
+ /**
+ * Process the given STR to find the id it refers to
+ *
+ * @param refElem
+ * @return id
+ */
+ private String getIdFromSTR(OMElement refElem) {
+ //ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = refElem.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI"));
+ } else {
+ return null;
+ }
+
+ }
+
+ /**
+ * Process the goven service policy and extract the info required to create
+ * the RST.
+ *
+ * @param servicePolicy
+ */
+ private void processPolicy(Policy issuerPolicy, Policy servicePolicy) {
+ //Get the policy assertions
+ //Assumption: there's only one alternative
+
+ if (issuerPolicy != null) {
+ log.debug("Processing Issuer policy");
+
+ List issuerAssertions = (List) issuerPolicy.getAlternatives().next();
+
+ for (Iterator iter = issuerAssertions.iterator(); iter.hasNext();) {
+ Assertion tempAssertion = (Assertion) iter.next();
+ //find the AlgorithmSuite assertion
+ if (tempAssertion instanceof Binding) {
+
+ log.debug("Extracting algo suite from issuer " +
+ "policy binding");
+
+ this.algorithmSuite = ((Binding) tempAssertion)
+ .getAlgorithmSuite();
+ }
+ }
+ }
+
+ if (servicePolicy != null) {
+
+ log.debug("Processing service policy to find Trust10 assertion");
+
+ List assertions = (List) servicePolicy.getAlternatives().next();
+
+ for (Iterator iter = assertions.iterator(); iter.hasNext();) {
+ Assertion tempAssertion = (Assertion) iter.next();
+ //find the Trust10 assertion
+ if (tempAssertion instanceof Trust10) {
+ log.debug("Extracting Trust10 assertion from " +
+ "service policy");
+ this.trust10 = (Trust10) tempAssertion;
+ }
+ }
+ }
+ }
+
+ /**
+ * Create the RST request.
+ *
+ * @param requestType
+ * @param appliesTo
+ * @return OMElement
+ * @throws TrustException
+ */
+ private OMElement createIssueRequest(String requestType,
+ String appliesTo) throws TrustException {
+
+ log.debug("Creating request with request type: " + requestType +
+ " and applies to: " + appliesTo);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+ if (appliesTo != null) {
+ TrustUtil.createAppliesToElement(rst, appliesTo, this.addressingNs);
+ }
+ TrustUtil.createLifetimeElement(this.version, rst, this.ttl * 1000);
+
+ //Copy over the elements from the template
+ if (this.rstTemplate != null) {
+
+ log.debug("Using RSTTemplate: " + this.rstTemplate.toString());
+
+ Iterator templateChildren = rstTemplate.getChildElements();
+ while (templateChildren.hasNext()) {
+ OMNode child = (OMNode) templateChildren.next();
+ rst.addChild(child);
+ //Look for the key size element
+ if (child instanceof OMElement
+ && ((OMElement) child).getQName().equals(
+ new QName(TrustUtil.getWSTNamespace(this.version),
+ RahasConstants.IssuanceBindingLocalNames.KEY_SIZE))) {
+ log.debug("Extracting key size from the RSTTemplate: ");
+ OMElement childElem = (OMElement) child;
+ this.keySize =
+ (childElem.getText() != null && !"".equals(childElem.getText())) ?
+ Integer.parseInt(childElem.getText()) :
+ -1;
+ log.debug("Key size from RSTTemplate: " + this.keySize);
+ }
+ }
+ }
+
+ try {
+ // Handle entropy
+ if (this.trust10 != null) {
+
+ log.debug("Processing Trust10 assertion");
+
+ if (this.trust10.isRequireClientEntropy()) {
+
+ log.debug("Requires client entropy");
+
+ // setup requestor entropy
+ OMElement ent = TrustUtil.createEntropyElement(this.version, rst);
+ OMElement binSec =
+ TrustUtil.createBinarySecretElement(this.version,
+ ent,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ this.requestorEntropy =
+ WSSecurityUtil.generateNonce(this.algorithmSuite.
+ getMaximumSymmetricKeyLength());
+ binSec.setText(Base64.encode(this.requestorEntropy));
+
+ log.debug("Clien entropy : "
+ + Base64.encode(this.requestorEntropy));
+
+ // Add the ComputedKey element
+ TrustUtil.createComputedKeyAlgorithm(this.version, rst,
+ RahasConstants.COMPUTED_KEY_PSHA1);
+
+ }
+ }
+ } catch (Exception e) {
+ throw new TrustException("errorSettingUpRequestorEntropy", e);
+ }
+
+
+ return rst;
+
+ }
+
+ private OMElement createCancelRequest(String tokenId) throws TrustException {
+
+ return TrustUtil.createCancelRequest(tokenId, version);
+ }
+
+ /**
+ * Set this to set the entropy configurations.
+ * If this is provided in the given policy it will be overridden.
+ *
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * This can be used in the case where the AlgorithmSuite is not specified in
+ * the given policy.
+ * If the AlgorithmSuite exists in a binding in the policy then the value
+ * set will be overridden.
+ *
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @param addressingNs The addressingNs to set.
+ */
+ public void setAddressingNs(String addressingNs) {
+ this.addressingNs = addressingNs;
+ }
+
+ /**
+ * @param ttl The ttl to set.
+ */
+ public void setTtl(int ttl) {
+ this.ttl = ttl;
+ }
+
+ /**
+ * Sets the crypto information required to process the RSTR.
+ *
+ * @param crypto Crypto information
+ * @param cbHandler Callback handler to provide the private key password to
+ * decrypt
+ */
+ public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
+ this.crypto = crypto;
+ this.cbHandler = cbHandler;
+ }
+
+ /**
+ * Sets the crypto information required to process the RSTR.
+ *
+ * @param crypto The crypto information
+ * @param privKeyPasswd Private key password to decrypt
+ */
+ public void setCryptoInfo(Crypto crypto, String privKeyPasswd) {
+ this.crypto = crypto;
+ this.cbHandler = new CBHandler(privKeyPasswd);
+ }
+
+ /**
+ * @param action The action to set.
+ */
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ /**
+ * @param options The options to set.
+ */
+ public void setOptions(Options options) {
+ this.options = options;
+ }
+
+ /**
+ * @param rstTemplate The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
+
+ private class CBHandler implements CallbackHandler {
+
+ private String passwd;
+
+ private CBHandler(String passwd) {
+ this.passwd = passwd;
+ }
+
+ public void handle(Callback[] cb) throws IOException,
+ UnsupportedCallbackException {
+ ((WSPasswordCallback) cb[0]).setPassword(this.passwd);
+ }
+
+ }
+
+ /**
+ * @param version The version to set.
+ */
+ public void setVersion(int version) {
+ this.version = version;
+ }
+
+ public void setSoapVersion(String soapVersion) {
+ this.soapVersion = soapVersion;
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
new file mode 100644
index 0000000..34c4bd6
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
@@ -0,0 +1,84 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+InvalidRequest = The request was invalid or malformed, \"{0}\"
+FailedAuthentication = Authentication failed
+RequestFailed = The specified request failed
+InvalidSecurityToken = Security token has been revoked
+AuthenticationBadElements = Insufficient Digest Elements
+BadRequest = The specified RequestSecurityToken is not understood
+ExpiredData = The request data is out-of-date
+InvalidTimeRange = The requested time range is invalid or unsupported
+InvalidScope = The request scope is invalid or unsupported
+RenewNeeded = A renewable security token has expired
+UnableToRenew = The requested renewal failed
+
+
+errorInObtainingToken = Error in obtaining token from : \"{0}\"
+incorrectConfiguration = The given configuration element is not a "token-dispatcher-configuration" element
+missingClassName = Class attribute missing
+cannotLoadClass = Error in loading and instanciating the class \"{0}\"
+invalidTokenTypeDefinition = Invalid 'tokenType' definition in \"{0}\" : \"{1}\"
+errorLoadingConfigFile = Error in loading configuration file : \"{0}\"
+defaultIssuerMissing = The default issuer must be specified
+tokenAlreadyExists = "The token \"{0}\" already exists in the store
+noTokenToUpdate = Canot find token : \"{0}\" to update
+errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
+missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
+missingConfiguration = Missing configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+reqestedSecTokMissing = RequestedSecurityToken missing in the response
+rptMissing = RequestedProofToken missing in the response
+notSupported = Not supported: {0}
+errorCreatingSymmKey = Error in creating the ephemeral key
+badDispatcherConfigMultipleDefaultIssuers = Dispatcher configuration error : There should be only one default issuer
+errorInBuildingTheEncryptedKeyForPrincipal = Error in building encrypted key for principal : \"{0}\"
+invlidTTL = timeToLive (in milliseconds) must be a positive long value.
+invalidKeysize = Invalid key size
+unsupportedWSTVersion = Unsupported WS-Trust version
+unsupportedKeyType = Upsupported KeyType
+invalidAppliesToElem = Invalid AppliesTo element
+errorSettingUpRequestorEntropy = Error setting up requestor entropy
+errorInProcessingSTR = Error in processing SecurityTokenReference : {0}
+cannotObtainTokenIdentifier = Cannot obtain token identifier
+lifeTimeProcessingError = Error in processing Lifetime : {0}
+invalidRPT = Invalid RequestedProofToken
+serviceEntropyMissing = Service entropy missing
+keyDerivationError = Error in key derivation
+errorInProcessingEncryptedKey = Error in processing encrypted key
+
+stsClientCfgCtxNull = STSClient: ConfigurationContext client is null
+
+#SCTIssuer specific error messages
+sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
+
+#SAMLTokenIssuer specific error messages
+samlPropFileMissing = cryptoProperties missing in the SAMLTokenIssuer configuration
+samlIssuerKeyPasswdMissing = issuerKeyPassword missing in SAMLTokenIssuer configuration
+samlIssuerKeyAliasMissing = user value missing in the SAMLTokenIssuer configuration
+samlConverstionError = Error in converting a SAML token to DOOM
+samlAssertionCreationError = Error in creating a SAMLToken using opensaml library
+aliasMissingForService = Certificate alias missing for service : \"{0}\"
+
+samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
+samlUnsupportedPrincipal = Unsupported principal : \"{0}\"
+
+requiredElementNotFound = Required Element \"{0}\" not found!
+cannotDetermineTokenId = Cannot determine token ID from request
+tokenNotFound = Token with ID \"{0}\" cannot be found
+configurationIsNull = Configuration is null
+errorInCancelingToken = Error occurred while trying to cancel token
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
new file mode 100644
index 0000000..9742f0a
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ */
+public abstract class AbstractIssuerConfig {
+
+ /**
+ * The key computation policy when clien't entropy is provided
+ */
+ public static class KeyComputation {
+ public static final QName KEY_COMPUTATION = new QName("keyComputation");
+ public final static int KEY_COMP_USE_REQ_ENT = 1;
+ public final static int KEY_COMP_PROVIDE_ENT = 2;
+ public final static int KEY_COMP_USE_OWN_KEY = 3;
+ }
+
+ public final static QName ADD_REQUESTED_ATTACHED_REF = new QName("addRequestedAttachedRef");
+ public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
+ public static final QName PROOF_KEY_TYPE = new QName("proofKeyType");
+
+ /**
+ * Element name to include the crypto properties used to load the
+ * information used securing the response
+ */
+ public final static QName CRYPTO_PROPERTIES = new QName("cryptoProperties");
+ public static final QName CRYPTO = new QName("crypto");
+
+ protected int keyComputation = KeyComputation.KEY_COMP_PROVIDE_ENT;
+ protected String proofKeyType = TokenIssuerUtil.ENCRYPTED_KEY;
+ protected boolean addRequestedAttachedRef;
+ protected boolean addRequestedUnattachedRef;
+ protected long ttl = 300000;
+ protected String cryptoPropertiesFile;
+ protected OMElement cryptoPropertiesElement;
+ protected int keySize = 256;
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
new file mode 100644
index 0000000..e762116
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -0,0 +1,568 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenIssuer;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.SAMLAttributeStatement;
+import org.opensaml.SAMLAuthenticationStatement;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
+import org.opensaml.SAMLStatement;
+import org.opensaml.SAMLSubject;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
+/**
+ * Issuer to issue SAMl tokens
+ */
+public class SAMLTokenIssuer implements TokenIssuer {
+
+ private String configParamName;
+
+ private OMElement configElement;
+
+ private String configFile;
+
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ try {
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = SAMLTokenIssuerConfig
+ .load(configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = SAMLTokenIssuerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = SAMLTokenIssuerConfig.load(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[] { this.configParamName });
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ // Set the DOM impl to DOOM
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ Crypto crypto;
+ if (config.cryptoPropertiesElement != null) { // crypto props
+ // defined as
+ // elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoPropertiesElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
+
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ // Get the key size and create a new byte array of that size
+ int keySize = data.getKeysize();
+
+ keySize = (keySize == -1) ? config.keySize : keySize;
+
+ /*
+ * Find the KeyType If the KeyType is SymmetricKey or PublicKey,
+ * issue a SAML HoK assertion. - In the case of the PublicKey, in
+ * coming security header MUST contain a certificate (maybe via
+ * signature)
+ *
+ * If the KeyType is Bearer then issue a Bearer assertion
+ *
+ * If the key type is missing we will issue a HoK asserstion
+ */
+
+ String keyType = data.getKeyType();
+ SAMLAssertion assertion;
+ if (keyType == null) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[] { "Requested KeyType is missing" });
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ || keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
+ assertion = createHoKAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
+ assertion = createBearerAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else {
+ throw new TrustException("unsupportedKeyType");
+ }
+
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
+ }
+
+ if (config.addRequestedAttachedRef) {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ + assertion.getId(), RahasConstants.TOK_TYPE_SAML_10);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+ assertion.getId(), RahasConstants.TOK_TYPE_SAML_10);
+ }
+
+ if (data.getAppliesToAddress() != null) {
+ TrustUtil.createAppliesToElement(rstrElem, data
+ .getAppliesToAddress(), data.getAddressingNs());
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+ Token assertionToken;
+ try {
+ Node tempNode = assertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
+
+ // Store the token
+ assertionToken = new Token(assertion.getId(),
+ (OMElement) assertion.toDOM(), creationTime,
+ expirationTime);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+
+ } catch (SAMLException e) {
+ throw new TrustException("samlConverstionError", e);
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ && config.keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+
+ // Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
+ config, rstrElem, assertionToken, doc);
+ }
+
+ return env;
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+
+ }
+
+ private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
+ Document doc, Crypto crypto, Date creationTime,
+ Date expirationTime, RahasData data) throws TrustException {
+ try {
+ Principal principal = data.getPrincipal();
+ // In the case where the principal is a UT
+ if (principal instanceof WSUsernameTokenPrincipal) {
+ // TODO: Find the email address
+ String subjectNameId = "ruchithf@apache.org";
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+ return createAuthAssertion(doc, SAMLSubject.CONF_BEARER,
+ nameId, null, config, crypto, creationTime,
+ expirationTime);
+ } else {
+ throw new TrustException("samlUnsupportedPrincipal",
+ new String[] { principal.getClass().getName() });
+ }
+ } catch (SAMLException e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
+ Document doc, Crypto crypto, Date creationTime,
+ Date expirationTime, RahasData data) throws TrustException {
+
+ if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ Element encryptedKeyElem;
+ X509Certificate serviceCert = null;
+ try {
+
+ // Get ApliesTo to figureout which service to issue the token
+ // for
+ serviceCert = getServiceCert(config, crypto, data
+ .getAppliesToAddress());
+
+ // Ceate the encrypted key
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+
+ // Use thumbprint id
+ encrKeyBuilder
+ .setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+
+ // SEt the encryption cert
+ encrKeyBuilder.setUseThisCert(serviceCert);
+
+ // set keysize
+ int keysize = data.getKeysize();
+ keysize = (keysize != -1) ? keysize : config.keySize;
+ encrKeyBuilder.setKeySize(keysize);
+
+ encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
+ data, config.keyComputation, keysize));
+
+ // Set key encryption algo
+ encrKeyBuilder
+ .setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
+
+ // Build
+ encrKeyBuilder.prepare(doc, crypto);
+
+ // Extract the base64 encoded secret value
+ byte[] tempKey = new byte[keysize / 8];
+ System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, tempKey,
+ 0, keysize / 8);
+
+ data.setEphmeralKey(tempKey);
+
+ // Extract the Encryptedkey DOM element
+ encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { serviceCert.getSubjectDN().getName() },
+ e);
+ }
+ return this.createAttributeAssertion(doc, encryptedKeyElem, config,
+ crypto, creationTime, expirationTime);
+ } else {
+ try {
+ String subjectNameId = data.getPrincipal().getName();
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+
+ // Create the ds:KeyValue element with the ds:X509Data
+ byte[] clientCertBytes = data.getClientCert().getEncoded();
+ String base64Cert = Base64.encode(clientCertBytes);
+
+ Text base64CertText = doc.createTextNode(base64Cert);
+ Element x509CertElem = doc.createElementNS(WSConstants.SIG_NS,
+ "X509Certificate");
+ x509CertElem.appendChild(base64CertText);
+ Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS,
+ "X509Data");
+ x509DataElem.appendChild(x509CertElem);
+ Element keyValueElem = doc.createElementNS(WSConstants.SIG_NS,
+ "KeyValue");
+ keyValueElem.appendChild(x509DataElem);
+
+ return this.createAuthAssertion(doc,
+ SAMLSubject.CONF_HOLDER_KEY, nameId, keyValueElem,
+ config, crypto, creationTime, expirationTime);
+ } catch (SAMLException e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ } catch (CertificateEncodingException e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+ }
+
+ /**
+ * Uses the <code>wst:AppliesTo</code> to figure out the certificate to
+ * encrypt the secret in the SAML token
+ *
+ * @param config
+ * @param crypto
+ * @param serviceAddress
+ * The address of the service
+ * @return
+ * @throws WSSecurityException
+ */
+ private X509Certificate getServiceCert(SAMLTokenIssuerConfig config,
+ Crypto crypto, String serviceAddress) throws WSSecurityException {
+
+ if (serviceAddress != null && !"".equals(serviceAddress)) {
+ String alias = (String) config.trustedServices.get(serviceAddress);
+ if (alias != null) {
+ return crypto.getCertificates(alias)[0];
+ } else {
+ alias = (String) config.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+ } else {
+ String alias = (String) config.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+
+ }
+
+ /**
+ * Create the SAML assertion with the secret held in an
+ * <code>xenc:EncryptedKey</code>
+ *
+ * @param doc
+ * @param keyInfoContent
+ * @param config
+ * @param crypto
+ * @param notBefore
+ * @param notAfter
+ * @return
+ * @throws TrustException
+ */
+ private SAMLAssertion createAttributeAssertion(Document doc,
+ Element keyInfoContent, SAMLTokenIssuerConfig config,
+ Crypto crypto, Date notBefore, Date notAfter) throws TrustException {
+ try {
+ String[] confirmationMethods = new String[] { SAMLSubject.CONF_HOLDER_KEY };
+
+ Element keyInfoElem = doc.createElementNS(WSConstants.SIG_NS,
+ "KeyInfo");
+ ((OMElement) keyInfoContent).declareNamespace(WSConstants.SIG_NS,
+ WSConstants.SIG_PREFIX);
+ ((OMElement) keyInfoContent).declareNamespace(WSConstants.ENC_NS,
+ WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(keyInfoContent);
+
+ SAMLSubject subject = new SAMLSubject(null, Arrays
+ .asList(confirmationMethods), null, keyInfoElem);
+
+ SAMLAttribute attribute = new SAMLAttribute("Name",
+ "https://rahas.apache.org/saml/attrns", null, -1, Arrays
+ .asList(new String[] { "Colombo/Rahas" }));
+ SAMLAttributeStatement attrStmt = new SAMLAttributeStatement(
+ subject, Arrays.asList(new SAMLAttribute[] { attribute }));
+
+ SAMLStatement[] statements = { attrStmt };
+
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore, notAfter, null, null, Arrays.asList(statements));
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+ assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ return assertion;
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ /**
+ * @param doc
+ * @param confMethod
+ * @param subjectNameId
+ * @param keyInfoContent
+ * @param config
+ * @param crypto
+ * @param notBefore
+ * @param notAfter
+ * @return
+ * @throws TrustException
+ */
+ private SAMLAssertion createAuthAssertion(Document doc, String confMethod,
+ SAMLNameIdentifier subjectNameId, Element keyInfoContent,
+ SAMLTokenIssuerConfig config, Crypto crypto, Date notBefore,
+ Date notAfter) throws TrustException {
+ try {
+ String[] confirmationMethods = new String[] { confMethod };
+
+ Element keyInfoElem = null;
+ if (keyInfoContent != null) {
+ keyInfoElem = doc
+ .createElementNS(WSConstants.SIG_NS, "KeyInfo");
+ ((OMElement) keyInfoContent).declareNamespace(
+ WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
+ ((OMElement) keyInfoContent).declareNamespace(
+ WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(keyInfoContent);
+ }
+
+ SAMLSubject subject = new SAMLSubject(subjectNameId, Arrays
+ .asList(confirmationMethods), null, keyInfoElem);
+
+ SAMLAuthenticationStatement authStmt = new SAMLAuthenticationStatement(
+ subject,
+ SAMLAuthenticationStatement.AuthenticationMethod_Password,
+ notBefore, null, null, null);
+ SAMLStatement[] statements = { authStmt };
+
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore, notAfter, null, null, Arrays.asList(statements));
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+ assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ return assertion;
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.rahas.TokenIssuer#getResponseAction(org.apache.axiom.om.OMElement,
+ * org.apache.axis2.context.MessageContext)
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_ISSUE);
+ }
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated key as a byte array
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ // TODO TODO SAMLTokenIssuer setConfigurationFile
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(org.apache.axiom.om.OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ // TODO TODO SAMLTokenIssuer setConfigurationElement
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.rahas.TokenIssuer#setConfigurationParamName(java.lang.String)
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
new file mode 100644
index 0000000..cc9e0cb
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+
+import java.io.FileInputStream;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+/**
+ * Configuration manager for the <code>SAMLTokenIssuer</code>
+ *
+ * @see SAMLTokenIssuer
+ */
+public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
+
+ /**
+ * The QName of the configuration element of the SAMLTokenIssuer
+ */
+ public final static QName SAML_ISSUER_CONFIG = new QName("saml-issuer-config");
+
+ /**
+ * Element name to include the alias of the private key to sign the response or
+ * the issued token
+ */
+ private final static QName ISSUER_KEY_ALIAS = new QName("issuerKeyAlias");
+
+ /**
+ * Element name to include the password of the private key to sign the
+ * response or the issued token
+ */
+ private final static QName ISSUER_KEY_PASSWD = new QName("issuerKeyPassword");
+
+ /**
+ * Element to specify the lifetime of the SAMLToken
+ * Dafaults to 300000 milliseconds (5 mins)
+ */
+ private final static QName TTL = new QName("timeToLive");
+
+ /**
+ * Element to list the trusted services
+ */
+ private final static QName TRUSTED_SERVICES = new QName("trusted-services");
+
+ private final static QName KEY_SIZE = new QName("keySize");
+
+ private final static QName SERVICE = new QName("service");
+ private final static QName ALIAS = new QName("alias");
+
+ public final static QName USE_SAML_ATTRIBUTE_STATEMENT = new QName("useSAMLAttributeStatement");
+
+ public final static QName ISSUER_NAME = new QName("issuerName");
+
+ protected String issuerKeyAlias;
+ protected String issuerKeyPassword;
+ protected String issuerName;
+ protected Map trustedServices;
+ protected String trustStorePropFile;
+
+ private SAMLTokenIssuerConfig(OMElement elem) throws TrustException {
+ OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+ if (proofKeyElem != null) {
+ this.proofKeyType = proofKeyElem.getText().trim();
+ }
+
+ //The alias of the private key
+ OMElement userElem = elem.getFirstChildWithName(ISSUER_KEY_ALIAS);
+ if (userElem != null) {
+ this.issuerKeyAlias = userElem.getText().trim();
+ }
+
+ if (this.issuerKeyAlias == null || "".equals(this.issuerKeyAlias)) {
+ throw new TrustException("samlIssuerKeyAliasMissing");
+ }
+
+ OMElement issuerKeyPasswdElem = elem.getFirstChildWithName(ISSUER_KEY_PASSWD);
+ if (issuerKeyPasswdElem != null) {
+ this.issuerKeyPassword = issuerKeyPasswdElem.getText().trim();
+ }
+
+ if (this.issuerKeyPassword == null || "".equals(this.issuerKeyPassword)) {
+ throw new TrustException("samlIssuerKeyPasswdMissing");
+ }
+
+ OMElement issuerNameElem = elem.getFirstChildWithName(ISSUER_NAME);
+ if (issuerNameElem != null) {
+ this.issuerName = issuerNameElem.getText().trim();
+ }
+
+ if (this.issuerName == null || "".equals(this.issuerName)) {
+ throw new TrustException("samlIssuerNameMissing");
+ }
+
+ OMElement cryptoPropElem = elem.getFirstChildWithName(CRYPTO_PROPERTIES);
+ if (cryptoPropElem != null) {
+ if ((cryptoPropertiesElement =
+ cryptoPropElem.getFirstChildWithName(CRYPTO)) == null){
+ // no children. Hence, prop file shud have been defined
+ this.cryptoPropertiesFile = cryptoPropElem.getText().trim();
+ }
+ // else Props should be defined as children of a crypto element
+ }
+
+ OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+ if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
+ this.keyComputation = Integer.parseInt(keyCompElem.getText());
+ }
+
+ //time to live
+ OMElement ttlElem = elem.getFirstChildWithName(TTL);
+ if (ttlElem != null) {
+ try {
+ this.ttl = Long.parseLong(ttlElem.getText().trim());
+ } catch (NumberFormatException e) {
+ throw new TrustException("invlidTTL");
+ }
+ }
+
+ OMElement keySizeElem = elem.getFirstChildWithName(KEY_SIZE);
+ if (keySizeElem != null) {
+ try {
+ this.keySize = Integer.parseInt(keySizeElem.getText().trim());
+ } catch (NumberFormatException e) {
+ throw new TrustException("invalidKeysize");
+ }
+ }
+
+ this.addRequestedAttachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+
+ //Process trusted services
+ OMElement trustedServices = elem.getFirstChildWithName(TRUSTED_SERVICES);
+
+ /*
+ * If there are trusted services add them to a list
+ * Only trusts myself to issue tokens to :
+ * In this case the STS is embedded in the service as well and
+ * the issued token can only be used with that particular service
+ * since the response secret is encrypted by the service's public key
+ */
+ if (trustedServices != null) {
+ //Now process the trusted services
+ Iterator servicesIter = trustedServices.getChildrenWithName(SERVICE);
+ while (servicesIter.hasNext()) {
+ OMElement service = (OMElement) servicesIter.next();
+ OMAttribute aliasAttr = service.getAttribute(ALIAS);
+ if (aliasAttr == null) {
+ //The certificate alias is a must
+ throw new TrustException("aliasMissingForService",
+ new String[]{service.getText().trim()});
+ }
+ if (this.trustedServices == null) {
+ this.trustedServices = new HashMap();
+ }
+
+ //Add the trusted service and the alias to the map of services
+ this.trustedServices.put(service.getText().trim(), aliasAttr.getAttributeValue());
+ }
+
+ //There maybe no trusted services as well, Therefore do not
+ //throw an exception when there are no trusted in the list at the
+ //moment
+ }
+ }
+
+ public static SAMLTokenIssuerConfig load(OMElement elem) throws TrustException {
+ return new SAMLTokenIssuerConfig(elem);
+ }
+
+ public static SAMLTokenIssuerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile",
+ new String[]{configFilePath});
+ }
+ return load(builder.getDocumentElement());
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
new file mode 100644
index 0000000..f1ed9e4
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
@@ -0,0 +1,247 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenIssuer;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Hashtable;
+
+public class SCTIssuer implements TokenIssuer {
+
+ public final static String COMPUTED_KEY = "ComputedKey";
+
+ private String configFile;
+
+ private OMElement configElement;
+
+ private String configParamName;
+
+ /**
+ * Issue a {@link SecurityContextToken} based on the wsse:Signature or
+ * wsse:UsernameToken
+ * <p/>
+ * This will support returning the SecurityContextToken with the following
+ * types of wst:RequestedProof tokens:
+ * <ul>
+ * <li>xenc:EncryptedKey</li>
+ * <li>wst:ComputedKey</li>
+ * <li>wst:BinarySecret (for secure transport)</li>
+ * </ul>
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ SCTIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = SCTIssuerConfig
+ .load(configElement
+ .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = SCTIssuerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = SCTIssuerConfig.load(param.getParameterElement()
+ .getFirstChildWithName(
+ SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("missingConfiguration",
+ new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+ .getLocalPart()});
+ }
+
+ // Env
+ return createEnvelope(data, config);
+ }
+
+ private SOAPEnvelope createEnvelope(RahasData data,
+ SCTIssuerConfig config) throws TrustException {
+ try {
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+ int wstVersion = data.getVersion();
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ SecurityContextToken sct =
+ new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
+
+ OMElement rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ env.getBody());
+
+ OMElement rstElem =
+ TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ rstElem.addChild((OMElement) sct.getElement());
+
+ String tokenType = data.getTokenType();
+
+ OMElement reqAttachedRef = null;
+ OMElement reqUnattachedRef = null;
+ if (config.addRequestedAttachedRef) {
+ reqAttachedRef = TrustUtil.createRequestedAttachedRef(wstVersion,
+ rstrElem,
+ "#" + sct.getID(),
+ tokenType);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ reqUnattachedRef = TrustUtil.createRequestedUnattachedRef(wstVersion,
+ rstrElem,
+ sct.getIdentifier(),
+ tokenType);
+ }
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion,
+ rstrElem,
+ zulu.format(creationTime),
+ zulu.format(expirationTime));
+
+ // Store the tokens
+ Token sctToken = new Token(sct.getIdentifier(),
+ (OMElement) sct.getElement(),
+ creationTime,
+ expirationTime);
+
+ sctToken.setUnattachedReference(reqAttachedRef.getFirstElement());
+ sctToken.setAttachedReference(reqAttachedRef.getFirstElement());
+
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data, config.keyComputation, config.keySize);
+ sctToken.setSecret(secret);
+
+ //Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data,
+ wstVersion,
+ config,
+ rstrElem,
+ sctToken,
+ doc);
+
+ sctToken.setState(Token.ISSUED);
+ TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+ return env;
+ } catch (ConversationException e) {
+ throw new TrustException(e.getMessage(), e);
+ }
+ }
+
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_SCT);
+ }
+
+ /**
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ private int getWSCVersion(String tokenTypeValue) throws ConversationException {
+
+ if (tokenTypeValue == null) {
+ return ConversationConstants.DEFAULT_VERSION;
+ }
+
+ if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_02)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
+ } else if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_12)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
+ } else {
+ throw new ConversationException("unsupportedSecConvVersion");
+ }
+ }
+
+ /**
+ * Creates the unique (reproducible) id for to hold the context identifier
+ * of the message exchange.
+ * @return
+ */
+ private String getContextIdentifierKey(MessageContext msgContext) {
+ return msgContext.getAxisService().getName();
+ }
+
+
+ /**
+ * Returns the map of security context token identifiers
+ * @return
+ */
+ private Hashtable getContextMap(MessageContext msgContext) {
+ //Fist check whether its there
+ Object map = msgContext.getConfigurationContext().getProperty(
+ ConversationConstants.KEY_CONTEXT_MAP);
+
+ if(map == null) {
+ //If not create a new one
+ map = new Hashtable();
+ //Set the map globally
+ msgContext.getConfigurationContext().setProperty(
+ ConversationConstants.KEY_CONTEXT_MAP, map);
+ }
+
+ return (Hashtable)map;
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java
new file mode 100644
index 0000000..d790261
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+
+import java.io.FileInputStream;
+
+/**
+ * SCTIssuer Configuration processor
+ */
+public class SCTIssuerConfig extends AbstractIssuerConfig{
+
+ public final static QName SCT_ISSUER_CONFIG = new QName("sct-issuer-config");
+ protected byte[] requesterEntropy;
+
+ private SCTIssuerConfig(OMElement elem) throws TrustException {
+ OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+ if (proofKeyElem != null) {
+ this.proofKeyType = proofKeyElem.getText().trim();
+ }
+
+ OMElement cryptoPropertiesElem = elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!TokenIssuerUtil.BINARY_SECRET.equals(proofKeyType) && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.addRequestedAttachedRef =
+ elem.getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef =
+ elem.getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+ if ((cryptoPropertiesElement =
+ cryptoPropertiesElem.getFirstChildWithName(CRYPTO)) == null) { // no children. Hence, prop file shud have been defined
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();
+ }
+ // else Props should be defined as children of a crypto element
+
+ OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+ if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
+ this.keyComputation = Integer.parseInt(keyCompElem.getText());
+ }
+ }
+
+ public static SCTIssuerConfig load(OMElement elem) throws TrustException {
+ return new SCTIssuerConfig(elem);
+ }
+
+ public static SCTIssuerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile",
+ new String[] { configFilePath });
+ }
+
+ return load(builder.getDocumentElement());
+ }
+}
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
new file mode 100644
index 0000000..820cf6b
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+import java.io.FileInputStream;
+
+/**
+ *
+ */
+public class TokenCancelerConfig {
+
+ /*
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </stoken-canceler-config>
+ </parameter>
+ */
+ public final static QName TOKEN_CANCELER_CONFIG = new QName("token-canceler-config");
+
+ private TokenCancelerConfig(OMElement elem) throws TrustException {
+ /*OMElement proofTokenElem =
+ elem.getFirstChildWithName(new QName("proofToken"));
+ if (proofTokenElem != null) {
+ this.proofTokenType = proofTokenElem.getText().trim();
+ }
+
+ OMElement cryptoPropertiesElem = elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!SCTIssuer.BINARY_SECRET.equals(proofTokenType)
+ && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.addRequestedAttachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();*/
+ }
+
+ public static TokenCancelerConfig load(OMElement elem) throws TrustException {
+ return new TokenCancelerConfig(elem);
+ }
+
+ public static TokenCancelerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile", new String[] { configFilePath });
+ }
+ return load(builder.getDocumentElement());
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java
new file mode 100644
index 0000000..9a459c0
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.rahas.TokenCanceler;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.context.MessageContext;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ */
+public class TokenCancelerImpl implements TokenCanceler {
+
+ private String configFile;
+ private OMElement configElement;
+ private String configParamName;
+
+ /**
+ * Cancel the token specified in the request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws org.apache.rahas.TrustException
+ *
+ */
+ public SOAPEnvelope cancel(RahasData data) throws TrustException {
+ TokenCancelerConfig config = null;
+ if (this.configElement != null) {
+ config = TokenCancelerConfig.load(configElement.
+ getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = TokenCancelerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = TokenCancelerConfig.load(param.getParameterElement()
+ .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("missingConfiguration",
+ new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+ .getLocalPart()});
+ }
+
+ OMElement rstEle = data.getRstElement();
+ QName cancelTagetQName = new QName(data.getWstNs(), RahasConstants.CancelBindingLocalNames.CANCEL_TARGET);
+ OMElement cancelTargetEle = rstEle.getFirstChildWithName(cancelTagetQName);
+ if (cancelTargetEle == null) {
+ throw new TrustException("requiredElementNotFound",
+ new String[]{cancelTagetQName.toString()});
+ }
+ OMElement secTokenRefEle = cancelTargetEle
+ .getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ SecurityTokenReference.SECURITY_TOKEN_REFERENCE));
+ String tokenId;
+ if (secTokenRefEle != null) {
+
+ /*
+ <o:SecurityTokenReference
+ xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <o:Reference URI="urn:uuid:8e6a3a95-fd1b-4c24-96d4-28e875025ff7"
+ ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </o:SecurityTokenReference>
+ */
+ OMElement referenceEle = secTokenRefEle.getFirstChildWithName(Reference.TOKEN);
+ if (referenceEle != null) {
+ OMAttribute uri = referenceEle.getAttribute(new QName(
+ RahasConstants.CancelBindingLocalNames.URI));
+ if (uri != null) {
+ tokenId = uri.getAttributeValue().substring(1);
+ } else {
+ throw new TrustException("cannotDetermineTokenId");
+ }
+ } else {
+ throw new TrustException("cannotDetermineTokenId");
+ }
+ } else {
+ // TODO: we need to handle situation where the token itself is contained within the
+ // TODO: <wst:CancelTarget> element
+ throw new TrustException("cannotDetermineTokenId");
+ }
+
+ // Cancel the token
+ MessageContext inMsgCtx = data.getInMessageContext();
+ TokenStorage tokenStore = TrustUtil.getTokenStore(inMsgCtx);
+ Token token = tokenStore.getToken(tokenId);
+ if (token == null) {
+ throw new TrustException("tokenNotFound", new String[]{tokenId});
+ }
+ token.setState(Token.CANCELLED);
+ tokenStore.update(token);
+
+ // Create the response SOAP Envelope
+ SOAPEnvelope responseEnv =
+ TrustUtil.
+ createSOAPEnvelope(inMsgCtx.getEnvelope().getNamespace().getNamespaceURI());
+ OMElement rstrElem;
+ int version = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == version) {
+ rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(version, responseEnv.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ version, responseEnv.getBody());
+
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(version, rstrcElem);
+ }
+ OMElement reqTokenCanceledEle =
+ TrustUtil.createRequestedTokenCanceledElement(version, rstrElem);
+ return responseEnv;
+ }
+
+ /**
+ * Set the configuration file of this TokenCanceller.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * Set the configuration element of this TokenCanceller.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuation
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws org.apache.rahas.TrustException
+ *
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_CANCEL);
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
new file mode 100644
index 0000000..035ff9a
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import java.security.SecureRandom;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ *
+ */
+public class TokenIssuerUtil {
+
+ public final static String ENCRYPTED_KEY = "EncryptedKey";
+ public final static String BINARY_SECRET = "BinarySecret";
+
+ public static byte[] getSharedSecret(RahasData data,
+ int keyComputation,
+ int keySize) throws TrustException {
+
+ boolean reqEntrPresent = data.getRequestEntropy() != null;
+
+ try {
+ if (reqEntrPresent &&
+ keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_OWN_KEY) {
+ //If there is requestor entropy and if the issuer is not
+ //configured to use its own key
+
+ if (keyComputation ==
+ SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT) {
+ data.setResponseEntropy(WSSecurityUtil.generateNonce(keySize / 8));
+ P_SHA1 p_sha1 = new P_SHA1();
+ return p_sha1.createKey(data.getRequestEntropy(),
+ data.getResponseEntropy(),
+ 0,
+ keySize / 8);
+ } else {
+ //If we reach this its expected to use the requestor's
+ //entropy
+ return data.getRequestEntropy();
+ }
+ } else { // need to use a generated key
+ return generateEphemeralKey(keySize);
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ } catch (ConversationException e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ }
+ }
+
+ public static void handleRequestedProofToken(RahasData data,
+ int wstVersion,
+ AbstractIssuerConfig config,
+ OMElement rstrElem,
+ Token token,
+ Document doc) throws TrustException {
+ OMElement reqProofTokElem =
+ TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
+
+ if (config.keyComputation == AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT
+ && data.getRequestEntropy() != null) {
+ //If we there's requestor entropy and its configured to provide
+ //entropy then we have to set the entropy value and
+ //set the RPT to include a ComputedKey element
+
+ OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
+ String entr = Base64.encode(data.getResponseEntropy());
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ respEntrElem,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ binSecElem.setText(entr);
+
+ OMElement compKeyElem =
+ TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
+ compKeyElem.setText(data.getWstNs() + RahasConstants.COMPUTED_KEY_PSHA1);
+ } else {
+ if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto;
+ if (config.cryptoPropertiesElement != null) { // crypto props defined as elements
+ crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoPropertiesElement),
+ data.getInMessageContext().
+ getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ data.getInMessageContext().
+ getAxisService().getClassLoader());
+ }
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(data.getClientCert());
+ encrKeyBuilder.prepare(doc, crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[]{data.
+ getClientCert().getSubjectDN().getName()});
+ }
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ reqProofTokElem.addChild((OMElement) bstElem);
+ }
+
+ reqProofTokElem.addChild((OMElement) encryptedKeyElem);
+
+ token.setSecret(encrKeyBuilder.getEphemeralKey());
+ } else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) {
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data,
+ config.keyComputation,
+ config.keySize);
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ reqProofTokElem,
+ null);
+ binSecElem.setText(Base64.encode(secret));
+ token.setSecret(secret);
+ } else {
+ throw new IllegalArgumentException(config.proofKeyType);
+ }
+ }
+ }
+
+ private static byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ }
+ }
+
+}
diff --git a/modules/rampart-trust/sts-aar-resources/rahas-sts.jks b/modules/rampart-trust/sts-aar-resources/rahas-sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/rahas-sts.jks
Binary files differ
diff --git a/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml b/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
new file mode 100644
index 0000000..9daecb3
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
@@ -0,0 +1,46 @@
+<saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+
+ <!-- alias of the issuer's private key -->
+ <issuerKeyAlias>ip</issuerKeyAlias>
+
+ <!-- password of the issuer's private key -->
+ <issuerKeyPassword>password</issuerKeyPassword>
+
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <timeToLive>300000</timeToLive>
+
+ <keySize>256</keySize>
+
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+
+ <trusted-services>
+ <!-- The service name and the alias of the trusted cert to use -->
+ <service alias="bob">http://localhost:8080/axis2/services/STS</service>
+ </trusted-services>
+
+</saml-issuer-config>
diff --git a/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml b/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml
new file mode 100644
index 0000000..412fbc3
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml
@@ -0,0 +1,29 @@
+<sct-issuer-config>
+
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+</sct-issuer-config>
diff --git a/modules/rampart-trust/sts-aar-resources/services.xml b/modules/rampart-trust/sts-aar-resources/services.xml
new file mode 100644
index 0000000..4274a75
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/services.xml
@@ -0,0 +1,89 @@
+<!-- Security token service configuration -->
+<service name="STS">
+
+ <operation name="RequestSecurityToken">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ </operation>
+
+ <!-- Using the config file -->
+ <parameter name="token-dispatcher-configuration-file">META-INF/token-dispatcher-configuration.xml</parameter>
+
+ <!-- Configure Rampart to authenticate clients -->
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+
+ <ramp:user>ip</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ </ramp:RampartConfig>
+
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml b/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml
new file mode 100644
index 0000000..c19c2cd
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml
@@ -0,0 +1,3 @@
+<token-canceler-config>
+
+</token-canceler-config>
diff --git a/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml b/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
new file mode 100644
index 0000000..2000e87
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
@@ -0,0 +1,17 @@
+<token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="file">sct-issuer-config.xml</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="file">META-INF/saml-issuer-config.xml</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="file">META-INF/token-canceler-config.xml</configuration>
+ </canceler>
+
+</token-dispatcher-configuration>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..ada2ad7
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,486 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <packaging>pom</packaging>
+ <description>WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache
+ Axis2</description>
+ <version>1.21</version>
+ <name>Apache Rampart</name>
+ <url>http://ws.apache.org/rampart</url>
+
+ <licenses>
+ <license>
+ <name>Apache License Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+ </license>
+ </licenses>
+
+ <organization>
+ <name>Apache Software Foundation</name>
+ <url>http://www.apache.org</url>
+ </organization>
+
+ <issueManagement>
+ <system>JIRA</system>
+ <url>http://issues.apache.org/jira/browse/RAMPART</url>
+ </issueManagement>
+ <mailingLists>
+ <mailingList>
+ <name>Rampart Developers</name>
+ <subscribe>rampart-dev-subscribe@ws.apache.org</subscribe>
+ <unsubscribe>rampart-dev-unsubscribe@ws.apache.org</unsubscribe>
+ <post>rampart-dev@ws.apache.org</post>
+ <archive>http://mail-archives.apache.org/mod_mbox/rampart-dev/</archive>
+ </mailingList>
+ </mailingLists>
+
+ <inceptionYear>2005</inceptionYear>
+
+ <developers>
+ <developer>
+ <name>Afkham Azeez</name>
+ <id>azeez</id>
+ <email>azeez AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ <developer>
+ <name>Ruchith Fernando</name>
+ <id>ruchith</id>
+ <email>ruchith AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ <developer>
+ <name>Sanka Samaranayake</name>
+ <id>sanka</id>
+ <organization>WSO2</organization>
+ <email>sanka AT wso2.com</email>
+ </developer>
+ <developer>
+ <name>Davanum Srinivas</name>
+ <id>dims</id>
+ <email>dims AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ </developers>
+
+ <scm>
+ <connection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+
+ <repositories>
+ <repository>
+ <releases>
+ <enabled>false</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>fail</checksumPolicy>
+ </snapshots>
+ <id>apache-snapshots</id>
+ <name>Apache Maven2 SNAPSHOTS</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ </repository>
+ <repository>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </snapshots>
+ <id>apache-ws-snapshots2</id>
+ <name>Apache ws.zones - 2</name>
+ <url>http://ws.zones.apache.org/repository2</url>
+ </repository>
+ </repositories>
+
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>snapshot-apache</id>
+ <name>Apache Snapshot repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+
+ <pluginRepository>
+ <id>snapshot</id>
+ <name>Snapshot repository</name>
+ <url>http://snapshots.maven.codehaus.org/maven2</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+
+ </pluginRepositories>
+
+ <build>
+ <plugins>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0</version>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.2</version>
+ </plugin>
+
+ </plugins>
+ </build>
+
+
+ <dependencies>
+
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mtompolicy</artifactId>
+ <version>${axis2.version}</version>
+ <scope>compile</scope>
+ </dependency>
+
+ <!-- AIOM Dependencies -->
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-impl</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-api</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+
+ <!-- Thrid party dependencies -->
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>${commons.httpclient.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>${commons.collections.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-discovery</groupId>
+ <artifactId>commons-discovery</artifactId>
+ <version>${commons.discovery.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>${commons.codec.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${stax.impl.groupid}</groupId>
+ <artifactId>${stax.impl.artifactid}</artifactId>
+ <version>${stax.impl.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>${stax.api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ <version>${xml.apis.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.woden</groupId>
+ <artifactId>woden</artifactId>
+ <version>${woden.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>wsdl4j</groupId>
+ <artifactId>wsdl4j</artifactId>
+ <version>${wsdl4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>${javamail.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.activation</groupId>
+ <artifactId>activation</artifactId>
+ <version>${activation.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xmlbeans</groupId>
+ <artifactId>xbean</artifactId>
+ <version>${xbean.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.security</groupId>
+ <artifactId>wss4j</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>${xmlsec.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>${jaxen.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>backport-util-concurrent</groupId>
+ <artifactId>backport-util-concurrent</artifactId>
+ <version>${backport_util_concurrent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>${servletapi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.schema</groupId>
+ <artifactId>XmlSchema</artifactId>
+ <version>${XmlSchema.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>annogen</groupId>
+ <artifactId>annogen</artifactId>
+ <version>${annogen.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.ant</groupId>
+ <artifactId>ant-nodeps</artifactId>
+ <version>${ant.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.neethi</groupId>
+ <artifactId>neethi</artifactId>
+ <version>${neethi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>httpcomponents-httpcore</groupId>
+ <artifactId>jakarta-httpcore</artifactId>
+ <version>${jakarta.httpcore.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>${xalan.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>${xerces.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ <version>${xml.apis.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <type>mar</type>
+ <version>${addressing.mar.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>${commons.fileupload.version}</version>
+ </dependency>
+ </dependencies>
+
+
+ <profiles>
+ <profile>
+ <id>jdk14</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ <jdk>1.4</jdk>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk13</artifactId>
+ <version>${bcprov.jdk13.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>jdk15</id>
+ <activation>
+ <jdk>1.5</jdk>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ </profiles>
+
+ <modules>
+ <module>modules/rampart-policy</module>
+ <module>modules/rampart-trust</module>
+ <module>modules/rampart-core</module>
+ <module>modules/rampart-tests</module>
+ <module>modules/rampart-mar</module>
+ <module>modules/rampart-trust-mar</module>
+ <!--<module>modules/rampart-integration</module>-->
+ </modules>
+
+ <properties>
+ <axis2.version>1.2</axis2.version>
+
+ <axiom.version>1.2.4</axiom.version>
+ <addressing.mar.version>1.2</addressing.mar.version>
+
+ <wss4j.version>1.5.2</wss4j.version>
+ <xmlsec.version>1.4.0</xmlsec.version>
+
+ <opensaml.version>1.1</opensaml.version>
+
+ <XmlSchema.version>1.3.1</XmlSchema.version>
+ <neethi.version>2.0.1</neethi.version>
+
+ <xbean.version>2.1.0</xbean.version>
+ <woden.version>1.0-incubating-M7a</woden.version>
+ <wsdl4j.version>1.6.1</wsdl4j.version>
+ <annogen.version>0.1.0</annogen.version>
+
+ <activation.version>1.1</activation.version>
+ <javamail.version>1.4</javamail.version>
+
+ <jaxen.version>1.1-beta-10</jaxen.version>
+
+ <stax.impl.groupid>org.codehaus.woodstox</stax.impl.groupid>
+ <stax.impl.artifactid>wstx-asl</stax.impl.artifactid>
+ <stax.impl.version>3.2.0</stax.impl.version>
+ <stax.api.version>1.0.1</stax.api.version>
+ <xml.apis.version>1.3.03</xml.apis.version>
+
+ <bcprov.jdk13.version>132</bcprov.jdk13.version>
+ <bcprov.jdk15.version>132</bcprov.jdk15.version>
+
+ <commons.codec.version>1.3</commons.codec.version>
+ <commons.httpclient.version>3.0.1</commons.httpclient.version>
+ <commons.logging.version>1.1</commons.logging.version>
+ <backport_util_concurrent.version>2.1</backport_util_concurrent.version>
+
+ <servletapi.version>2.3</servletapi.version>
+
+ <junit.version>3.8.1</junit.version>
+ <xmlunit.version>1.0</xmlunit.version>
+ <log4j.version>1.2.13</log4j.version>
+
+ <jakarta.httpcore.version>4.0-alpha4</jakarta.httpcore.version>
+ <commons.collections.version>3.1</commons.collections.version>
+ <commons.fileupload.version>1.1.1</commons.fileupload.version>
+ <commons.discovery.version>0.2</commons.discovery.version>
+
+ <ant.version>1.7.0</ant.version>
+
+ <xalan.version>2.7.0</xalan.version>
+ <xerces.version>2.8.1</xerces.version>
+
+ </properties>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>
+ scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ </snapshotRepository>
+ </distributionManagement>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/release-docs/LICENSE.txt b/release-docs/LICENSE.txt
new file mode 100755
index 0000000..6b0b127
--- /dev/null
+++ b/release-docs/LICENSE.txt
@@ -0,0 +1,203 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/release-docs/NOTICE.txt b/release-docs/NOTICE.txt
new file mode 100644
index 0000000..77d3370
--- /dev/null
+++ b/release-docs/NOTICE.txt
@@ -0,0 +1,12 @@
+ =========================================================================
+ == NOTICE file corresponding to the section 4 d of ==
+ == the Apache License, Version 2.0, ==
+ == in this case for the Apache Axis2 distribution. ==
+ =========================================================================
+
+ This product includes software developed by
+ The Apache Software Foundation (http://www.apache.org/).
+
+ Please read the different LICENSE files present in the lib directory of
+ this distribution.
+
diff --git a/release-docs/README.txt b/release-docs/README.txt
new file mode 100644
index 0000000..2877bc0
--- /dev/null
+++ b/release-docs/README.txt
@@ -0,0 +1,55 @@
+======================================================
+Apache Rampart-1.2 build (May 29, 2007)
+
+http://ws.apache.org/axis2/modules/rampart/
+------------------------------------------------------
+
+___________________
+Contents
+===================
+
+lib - This directory contains all the libraries required by rampart
+ in addition to the libraries available in the axis2 standard binary
+ release.
+
+
+rampart-1.2.mar - WS-Security and WS-SecureConversation support for Axis2
+rahas-1.2.mar - STS module - to be used to add STS operations to a service
+
+samples - This contains samples on using Apache Rampart and configuring
+ different conponents to carryout different WS-Sec* operations.
+
+README.txt - This file
+
+build.xml - Setup file to copy all jars to required places
+
+IMPORTANT: Before you try any of the samples makesure you
+
+1.) Have the Axis2 standard binary distribution downloaded and extracted.
+2.) Set the AXIS2_HOME environment variable
+3.) Run ant from the "samples" directory to copy the required libraries and
+ modules to relevant directories in AXIS2_HOME.
+4.) Download xalan-2.7.0.jar from here[1] and put under AXIS2_HOME\lib folder,
+ if you use JDK 1.5.
+
+___________________
+Support
+===================
+
+Any problem with this release can be reported to Axis mailing list
+or in the JIRA issue tracker. If you are sending an email to the mailing
+list make sure to add the [Rampart] prefix to the subject.
+
+Mailing list subscription:
+ axis-dev-subscribe@ws.apache.org
+
+Jira:
+ http://issues.apache.org/jira/browse/AXIS2
+ (Component - modules)
+
+
+Thank you for using Apache Rampart!
+
+The Apache Rampart team.
+
+[1] http://www.apache.org/dist/java-repository/xalan/jars/
diff --git a/release-docs/build.xml b/release-docs/build.xml
new file mode 100644
index 0000000..7a2dbd5
--- /dev/null
+++ b/release-docs/build.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="lib"/>
+ <property name="modules.dir" value="."/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
diff --git a/release-docs/release-notes.html b/release-docs/release-notes.html
new file mode 100644
index 0000000..f368304
--- /dev/null
+++ b/release-docs/release-notes.html
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+ <title>Apache Rampart - Release Notes</title>
+ <meta name="generator" content="amaya 9.2.2, see http://www.w3.org/Amaya/"
+ />
+</head>
+
+<body>
+<h1>Apache Rampart Release Notes</h1>
+
+<p>This is the 1.2 release of Apache Rampart.</p>
+
+<p>Apache Rampart 1.2 is a toolkit that provides implementations of the WS-Sec*
+specifications for Apache Axis 1.2, based on Apache WSS4J 1.5.2 and
+the Apache AXIOM-DOOM 1.2.4 implementation.</p>
+
+<b>What is in this release</b>
+
+<p>There are two main Apache Axis2 modules provided with this release.</p>
+<ul>
+<li>rampart-1.2.mar</li>
+This provides support for WS-Security and WS-SecureConversation features.
+<li>rahas-1.2.mar</li>
+This module provides the necessary components to enable SecurityTokenService
+functionality on a service.
+</ul>
+
+<p>Apache Rampart 1.2 uses a configuration model based on WS-Policy
+and WS-Security Policy and it is important to note that Apache Rampart 1.0 style
+configuration is also available even though being marked as deprecated.
+</p>
+
+<p>Apache Rampart 1.2 can be successfully used with the next Apache Sandesha2
+release targeted towards Apache Axis2 1.2 to configure
+WS-SecureConversation + WS-ReliableMessaging scenarios.</p>
+<p>
+The rampart module was successfully tested for interoperability with other
+WS-Security implementations.</p>
+
+<p>WS - Sec* specifications supported by Apache Rampart are as follows:</p>
+
+<ul>
+<li>WS - Security 1.0</li>
+<li>WS - Secure Conversation - February 2005</li>
+<li>WS - Security Policy - 1.1 - July 2005</li>
+<li>WS - Trust - February 2005</li>
+<li>WS - Trust - WS-SX spec - EXPERIMENTAL </li>
+</ul>
+
+
+
+
+<p>Thank you for using Apache Rampart.</p>
+
+<p></p>
+
+<p>Apache Rampart team</p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+</body>
+</html>
