Moving axis svn, part of TLP move INFRA-2441
diff --git a/build.xml b/build.xml
new file mode 100644
index 0000000..415eace
--- /dev/null
+++ b/build.xml
@@ -0,0 +1,161 @@
+<project name="Apache Rampart release build" default="dist">
+
+ <property name="rampart.version" value="1.3-SNAPSHOT"/>
+ <property name="rampart.bin.dist" value="rampart"/>
+ <property name="rampart.src.dist" value="rampart-src"/>
+ <property name="rampart.docs.dist" value="rampart-docs"/>
+ <property name="rampart.mar.version" value="1.3"/>
+
+ <property name="dir.dist" value="dist"/>
+ <property name="dir.dist.bin" value="${dir.dist}/bin/${rampart.bin.dist}-${rampart.version}"/>
+ <property name="dir.dist.src" value="${dir.dist}/src/${rampart.src.dist}-${rampart.version}"/>
+ <property name="dir.dist.docs" value="${dir.dist}/docs/${rampart.docs.dist}-${rampart.version}"/>
+
+ <property name="dir.mvn2.repo" value="${user.home}/.m2/repository"/>
+
+ <property name="version.bcprov13" value="132"/>
+ <property name="version.bcprov15" value="132"/>
+
+ <property name="version.xmlsec" value="1.4.0"/>
+ <property name="version.opensaml" value="1.1"/>
+ <property name="version.wss4j" value="SNAPSHOT"/>
+
+
+ <condition property="jdk14.present">
+ <equals arg1="${ant.java.version}" arg2="1.4"/>
+ </condition>
+
+ <target name="init">
+ <mkdir dir="${dir.dist}"/>
+ </target>
+
+ <target name="dist" depends="clean, bin-dist, src-dist, docs-dist">
+ <copy todir="${dir.dist}" file="modules/rampart-mar/target/rampart-${rampart.mar.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust-mar/target/rahas-${rampart.mar.version}.mar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist}" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+ </target>
+
+ <target name="bin-dist" depends="init">
+
+ <mkdir dir="${dir.dist.bin}"/>
+
+ <copy todir="${dir.dist.bin}">
+ <fileset dir="release-docs">
+ </fileset>
+ </copy>
+
+ <!-- Modules -->
+ <echo>Copying mars in to modules</echo>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-mar/target/rampart-${rampart.mar.version}.mar"/>
+ <copy todir="${dir.dist.bin}" file="modules/rampart-trust-mar/target/rahas-${rampart.mar.version}.mar"/>
+
+ <!-- All dep jars -->
+ <echo>Copying dependencies into lib</echo>
+ <mkdir dir="${dir.dist.bin}/lib"/>
+
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-core/target/rampart-core-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-policy/target/rampart-policy-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="modules/rampart-trust/target/rampart-trust-${rampart.version}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/santuario/xmlsec/${version.xmlsec}/xmlsec-${version.xmlsec}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/opensaml/opensaml/${version.opensaml}/opensaml-${version.opensaml}.jar"/>
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/org/apache/ws/security/wss4j/${version.wss4j}/wss4j-${version.wss4j}.jar"/>
+ <antcall target="copy-bc-jar-14" />
+ <antcall target="copy-bc-jar-15" />
+
+ <echo>Copying samples</echo>
+ <!-- copy samples -->
+ <mkdir dir="${dir.dist.bin}/samples"/>
+
+ <copy todir="${dir.dist.bin}/samples">
+ <fileset dir="modules/rampart-samples/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.bin.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.bin}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.bin}/../"/>
+
+ </target>
+
+ <target name="copy-bc-jar-14" if="${jdk14.present}">
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk13/${version.bcprov13}/bcprov-jdk13-${version.bcprov13}.jar"/>
+ </target>
+
+ <target name="copy-bc-jar-15" unless="${jdk14.present}">
+ <copy todir="${dir.dist.bin}/lib" file="${dir.mvn2.repo}/bouncycastle/bcprov-jdk15/${version.bcprov15}/bcprov-jdk15-${version.bcprov15}.jar"/>
+ </target>
+
+ <target name="src-dist" depends="init">
+
+ <mkdir dir="${dir.dist.src}"/>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.src}">
+ <fileset dir="modules">
+ <include name="rampart-core/**/*"/>
+ <include name="rampart-policy/**/*"/>
+ <include name="rampart-trust/**/*"/>
+ <include name="rampart-samples/**/*"/>
+ <exclude name=".svn"/>
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.src.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.src}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.src}/../"/>
+ </target>
+
+ <target name="docs-dist">
+
+ <mkdir dir="${dir.dist.docs}"/>
+
+ <copy todir="${dir.dist.docs}">
+ <fileset dir="release-docs">
+ <exclude name="build.xml"/>
+ <exclude name="README.txt"/>
+ </fileset>
+ </copy>
+
+ <mkdir dir="${dir.dist.docs}/core"/>
+ <mkdir dir="${dir.dist.docs}/policy"/>
+ <mkdir dir="${dir.dist.docs}/trust"/>
+
+ <copy todir="${dir.dist.docs}/core">
+ <fileset dir="modules/rampart-core/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/policy">
+ <fileset dir="modules/rampart-policy/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <copy todir="${dir.dist.docs}/trust">
+ <fileset dir="modules/rampart-trust/target/site/apidocs/">
+ </fileset>
+ </copy>
+
+ <zip destfile="${dir.dist}/${rampart.docs.dist}-${rampart.version}.zip">
+ <zipfileset dir="${dir.dist.docs}/../"/>
+ </zip>
+
+ <delete dir="${dir.dist.docs}/../"/>
+ </target>
+
+ <target name="clean">
+ <delete dir="${dir.dist}"/>
+ </target>
+
+</project>
diff --git a/modules/rampart-core/pom.xml b/modules/rampart-core/pom.xml
new file mode 100644
index 0000000..86c276b
--- /dev/null
+++ b/modules/rampart-core/pom.xml
@@ -0,0 +1,62 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-core</artifactId>
+ <packaging>jar</packaging>
+ <version>1.3-SNAPSHOT</version>
+ <name>Rampart - Core</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+</project>
diff --git a/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..34900b9
--- /dev/null
+++ b/modules/rampart-core/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,3 @@
+org.apache.rampart.policy.builders.CryptoConfigBuilder
+org.apache.rampart.policy.builders.RampartConfigBuilder
+org.apache.rampart.policy.builders.SSLConfigBuilder
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/log4j.properties b/modules/rampart-core/src/main/java/log4j.properties
new file mode 100644
index 0000000..1357804
--- /dev/null
+++ b/modules/rampart-core/src/main/java/log4j.properties
@@ -0,0 +1,20 @@
+# Set root category priority to INFO and its only appender to CONSOLE.
+log4j.rootCategory=FATAL, CONSOLE
+#log4j.rootCategory=DEBUG, CONSOLE
+
+#log4j.logger.org.apache.rampart.TIME=DEBUG, CONSOLE
+#log4j.logger.org.apache.rampart.messages = DEBUG, CONSOLE
+
+# CONSOLE is set to be a ConsoleAppender using a PatternLayout.
+log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
+log4j.appender.CONSOLE.Threshold=DEBUG
+log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
+log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n
+
+# LOGFILE is set to be a File appender using a PatternLayout.
+log4j.appender.LOGFILE=org.apache.log4j.FileAppender
+log4j.appender.LOGFILE.File=axis.log
+log4j.appender.LOGFILE.Append=true
+log4j.appender.LOGFILE.Threshold=DEBUG
+log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout
+log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
new file mode 100644
index 0000000..553a655
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/MessageBuilder.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.AddressingConstants.Final;
+import org.apache.axis2.addressing.AddressingConstants.Submission;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.util.XMLUtils;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.builder.AsymmetricBindingBuilder;
+import org.apache.rampart.builder.SymmetricBindingBuilder;
+import org.apache.rampart.builder.TransportBindingBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import javax.xml.namespace.QName;
+
+public class MessageBuilder {
+
+ private static Log log = LogFactory.getLog(MessageBuilder.class);
+
+ public void build(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ Axis2Util.useDOOM(true);
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, true);
+
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null) {
+ return;
+ }
+
+ //Copy the RECV_RESULTS if available
+ if(!rmd.isInitiator()) {
+ OperationContext opCtx = msgCtx.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgCtx.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+ }
+
+
+ String isCancelreq = (String)msgCtx.getProperty(RampartMessageData.CANCEL_REQUEST);
+ if(isCancelreq != null && Constants.VALUE_TRUE.equals(isCancelreq)) {
+ try {
+
+ String cancelAction = TrustUtil.getWSTNamespace(rmd.getWstVersion()) + RahasConstants.RST_ACTION_CANCEL_SCT;
+ //Set action
+ msgCtx.getOptions().setAction(cancelAction);
+
+ //Change the wsa:Action header
+ String wsaNs = Final.WSA_NAMESPACE;
+ Object addressingVersionFromCurrentMsgCtxt = msgCtx.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+ if (Submission.WSA_NAMESPACE.equals(addressingVersionFromCurrentMsgCtxt)) {
+ wsaNs = Submission.WSA_NAMESPACE;
+ }
+ OMElement header = msgCtx.getEnvelope().getHeader();
+ if(header != null) {
+ OMElement actionElem = header.getFirstChildWithName(new QName(wsaNs, AddressingConstants.WSA_ACTION));
+ if(actionElem != null) {
+ actionElem.setText(cancelAction);
+ }
+ }
+
+ //set payload to a cancel request
+ String ctxIdKey = RampartUtil.getContextIdentifierKey(msgCtx);
+ String tokenId = (String)RampartUtil.getContextMap(msgCtx).get(ctxIdKey);
+
+ if(tokenId != null && RampartUtil.isTokenValid(rmd, tokenId)) {
+ OMElement bodyElem = msgCtx.getEnvelope().getBody();
+ OMElement child = bodyElem.getFirstElement();
+ OMElement newChild = TrustUtil.createCancelRequest(tokenId, rmd.getWstVersion());
+ Element newDomChild = XMLUtils.toDOM(newChild);
+ Node importedNode = rmd.getDocument().importNode((Element) newDomChild, true);
+ ((Element) bodyElem).replaceChild(importedNode, (Element) child);
+ } else {
+ throw new RampartException("tokenToBeCancelledInvalid");
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new RampartException("errorInTokenCancellation");
+ }
+ }
+
+ if(rpd.isTransportBinding()) {
+ log.debug("Building transport binding");
+ TransportBindingBuilder building = new TransportBindingBuilder();
+ building.build(rmd);
+ } else if(rpd.isSymmetricBinding()) {
+ log.debug("Building SymmetricBinding");
+ SymmetricBindingBuilder builder = new SymmetricBindingBuilder();
+ builder.build(rmd);
+ } else {
+ AsymmetricBindingBuilder builder = new AsymmetricBindingBuilder();
+ builder.build(rmd);
+ }
+
+ /*
+ * Checking whether MTOMSerializable is there. If so set optimizeElement.
+ * */
+ if(rpd.isMTOMSerialize()){
+ msgCtx.setProperty(Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ OptimizePartsConfig config= rpd.getOptimizePartsConfig();
+ if(config != null){
+ MessageOptimizer.optimize(msgCtx.getEnvelope(), config.getExpressions(), config.getNamespaces());
+ }
+ }
+
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
new file mode 100644
index 0000000..857dc9e
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/PolicyBasedResultsValidator.java
@@ -0,0 +1,641 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import java.math.BigInteger;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+
+public class PolicyBasedResultsValidator {
+
+ private static Log log = LogFactory.getLog(PolicyBasedResultsValidator.class);
+
+ public void validate(ValidatorData data, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //If there's Security policy present and no results
+ //then we should throw an error
+ if(rpd != null && results == null) {
+ throw new RampartException("noSecurityResults");
+ }
+
+ //Check presence of timestamp
+ WSSecurityEngineResult tsResult = null;
+ if(rpd.isIncludeTimestamp()) {
+ tsResult =
+ WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+ if(tsResult == null) {
+ throw new RampartException("timestampMissing");
+ }
+
+ }
+
+ //sig/encr
+ Vector encryptedParts = RampartUtil.getEncryptedParts(rmd);
+ if(rpd.isSignatureProtection() && isSignatureRequired(rmd)) {
+ encryptedParts.add(new WSEncryptionPart(WSConstants.SIG_LN,
+ WSConstants.SIG_NS, "Element"));
+ }
+
+ Vector signatureParts = RampartUtil.getSignedParts(rmd);
+
+ //Timestamp is not included in sig parts
+ if(rpd.isIncludeTimestamp() && !rpd.isTransportBinding()) {
+ signatureParts.add(new WSEncryptionPart("timestamp"));
+ }
+
+ if(!rmd.isInitiator()) {
+ //Just an indicator for EndorsingSupportingToken signature
+ SupportingToken endSupportingToken = rpd.getEndorsingSupportingTokens();
+ if(endSupportingToken != null) {
+ SignedEncryptedParts endSignedParts = endSupportingToken.getSignedParts();
+ if(endSignedParts != null &&
+ (endSignedParts.isBody() ||
+ endSignedParts.getHeaders().size() > 0)) {
+ signatureParts.add(
+ new WSEncryptionPart("EndorsingSupportingTokens"));
+ }
+ }
+ //Just an indicator for SignedEndorsingSupportingToken signature
+ SupportingToken sgndEndSupportingToken = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSupportingToken != null) {
+ SignedEncryptedParts sgndEndSignedParts = sgndEndSupportingToken.getSignedParts();
+ if(sgndEndSignedParts != null &&
+ (sgndEndSignedParts.isBody() ||
+ sgndEndSignedParts.getHeaders().size() > 0)) {
+ signatureParts.add(
+ new WSEncryptionPart("SignedEndorsingSupportingTokens"));
+ }
+ }
+ }
+
+ validateEncrSig(encryptedParts, signatureParts, results);
+
+ validateProtectionOrder(data, results);
+
+ validateEncryptedParts(data, encryptedParts, results);
+
+ validateSignedPartsHeaders(data, signatureParts, results);
+
+ //Supporting tokens
+ if(!rmd.isInitiator()) {
+ validateSupportingTokens(data, results);
+ }
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = (X509Certificate) actionResult
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, rmd)) {
+ throw new RampartException ("trustVerificationError");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header.
+ * In the following implementation the timestamp is valid if :
+ * Timestamp->Created < 'now' < Timestamp->Expires (Last test already handled by WSS4J)
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = (Timestamp) actionResult
+ .get(WSSecurityEngineResult.TAG_TIMESTAMP);
+
+ if (timestamp != null) {
+ if (!verifyTimestamp(timestamp, rmd)) {
+ throw new RampartException("cannotValidateTimestamp");
+ }
+ }
+ }
+ }
+
+ /**
+ * @param encryptedParts
+ * @param signatureParts
+ */
+ private void validateEncrSig(Vector encryptedParts, Vector signatureParts, Vector results)
+ throws RampartException {
+ ArrayList actions = getSigEncrActions(results);
+ boolean sig = false;
+ boolean encr = false;
+ for (Iterator iter = actions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN) {
+ sig = true;
+ } else if(act.intValue() == WSConstants.ENCR) {
+ encr = true;
+ }
+ }
+
+ if(sig && signatureParts.size() == 0) {
+
+ //Unexpected signature
+ throw new RampartException("unexprectedSignature");
+ } else if(!sig && signatureParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("signatureMissing");
+ }
+
+ if(encr && encryptedParts.size() == 0) {
+
+ //Check whether its just an encrypted key
+ ArrayList list = this.getResults(results, WSConstants.ENCR);
+ boolean encrDataFound = false;
+ for (Iterator iter = list.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult result = (WSSecurityEngineResult) iter.next();
+ if(result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS) != null) {
+ encrDataFound = true;
+ }
+ }
+ if(encrDataFound) {
+ //Unexpected encryption
+ throw new RampartException("unexprectedEncryptedPart");
+ }
+ } else if(!encr && encryptedParts.size() > 0) {
+
+ //required signature missing
+ throw new RampartException("encryptionMissing");
+ }
+ }
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateSupportingTokens(ValidatorData data, Vector results)
+ throws RampartException {
+
+ //Check for UsernameToken
+ RampartPolicyData rpd = data.getRampartMessageData().getPolicyData();
+ SupportingToken suppTok = rpd.getSupportingTokens();
+ handleSupportingTokens(results, suppTok);
+ SupportingToken signedSuppToken = rpd.getSignedSupportingTokens();
+ handleSupportingTokens(results, signedSuppToken);
+ SupportingToken signedEndSuppToken = rpd.getSignedEndorsingSupportingTokens();
+ handleSupportingTokens(results, signedEndSuppToken);
+ SupportingToken endSuppToken = rpd.getEndorsingSupportingTokens();
+ handleSupportingTokens(results, endSuppToken);
+ }
+
+ /**
+ * @param results
+ * @param suppTok
+ * @throws RampartException
+ */
+ private void handleSupportingTokens(Vector results, SupportingToken suppTok) throws RampartException {
+
+ if(suppTok == null) {
+ return;
+ }
+
+ ArrayList tokens = suppTok.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ //Check presence of a UsernameToken
+ WSSecurityEngineResult utResult = WSSecurityUtil.fetchActionResult(results, WSConstants.UT);
+ if(utResult == null) {
+ throw new RampartException("usernameTokenMissing");
+ }
+
+ }
+ }
+ }
+
+
+
+
+ /**
+ * @param data
+ * @param results
+ */
+ private void validateProtectionOrder(ValidatorData data, Vector results)
+ throws RampartException {
+
+ String protectionOrder = data.getRampartMessageData().getPolicyData().getProtectionOrder();
+ ArrayList sigEncrActions = this.getSigEncrActions(results);
+
+ if(sigEncrActions.size() < 2) {
+ //There are no results to COMPARE
+ return;
+ }
+ boolean done = false;
+ if(Constants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ boolean sigFound = false;
+ for (Iterator iter = sigEncrActions.iterator();
+ iter.hasNext() || !done;) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.ENCR && ! sigFound ) {
+ // We found ENCR and SIGN has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.SIGN) {
+ sigFound = true;
+ } else if(sigFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+
+ } else {
+ boolean encrFound = false;
+ for (Iterator iter = sigEncrActions.iterator(); iter.hasNext();) {
+ Integer act = (Integer) iter.next();
+ if(act.intValue() == WSConstants.SIGN && ! encrFound ) {
+ // We found SIGN and ENCR has not been found - break and fail
+ break;
+ }
+ if(act.intValue() == WSConstants.ENCR) {
+ encrFound = true;
+ } else if(encrFound) {
+ //We have an ENCR action after sig
+ done = true;
+ }
+ }
+ }
+
+ if(!done) {
+ throw new RampartException("protectionOrderMismatch");
+ }
+ }
+
+
+ private ArrayList getSigEncrActions(Vector results) {
+ ArrayList sigEncrActions = new ArrayList();
+ for (Iterator iter = results.iterator(); iter.hasNext();) {
+ Integer actInt = (Integer) ((WSSecurityEngineResult) iter.next())
+ .get(WSSecurityEngineResult.TAG_ACTION);
+ int action = actInt.intValue();
+ if(WSConstants.SIGN == action || WSConstants.ENCR == action) {
+ sigEncrActions.add(new Integer(action));
+ }
+
+ }
+ return sigEncrActions;
+ }
+
+ private void validateEncryptedParts(ValidatorData data, Vector encryptedParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ ArrayList encrRefs = getEncryptedReferences(results);
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Check for encrypted body
+ if(rpd.isEncryptBody()) {
+
+ if(!encrRefs.contains(data.getBodyEncrDataId())){
+ throw new RampartException("encryptedPartMissing",
+ new String[]{data.getBodyEncrDataId()});
+ }
+ }
+
+ int refCount = 0;
+
+ refCount += encryptedParts.size();
+
+ if(encrRefs.size() != refCount) {
+ throw new RampartException("invalidNumberOfEncryptedParts",
+ new String[]{Integer.toString(refCount)});
+ }
+
+ }
+
+ private void validateSignedPartsHeaders(ValidatorData data, Vector signatureParts, Vector results)
+ throws RampartException {
+
+ RampartMessageData rmd = data.getRampartMessageData();
+
+ Node envelope = rmd.getDocument().getFirstChild();
+
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ results, WSConstants.SIGN);
+
+ // Find elements that are signed
+ Vector actuallySigned = new Vector();
+ if( actionResult != null ) {
+ Set signedIDs = (Set)actionResult.get(WSSecurityEngineResult.TAG_SIGNED_ELEMENT_IDS);
+ for (Iterator i = signedIDs.iterator(); i.hasNext();) {
+ String e = (String) i.next();
+
+ Element element = WSSecurityUtil.findElementById(envelope, e, WSConstants.WSU_NS);
+ actuallySigned.add( element );
+ }
+ }
+
+ for(int i=0; i<signatureParts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) signatureParts.get( i );
+
+ Element headerElement = (Element) WSSecurityUtil.findElement(
+ envelope, wsep.getName(), wsep.getNamespace() );
+ if( headerElement == null ) {
+ // The signedpart header we are checking is not present in Soap header - this is allowed
+ continue;
+ }
+
+ // header element present - verify that it is part of signature
+ if( actuallySigned.contains( headerElement) ) {
+ continue;
+ }
+
+ // header defined in policy is present but not signed
+ throw new RampartException("signedPartHeaderNotSigned", new String[] { wsep.getName() });
+ }
+ }
+
+
+ private boolean isSignatureRequired(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ return (rpd.isSymmetricBinding() && rpd.getSignatureToken() != null) ||
+ (!rpd.isSymmetricBinding() && !rpd.isTransportBinding() &&
+ ((rpd.getInitiatorToken() != null && rmd.isInitiator())
+ || rpd.getRecipientToken() != null && !rmd.isInitiator()));
+ }
+
+
+ /*
+ * Verify that ts->Created is before 'now'
+ * - testing that timestamp has not expired ('now' is before ts->Expires) is handled earlier by WSS4J
+ */
+ private boolean verifyTimestamp(Timestamp timestamp, RampartMessageData rmd) throws RampartException {
+
+ Calendar cre = timestamp.getCreated();
+ if (cre != null) {
+ long now = Calendar.getInstance().getTimeInMillis();
+
+ // adjust 'now' with allowed timeskew
+ long maxSkew = RampartUtil.getTimestampMaxSkew( rmd );
+ if( maxSkew > 0 ) {
+ now += (maxSkew * 1000);
+ }
+
+ // fail if ts->Created is after 'now'
+ if( cre.getTimeInMillis() > now ) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Evaluate whether a given certificate should be trusted.
+ * Hook to allow subclasses to implement custom validation methods however they see fit.
+ * <p/>
+ * Policy used in this implementation:
+ * 1. Search the keystore for the transmitted certificate
+ * 2. Search the keystore for a connection to the transmitted certificate
+ * (that is, search for certificate(s) of the issuer of the transmitted certificate
+ * 3. Verify the trust path for those certificates found because the search for the issuer might be fooled by a phony DN (String!)
+ *
+ * @param cert the certificate that should be validated against the keystore
+ * @return true if the certificate is trusted, false if not (AxisFault is thrown for exceptions during CertPathValidation)
+ * @throws WSSecurityException
+ */
+ protected boolean verifyTrust(X509Certificate cert, RampartMessageData rmd) throws RampartException {
+
+ // If no certificate was transmitted, do not trust the signature
+ if (cert == null) {
+ return false;
+ }
+
+ String[] aliases = null;
+ String alias = null;
+ X509Certificate[] certs;
+
+ String subjectString = cert.getSubjectDN().getName();
+ String issuerString = cert.getIssuerDN().getName();
+ BigInteger issuerSerial = cert.getSerialNumber();
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSHandler: Transmitted certificate has subject " +
+ subjectString);
+ log.debug("WSHandler: Transmitted certificate has issuer " +
+ issuerString + " (serial " + issuerSerial + ")");
+ }
+
+ // FIRST step
+ // Search the keystore for the transmitted certificate
+
+ // Search the keystore for the alias of the transmitted certificate
+ try {
+ alias = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasForX509Cert(
+ issuerString, issuerSerial);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{subjectString}, ex);
+ }
+
+ if (alias != null) {
+ // Retrieve the certificate for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If certificates have been found, the certificates must be compared
+ // to ensure againgst phony DNs (compare encoded form including signature)
+ if (certs != null && certs.length > 0 && cert.equals(certs[0])) {
+ if (doDebug) {
+ log.debug("Direct trust for certificate with " + subjectString);
+ }
+ return true;
+ }
+ } else {
+ if (doDebug) {
+ log.debug("No alias found for subject from issuer with " + issuerString + " (serial " + issuerSerial + ")");
+ }
+ }
+
+ // SECOND step
+ // Search for the issuer of the transmitted certificate in the keystore
+
+ // Search the keystore for the alias of the transmitted certificates issuer
+ try {
+ aliases = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getAliasesForDN(issuerString);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("cannotFindAliasForCert", new String[]{issuerString}, ex);
+ }
+
+ // If the alias has not been found, the issuer is not in the keystore
+ // As a direct result, do not trust the transmitted certificate
+ if (aliases == null || aliases.length < 1) {
+ if (doDebug) {
+ log.debug("No aliases found in keystore for issuer " + issuerString + " of certificate for " + subjectString);
+ }
+ return false;
+ }
+
+ // THIRD step
+ // Check the certificate trust path for every alias of the issuer found in the keystore
+ for (int i = 0; i < aliases.length; i++) {
+ alias = aliases[i];
+
+ if (doDebug) {
+ log.debug("Preparing to validate certificate path with alias " + alias + " for issuer " + issuerString);
+ }
+
+ // Retrieve the certificate(s) for the alias from the keystore
+ try {
+ certs = RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).getCertificates(alias);
+ } catch (WSSecurityException ex) {
+ throw new RampartException("noCertForAlias", new String[] {alias}, ex);
+ }
+
+ // If no certificates have been found, there has to be an error:
+ // The keystore can find an alias but no certificate(s)
+ if (certs == null | certs.length < 1) {
+ throw new RampartException("noCertForAlias", new String[] {alias});
+ }
+
+ // Form a certificate chain from the transmitted certificate
+ // and the certificate(s) of the issuer from the keystore
+ // First, create new array
+ X509Certificate[] x509certs = new X509Certificate[certs.length + 1];
+ // Then add the first certificate ...
+ x509certs[0] = cert;
+ // ... and the other certificates
+ for (int j = 0; j < certs.length; j++) {
+ cert = certs[i];
+ x509certs[certs.length + j] = cert;
+ }
+ certs = x509certs;
+
+ // Use the validation method from the crypto to check whether the subjects certificate was really signed by the issuer stated in the certificate
+ try {
+ if (RampartUtil.getSignatureCrypto(
+ rmd.getPolicyData().getRampartConfig(),
+ rmd.getCustomClassLoader()).validateCertPath(certs)) {
+ if (doDebug) {
+ log.debug("WSHandler: Certificate path has been verified for certificate with subject " + subjectString);
+ }
+ return true;
+ }
+ } catch (WSSecurityException ex) {
+ throw new RampartException("certPathVerificationFailed", new String[]{subjectString}, ex);
+ }
+ }
+
+ log.debug("WSHandler: Certificate path could not be verified for certificate with subject " + subjectString);
+ return false;
+ }
+
+
+ private ArrayList getEncryptedReferences(Vector results) {
+
+ //there can be multiple ref lists
+ ArrayList encrResults = getResults(results, WSConstants.ENCR);
+
+ ArrayList refs = new ArrayList();
+
+ for (Iterator iter = encrResults.iterator(); iter.hasNext();) {
+ WSSecurityEngineResult engineResult = (WSSecurityEngineResult) iter.next();
+ ArrayList dataRefUris = (ArrayList) engineResult
+ .get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+
+ //take only the ref list processing results
+ if(dataRefUris != null) {
+ for (Iterator iterator = dataRefUris.iterator(); iterator
+ .hasNext();) {
+ String uri = (String) iterator.next();
+ refs.add(uri);
+ }
+ }
+ }
+
+ return refs;
+ }
+
+
+
+ private ArrayList getResults(Vector results, int action) {
+
+ ArrayList list = new ArrayList();
+
+ for (int i = 0; i < results.size(); i++) {
+ // Check the result of every action whether it matches the given
+ // action
+ Integer actInt = (Integer)((WSSecurityEngineResult) results.get(i)).get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == action) {
+ list.add((WSSecurityEngineResult) results.get(i));
+ }
+ }
+
+ return list;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
new file mode 100644
index 0000000..4e477a1
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/Rampart.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisDescription;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.modules.Module;
+import org.apache.axis2.wsdl.codegen.extension.ModulePolicyExtension;
+import org.apache.axis2.wsdl.codegen.extension.PolicyExtension;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+
+public class Rampart implements Module, ModulePolicyExtension {
+
+ public void init(ConfigurationContext configContext, AxisModule module)
+ throws AxisFault {
+ }
+
+ public void engageNotify(AxisDescription axisDescription) throws AxisFault {
+ //Nothing to do here, since RampartMessageData will pick up the
+ //effective policy from the message context
+ }
+
+ public void shutdown(ConfigurationContext configurationContext) throws AxisFault {
+ // at the moment, nothing needs to be done ..
+ }
+
+ public PolicyExtension getPolicyExtension() {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void applyPolicy(Policy policy, AxisDescription axisDescription) throws AxisFault {
+ //Do not do anything
+ }
+
+ public boolean canSupportAssertion(Assertion assertion) {
+ return true;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
new file mode 100644
index 0000000..0c26382
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartConstants.java
@@ -0,0 +1,8 @@
+package org.apache.rampart;
+
+public class RampartConstants {
+
+ public static final String TIME_LOG = "org.apache.rampart.TIME";
+ public static final String MESSAGE_LOG = "org.apache.rampart.MESSAGE";
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
new file mode 100644
index 0000000..b79b59a
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngine;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.saml.SAMLKeyInfo;
+import org.apache.ws.security.saml.SAMLUtil;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.opensaml.SAMLAssertion;
+
+import javax.xml.namespace.QName;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class RampartEngine {
+
+ private static Log log = LogFactory.getLog(RampartEngine.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+
+ public Vector process(MessageContext msgCtx) throws WSSPolicyException,
+ RampartException, WSSecurityException, AxisFault {
+
+ boolean doDebug = log.isDebugEnabled();
+ boolean dotDebug = tlog.isDebugEnabled();
+
+ if(doDebug){
+ log.debug("Enter process(MessageContext msgCtx)");
+ }
+
+ RampartMessageData rmd = new RampartMessageData(msgCtx, false);
+
+ //If there is no policy information or if the message is a fault
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd == null ||
+ WSSecurityUtil.findElement(rmd.getDocument().getDocumentElement(),
+ "Fault",
+ rmd.getSoapConstants().getEnvelopeURI()) != null) {
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ //Convert back to llom since the inflow cannot use llom
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+ if(doDebug){
+ log.debug("Return process MessageContext msgCtx)");
+ }
+ return null;
+ }
+
+
+ Vector results = null;
+
+ WSSecurityEngine engine = new WSSecurityEngine();
+
+ ValidatorData data = new ValidatorData(rmd);
+
+ ArrayList headerBlocks = rmd.getMsgContext().getEnvelope()
+ .getHeader().getHeaderBlocksWithNSURI(WSConstants.WSSE_NS);
+ SOAPHeaderBlock secHeader = null;
+ //Issue is axiom - a returned collection must not be null
+ if(headerBlocks != null) {
+ Iterator headerBlocksIterator = headerBlocks.iterator();
+ while (headerBlocksIterator.hasNext()) {
+ SOAPHeaderBlock elem = (SOAPHeaderBlock) headerBlocksIterator.next();
+ if(elem.getLocalName().equals(WSConstants.WSSE_LN)) {
+ secHeader = elem;
+ break;
+ }
+ }
+ }
+
+ if(secHeader == null) {
+ throw new RampartException("missingSecurityHeader");
+ }
+
+ long t0=0, t1=0, t2=0, t3=0;
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+
+ String actorValue = secHeader.getAttributeValue(new QName(rmd
+ .getSoapConstants().getEnvelopeURI(), "actor"));
+
+ Crypto signatureCrypto = RampartUtil.getSignatureCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader());
+ TokenCallbackHandler tokenCallbackHandler = new TokenCallbackHandler(rmd.getTokenStorage(), RampartUtil.getPasswordCB(rmd));
+ if(rpd.isSymmetricBinding()) {
+ //Here we have to create the CB handler to get the tokens from the
+ //token storage
+ if(doDebug){
+ log.debug("Processing security header using SymetricBinding");
+ }
+
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ actorValue,
+ tokenCallbackHandler,
+ signatureCrypto);
+ } else {
+ if(doDebug){
+ log.debug("Processing security header in normal path");
+ }
+ results = engine.processSecurityHeader(rmd.getDocument(),
+ actorValue,
+ tokenCallbackHandler,
+ signatureCrypto,
+ RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(),
+ msgCtx.getAxisService().getClassLoader()));
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ //Store symm tokens
+ //Pick the first SAML token
+ //TODO : This is a hack , MUST FIX
+ //get the sec context id from the req msg ctx
+
+ for (int j = 0; j < results.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) results.get(j);
+ final Integer actInt =
+ (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
+ final SAMLAssertion assertion =
+ ((SAMLAssertion) wser
+ .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+ String id = assertion.getId();
+ Date created = assertion.getNotBefore();
+ Date expires = assertion.getNotOnOrAfter();
+ SAMLKeyInfo samlKi = SAMLUtil.getSAMLKeyInfo(assertion,
+ signatureCrypto, tokenCallbackHandler);
+ try {
+ TokenStorage store = rmd.getTokenStorage();
+ if(store.getToken(id) == null) {
+ Token token = new Token(id, (OMElement)assertion.toDOM(), created, expires);
+ token.setSecret(samlKi.getSecret());
+ store.add(token);
+ }
+ } catch (Exception e) {
+ throw new RampartException(
+ "errorInAddingTokenIntoStore", e);
+ }
+
+ }
+
+ }
+
+ SOAPEnvelope env = Axis2Util.getSOAPEnvelopeFromDOMDocument(rmd.getDocument(), true);
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ }
+
+ //Convert back to llom since the inflow cannot use DOOM
+ msgCtx.setEnvelope(env);
+ Axis2Util.useDOOM(false);
+
+ PolicyBasedResultsValidator validator = new PolicyBasedResultsValidator();
+ validator.validate(data, results);
+
+ if(dotDebug){
+ t3 = System.currentTimeMillis();
+ tlog.debug("processHeader by WSSecurityEngine took : " + (t1 - t0) +
+ ", DOOM conversion took :" + (t2 - t1) +
+ ", PolicyBasedResultsValidattor took " + (t3 - t2));
+ }
+
+ if(doDebug){
+ log.debug("Return process(MessageContext msgCtx)");
+ }
+ return results;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
new file mode 100644
index 0000000..f76de9c
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartException.java
@@ -0,0 +1,101 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class RampartException extends Exception {
+
+ private static final long serialVersionUID = 8674795537585339704L;
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rampart.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public RampartException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ //TODO check for spec specific error codes
+ return code;
+ }
+
+ public RampartException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public RampartException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public RampartException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ return msg;
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
new file mode 100644
index 0000000..88e296b
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/RampartMessageData.java
@@ -0,0 +1,650 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.SimpleTokenStore;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.policy.RampartPolicyBuilder;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecHeader;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.Loader;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.opensaml.SAMLAssertion;
+import org.w3c.dom.Document;
+
+import java.util.List;
+import java.util.Vector;
+
+public class RampartMessageData {
+
+ /**
+ * Axis2 parameter name to be used in the client's axis2 xml
+ */
+ public final static String KEY_RAMPART_POLICY = "rampartPolicy";
+
+ /**
+ * Key to hold the custom issued token identifier
+ */
+ public final static String KEY_CUSTOM_ISSUED_TOKEN = "customIssuedToken";
+
+ /**
+ * Key to hold the WS-Trust version
+ */
+ public final static String KEY_WST_VERSION = "wstVersion";
+
+ private final String PARAM_CLIENT_SIDE = "CLIENT_SIDE";
+
+ /**
+ * Key to hold the WS-SecConv version
+ */
+ public final static String KEY_WSSC_VERSION = "wscVersion";
+
+ public static final String KEY_SCT_ISSUER_POLICY = "sct-issuer-policy";
+
+ public final static String CANCEL_REQUEST = "cancelrequest";
+
+ public final static String SCT_ID = "sctID";
+
+ private MessageContext msgContext = null;
+
+ private RampartPolicyData policyData = null;
+
+ private WSSecHeader secHeader = null;
+
+ private WSSConfig config = null;
+
+ private int timeToLive = 300;
+
+ private int timestampMaxSkew = 0;
+
+ private String timestampId;
+
+ private Document document;
+
+ private TokenStorage tokenStorage;
+
+ /**
+ * WS-Trust version to use.
+ *
+ * Possible values:
+ * RahasConstants.VERSION_05_02
+ * RahasConstants.VERSION_05_12
+ */
+
+ private int wstVersion = RahasConstants.VERSION_05_02;
+
+ private int secConvVersion = ConversationConstants.DEFAULT_VERSION;
+
+ /*
+ * IssuedTokens or SecurityContextTokens can be used
+ * as the encryption token, signature token
+ */
+ private String issuedEncryptionTokenId;
+
+ private String issuedSignatureTokenId;
+
+ /**
+ * The service policy extracted from the message context.
+ * If policy is specified in the RampartConfig <b>this</b> will take precedence
+ */
+ private Policy servicePolicy;
+
+ private boolean isInitiator;
+
+ private boolean sender;
+
+ private ClassLoader customClassLoader;
+
+ private SOAPConstants soapConstants;
+
+ public RampartMessageData(MessageContext msgCtx, boolean sender) throws RampartException {
+
+ this.msgContext = msgCtx;
+
+ try {
+
+ /*
+ * First get the SOAP envelope as document, then create a security
+ * header and insert into the document (Envelope)
+ */
+ this.document = Axis2Util.getDocumentFromSOAPEnvelope(msgCtx.getEnvelope(), true);
+ msgCtx.setEnvelope((SOAPEnvelope)this.document.getDocumentElement());
+
+ this.soapConstants = WSSecurityUtil.getSOAPConstants(this.document.getDocumentElement());
+
+ //Extract known properties from the msgCtx
+
+ if(msgCtx.getProperty(KEY_WST_VERSION) != null) {
+ this.wstVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WST_VERSION));
+ }
+
+ if(msgCtx.getProperty(KEY_WSSC_VERSION) != null) {
+ this.secConvVersion = TrustUtil.getWSTVersion((String)msgCtx.getProperty(KEY_WSSC_VERSION));
+ }
+
+ Parameter clientSideParam = msgCtx.getAxisService().getParameter(PARAM_CLIENT_SIDE);
+ if(clientSideParam != null) {
+ this.isInitiator = true;
+ } else {
+ this.isInitiator = !msgCtx.isServerSide();
+ if(this.isInitiator) {
+ clientSideParam = new Parameter();
+ clientSideParam.setName(PARAM_CLIENT_SIDE);
+ clientSideParam.setLocked(true);
+ msgCtx.getAxisService().addParameter(clientSideParam);
+ }
+ }
+
+ if(msgCtx.getProperty(KEY_RAMPART_POLICY) != null) {
+ this.servicePolicy = (Policy)msgCtx.getProperty(KEY_RAMPART_POLICY);
+ }
+
+ /*
+ * Init policy:
+ * When creating the RampartMessageData instance we
+ * extract the service policy is set in the msgCtx.
+ * If it is missing then try to obtain from the configuration files.
+ */
+
+ if(this.servicePolicy == null) {
+ this.servicePolicy = msgCtx.getEffectivePolicy();
+ }
+
+ if(this.servicePolicy == null) {
+ Parameter param = msgCtx.getParameter(RampartMessageData.KEY_RAMPART_POLICY);
+ if(param != null) {
+ OMElement policyElem = param.getParameterElement().getFirstElement();
+ this.servicePolicy = PolicyEngine.getPolicy(policyElem);
+ }
+ }
+
+
+ if(this.servicePolicy != null){
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+
+
+ if(this.policyData != null) {
+
+ //Check for RST and RSTR for an SCT
+ if((WSSHandlerConstants.RST_ACTON_SCT.equals(msgContext.getWSAAction())
+ || WSSHandlerConstants.RSTR_ACTON_SCT.equals(msgContext.getWSAAction())) &&
+ this.policyData.getIssuerPolicy() != null) {
+
+ this.servicePolicy = this.policyData.getIssuerPolicy();
+
+ RampartConfig rampartConfig = policyData.getRampartConfig();
+ if(rampartConfig != null) {
+ /*
+ * Copy crypto info into the new issuer policy
+ */
+ RampartConfig rc = new RampartConfig();
+ rc.setEncrCryptoConfig(rampartConfig.getEncrCryptoConfig());
+ rc.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
+ rc.setDecCryptoConfig(rampartConfig.getDecCryptoConfig());
+ rc.setUser(rampartConfig.getUser());
+ rc.setEncryptionUser(rampartConfig.getEncryptionUser());
+ rc.setPwCbClass(rampartConfig.getPwCbClass());
+ rc.setSSLConfig(rampartConfig.getSSLConfig());
+
+ this.servicePolicy.addAssertion(rc);
+ }
+
+ List it = (List)this.servicePolicy.getAlternatives().next();
+
+ //Process policy and build policy data
+ this.policyData = RampartPolicyBuilder.build(it);
+ }
+ }
+
+
+ this.sender = sender;
+
+ OperationContext opCtx = this.msgContext.getOperationContext();
+
+ if(!this.isInitiator && this.sender) {
+ //Get hold of the incoming msg ctx
+ MessageContext inMsgCtx;
+ if (opCtx != null
+ && (inMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null
+ && msgContext.getProperty(WSHandlerConstants.RECV_RESULTS) == null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, inMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ if(this.isInitiator && !this.sender) {
+ MessageContext outMsgCtx;
+ if (opCtx != null
+ && (outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE)) != null) {
+
+ //If someone set the sct_id externally use it at the receiver
+ msgContext.setProperty(SCT_ID, outMsgCtx.getProperty(SCT_ID));
+ }
+ }
+
+ this.config = WSSConfig.getDefaultWSConfig();
+
+ this.customClassLoader = msgCtx.getAxisService().getClassLoader();
+
+ if(this.sender && this.policyData != null) {
+ this.secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(this.document);
+ }
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (AxisFault e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSPolicyException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInExtractingMsgProps", e);
+ }
+
+ }
+
+ /**
+ * @return Returns the document.
+ */
+ public Document getDocument() {
+ return document;
+ }
+
+ /**
+ * @param document The document to set.
+ * @deprecated document is derived from MessageContext passed in constructor
+ */
+ public void setDocument(Document document) {
+ this.document = document;
+ }
+
+ /**
+ * @return Returns the timeToLive.
+ */
+ public int getTimeToLive() {
+ return timeToLive;
+ }
+
+ /**
+ * @param timeToLive The timeToLive to set.
+ */
+ public void setTimeToLive(int timeToLive) {
+ this.timeToLive = timeToLive;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public int getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(int timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ /**
+ * @return Returns the config.
+ */
+ public WSSConfig getConfig() {
+ return config;
+ }
+
+ /**
+ * @param config
+ * The config to set.
+ */
+ public void setConfig(WSSConfig config) {
+ this.config = config;
+ }
+
+ /**
+ * @return Returns the msgContext.
+ */
+ public MessageContext getMsgContext() {
+ return msgContext;
+ }
+
+ /**
+ * @param msgContext The msgContext to set.
+ * @deprecated MessageContext is set in constructor
+ */
+ public void setMsgContext(MessageContext msgContext) {
+ this.msgContext = msgContext;
+ }
+
+ /**
+ * @return Returns the policyData.
+ */
+ public RampartPolicyData getPolicyData() {
+ return policyData;
+ }
+
+ /**
+ * @param policyData The policyData to set.
+ * @deprecated Policy data determined within constructor
+ */
+ public void setPolicyData(RampartPolicyData policyData) throws RampartException {
+ this.policyData = policyData;
+
+ try {
+ //if client side then check whether sig conf enabled
+ //and get hold of the stored signature values
+ if(this.isInitiator && !this.sender && policyData.isSignatureConfirmation()) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ }
+ } catch (AxisFault e) {
+ throw new RampartException("errorGettingSignatureValuesForSigconf", e);
+ }
+ }
+
+ /**
+ * @return Returns the secHeader.
+ */
+ public WSSecHeader getSecHeader() {
+ return secHeader;
+ }
+
+ /**
+ * @param secHeader
+ * The secHeader to set.
+ */
+ public void setSecHeader(WSSecHeader secHeader) {
+ this.secHeader = secHeader;
+ }
+
+ /**
+ * @return Returns the issuedEncryptionTokenId.
+ */
+ public String getIssuedEncryptionTokenId() {
+ return issuedEncryptionTokenId;
+ }
+
+ /**
+ * @param issuedEncryptionTokenId The issuedEncryptionTokenId to set.
+ */
+ public void setIssuedEncryptionTokenId(String issuedEncryptionTokenId) {
+ this.issuedEncryptionTokenId = issuedEncryptionTokenId;
+ }
+
+ /**
+ * @return Returns the issuedSignatureTokenId.
+ */
+ public String getIssuedSignatureTokenId() {
+ if(this.isInitiator) {
+ return issuedSignatureTokenId;
+ } else {
+ //Pick the first SAML token
+ //TODO : This is a hack , MUST FIX
+ //get the sec context id from the req msg ctx
+ Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ final Integer actInt =
+ (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if(WSConstants.ST_UNSIGNED == actInt.intValue()) {
+ final SAMLAssertion assertion =
+ ((SAMLAssertion) wser
+ .get(WSSecurityEngineResult.TAG_SAML_ASSERTION));
+ return assertion.getId();
+ }
+
+ }
+ }
+ return null;
+ }
+ }
+
+ /**
+ * @param issuedSignatureTokenId The issuedSignatureTokenId to set.
+ */
+ public void setIssuedSignatureTokenId(String issuedSignatureTokenId) {
+ this.issuedSignatureTokenId = issuedSignatureTokenId;
+ }
+
+ /**
+ * @return Returns the secConvTokenId.
+ */
+ public String getSecConvTokenId() {
+ String id = null;
+
+ if(this.isInitiator) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ id = (String) RampartUtil.getContextMap(this.msgContext).get(contextIdentifierKey);
+ } else {
+ //get the sec context id from the req msg ctx
+ Vector results = (Vector)this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS);
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ final Integer actInt =
+ (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if(WSConstants.SCT == actInt.intValue()) {
+ final SecurityContextToken sct =
+ ((SecurityContextToken) wser
+ .get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN));
+ id = sct.getID();
+ }
+
+ }
+ }
+ }
+
+ if(id == null || id.length() == 0) {
+ //If we can't find the sec conv token id up to this point then
+ //check if someone has specified which one to use
+ id = (String)this.msgContext.getProperty(SCT_ID);
+ }
+
+ return id;
+ }
+
+ /**
+ * @param secConvTokenId The secConvTokenId to set.
+ */
+ public void setSecConvTokenId(String secConvTokenId) {
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(this.msgContext);
+ RampartUtil.getContextMap(this.msgContext).put(
+ contextIdentifierKey,
+ secConvTokenId);
+ }
+
+
+
+ /**
+ * @return Returns the tokenStorage.
+ */
+ public TokenStorage getTokenStorage() throws RampartException {
+
+ if(this.tokenStorage != null) {
+ return this.tokenStorage;
+ }
+
+ TokenStorage storage = (TokenStorage) this.msgContext.getProperty(
+ TokenStorage.TOKEN_STORAGE_KEY);
+
+ if (storage != null) {
+ this.tokenStorage = storage;
+ } else {
+
+ if (this.policyData.getRampartConfig() != null &&
+ this.policyData.getRampartConfig().getTokenStoreClass() != null) {
+ Class stClass = null;
+ String storageClass = this.policyData.getRampartConfig()
+ .getTokenStoreClass();
+ try {
+ stClass = Loader.loadClass(msgContext.getAxisService()
+ .getClassLoader(), storageClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException(
+ "WSHandler: cannot load token storage class: "
+ + storageClass, e);
+ }
+ try {
+ this.tokenStorage = (TokenStorage) stClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException(
+ "Cannot create instance of token storage: "
+ + storageClass, e);
+ }
+ } else {
+ this.tokenStorage = new SimpleTokenStore();
+
+ }
+
+ //Set the storage instance
+ this.msgContext.getConfigurationContext().setProperty(
+ TokenStorage.TOKEN_STORAGE_KEY, this.tokenStorage);
+ }
+
+
+ return tokenStorage;
+ }
+
+ /**
+ * @param tokenStorage The tokenStorage to set.
+ */
+ public void setTokenStorage(TokenStorage tokenStorage) {
+ this.tokenStorage = tokenStorage;
+ }
+
+ /**
+ * @return Returns the wstVersion.
+ */
+ public int getWstVersion() {
+ return wstVersion;
+ }
+
+ /**
+ * @param wstVersion The wstVersion to set.
+ * @deprecated This is defined by the class.
+ */
+ public void setWstVersion(int wstVersion) {
+ this.wstVersion = wstVersion;
+ }
+
+ /**
+ * @return Returns the secConvVersion.
+ */
+ public int getSecConvVersion() {
+ return secConvVersion;
+ }
+
+ /**
+ * @return Returns the servicePolicy.
+ */
+ public Policy getServicePolicy() {
+ return servicePolicy;
+ }
+
+ /**
+ * @param servicePolicy The servicePolicy to set.
+ * @deprecated servicePolicy determined in constructor
+ */
+ public void setServicePolicy(Policy servicePolicy) {
+ this.servicePolicy = servicePolicy;
+ }
+
+ /**
+ * @return Returns the timestampId.
+ */
+ public String getTimestampId() {
+ return timestampId;
+ }
+
+ /**
+ * @param timestampId The timestampId to set.
+ */
+ public void setTimestampId(String timestampId) {
+ this.timestampId = timestampId;
+ }
+
+ /**
+ * @return Returns the Initiator value
+ */
+ public boolean isInitiator() {
+ return isInitiator;
+ }
+
+ /**
+ * Returns the custom class loader if we are using one
+ * @return Returns the custom class loader if we are using one
+ */
+ public ClassLoader getCustomClassLoader() {
+ return customClassLoader;
+ }
+
+ /**
+ * Returns an <code>org.apache.ws.security.SOAPConstants</code> instance
+ * with soap version information of this request.
+ * @return Returns soap version information of this request
+ */
+ public SOAPConstants getSoapConstants() {
+ return soapConstants;
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
new file mode 100644
index 0000000..90a3494
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/TokenCallbackHandler.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenStorage;
+import org.apache.ws.security.WSPasswordCallback;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TokenCallbackHandler implements CallbackHandler {
+
+ private TokenStorage store;
+ private CallbackHandler handler;
+
+ public TokenCallbackHandler(TokenStorage store, CallbackHandler handler) {
+ this.store = store;
+ this.handler = handler;
+ }
+
+ public void handle(Callback[] callbacks)
+ throws IOException, UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+ if((pc.getUsage() == WSPasswordCallback.SECURITY_CONTEXT_TOKEN ||
+ pc.getUsage() == WSPasswordCallback.CUSTOM_TOKEN) &&
+ this.store != null) {
+ String id = pc.getIdentifer();
+ Token tok;
+ try {
+ //Pick up the token from the token store
+ tok = this.store.getToken(id);
+ if(tok != null) {
+ //Get the secret and set it in the callback object
+ pc.setKey(tok.getSecret());
+ pc.setCustomToken((Element)tok.getToken());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ throw new IOException(e.getMessage());
+ }
+ } else {
+ //Handle other types of callbacks with the usual handler
+ if(this.handler != null) {
+ handler.handle(new Callback[]{pc});
+ }
+ }
+
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i],
+ "Unrecognized Callback");
+ }
+ }
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java b/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
new file mode 100644
index 0000000..cd26763
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/ValidatorData.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.ws.security.WSConstants;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import java.util.ArrayList;
+
+public class ValidatorData {
+
+ private RampartMessageData rmd;
+ ArrayList encryptedDataRefIds = new ArrayList();
+ private String bodyEncrDataId;
+
+ public ValidatorData(RampartMessageData rmd) {
+ this.rmd = rmd;
+ this.extractEncryptedPartInformation();
+ }
+
+ private void extractEncryptedPartInformation() {
+ Element start = rmd.getDocument().getDocumentElement();
+ if(start != null) {
+ extractEncryptedPartInformation(start);
+ }
+
+ }
+
+ private void extractEncryptedPartInformation(Element parent) {
+
+ NodeList childNodes = parent.getChildNodes();
+ Node node;
+ for (int i = 0; i < childNodes.getLength(); i++) {
+ node = childNodes.item(i);
+ if (node instanceof Element) {
+ Element elem = (Element) node;
+ if (elem.getNamespaceURI() != null
+ && elem.getNamespaceURI().equals(WSConstants.ENC_NS)
+ && elem.getLocalName().equals(
+ EncryptionConstants._TAG_ENCRYPTEDDATA)) {
+ if (parent != null
+ && parent.getLocalName().equals(
+ SOAP11Constants.BODY_LOCAL_NAME)
+ && parent.getNamespaceURI().equals(
+ rmd.getSoapConstants().getEnvelopeURI())) {
+ this.bodyEncrDataId = elem.getAttribute("Id");
+ } else {
+ encryptedDataRefIds.add(elem.getAttribute("Id"));
+ }
+ break;
+ } else {
+ extractEncryptedPartInformation(elem);
+ }
+ }
+ }
+ }
+
+ public ArrayList getEncryptedDataRefIds() {
+ return encryptedDataRefIds;
+ }
+
+ public RampartMessageData getRampartMessageData() {
+ return rmd;
+ }
+
+ public String getBodyEncrDataId() {
+ return bodyEncrDataId;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..162b5de
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/AsymmetricBindingBuilder.java
@@ -0,0 +1,702 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class AsymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(AsymmetricBindingBuilder.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private boolean dotDebug = false;
+
+ private Token sigToken;
+
+ private WSSecSignature sig;
+
+ private WSSecEncryptedKey encrKey;
+
+ private String encryptedKeyId;
+
+ private byte[] encryptedKeyValue;
+
+ private Vector signatureValues = new Vector();
+
+ private Element encrTokenElement;
+
+ private Element sigDKTElement;
+
+ private Element encrDKTElement;
+
+ private Vector sigParts = new Vector();
+
+ private Element signatureElement;
+
+ public AsymmetricBindingBuilder(){
+ dotDebug = tlog.isDebugEnabled();
+ }
+
+ public void build(RampartMessageData rmd) throws RampartException {
+ log.debug("AsymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if (rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+ log.debug("AsymmetricBindingBuilder build invoked : DONE");
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd)
+ throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+ RampartConfig config = rpd.getRampartConfig();
+
+ /*
+ * We need to hold on to these two element to use them as refence in the
+ * case of encypting the signature
+ */
+ Element encrDKTokenElem = null;
+ WSSecEncrypt encr = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+
+ /*
+ * We MUST use keys derived from the same token
+ */
+ Token encryptionToken = null;
+ if(rmd.isInitiator()) {
+ encryptionToken = rpd.getRecipientToken();
+ } else {
+ encryptionToken = rpd.getInitiatorToken();
+ }
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if (encryptionToken != null && encrParts.size() > 0) {
+
+ //Check for RampartConfig assertion
+ if(rpd.getRampartConfig() == null) {
+ //We'er missing the extra info rampart needs
+ throw new RampartException("rampartConigMissing");
+ }
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+ this.setupEncryptedKey(rmd, encryptionToken);
+ // Create the DK encryption builder
+ dkEncr = new WSSecDKEncrypt();
+ dkEncr.setParts(encrParts);
+ dkEncr.setExternalKey(this.encryptedKeyValue,
+ this.encryptedKeyId);
+ dkEncr.prepare(doc);
+
+ // Get and add the DKT element
+ this.encrDKTElement = dkEncr.getdktElement();
+ encrDKTokenElem = RampartUtil.appendChildToSecHeader(rmd, this.encrDKTElement);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr", e);
+ }
+ } else {
+ try {
+ encr = new WSSecEncrypt();
+ encr.setParts(encrParts);
+ encr.setWsConfig(rmd.getConfig());
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ if(encryptionToken.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ Wss10 wss = rpd.getWss11();
+ if(wss == null) {
+ wss = rpd.getWss10();
+ }
+ if(wss.isMustSupportRefKeyIdentifier()) {
+ encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(wss.isMustSupportRefIssuerSerial()) {
+ encr.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ } else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
+ encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ encr.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(config, rmd.getCustomClassLoader()));
+
+ Element bstElem = encr.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ this.encrTokenElement = encr.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ this.sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if (rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd
+ .getSignedSupportingTokens();
+
+ sigSuppTokMap = this
+ .handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd
+ .getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
+ (!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
+ this.doSignature(rmd);
+ }
+
+ if (rmd.isInitiator()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Encryption took :" + (t1 - t0)
+ +", Signature tool :" + (t2 - t1) );
+ }
+
+ // Check for signature protection
+ if (rpd.isSignatureProtection() && this.mainSigId != null) {
+ long t3 = 0, t4 = 0;
+ if(dotDebug){
+ t3 = System.currentTimeMillis();
+ }
+ Vector secondEncrParts = new Vector();
+
+ // Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId,
+ "Element"));
+
+ Element secondRefList = null;
+
+ if (encryptionToken.isDerivedKeys()) {
+ try {
+
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(rmd, encrDKTokenElem,
+ secondRefList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey",
+ e);
+ }
+ } else {
+ try {
+ // Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+
+ // Insert the ref list after the encrypted key elem
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd, encrTokenElement,
+ secondRefList));
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ if(dotDebug){
+ t4 = System.currentTimeMillis();
+ tlog.debug("Signature protection took :" + (t4 - t3));
+ }
+ }
+ }
+
+
+
+ }
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd)
+ throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ sigParts = RampartUtil.getSignedParts(rmd);
+
+ //Add timestamp
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+
+ if (rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd
+ .getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd,
+ sgndEndSuppTokens);
+
+ // Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ if((rmd.isInitiator() && rpd.getInitiatorToken() != null) ||
+ (!rmd.isInitiator() && rpd.getRecipientToken() != null)) {
+ // Do signature
+ this.doSignature(rmd);
+ }
+
+ //Do endorsed signature
+
+ if (rmd.isInitiator()) {
+ // Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd,
+ endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ // Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd,
+ sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ encrParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement((OMElement)this.signatureElement), "Element"));
+ }
+
+ //Do encryption
+ Token encrToken = rpd.getRecipientToken();
+ if(encrToken != null && encrParts.size() > 0) {
+ Element refList = null;
+ if(encrToken.isDerivedKeys()) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(this.encrKey == null) {
+ this.setupEncryptedKey(rmd, encrToken);
+ }
+
+ dkEncr.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+ dkEncr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ dkEncr.prepare(doc);
+
+
+ if(this.encrTokenElement != null) {
+ this.encrDKTElement = RampartUtil.insertSiblingAfter(
+ rmd, this.encrTokenElement, dkEncr.getdktElement());
+ } else {
+ this.encrDKTElement = RampartUtil.insertSiblingBefore(
+ rmd, this.sigDKTElement, dkEncr.getdktElement());
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ this.encrDKTElement,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+
+ if(encrToken.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ Wss10 wss = rpd.getWss11();
+ if(wss == null) {
+ wss = rpd.getWss10();
+ }
+ if(wss.isMustSupportRefKeyIdentifier()) {
+ encr.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(wss.isMustSupportRefIssuerSerial()) {
+ encr.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ } else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
+ encr.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ encr.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setDocument(doc);
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setSymmetricEncAlgorithm(rpd.getAlgorithmSuite().getEncryption());
+ encr.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ if(this.timestampElement != null){
+ this.setInsertionLocation(this.timestampElement);
+ }else{
+ this.setInsertionLocation(null);
+ }
+
+ if(encr.getBSTTokenId() != null) {
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encr.getBinarySecurityTokenElement()));
+ }
+
+
+ Element encryptedKeyElement = encr.getEncryptedKeyElement();
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfterOrPrepend(rmd,
+ this.getInsertionLocation(),
+ encryptedKeyElement));
+
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForInternalRef(null, encrParts);
+
+ //Add internal refs
+ encryptedKeyElement.appendChild(refList);
+// RampartUtil.insertSiblingAfter(rmd,
+// this.getInsertionLocation(),
+// refList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0)
+ +", Encryption took :" + (t2 - t1) );
+ }
+
+ }
+
+ private void doSignature(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ long t0 = 0, t1 = 0;
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+ if(rmd.isInitiator()) {
+ sigToken = rpd.getInitiatorToken();
+ } else {
+ sigToken = rpd.getRecipientToken();
+ }
+
+ if (sigToken.isDerivedKeys()) {
+ // Set up the encrypted key to use
+ if(this.encrKey == null) {
+ setupEncryptedKey(rmd, sigToken);
+ }
+
+ WSSecDKSign dkSign = new WSSecDKSign();
+ dkSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
+
+ // Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite()
+ .getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite()
+ .getMinimumSymmetricKeyLength() / 8);
+
+ try {
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if (rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getId()));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ // Do signature
+ dkSign.computeSignature();
+
+ ;
+ // Add elements to header
+ this.sigDKTElement = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign.getdktElement());
+ this.setInsertionLocation(this.sigDKTElement);
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), dkSign
+ .getSignatureElement()));
+
+ this.mainSigId = RampartUtil
+ .addWsuIdToElement((OMElement) dkSign
+ .getSignatureElement());
+
+ signatureValues.add(dkSign.getSignatureValue());
+
+ signatureElement = dkSign.getSignatureElement();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ sig = this.getSignatureBuider(rmd, sigToken);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd, this
+ .getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+
+ if (rmd.getPolicyData().isTokenProtection()
+ && sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ signatureElement = sig.getSignatureElement();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd, this.getInsertionLocation(), signatureElement));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement) signatureElement);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ signatureValues.add(sig.getSignatureValue());
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0));
+ }
+
+ }
+
+ /**
+ * @param rmd
+ * @throws RampartException
+ */
+ private void setupEncryptedKey(RampartMessageData rmd, Token token)
+ throws RampartException {
+ if(!rmd.isInitiator() && token.isDerivedKeys()) {
+
+ //If we already have them, simply return
+ if(this.encryptedKeyId != null && this.encryptedKeyValue != null) {
+ return;
+ }
+
+ //Use the secret from the incoming EncryptedKey element
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encryptedKeyId = RampartUtil.getRequestEncryptedKeyId((Vector)resultsObj);
+ encryptedKeyValue = RampartUtil.getRequestEncryptedKeyValue((Vector)resultsObj);
+
+ //In the case where we don't have the EncryptedKey in the
+ //request, for the control to have reached this state,
+ //the scenario MUST be a case where this is the response
+ //message by a listener created for an async client
+ //Therefor we will create a new EncryptedKey
+ if(encryptedKeyId == null && encryptedKeyValue == null) {
+ createEncryptedKey(rmd, token);
+ }
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ createEncryptedKey(rmd, token);
+ }
+
+ }
+
+ /**
+ * Create an encrypted key element
+ * @param rmd
+ * @param token
+ * @throws RampartException
+ */
+ private void createEncryptedKey(RampartMessageData rmd, Token token) throws RampartException {
+ //Set up the encrypted key to use
+ encrKey = this.getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ // If a BST is available then use it
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ // Add the EncryptedKey
+ encrTokenElement = encrKey.getEncryptedKeyElement();
+ this.encrTokenElement = RampartUtil.appendChildToSecHeader(rmd,
+ encrTokenElement);
+ encryptedKeyValue = encrKey.getEphemeralKey();
+ encryptedKeyId = encrKey.getId();
+
+ //Store the token for client - response verification
+ // and server - response creation
+ try {
+ org.apache.rahas.Token tok = new org.apache.rahas.Token(
+ encryptedKeyId, (OMElement)encrTokenElement , null, null);
+ tok.setSecret(encryptedKeyValue);
+ rmd.getTokenStorage().add(tok);
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore", e);
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
new file mode 100644
index 0000000..8c54b13
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
@@ -0,0 +1,701 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.Vector;
+import java.util.Map.Entry;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.client.Options;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecSignatureConfirmation;
+import org.apache.ws.security.message.WSSecTimestamp;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public abstract class BindingBuilder {
+ private static Log log = LogFactory.getLog(BindingBuilder.class);
+
+ private Element insertionLocation;
+
+ protected String mainSigId = null;
+
+ protected Element timestampElement;
+
+
+ /**
+ * @param rmd
+ */
+ protected void addTimestamp(RampartMessageData rmd) {
+ log.debug("Adding timestamp");
+
+ WSSecTimestamp timestampBuilder = new WSSecTimestamp();
+ timestampBuilder.setWsConfig(rmd.getConfig());
+
+ timestampBuilder.setTimeToLive(RampartUtil.getTimeToLive(rmd));
+
+ // add the Timestamp to the SOAP Enevelope
+
+ timestampBuilder.build(rmd.getDocument(), rmd
+ .getSecHeader());
+
+ log.debug("Timestamp id: " + timestampBuilder.getId());
+
+ rmd.setTimestampId(timestampBuilder.getId());
+
+ this.timestampElement = timestampBuilder.getElement();
+ log.debug("Adding timestamp: DONE");
+ }
+
+ /**
+ * Add a UsernameToken to the security header
+ * @param rmd
+ * @return The <code>WSSecUsernameToken</code> instance
+ * @throws RampartException
+ */
+ protected WSSecUsernameToken addUsernameToken(RampartMessageData rmd) throws RampartException {
+
+ log.debug("Adding a UsernameToken");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ //Get the user
+ //First try options
+ Options options = rmd.getMsgContext().getOptions();
+ String user = options.getUserName();
+ if(user == null || user.length() == 0) {
+ //Then try RampartConfig
+ if(rpd.getRampartConfig() != null) {
+ user = rpd.getRampartConfig().getUser();
+ }
+ }
+
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+
+ //First check options object for a password
+ String password = options.getPassword();
+
+ if((password == null || password.length() == 0) &&
+ rpd.getRampartConfig() != null) {
+
+ //Then try to get the password from the given callback handler
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.USERNAME_TOKEN) };
+ try {
+ handler.handle(cb);
+ } catch (Exception e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ //get the password
+ password = cb[0].getPassword();
+ }
+
+ log.debug("Password : " + password);
+
+ if(password != null && !"".equals(password)) {
+ //If the password is available then build the token
+
+ WSSecUsernameToken utBuilder = new WSSecUsernameToken();
+
+ //TODO Get the UT type, only WS-SX spec supports this
+ utBuilder.setUserInfo(user, password);
+
+ return utBuilder;
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ }
+
+
+ /**
+ * @param rmd
+ * @param token
+ * @return
+ * @throws WSSecurityException
+ * @throws RampartException
+ */
+ protected WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ WSSecEncryptedKey encrKey = new WSSecEncryptedKey();
+ if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ Wss10 wss = rpd.getWss11();
+ if(wss == null) {
+ wss = rpd.getWss10();
+ }
+ if(wss.isMustSupportRefKeyIdentifier()) {
+ encrKey.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(wss.isMustSupportRefIssuerSerial()) {
+ encrKey.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ } else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
+ encrKey.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ encrKey.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ try {
+ RampartUtil.setEncryptionUser(rmd, encrKey);
+ encrKey.setKeySize(rpd.getAlgorithmSuite().getMaximumSymmetricKeyLength());
+ encrKey.setKeyEncAlgo(rpd.getAlgorithmSuite().getAsymmetricKeyWrap());
+
+ encrKey.prepare(doc, RampartUtil.getEncryptionCrypto(rpd.getRampartConfig(), rmd.getCustomClassLoader()));
+
+ return encrKey;
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorCreatingEncryptedKey", e);
+ }
+ }
+
+
+ protected WSSecSignature getSignatureBuider(RampartMessageData rmd, Token token) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+
+ log.debug("Token inclusion: " + token.getInclusion());
+ if(token.getInclusion().equals(Constants.INCLUDE_NEVER)) {
+ Wss10 wss = rpd.getWss11();
+ if(wss == null) {
+ wss = rpd.getWss10();
+ }
+ if(wss.isMustSupportRefKeyIdentifier()) {
+ sig.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
+ } else if(wss.isMustSupportRefIssuerSerial()) {
+ sig.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
+ } else if(wss instanceof Wss11 && ((Wss11)wss).isMustSupportRefThumbprint()) {
+ sig.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ }
+ } else {
+ sig.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+ }
+
+ //Get the user
+ String user = rpd.getRampartConfig().getUser();
+ String password = null;
+
+ if(user != null && !"".equals(user)) {
+ log.debug("User : " + user);
+
+ //Get the password
+ CallbackHandler handler = RampartUtil.getPasswordCB(rmd);
+
+ if(handler == null) {
+ //If the callback handler is missing
+ throw new RampartException("cbHandlerMissing");
+ }
+
+ WSPasswordCallback[] cb = { new WSPasswordCallback(user,
+ WSPasswordCallback.SIGNATURE) };
+
+ try {
+ handler.handle(cb);
+ if(cb[0].getPassword() != null && !"".equals(cb[0].getPassword())) {
+ password = cb[0].getPassword();
+ log.debug("Password : " + password);
+ } else {
+ //If there's no password then throw an exception
+ throw new RampartException("noPasswordForUser",
+ new String[]{user});
+ }
+ } catch (IOException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ } catch (UnsupportedCallbackException e) {
+ throw new RampartException("errorInGettingPasswordForUser",
+ new String[]{user}, e);
+ }
+
+ } else {
+ log.debug("No user value specified in the configuration");
+ throw new RampartException("userMissing");
+ }
+
+ sig.setUserInfo(user, password);
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+
+ try {
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+ return sig;
+ }
+
+ /**
+ * @param rmd
+ * @param suppTokens
+ * @throws RampartException
+ */
+ protected HashMap handleSupportingTokens(RampartMessageData rmd, SupportingToken suppTokens)
+ throws RampartException {
+
+ //Create the list to hold the tokens
+ HashMap endSuppTokMap = new HashMap();
+
+ if(suppTokens != null && suppTokens.getTokens() != null &&
+ suppTokens.getTokens().size() > 0) {
+ log.debug("Processing supporting tokens");
+
+ ArrayList tokens = suppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ org.apache.rahas.Token endSuppTok = null;
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+ try {
+ endSuppTok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id}, e);
+ }
+
+ if(endSuppTok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{id});
+ }
+
+ //Add the token to the header
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ (Element) endSuppTok.getToken());
+ this.setInsertionLocation(siblingElem);
+
+ //Add the extracted token
+ endSuppTokMap.put(token, endSuppTok);
+
+ } else if(token instanceof X509Token) {
+ //Get the to be added
+ if(token.isDerivedKeys()) {
+ //We have to use an EncryptedKey
+ try {
+ WSSecEncryptedKey encrKey = this
+ .getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd, this.getInsertionLocation(),
+ bstElem);
+ this.setInsertionLocation(siblingElem);
+ }
+
+ Element siblingElem = RampartUtil
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ encrKey.getEncryptedKeyElement());
+
+ this.setInsertionLocation(siblingElem);
+
+ Date now = new Date();
+ endSuppTok =
+ new org.apache.rahas.Token(encrKey.getId(),
+ (OMElement)encrKey.getEncryptedKeyElement(),
+ now, new Date(now.getTime() + 300000));
+
+ endSuppTokMap.put(token, endSuppTok);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ } else {
+ //We have to use a cert
+ //Prepare X509 signature
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+ Element bstElem = sig.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ bstElem = RampartUtil.insertSiblingAfter(rmd,
+ this.getInsertionLocation(), bstElem);
+ this.setInsertionLocation(bstElem);
+ }
+ endSuppTokMap.put(token, sig);
+ }
+ } else if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ Element elem = utBuilder.getUsernameTokenElement();
+ RampartUtil.insertSiblingAfter(rmd, this.getInsertionLocation(), elem);
+
+ //Move the insert location to th enext element
+ this.setInsertionLocation(elem);
+ Date now = new Date();
+ try {
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ utBuilder.getId(), (OMElement) elem, now,
+ new Date(now.getTime() + 300000));
+ endSuppTokMap.put(token, tempTok);
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRahasToken", e);
+ }
+ }
+ }
+ }
+
+ return endSuppTokMap;
+ }
+ /**
+ * @param tokenMap
+ * @param sigParts
+ * @throws RampartException
+ */
+ protected Vector addSignatureParts(HashMap tokenMap, Vector sigParts) throws RampartException {
+
+ Set entrySet = tokenMap.entrySet();
+
+ for (Iterator iter = entrySet.iterator(); iter.hasNext();) {
+ Object tempTok = ((Entry)iter.next()).getValue();
+ WSEncryptionPart part = null;
+
+ if(tempTok instanceof org.apache.rahas.Token) {
+
+ part = new WSEncryptionPart(
+ ((org.apache.rahas.Token) tempTok).getId());
+
+ } else if(tempTok instanceof WSSecSignature) {
+ WSSecSignature tempSig = (WSSecSignature) tempTok;
+ if(tempSig.getBSTTokenId() != null) {
+ part = new WSEncryptionPart(tempSig.getBSTTokenId());
+ }
+ } else {
+
+ throw new RampartException("UnsupportedTokenInSupportingToken");
+ }
+ sigParts.add(part);
+ }
+
+ return sigParts;
+ }
+
+
+ public Element getInsertionLocation() {
+ return insertionLocation;
+ }
+
+ public void setInsertionLocation(Element insertionLocation) {
+ this.insertionLocation = insertionLocation;
+ }
+
+
+ protected Vector doEndorsedSignatures(RampartMessageData rmd, HashMap tokenMap) throws RampartException {
+
+ Set tokenSet = tokenMap.keySet();
+
+ Vector sigValues = new Vector();
+
+ for (Iterator iter = tokenSet.iterator(); iter.hasNext();) {
+
+ Token token = (Token)iter.next();
+
+ Object tempTok = tokenMap.get(token);
+
+ Vector sigParts = new Vector();
+ sigParts.add(new WSEncryptionPart(this.mainSigId));
+
+ if (tempTok instanceof org.apache.rahas.Token) {
+ org.apache.rahas.Token tok = (org.apache.rahas.Token)tempTok;
+ if(rmd.getPolicyData().isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(tok.getId()));
+ }
+
+ this.doSymmSignature(rmd, token, (org.apache.rahas.Token)tempTok, sigParts);
+
+ } else if (tempTok instanceof WSSecSignature) {
+ WSSecSignature sig = (WSSecSignature)tempTok;
+ if(rmd.getPolicyData().isTokenProtection() &&
+ sig.getBSTTokenId() != null) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ try {
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+ sig.computeSignature();
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+ sigValues.add(sig.getSignatureValue());
+ }
+ }
+
+ return sigValues;
+
+ }
+
+
+ protected byte[] doSymmSignature(RampartMessageData rmd, Token policyToken, org.apache.rahas.Token tok, Vector sigParts) throws RampartException {
+
+ Document doc = rmd.getDocument();
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if(policyToken.isDerivedKeys() || policyToken instanceof SecureConversationToken) {
+ try {
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSign.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
+ dkSign.prepare(doc, rmd.getSecHeader());
+
+ if(rpd.isTokenProtection()) {
+
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ String sigTokId = tok.getId();
+ if(sigTokId.startsWith("#")) {
+ sigTokId = sigTokId.substring(1);
+ }
+ sigParts.add(new WSEncryptionPart(sigTokId));
+ }
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ //Add elements to header
+ this.setInsertionLocation(RampartUtil
+ .insertSiblingAfter(rmd,
+ this.getInsertionLocation(),
+ dkSign.getdktElement()));
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ dkSign.getSignatureElement()));
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+ } else {
+ try {
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ String sigTokId = tok.getId();
+ if(sigTokId.startsWith("#")) {
+ sigTokId = sigTokId.substring(1);
+ }
+ sig.setCustomTokenId(sigTokId);
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
+ WSConstants.SAML_ASSERTION_ID);
+ sig.setSecretKey(tok.getSecret());
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+
+ sig.setParts(sigParts);
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ sig.computeSignature();
+
+
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ return sig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithACustomToken", e);
+ }
+
+ }
+ }
+
+ /**
+ * Get hold of the token from the token storage
+ * @param rmd
+ * @param tokenId
+ * @return token from the token storage
+ * @throws RampartException
+ */
+ protected org.apache.rahas.Token getToken(RampartMessageData rmd,
+ String tokenId) throws RampartException {
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(tokenId);
+ } catch (TrustException e) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId}, e);
+ }
+
+ if(tok == null) {
+ throw new RampartException("errorInRetrievingTokenId",
+ new String[]{tokenId});
+ }
+ return tok;
+ }
+
+
+ protected void addSignatureConfirmation(RampartMessageData rmd, Vector sigParts) {
+
+ if(!rmd.getPolicyData().isSignatureConfirmation()) {
+
+ //If we don't require sig confirmation simply go back :-)
+ return;
+ }
+
+ Document doc = rmd.getDocument();
+
+ Vector results = (Vector)rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ /*
+ * loop over all results gathered by all handlers in the chain. For each
+ * handler result get the various actions. After that loop we have all
+ * signature results in the signatureActions vector
+ */
+ Vector signatureActions = new Vector();
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult wshResult = (WSHandlerResult) results.get(i);
+
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.SIGN, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.ST_SIGNED, signatureActions);
+ WSSecurityUtil.fetchAllActionResults(wshResult.getResults(),
+ WSConstants.UT_SIGN, signatureActions);
+ }
+
+ // prepare a SignatureConfirmation token
+ WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation();
+ if (signatureActions.size() > 0) {
+ if (log.isDebugEnabled()) {
+ log.debug("Signature Confirmation: number of Signature results: "
+ + signatureActions.size());
+ }
+ for (int i = 0; i < signatureActions.size(); i++) {
+ WSSecurityEngineResult wsr = (WSSecurityEngineResult) signatureActions
+ .get(i);
+ byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
+ wsc.setSignatureValue(sigVal);
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ } else {
+ //No Sig value
+ wsc.prepare(doc);
+ RampartUtil.appendChildToSecHeader(rmd, wsc.getSignatureConfirmationElement());
+ if(sigParts != null) {
+ sigParts.add(new WSEncryptionPart(wsc.getId()));
+ }
+ }
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..8dc42c5
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/SymmetricBindingBuilder.java
@@ -0,0 +1,716 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.WSSecDKEncrypt;
+import org.apache.ws.security.message.WSSecEncrypt;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+
+public class SymmetricBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(SymmetricBindingBuilder.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private boolean dotDebug = false;
+
+
+ public SymmetricBindingBuilder(){
+ dotDebug = tlog.isDebugEnabled();
+ }
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("SymmetricBindingBuilder build invoked");
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ if(rpd.isIncludeTimestamp()) {
+ this.addTimestamp(rmd);
+ }
+
+ if(rmd.isInitiator()) {
+ //Setup required tokens
+ initializeTokens(rmd);
+ }
+
+
+ if(Constants.ENCRYPT_BEFORE_SIGNING.equals(rpd.getProtectionOrder())) {
+ this.doEncryptBeforeSig(rmd);
+ } else {
+ this.doSignBeforeEncrypt(rmd);
+ }
+
+
+ log.debug("SymmetricBindingBuilder build invoked : DONE");
+
+ }
+
+ private void doEncryptBeforeSig(RampartMessageData rmd) throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ Vector signatureValues = new Vector();
+
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+
+ Token encryptionToken = rpd.getEncryptionToken();
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ if(encryptionToken == null && encrParts.size() > 0) {
+ throw new RampartException("encryptionTokenMissing");
+ }
+
+ if(encryptionToken != null && encrParts.size() > 0) {
+ //The encryption token can be an IssuedToken or a
+ //SecureConversationToken
+ String tokenId = null;
+ org.apache.rahas.Token tok = null;
+
+ if(encryptionToken instanceof IssuedToken) {
+ tokenId = rmd.getIssuedEncryptionTokenId();
+ log.debug("Issued EncryptionToken Id : " + tokenId);
+ } else if(encryptionToken instanceof SecureConversationToken) {
+ tokenId = rmd.getSecConvTokenId();
+ log.debug("SCT Id : " + tokenId);
+ } else if (encryptionToken instanceof X509Token) {
+ tokenId = setupEncryptedKey(rmd, encryptionToken);
+ } //TODO SAMLToken
+
+ if(tokenId == null || tokenId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ /*
+ * Get hold of the token from the token storage
+ */
+ tok = this.getToken(rmd, tokenId);
+
+ /*
+ * Attach the token into the message based on token inclusion
+ * values
+ */
+ boolean attached = false;
+ Element encrTokenElement = null;
+ Element refList = null;
+ WSSecDKEncrypt dkEncr = null;
+ WSSecEncrypt encr = null;
+ Element encrDKTokenElem = null;
+
+ if(Constants.INCLUDE_ALWAYS.equals(encryptionToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(encryptionToken.getInclusion()) ||
+ (rmd.isInitiator() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encryptionToken.getInclusion()))) {
+ encrTokenElement = RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ attached = true;
+ }
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(encryptionToken instanceof X509Token) {
+ RampartUtil.appendChildToSecHeader(rmd, tok.getToken());
+ }
+ Document doc = rmd.getDocument();
+
+ if(encryptionToken.isDerivedKeys()) {
+ log.debug("Use drived keys");
+
+ dkEncr = new WSSecDKEncrypt();
+
+ if(attached && tok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getAttachedReference(),
+ true));
+
+ } else if(tok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(tok.getSecret(), (Element) doc
+ .importNode((Element) tok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(tok.getSecret(), tok.getId());
+ }
+ try {
+ dkEncr.prepare(doc);
+ encrDKTokenElem = dkEncr.getdktElement();
+ RampartUtil.appendChildToSecHeader(rmd, encrDKTokenElem);
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ log.debug("NO derived keys, use the shared secret");
+ encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+
+ encr.setEphemeralKey(tok.getSecret());
+ encr.setDocument(doc);
+
+ try {
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ RampartUtil.appendChildToSecHeader(rmd, refList);
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ this.setInsertionLocation(encrTokenElement);
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+
+ //Sign the message
+ //We should use the same key in the case of EncryptBeforeSig
+ signatureValues.add(this.doSymmSignature(rmd, encryptionToken, tok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+
+ if(rmd.isInitiator()) {
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Encryption took :" + (t1 - t0)
+ +", Signature tool :" + (t2 - t1) );
+ }
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ long t3 = 0, t4 = 0;
+ if(dotDebug){
+ t3 = System.currentTimeMillis();
+ }
+ log.debug("Signature protection");
+ Vector secondEncrParts = new Vector();
+
+ //Now encrypt the signature using the above token
+ secondEncrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+
+ Element secondRefList = null;
+
+ if(encryptionToken.isDerivedKeys()) {
+ try {
+ secondRefList = dkEncr.encryptForExternalRef(null,
+ secondEncrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrDKTokenElem,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+ //Encrypt, get hold of the ref list and add it
+ secondRefList = encr.encryptForExternalRef(null,
+ encrParts);
+ RampartUtil.insertSiblingAfter(
+ rmd,
+ encrTokenElement,
+ secondRefList);
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+ if(dotDebug){
+ t4 = System.currentTimeMillis();
+ tlog.debug("Signature protection took :" + (t4 - t3));
+ }
+ }
+
+ } else {
+ throw new RampartException("encryptionTokenMissing");
+ }
+ }
+
+
+ private void doSignBeforeEncrypt(RampartMessageData rmd) throws RampartException {
+
+ long t0 = 0, t1 = 0, t2 = 0;
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ if(dotDebug){
+ t0 = System.currentTimeMillis();
+ }
+ Token sigToken = rpd.getSignatureToken();
+
+ String encrTokId = null;
+ String sigTokId = null;
+
+ org.apache.rahas.Token encrTok = null;
+ org.apache.rahas.Token sigTok = null;
+
+ Element sigTokElem = null;
+
+ Vector signatureValues = new Vector();
+
+ if(sigToken != null) {
+ if(sigToken instanceof SecureConversationToken) {
+ sigTokId = rmd.getSecConvTokenId();
+ } else if(sigToken instanceof IssuedToken) {
+ sigTokId = rmd.getIssuedSignatureTokenId();
+ } else if(sigToken instanceof X509Token) {
+ sigTokId = setupEncryptedKey(rmd, sigToken);
+ }
+ } else {
+ throw new RampartException("signatureTokenMissing");
+ }
+
+ if(sigTokId == null || sigTokId.length() == 0) {
+ throw new RampartException("noSecurityToken");
+ }
+
+ sigTok = this.getToken(rmd, sigTokId);
+
+ if(Constants.INCLUDE_ALWAYS.equals(sigToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(sigToken.getInclusion()) ||
+ (rmd.isInitiator() &&
+ Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(
+ sigToken.getInclusion()))) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd,
+ sigTok.getToken());
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+
+ //In the X509 case we MUST add the EncryptedKey
+ if(sigToken instanceof X509Token) {
+ sigTokElem = RampartUtil.appendChildToSecHeader(rmd, sigTok.getToken());
+
+ //Set the insertion location
+ this.setInsertionLocation(sigTokElem);
+ }
+
+
+ HashMap sigSuppTokMap = null;
+ HashMap endSuppTokMap = null;
+ HashMap sgndEndSuppTokMap = null;
+ Vector sigParts = RampartUtil.getSignedParts(rmd);
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(RampartUtil
+ .addWsuIdToElement((OMElement) this.timestampElement)));
+ }
+
+ if(rmd.isInitiator()) {
+ // Now add the supporting tokens
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ sigSuppTokMap = this.handleSupportingTokens(rmd, sgndSuppTokens);
+
+ SupportingToken endSuppTokens = rpd.getEndorsingSupportingTokens();
+
+ endSuppTokMap = this.handleSupportingTokens(rmd, endSuppTokens);
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+
+ sgndEndSuppTokMap = this.handleSupportingTokens(rmd, sgndEndSuppTokens);
+
+ //Setup signature parts
+ sigParts = addSignatureParts(sigSuppTokMap, sigParts);
+ sigParts = addSignatureParts(sgndEndSuppTokMap, sigParts);
+ } else {
+ addSignatureConfirmation(rmd, sigParts);
+ }
+ //Sign the message
+ signatureValues.add(this.doSymmSignature(rmd, sigToken, sigTok, sigParts));
+
+ this.mainSigId = RampartUtil.addWsuIdToElement((OMElement)this.getInsertionLocation());
+
+ if(rmd.isInitiator()) {
+ //Do endorsed signatures
+ Vector endSigVals = this.doEndorsedSignatures(rmd, endSuppTokMap);
+ for (Iterator iter = endSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+
+ //Do signed endorsing signatures
+ Vector sigEndSigVals = this.doEndorsedSignatures(rmd, sgndEndSuppTokMap);
+ for (Iterator iter = sigEndSigVals.iterator(); iter.hasNext();) {
+ signatureValues.add(iter.next());
+ }
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ //Encryption
+ Token encrToken = rpd.getEncryptionToken();
+ Element encrTokElem = null;
+ if(sigToken.equals(encrToken)) {
+ //Use the same token
+ encrTokId = sigTokId;
+ encrTok = sigTok;
+ encrTokElem = sigTokElem;
+ } else {
+ encrTokId = rmd.getIssuedEncryptionTokenId();
+ encrTok = this.getToken(rmd, encrTokId);
+
+ if(Constants.INCLUDE_ALWAYS.equals(encrToken.getInclusion()) ||
+ Constants.INCLUDE_ONCE.equals(encrToken.getInclusion()) ||
+ (rmd.isInitiator() && Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(encrToken.getInclusion()))) {
+ encrTokElem = (Element)encrTok.getToken();
+
+ //Add the encrToken element before the sigToken element
+ RampartUtil.insertSiblingBefore(rmd, sigTokElem, encrTokElem);
+ }
+
+ }
+
+ Vector encrParts = RampartUtil.getEncryptedParts(rmd);
+
+ //Check for signature protection
+ if(rpd.isSignatureProtection() && this.mainSigId != null) {
+ //Now encrypt the signature using the above token
+ encrParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
+ }
+ Element refList = null;
+
+ if(encrToken.isDerivedKeys() || encrToken instanceof SecureConversationToken) {
+
+ try {
+ WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
+
+ if(encrTokElem != null && encrTok.getAttachedReference() != null) {
+
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getAttachedReference(),
+ true));
+
+ } else if(encrTok.getUnattachedReference() != null) {
+ dkEncr.setExternalKey(encrTok.getSecret(), (Element) doc
+ .importNode((Element) encrTok.getUnattachedReference(),
+ true));
+ } else {
+ dkEncr.setExternalKey(encrTok.getSecret(), encrTok.getId());
+ }
+
+ dkEncr.prepare(doc);
+ Element encrDKTokenElem = null;
+ encrDKTokenElem = dkEncr.getdktElement();
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd, encrTokElem, encrDKTokenElem);
+ } else {
+ RampartUtil.insertSiblingAfter(rmd, this.timestampElement, encrDKTokenElem);
+ }
+
+ refList = dkEncr.encryptForExternalRef(null, encrParts);
+
+ RampartUtil.insertSiblingAfter(rmd,
+ encrDKTokenElem,
+ refList);
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDKEncr");
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDKEncr");
+ }
+ } else {
+ try {
+
+ WSSecEncrypt encr = new WSSecEncrypt();
+
+ encr.setWsConfig(rmd.getConfig());
+ //Hack to handle reference id issues
+ //TODO Need a better fix
+ if(encrTokId.startsWith("#")) {
+ encrTokId = encrTokId.substring(1);
+ }
+ encr.setEncKeyId(encrTokId);
+ encr.setEphemeralKey(encrTok.getSecret());
+ RampartUtil.setEncryptionUser(rmd, encr);
+ encr.setDocument(doc);
+ encr.setEncryptSymmKey(false);
+ encr.prepare(doc, RampartUtil.getEncryptionCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()));
+
+ //Encrypt, get hold of the ref list and add it
+ refList = encr.encryptForExternalRef(null, encrParts);
+
+ if(encrTokElem != null) {
+ RampartUtil.insertSiblingAfter(rmd,
+ encrTokElem,
+ refList);
+ } else {
+ RampartUtil.insertSiblingAfter(rmd,
+ this.timestampElement,
+ refList);
+ }
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInEncryption", e);
+ }
+ }
+
+ if(dotDebug){
+ t2 = System.currentTimeMillis();
+ tlog.debug("Signature took :" + (t1 - t0)
+ +", Encryption took :" + (t2 - t1) );
+ }
+
+
+ }
+
+ /**
+ * @param rmd
+ * @param sigToken
+ * @return
+ * @throws RampartException
+ */
+ private String setupEncryptedKey(RampartMessageData rmd, Token sigToken)
+ throws RampartException {
+ try {
+ WSSecEncryptedKey encrKey = this.getEncryptedKeyBuilder(rmd,
+ sigToken);
+ String id = encrKey.getId();
+ //Create a rahas token from this info and store it so we can use
+ //it in the next steps
+
+ Date created = new Date();
+ Date expires = new Date();
+ //TODO make this lifetime configurable ???
+ expires.setTime(System.currentTimeMillis() + 300000);
+ org.apache.rahas.Token tempTok = new org.apache.rahas.Token(
+ id,
+ (OMElement) encrKey.getEncryptedKeyElement(),
+ created,
+ expires);
+ tempTok.setSecret(encrKey.getEphemeralKey());
+
+ rmd.getTokenStorage().add(tempTok);
+
+ String bstTokenId = encrKey.getBSTTokenId();
+ //If direct ref is used to refer to the cert
+ //then add the cert to the sec header now
+ if(bstTokenId != null && bstTokenId.length() > 0) {
+ RampartUtil.appendChildToSecHeader(rmd,
+ encrKey.getBinarySecurityTokenElement());
+ }
+
+ return id;
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInAddingTokenIntoStore");
+ }
+ }
+
+ /**
+ * Setup the required tokens
+ * @param rmd
+ * @param rpd
+ * @throws RampartException
+ */
+ private void initializeTokens(RampartMessageData rmd) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ MessageContext msgContext = rmd.getMsgContext();
+ if(rpd.isSymmetricBinding() && !msgContext.isServerSide()) {
+ log.debug("Processing symmetric binding: " +
+ "Setting up encryption token and signature token");
+ //Setting up encryption token and signature token
+
+ Token sigTok = rpd.getSignatureToken();
+ Token encrTok = rpd.getEncryptionToken();
+ if(sigTok instanceof IssuedToken) {
+
+ log.debug("SignatureToken is an IssuedToken");
+
+ if(rmd.getIssuedSignatureTokenId() == null) {
+ log.debug("No Issuedtoken found, requesting a new token");
+
+ IssuedToken issuedToken = (IssuedToken)sigTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedSignatureTokenId(id);
+
+ }
+
+ } else if(sigTok instanceof SecureConversationToken) {
+
+ log.debug("SignatureToken is a SecureConversationToken");
+
+ //TODO check for an existing token and use it
+
+ String secConvTokenId = rmd.getSecConvTokenId();
+
+ //The RSTR has to be secured with the cancelled token
+ String action = msgContext.getOptions().getAction();
+ boolean cancelReqResp = action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RSTR_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT) ||
+ action.equals(RahasConstants.WST_NS_05_02 + RahasConstants.RST_ACTION_CANCEL_SCT);
+
+ //In the case of the cancel req or resp we should mark the token as cancelled
+ if(secConvTokenId != null && cancelReqResp) {
+ try {
+ rmd.getTokenStorage().getToken(secConvTokenId).setState(org.apache.rahas.Token.CANCELLED);
+ msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
+
+ //remove from the local map of contexts
+ String contextIdentifierKey = RampartUtil.getContextIdentifierKey(msgContext);
+ RampartUtil.getContextMap(msgContext).remove(contextIdentifierKey);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ if (secConvTokenId == null
+ || (secConvTokenId != null &&
+ (!RampartUtil.isTokenValid(rmd, secConvTokenId) && !cancelReqResp))) {
+
+ log.debug("No SecureConversationToken found, " +
+ "requesting a new token");
+
+ SecureConversationToken secConvTok =
+ (SecureConversationToken) sigTok;
+
+ try {
+
+ String id = RampartUtil.getSecConvToken(rmd, secConvTok);
+ rmd.setSecConvTokenId(id);
+
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingSct", e);
+ }
+ }
+ }
+
+ //If it was the ProtectionToken assertion then sigTok is the
+ //same as encrTok
+ if(sigTok.equals(encrTok) && sigTok instanceof IssuedToken) {
+
+ log.debug("Symmetric binding uses a ProtectionToken, both" +
+ " SignatureToken and EncryptionToken are the same");
+
+ rmd.setIssuedEncryptionTokenId(rmd.getIssuedEncryptionTokenId());
+ } else {
+ //Now we'll have to obtain the encryption token as well :-)
+ //ASSUMPTION: SecureConversationToken is used as a
+ //ProtectionToken therefore we only have to process a issued
+ //token here
+
+ log.debug("Obtaining the Encryption Token");
+ if(rmd.getIssuedEncryptionTokenId() != null) {
+
+ log.debug("EncrytionToken not alredy set");
+
+ IssuedToken issuedToken = (IssuedToken)encrTok;
+
+ String id = RampartUtil.getIssuedToken(rmd,
+ issuedToken);
+ rmd.setIssuedEncryptionTokenId(id);
+
+ }
+
+ }
+ }
+
+ //TODO : Support processing IssuedToken and SecConvToken assertoins
+ //in supporting tokens, right now we only support UsernameTokens and
+ //X.509 Tokens
+ }
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
new file mode 100644
index 0000000..9052b08
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
@@ -0,0 +1,424 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.builder;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.util.RampartUtil;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.UsernameToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.message.WSSecDKSign;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.message.WSSecSignature;
+import org.apache.ws.security.message.WSSecUsernameToken;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.Vector;
+
+public class TransportBindingBuilder extends BindingBuilder {
+
+ private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
+ private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);
+ private boolean dotDebug = false;
+
+ public TransportBindingBuilder(){
+ dotDebug = tlog.isDebugEnabled();
+ }
+
+ public void build(RampartMessageData rmd) throws RampartException {
+
+ log.debug("TransportBindingBuilder build invoked");
+
+ long t0 = 0, t1 = 0;
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ }
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ if (rpd.isIncludeTimestamp()) {
+ addTimestamp(rmd);
+ }
+
+ /*
+ * Process Supporting tokens
+ */
+ if(rmd.isInitiator()) {
+ Vector signatureValues = new Vector();
+
+ SupportingToken sgndSuppTokens = rpd.getSignedSupportingTokens();
+
+ if(sgndSuppTokens != null && sgndSuppTokens.getTokens() != null &&
+ sgndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing signed supporting tokens");
+
+ ArrayList tokens = sgndSuppTokens.getTokens();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+
+ Token token = (Token) iter.next();
+ if(token instanceof UsernameToken) {
+ WSSecUsernameToken utBuilder = addUsernameToken(rmd);
+ utBuilder.setPasswordType(WSConstants.PASSWORD_TEXT);
+
+ utBuilder.prepare(rmd.getDocument());
+
+ //Add the UT
+ utBuilder.appendToHeader(rmd.getSecHeader());
+
+ } else {
+ throw new RampartException("unsupportedSignedSupportingToken",
+ new String[]{"{" +token.getName().getNamespaceURI()
+ + "}" + token.getName().getLocalPart()});
+ }
+ }
+ }
+
+ SupportingToken sgndEndSuppTokens = rpd.getSignedEndorsingSupportingTokens();
+ if(sgndEndSuppTokens != null && sgndEndSuppTokens.getTokens() != null &&
+ sgndEndSuppTokens.getTokens().size() > 0) {
+
+ log.debug("Processing endorsing signed supporting tokens");
+
+ ArrayList tokens = sgndEndSuppTokens.getTokens();
+ SignedEncryptedParts signdParts = sgndEndSuppTokens.getSignedParts();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()) {
+ signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token, signdParts));
+ }
+ }
+ }
+
+ SupportingToken endSupptokens = rpd.getEndorsingSupportingTokens();
+ if(endSupptokens != null && endSupptokens.getTokens() != null &&
+ endSupptokens.getTokens().size() > 0) {
+ log.debug("Processing endorsing supporting tokens");
+ ArrayList tokens = endSupptokens.getTokens();
+ SignedEncryptedParts signdParts = endSupptokens.getSignedParts();
+ for (Iterator iter = tokens.iterator(); iter.hasNext();) {
+ Token token = (Token) iter.next();
+ if(token instanceof IssuedToken && rmd.isInitiator()){
+ signatureValues.add(doIssuedTokenSignature(rmd, token, signdParts));
+ } else if(token instanceof X509Token) {
+ signatureValues.add(doX509TokenSignature(rmd, token, signdParts));
+ }
+ }
+ }
+
+
+ SupportingToken supportingToks = rpd.getSupportingTokens();
+ this.handleSupportingTokens(rmd, supportingToks);
+
+
+ //Store the signature values vector
+ rmd.getMsgContext().setProperty(WSHandlerConstants.SEND_SIGV, signatureValues);
+ } else {
+ addSignatureConfirmation(rmd, null);
+ }
+
+ if(dotDebug){
+ t1 = System.currentTimeMillis();
+ tlog.debug("Transport binding build took "+ (t1 - t0));
+ }
+ }
+
+
+
+ /**
+ * X.509 signature
+ * @param rmd
+ * @param token
+ * @param signdParts
+ */
+ private byte[] doX509TokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc = rmd.getDocument();
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+ if(token.isDerivedKeys()) {
+ //In this case we will have to encrypt the ephmeral key with the
+ //other party's key and then use it as the parent key of the
+ // derived keys
+ try {
+
+ WSSecEncryptedKey encrKey = getEncryptedKeyBuilder(rmd, token);
+
+ Element bstElem = encrKey.getBinarySecurityTokenElement();
+ if(bstElem != null) {
+ RampartUtil.appendChildToSecHeader(rmd, bstElem);
+ }
+
+ encrKey.appendToHeader(rmd.getSecHeader());
+
+ WSSecDKSign dkSig = new WSSecDKSign();
+
+ dkSig.setWsConfig(rmd.getConfig());
+
+ dkSig.setSigCanonicalization(rpd.getAlgorithmSuite().getInclusiveC14n());
+ dkSig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ dkSig.setDerivedKeyLength(rpd.getAlgorithmSuite().getMinimumSymmetricKeyLength()/8);
+
+ dkSig.setExternalKey(encrKey.getEphemeralKey(), encrKey.getId());
+
+ dkSig.prepare(doc, rmd.getSecHeader());
+
+
+ if(rpd.isTokenProtection()) {
+ sigParts.add(new WSEncryptionPart(encrKey.getBSTTokenId()));
+ }
+
+ dkSig.setParts(sigParts);
+
+ dkSig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSig.computeSignature();
+
+ dkSig.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSig.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+
+ try {
+ WSSecSignature sig = this.getSignatureBuider(rmd, token);
+
+
+ sig.appendBSTElementToHeader(rmd.getSecHeader());
+
+ if (rpd.isTokenProtection()
+ && !Constants.INCLUDE_NEVER
+ .equals(token.getInclusion())) {
+ sigParts.add(new WSEncryptionPart(sig.getBSTTokenId()));
+ }
+
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ sig.appendToHeader(rmd.getSecHeader());
+
+ sig.computeSignature();
+
+ return sig.getSignatureValue();
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithX509Token", e);
+ }
+
+
+ }
+
+ }
+
+
+ /**
+ * IssuedToken signature
+ * @param rmd
+ * @param token
+ * @param signdParts
+ * @throws RampartException
+ */
+ private byte[] doIssuedTokenSignature(RampartMessageData rmd, Token token, SignedEncryptedParts signdParts) throws RampartException {
+
+ RampartPolicyData rpd = rmd.getPolicyData();
+ Document doc= rmd.getDocument();
+
+ //Get the issued token
+ String id = RampartUtil.getIssuedToken(rmd, (IssuedToken)token);
+
+ String inclusion = token.getInclusion();
+ org.apache.rahas.Token tok = null;
+ try {
+ tok = rmd.getTokenStorage().getToken(id);
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken",
+ new String[]{id} ,e);
+ }
+
+ boolean tokenIncluded = false;
+
+ if(inclusion.equals(Constants.INCLUDE_ALWAYS) ||
+ ((inclusion.equals(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)
+ || inclusion.equals(Constants.INCLUDE_ONCE))
+ && rmd.isInitiator())) {
+
+ //Add the token
+ rmd.getSecHeader().getSecurityHeader().appendChild(
+ doc.importNode((Element) tok.getToken(), true));
+
+ tokenIncluded = true;
+ }
+
+ Vector sigParts = new Vector();
+
+ if(this.timestampElement != null){
+ sigParts.add(new WSEncryptionPart(rmd.getTimestampId()));
+ }
+
+
+ if(rpd.isTokenProtection() && tokenIncluded) {
+ sigParts.add(new WSEncryptionPart(id));
+ }
+
+ if(signdParts != null) {
+ if(signdParts.isBody()) {
+ SOAPEnvelope env = rmd.getMsgContext().getEnvelope();
+ sigParts.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(env.getBody())));
+ }
+
+ ArrayList headers = signdParts.getHeaders();
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ Header header = (Header) iterator.next();
+ WSEncryptionPart wep = new WSEncryptionPart(header.getName(),
+ header.getNamespace(),
+ "Content");
+ sigParts.add(wep);
+ }
+ }
+
+ //check for derived keys
+ if(token.isDerivedKeys()) {
+ //Create a derived key and add
+ try {
+
+ //Do Signature with derived keys
+ WSSecDKSign dkSign = new WSSecDKSign();
+
+ OMElement ref = tok.getAttachedReference();
+ if(ref == null) {
+ ref = tok.getUnattachedReference();
+ }
+ if(ref != null) {
+ dkSign.setExternalKey(tok.getSecret(), (Element)
+ doc.importNode((Element) ref, true));
+ } else {
+ dkSign.setExternalKey(tok.getSecret(), tok.getId());
+ }
+
+ //Set the algo info
+ dkSign.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+
+
+ dkSign.prepare(doc);
+
+ dkSign.appendDKElementToHeader(rmd.getSecHeader());
+
+ dkSign.setParts(sigParts);
+
+ dkSign.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ dkSign.computeSignature();
+
+ dkSign.appendSigToHeader(rmd.getSecHeader());
+
+ return dkSign.getSignatureValue();
+
+ } catch (ConversationException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ } catch (WSSecurityException e) {
+ throw new RampartException(
+ "errorInDerivedKeyTokenSignature", e);
+ }
+
+ } else {
+ try {
+ WSSecSignature sig = new WSSecSignature();
+ sig.setWsConfig(rmd.getConfig());
+ sig.setCustomTokenId(tok.getId().substring(1));
+ sig.setCustomTokenValueType(WSConstants.WSS_SAML_NS +
+ WSConstants.SAML_ASSERTION_ID);
+ sig.setSecretKey(tok.getSecret());
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getAsymmetricSignature());
+ sig.setSignatureAlgorithm(rpd.getAlgorithmSuite().getSymmetricSignature());
+ sig.setKeyIdentifierType(WSConstants.CUSTOM_SYMM_SIGNING);
+ sig.prepare(rmd.getDocument(), RampartUtil.getSignatureCrypto(rpd
+ .getRampartConfig(), rmd.getCustomClassLoader()),
+ rmd.getSecHeader());
+
+ sig.setParts(sigParts);
+ sig.addReferencesToSign(sigParts, rmd.getSecHeader());
+
+ //Do signature
+ sig.computeSignature();
+
+ //Add elements to header
+ this.setInsertionLocation(RampartUtil.insertSiblingAfter(
+ rmd,
+ this.getInsertionLocation(),
+ sig.getSignatureElement()));
+
+ return sig.getSignatureValue();
+
+ } catch (WSSecurityException e) {
+ throw new RampartException("errorInSignatureWithACustomToken", e);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
new file mode 100644
index 0000000..708cf06
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/errors.properties
@@ -0,0 +1,87 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+missingConfiguration = Missing or malformed configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+missingScopeValue = Missing or incorrect scope value
+canotFindContextIdentifier = Cannot find context identifier
+missingWSAAction = wsa:Action value missing
+missingWSATo = wsa:To address value missing
+cannotCrateCryptoInstance = Cannot create Crypto instance
+noInfoForCBhandler = Cannot obtain a callback handler with available configuration information
+missingEncryptionUser=Encryption user not specified (The context is created by the initiating party)
+
+missingSignatureCrypto=Signature crypto information not available
+missingEncryptionCrypto=Encryption crypto information not available
+missingCallbackHandler=Password callback handler cannot be located
+errorInObtainingSct=Error in obtaining SCT from \"{0}\"
+errorInObtainingToken=Error in obtaining a token
+errorInExtractingMsgProps = Error in extracting message properties
+userMissing = No user value in the rampart configuration policy
+cbHandlerMissing = Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
+errorInGettingPasswordForUser = Error in getting password for user : \"{0}\"
+noPasswordForUser = No password supplied by the callback handler for the user : \"{0}\"
+unsupportedSignedSupportingToken = Unsupported SignedSupportingToken : \"{0}\"
+errorExtractingToken = Error extracting token : \"{0}\"
+errorInAddingTokenIntoStore = Error in adding token into store
+errorInDerivedKeyTokenSignature = Error in DerivedKeyToken signature
+errorInSignatureWithX509Token = Error in signature with X509Token
+errorInSignatureWithACustomToken = Error in signature with a custom token
+errorCreatingEncryptedKey = Error in creating an encrypted key
+errorGettingSignatureValuesForSigconf = Error in getting signature values for signature confirmation
+cannotLoadPWCBClass = Cannot load password callback class: {0}
+cannotCreatePWCBInstance = Cannot create instance of password callback : {0}
+pwcbFailed = password callback failed
+unknownKeyRefSpeficier = Unknown key reference specifier for X509Token
+errorInRetrievingTokenId = Error in retrieving token : {0}
+errorInEncryption = Error in encryption
+errorInDKEncr = Error in encryption with a derived key
+errorCreatingRahasToken = Error in creating a org.apache.rahas.Token instance
+UnsupportedTokenInSupportingToken = Unsupported token in supporting tokens
+encryptionTokenMissing = Encryption token missing
+signatureTokenMissing = Signature token missing
+errorInEncryption = Error during encryption
+sctIssuerPolicyMissing = sct-issuer-policy parameter missing
+errorInTokenCancellation = Error in canceling token
+tokenToBeCancelledInvalid = Token to be canceled is invalid or expired
+errorCreatingRSTTemplateForSCT=Error in creating RST template for SCT
+noSecurityToken = Missing security token
+noSecurityResults= No security processing results from the incoming message
+missingEncryptedKeyInRequest=There was no EncryptedKey in the request message
+rampartConigMissing = Please include configured RampartConfiguration assertion in policy
+missingSecurityHeader = Missing wsse:Security header in request
+
+#Errors in processors
+errorProcessingUT = Error in processing UsernameToken
+
+cannotValidateTimestamp = The timestamp could not be validated
+trustVerificationError = The certificate used for the signature is not trusted
+cannotFindAliasForCert = Could not get alias for certificate with {0}
+noCertForAlias = Could not get certificates for alias {0}
+certPathVerificationFailed = Certificate path verification failed for certificate with subject
+
+#Rampart Results Validation Errors
+timestampMissing = Missing Timestamp
+encryptedPartMissing = Missing encryption result for id : {0}
+invalidNumberOfEncryptedParts = Invalid number of encrypted parts
+protectionOrderMismatch = Protection order mismatch
+usernameTokenMissing = UsernameToken missing in request
+signatureMissing = Message is not signed
+unexprectedEncryptedPart = Unexpected encrypted data found, no encryption required
+encryptionMissing = Expected encrypted part missing
+signedPartHeaderNotSigned = Soap Header must be signed : {0}
+unexprectedSignature = Unexpected signature
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
new file mode 100644
index 0000000..04d5ebb
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartReceiver.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartEngine;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.Iterator;
+import java.util.Vector;
+
+/**
+ * Rampart inflow handler.
+ * This processes the incoming message and validates it against the effective
+ * policy.
+ */
+public class RampartReceiver implements Handler {
+
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("default Handler");
+
+ private HandlerDescription handlerDesc;
+
+ public RampartReceiver() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** RampartReceiver received \n"
+ + msgContext.getEnvelope());
+ }
+
+ RampartEngine engine = new RampartEngine();
+ Vector wsResult;
+ try {
+ wsResult = engine.process(msgContext);
+
+ } catch (WSSecurityException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ if(wsResult == null) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ Vector results = null;
+ if ((results = (Vector) msgContext
+ .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult("", wsResult);
+ results.add(0, rResult);
+
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "RampartReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.getChildElements();
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+ return InvocationResponse.CONTINUE;
+
+ }
+
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart inflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
new file mode 100644
index 0000000..f2abb2b
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/RampartSender.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.MessageBuilder;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.RampartException;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.security.WSSecurityException;
+
+/**
+ * Rampart outflow handler.
+ * This constructs the secured message according to the effective policy.
+ */
+public class RampartSender implements Handler {
+
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("default Handler");
+
+ private HandlerDescription handlerDesc;
+
+ public RampartSender() {
+ this.handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public void cleanup() {
+ }
+
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+
+ if (!msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ return InvocationResponse.CONTINUE;
+ }
+
+ MessageBuilder builder = new MessageBuilder();
+ try {
+ builder.build(msgContext);
+ } catch (WSSecurityException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (WSSPolicyException e) {
+ throw new AxisFault(e.getMessage(), e);
+ } catch (RampartException e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** RampartSender sent out \n" +
+ msgContext.getEnvelope());
+ }
+
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ public HandlerDescription getHandlerDesc() {
+ return this.handlerDesc;
+ }
+
+ public String getName() {
+ return "Apache Rampart outflow handler";
+ }
+
+ public Parameter getParameter(String name) {
+ return this.handlerDesc.getParameter(name);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
new file mode 100644
index 0000000..e9facdb
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllHandler.java
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.HandlerDescription;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.engine.Handler;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.ws.security.handler.WSHandler;
+
+/**
+ * Class WSDoAllHandler
+ */
+public abstract class WSDoAllHandler extends WSHandler implements Handler {
+
+ /**
+ * Field EMPTY_HANDLER_METADATA
+ */
+ private static HandlerDescription EMPTY_HANDLER_METADATA =
+ new HandlerDescription("default Handler");
+
+ private final static String WSS_PASSWORD = "password";
+
+ private final static String WSS_USERNAME = "username";
+
+ /**
+ * Field handlerDesc
+ */
+ protected HandlerDescription handlerDesc;
+
+ /**
+ * In Axis2, the user cannot set inflow and outflow parameters.
+ * Therefore, we need to map the Axis2 specific inflow and outflow
+ * parameters to WSS4J params,
+ * <p/>
+ * Knowledge of inhandler and out handler is used to get the mapped value.
+ */
+ protected boolean inHandler;
+
+ /**
+ * Constructor AbstractHandler.
+ */
+ public WSDoAllHandler() {
+ handlerDesc = EMPTY_HANDLER_METADATA;
+ }
+
+ public abstract void processMessage(MessageContext msgContext) throws AxisFault;
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.engine.Handler#invoke(org.apache.axis2.context.MessageContext)
+ */
+ public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
+ //If the security module is not engaged for this service
+ //do not do any processing
+ if (msgContext.isEngaged(WSSHandlerConstants.SECURITY_MODULE_NAME)) {
+ this.processMessage(msgContext);
+ }
+ return InvocationResponse.CONTINUE;
+ }
+
+ public void flowComplete(MessageContext msgContext)
+ {
+ }
+
+ /**
+ * Method getName.
+ *
+ * @return Returns name.
+ */
+ public String getName() {
+ return handlerDesc.getName();
+ }
+
+ /**
+ * Method cleanup.
+ */
+ public void cleanup() {
+ }
+
+ /**
+ * Method getParameter.
+ *
+ * @param name
+ * @return Returns parameter.
+ */
+ public Parameter getParameter(String name) {
+ return handlerDesc.getParameter(name);
+ }
+
+ /**
+ * Method init.
+ *
+ * @param handlerdesc
+ */
+ public void init(HandlerDescription handlerdesc) {
+ this.handlerDesc = handlerdesc;
+ }
+
+ /**
+ * Gets the handler description.
+ *
+ * @return Returns handler description.
+ */
+ public HandlerDescription getHandlerDesc() {
+ return handlerDesc;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ String name = this.getName();
+ return (name != null) ? name : null;
+ }
+
+
+ public Object getProperty(Object msgContext, String axisKey) {
+
+ int repetition = getCurrentRepetition(msgContext);
+
+ String key = Axis2Util.getKey(axisKey, inHandler, repetition);
+ Object property = ((MessageContext) msgContext).getProperty(key);
+ if (property == null) {
+ //Try the description hierarchy
+ Parameter parameter = ((MessageContext) msgContext).getParameter(key);
+ if (parameter != null) {
+ property = parameter.getValue();
+ }
+ }
+ return property;
+ }
+
+ /**
+ * Returns the repetition number from the message context
+ *
+ * @param msgContext
+ * @return Returns int.
+ */
+ protected int getCurrentRepetition(Object msgContext) {
+ //get the repetition from the message context
+ int repetition = 0;
+ if (!inHandler) {//We only need to repeat the out handler
+ Integer count = (Integer) ((MessageContext) msgContext).getProperty(WSSHandlerConstants.CURRENT_REPETITON);
+ if (count != null) { //When we are repeating the handler
+ repetition = count.intValue();
+ }
+ }
+ return repetition;
+ }
+
+ public String getPassword(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_PASSWORD);
+ }
+
+ public void setPassword(Object msgContext, String password) {
+ ((MessageContext) msgContext).setProperty(WSS_PASSWORD, password);
+ }
+
+ public String getUsername(Object msgContext) {
+ return (String) ((MessageContext) msgContext).getProperty(WSS_USERNAME);
+ }
+
+ public void setUsername(Object msgContext, String username) {
+ ((MessageContext) msgContext).setProperty(WSS_USERNAME, username);
+ }
+
+ /**
+ * Gets option. Extracts the configuration values from the service.xml
+ * and/or axis2.xml. Values set in the service.xml takes priority over
+ * values of the axis2.xml
+ */
+ public Object getOption(String axisKey) {
+ Parameter parameter = this.handlerDesc.getParameter(axisKey);
+ return (parameter == null) ? null : parameter.getValue();
+ }
+
+ public void setProperty(Object msgContext, String key, Object value) {
+ ((MessageContext) msgContext).setProperty(key, value);
+ }
+
+ /**
+ * Overrides the class loader used to load the PW callback class.
+ *
+ * @param msgCtx MessageContext
+ * @return Returns class loader.
+ */
+ public java.lang.ClassLoader getClassLoader(Object msgCtx) {
+ try {
+ return ((MessageContext) msgCtx).getAxisService().getClassLoader();
+ } catch (Throwable t) {
+ return super.getClassLoader(msgCtx);
+ }
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
new file mode 100644
index 0000000..4b8548f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllReceiver.java
@@ -0,0 +1,383 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.ws.security.SOAPConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.token.Timestamp;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllReceiver extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllReceiver.class);
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+ public WSDoAllReceiver() {
+ super();
+ inHandler = true;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** WSDoAllReceiver recieved \n"+msgContext.getEnvelope());
+ }
+
+ boolean doDebug = log.isDebugEnabled();
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: enter invoke() ");
+ }
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+
+ this.processBasic(msgContext, useDoom, reqData);
+ } catch (AxisFault axisFault) {
+ setAddressingInformationOnFault(msgContext);
+ throw axisFault;
+ } catch (Exception e) {
+ setAddressingInformationOnFault(msgContext);
+ throw new AxisFault(e.getMessage(), e);
+ } finally {
+
+ if (reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllReceiver: exit invoke()");
+ }
+ }
+
+ }
+
+ private void processBasic(MessageContext msgContext, boolean useDoom, RequestData reqData)
+ throws Exception {
+
+ // populate the properties
+ try {
+ HandlerParameterDecoder.processParameters(msgContext, true);
+ } catch (Exception e) {
+ throw new AxisFault("Configuration error", e);
+ }
+
+ reqData = new RequestData();
+
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.INFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.INFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext,
+ WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ String actor = (String) getOption(WSHandlerConstants.ACTOR);
+
+ Document doc = null;
+
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext
+ .getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault(
+ "WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+
+ // Do not process faults
+ SOAPConstants soapConstants = WSSecurityUtil.getSOAPConstants(doc
+ .getDocumentElement());
+ if (WSSecurityUtil.findElement(doc.getDocumentElement(), "Fault",
+ soapConstants.getEnvelopeURI()) != null) {
+ return;
+ }
+
+ /*
+ * To check a UsernameToken or to decrypt an encrypted message we need a
+ * password.
+ */
+ CallbackHandler cbHandler = null;
+ if ((doAction & (WSConstants.ENCR | WSConstants.UT)) != 0) {
+ cbHandler = getPasswordCB(reqData);
+ }
+
+ // Copy the WSHandlerConstants.SEND_SIGV over to the new message
+ // context - if it exists, if signatureConfirmation in the response msg
+ String sigConfEnabled = null;
+ if ((sigConfEnabled = (String) getOption(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION)) == null) {
+ sigConfEnabled = (String) getProperty(msgContext,
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ // To handle sign confirmation of a sync response
+ // TODO Async response
+ if (!msgContext.isServerSide()
+ && !"false".equalsIgnoreCase(sigConfEnabled)) {
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext outMsgCtx = opCtx
+ .getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ if (outMsgCtx != null) {
+ msgContext.setProperty(WSHandlerConstants.SEND_SIGV, outMsgCtx
+ .getProperty(WSHandlerConstants.SEND_SIGV));
+ } else {
+ throw new WSSecurityException(
+ "Cannot obtain request message context");
+ }
+ }
+
+ /*
+ * Get and check the Signature specific parameters first because they
+ * may be used for encryption too.
+ */
+
+ doReceiverAction(doAction, reqData);
+
+ Vector wsResult = null;
+ try {
+ wsResult = secEngine.processSecurityHeader(doc, actor, cbHandler,
+ reqData.getSigCrypto(), reqData.getDecCrypto());
+ } catch (WSSecurityException ex) {
+ throw new AxisFault("WSDoAllReceiver: security processing failed",
+ ex);
+ }
+ if (wsResult == null) { // no security header found
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ } else {
+ throw new AxisFault(
+ "WSDoAllReceiver: Incoming message does not contain required Security header");
+ }
+ }
+
+ if (reqData.getWssConfig().isEnableSignatureConfirmation()
+ && !msgContext.isServerSide()) {
+ checkSignatureConfirmation(reqData, wsResult);
+ }
+
+ /**
+ * Set the new SOAPEnvelope
+ */
+
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+
+ /*
+ * After setting the new current message, probably modified because of
+ * decryption, we need to locate the security header. That is, we force
+ * Axis (with getSOAPEnvelope()) to parse the string, build the new
+ * header. Then we examine, look up the security header and set the
+ * header as processed.
+ *
+ * Please note: find all header elements that contain the same actor
+ * that was given to processSecurityHeader(). Then check if there is a
+ * security header with this actor.
+ */
+ SOAPHeader header = null;
+ try {
+ header = msgContext.getEnvelope().getHeader();
+ } catch (OMException ex) {
+ throw new AxisFault(
+ "WSDoAllReceiver: cannot get SOAP header after security processing",
+ ex);
+ }
+
+ Iterator headers = header.examineHeaderBlocks(actor);
+
+ SOAPHeaderBlock headerBlock = null;
+
+ while (headers.hasNext()) { // Find the wsse header
+ SOAPHeaderBlock hb = (SOAPHeaderBlock) headers.next();
+ if (hb.getLocalName().equals(WSConstants.WSSE_LN)
+ && hb.getNamespace().getNamespaceURI().equals(WSConstants.WSSE_NS)) {
+ headerBlock = hb;
+ break;
+ }
+ }
+
+ headerBlock.setProcessed();
+
+ /*
+ * Now we can check the certificate used to sign the message. In the
+ * following implementation the certificate is only trusted if either it
+ * itself or the certificate of the issuer is installed in the keystore.
+ *
+ * Note: the method verifyTrust(X509Certificate) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the signature action result from the action vector
+ WSSecurityEngineResult actionResult = WSSecurityUtil.fetchActionResult(
+ wsResult, WSConstants.SIGN);
+
+ if (actionResult != null) {
+ X509Certificate returnCert = actionResult.getCertificate();
+
+ if (returnCert != null) {
+ if (!verifyTrust(returnCert, reqData)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The certificate used for the signature is not trusted");
+ }
+ }
+ }
+
+ /*
+ * Perform further checks on the timestamp that was transmitted in the
+ * header. In the following implementation the timestamp is valid if it
+ * was created after (now-ttl), where ttl is set on server side, not by
+ * the client.
+ *
+ * Note: the method verifyTimestamp(Timestamp) allows custom
+ * implementations with other validation algorithms for subclasses.
+ */
+
+ // Extract the timestamp action result from the action vector
+ actionResult = WSSecurityUtil.fetchActionResult(wsResult,
+ WSConstants.TS);
+
+ if (actionResult != null) {
+ Timestamp timestamp = actionResult.getTimestamp();
+
+ if (timestamp != null) {
+ String ttl = null;
+ if ((ttl = (String) getOption(WSHandlerConstants.TTL_TIMESTAMP)) == null) {
+ ttl = (String) getProperty(msgContext,
+ WSHandlerConstants.TTL_TIMESTAMP);
+ }
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = reqData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = reqData.getTimeToLive();
+ }
+
+ if (!verifyTimestamp(timestamp, ttl_i)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: The timestamp could not be validated");
+ }
+ }
+ }
+
+ /*
+ * now check the security actions: do they match, in right order?
+ */
+ if (!checkReceiverResults(wsResult, actions)) {
+ throw new AxisFault(
+ "WSDoAllReceiver: security processing failed (actions mismatch)");
+
+ }
+ /*
+ * All ok up to this point. Now construct and setup the security result
+ * structure. The service may fetch this and check it. Also the
+ * DoAllSender will use this in certain situations such as:
+ * USE_REQ_SIG_CERT to encrypt
+ */
+ Vector results = null;
+ if ((results = (Vector) getProperty(msgContext,
+ WSHandlerConstants.RECV_RESULTS)) == null) {
+ results = new Vector();
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS, results);
+ }
+ WSHandlerResult rResult = new WSHandlerResult(actor, wsResult);
+ results.add(0, rResult);
+ }
+
+ private void setAddressingInformationOnFault(MessageContext msgContext) {
+ SOAPEnvelope env = msgContext.getEnvelope();
+ SOAPHeader header = env.getHeader();
+
+ if (header != null) {
+ OMElement msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Final.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ if (msgIdElem == null) {
+ msgIdElem = header.getFirstChildWithName(new QName(
+ AddressingConstants.Submission.WSA_NAMESPACE,
+ AddressingConstants.WSA_MESSAGE_ID));
+ }
+ if (msgIdElem != null && msgIdElem.getText() != null) {
+ msgContext.getOptions().setMessageId(msgIdElem.getText());
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
new file mode 100644
index 0000000..3a9bf0f
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSDoAllSender.java
@@ -0,0 +1,270 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rampart.RampartConstants;
+import org.apache.rampart.util.Axis2Util;
+import org.apache.rampart.util.HandlerParameterDecoder;
+import org.apache.rampart.util.MessageOptimizer;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.RequestData;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+
+import java.util.Vector;
+
+/**
+ * @deprecated
+ */
+public class WSDoAllSender extends WSDoAllHandler {
+
+ private static final Log log = LogFactory.getLog(WSDoAllSender.class);
+ private static Log mlog = LogFactory.getLog(RampartConstants.MESSAGE_LOG);
+
+
+ public WSDoAllSender() {
+ super();
+ inHandler = false;
+ }
+
+ public void processMessage(MessageContext msgContext) throws AxisFault {
+
+ String useDoomValue = (String) getProperty(msgContext,
+ WSSHandlerConstants.USE_DOOM);
+ boolean useDoom = useDoomValue != null
+ && Constants.VALUE_TRUE.equalsIgnoreCase(useDoomValue);
+
+ RequestData reqData = new RequestData();
+ try {
+ //If the msgs are msgs to an STS then use basic WS-Sec
+ processBasic(msgContext, useDoom, reqData);
+
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+ finally {
+ if(reqData != null) {
+ reqData.clear();
+ reqData = null;
+ }
+ }
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** WSDoAllSender sent out \n"+msgContext.getEnvelope());
+ }
+ }
+
+ /**
+ * This will carryout the WS-Security related operations.
+ *
+ * @param msgContext
+ * @param useDoom
+ * @throws WSSecurityException
+ * @throws AxisFault
+ */
+ private void processBasic(MessageContext msgContext, boolean useDoom,
+ RequestData reqData) throws WSSecurityException, AxisFault {
+ boolean doDebug = log.isDebugEnabled();
+
+ try {
+ HandlerParameterDecoder.processParameters(msgContext,false);
+ } catch (Exception e) {
+ throw new AxisFault("Configureation error", e);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: enter invoke()");
+ }
+
+ /*
+ * Copy the RECV_RESULTS over to the current message context
+ * - IF available
+ */
+ OperationContext opCtx = msgContext.getOperationContext();
+ MessageContext inMsgCtx;
+ if(opCtx != null &&
+ (inMsgCtx = opCtx.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE)) != null) {
+ msgContext.setProperty(WSHandlerConstants.RECV_RESULTS,
+ inMsgCtx.getProperty(WSHandlerConstants.RECV_RESULTS));
+ }
+
+
+
+ reqData.setNoSerialization(false);
+ reqData.setMsgContext(msgContext);
+
+ if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY)) == null)) {
+
+ if (msgContext.isServerSide() &&
+ ((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_SERVER)) == null)) {
+
+ return;
+ } else if (((getOption(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null) &&
+ ((getProperty(msgContext, WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT)) == null)) {
+
+ return;
+ }
+ }
+
+ Vector actions = new Vector();
+ String action = null;
+ if ((action = (String) getOption(WSSHandlerConstants.ACTION_ITEMS)) == null) {
+ action = (String) getProperty(msgContext, WSSHandlerConstants.ACTION_ITEMS);
+ }
+ if (action == null) {
+ throw new AxisFault("WSDoAllReceiver: No action items defined");
+ }
+
+ int doAction = WSSecurityUtil.decodeAction(action, actions);
+ if (doAction == WSConstants.NO_SECURITY) {
+ return;
+ }
+
+ /*
+ * For every action we need a username, so get this now. The
+ * username defined in the deployment descriptor takes precedence.
+ */
+ reqData.setUsername((String) getOption(WSHandlerConstants.USER));
+ if (reqData.getUsername() == null || reqData.getUsername().length() == 0) {
+ String username = (String) getProperty(reqData.getMsgContext(), WSHandlerConstants.USER);
+ if (username != null) {
+ reqData.setUsername(username);
+ }
+ }
+
+ /*
+ * Now we perform some set-up for UsernameToken and Signature
+ * functions. No need to do it for encryption only. Check if
+ * username is available and then get a passowrd.
+ */
+ if ((doAction & (WSConstants.SIGN | WSConstants.UT | WSConstants.UT_SIGN)) != 0) {
+ /*
+ * We need a username - if none throw an AxisFault. For
+ * encryption there is a specific parameter to get a username.
+ */
+ if (reqData.getUsername() == null
+ || reqData.getUsername().length() == 0) {
+ throw new AxisFault(
+ "WSDoAllSender: Empty username for specified action");
+ }
+ }
+
+ /*
+ * Now get the SOAPEvelope from the message context and convert it
+ * into a Document
+ *
+ * Now we can perform our security operations on this request.
+ */
+
+
+ Document doc = null;
+ /*
+ * If the message context property conatins a document then this is
+ * a chained handler.
+ */
+ if ((doc = (Document) ((MessageContext)reqData.getMsgContext())
+ .getProperty(WSHandlerConstants.SND_SECURITY)) == null) {
+ try {
+ doc = Axis2Util.getDocumentFromSOAPEnvelope(msgContext.getEnvelope(), useDoom);
+ } catch (WSSecurityException wssEx) {
+ throw new AxisFault("WSDoAllReceiver: Error in converting to Document", wssEx);
+ }
+ }
+
+
+ doSenderAction(doAction, doc, reqData, actions, !msgContext.isServerSide());
+
+ /*
+ * If noSerialization is false, this handler shall be the last (or
+ * only) one in a handler chain. If noSerialization is true, just
+ * set the processed Document in the transfer property. The next
+ * Axis WSS4J handler takes it and performs additional security
+ * processing steps.
+ *
+ */
+ if (reqData.isNoSerialization()) {
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY,
+ doc);
+ } else {
+ if(useDoom) {
+ msgContext.setEnvelope((SOAPEnvelope)doc.getDocumentElement());
+ } else {
+ msgContext.setEnvelope(Axis2Util.getSOAPEnvelopeFromDOMDocument(doc, useDoom));
+ }
+ ((MessageContext)reqData.getMsgContext()).setProperty(WSHandlerConstants.SND_SECURITY, null);
+ }
+
+
+ /**
+ * If the optimizeParts parts are set then optimize them
+ */
+ String optimizeParts;
+
+ if((optimizeParts = (String) getOption(WSSHandlerConstants.OPTIMIZE_PARTS)) == null) {
+ optimizeParts = (String)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+ if(optimizeParts != null) {
+ // Optimize the Envelope
+ MessageOptimizer.optimize(msgContext.getEnvelope(),optimizeParts);
+ }
+
+ //Enable handler repetition
+ Integer repeat;
+ int repeatCount;
+ if ((repeat = (Integer)getOption(WSSHandlerConstants.SENDER_REPEAT_COUNT)) == null) {
+ repeat = (Integer)
+ getProperty(reqData.getMsgContext(), WSSHandlerConstants.SENDER_REPEAT_COUNT);
+ }
+
+ repeatCount = repeat.intValue();
+
+ //Get the current repetition from message context
+ int repetition = this.getCurrentRepetition(msgContext);
+
+ if(repeatCount > 0 && repetition < repeatCount) {
+
+ reqData.clear();
+ reqData = null;
+
+ // Increment the repetition to indicate the next repetition
+ // of the same handler
+ repetition++;
+ msgContext.setProperty(WSSHandlerConstants.CURRENT_REPETITON,
+ new Integer(repetition));
+
+ this.invoke(msgContext);
+ }
+
+ if (doDebug) {
+ log.debug("WSDoAllSender: exit invoke()");
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
new file mode 100644
index 0000000..c693fc9
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/WSSHandlerConstants.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler;
+
+/**
+ * Constants specific to the Axis2 security module
+ */
+public class WSSHandlerConstants {
+
+ private WSSHandlerConstants() {
+ }
+
+ /**
+ * Name of the .mar file
+ */
+ public final static String SECURITY_MODULE_NAME = "rampart";
+
+ /**
+ * Inflow security parameter
+ */
+ public static final String INFLOW_SECURITY = "InflowSecurity";
+
+ public static final String INFLOW_SECURITY_SERVER = "InflowSecurity-server";
+ public static final String INFLOW_SECURITY_CLIENT = "InflowSecurity-client";
+
+ /**
+ * Outflow security parameter
+ */
+ public static final String OUTFLOW_SECURITY = "OutflowSecurity";
+
+ public static final String OUTFLOW_SECURITY_SERVER = "OutflowSecurity-server";
+ public static final String OUTFLOW_SECURITY_CLIENT = "OutflowSecurity-client";
+
+
+ /**
+ * Inflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_INFLOW_SECURITY = "STSInflowSecurity";
+
+ /**
+ * Outflow security parameter of a client to talk to an STS
+ * when sec conv is used
+ */
+ public final static String STS_OUTFLOW_SECURITY = "STSOutflowSecurity";
+
+
+ public static final String ACTION = "action";
+
+ public static final String ACTION_ITEMS = "items";
+
+
+ /**
+ * Repetition count
+ */
+ public static final String SENDER_REPEAT_COUNT = "senderRepeatCount";
+
+ /**
+ * The current repetition
+ */
+ public static final String CURRENT_REPETITON = "currentRepetition";
+
+ /**
+ * This is used to indicate the XPath expression used to indicate the
+ * Elements whose first child (must be a text node) is to be optimized
+ */
+ public static final String OPTIMIZE_PARTS = "optimizeParts";
+
+ public static final String PRESERVE_ORIGINAL_ENV = "preserveOriginalEnvelope";
+
+
+ /*
+ * These are useful in configuring using the OutflowConfiguration
+ * and InflowConfiguration
+ * The set of possible key identifiers
+ */
+
+ public static final String BST_DIRECT_REFERENCE = "DirectReference";
+
+ public static final String ISSUER_SERIAL = "IssuerSerial";
+
+ public static final String X509_KEY_IDENTIFIER = "X509KeyIdentifier";
+
+ public static final String SKI_KEY_IDENTIFIER = "SKIKeyIdentifier";
+
+ public static final String EMBEDDED_KEYNAME = "EmbeddedKeyName";
+
+ public static final String THUMBPRINT_IDENTIFIER = "Thumbprint";
+
+
+ public final static String SIGN_ALL_HEADERS = "signAllHeaders";
+ public final static String SIGN_BODY = "signBody";
+ public final static String ENCRYPT_BODY = "encryptBody";
+
+ /**
+ * Key to be used to set a flag in msg ctx to enable/disable using doom
+ */
+ public final static String USE_DOOM = "useDoom";
+
+
+ ///
+ /// WS-SecureConversation constants
+ ///
+
+
+ /**
+ * Key to hold the map of security context identifiers against the
+ * service epr addresses (service scope) or wsa:Action values (operation
+ * scope).
+ */
+ public final static String CONTEXT_MAP_KEY = "contextMap";
+
+ /**
+ * The <code>java.util.Properties</code> object holding the properties
+ * of a <code>org.apache.ws.security.components.crypto.Crypto</code> impl.
+ *
+ * This should ONLY be used when the CRYPTO_CLASS_KEY is specified.
+ *
+ * @see org.apache.ws.security.components.crypto.Crypto
+ */
+ public final static String CRYPTO_PROPERTIES_KEY = "cryptoPropertiesRef";
+
+ /**
+ * The class that implements
+ * <code>org.apache.ws.security.components.crypto.Crypto</code>.
+ */
+ public final static String CRYPTO_CLASS_KEY = "cryptoClass";
+
+ //TODO: Get these constants from the WS-Trust impl's constants
+ public final static String RST_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT";
+ public final static String RSTR_ACTON_SCT = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT";
+ public final static String RSTR_ACTON_ISSUE = "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
+
+ public final static String TOK_TYPE_SCT = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
+
+ public final static String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE_LN = "RequestSecurityTokenResponse";
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
new file mode 100644
index 0000000..61d8df5
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/InflowConfiguration.java
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the inflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class InflowConfiguration {
+
+ private HashMap action = new HashMap();
+
+ /**
+ * Returns the configuration as an OMElement.
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+ if (! action.containsKey("items")) {
+ return null;
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.INFLOW_SECURITY));
+
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.INFLOW_SECURITY);
+
+ return param;
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String)this.action.get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the action items.
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.action.put(WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the decryption property file.
+ * @return Returns String.
+ */
+ public String getDecryptionPropFile() {
+ return (String)this.action.get(WSHandlerConstants.DEC_PROP_FILE);
+ }
+
+ /**
+ * Sets the decryption property file.
+ * @param decryptionPropFile
+ */
+ public void setDecryptionPropFile(String decryptionPropFile) {
+ this.action.put(WSHandlerConstants.DEC_PROP_FILE,decryptionPropFile);
+ }
+
+ /**
+ * Sets the decryption property ref key.
+ * @param decryptionPropRefKey
+ */
+ public void setDecryptionPropRefKey(String decryptionPropRefKey) {
+ this.action.put(WSHandlerConstants.DEC_PROP_REF_ID,decryptionPropRefKey);
+ }
+
+ /**
+ * Returns the password callback class name.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String)this.action.get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the password callback class name.
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.action.put(WSHandlerConstants.PW_CALLBACK_CLASS,passwordCallbackClass);
+ }
+
+ /**
+ * Returns the signature property file.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String)this.action.get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signature property file.
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.action.put(WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key.
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.action.put(WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.action.put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.action
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
new file mode 100644
index 0000000..0fe5212
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/handler/config/OutflowConfiguration.java
@@ -0,0 +1,600 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import java.util.HashMap;
+import java.util.Iterator;
+
+/**
+ * This is the representation of the outflow configurations of the security
+ * module.
+ *
+ * @deprecated
+ */
+public class OutflowConfiguration {
+
+ private HashMap[] actionList;
+
+ private int currentAction = 0;
+
+ /**
+ * Creates a default outflow configuration instance with an action.
+ */
+ public OutflowConfiguration() {
+ this.actionList = new HashMap[1];
+ this.actionList[0] = new HashMap();
+ }
+
+ /**
+ * Creates a new outflow configuration instance with the given number of
+ * actions.
+ *
+ * @param actionCount
+ */
+ public OutflowConfiguration(int actionCount) {
+ this.actionList = new HashMap[actionCount];
+ for (int i = 0; i < actionCount; i++) {
+ this.actionList[i] = new HashMap();
+ }
+ }
+
+ /**
+ * Returns the configuration as an Parameter
+ *
+ * @return Returns Parameter.
+ */
+ public Parameter getProperty() {
+
+
+ for (int i = 0; i < actionList.length; i++) {
+ HashMap action = actionList[i];
+
+ if (! action.keySet().contains("items")) {
+ return null;
+ }
+ }
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ //TODO: Find the constants for "Parameter" and "name"
+ OMElement paramElement = fac.createOMElement("Parameter",null);
+ paramElement.addAttribute(fac.createOMAttribute("name", null ,WSSHandlerConstants.OUTFLOW_SECURITY));
+
+
+ for (int i = 0; i < this.actionList.length; i++) {
+ // Create the action element
+ OMElement actionElem = fac.createOMElement(
+ WSSHandlerConstants.ACTION, null);
+
+ // Get the current action
+ HashMap action = this.actionList[i];
+
+ // Get the set of kes of the selected action
+ Iterator keys = action.keySet().iterator();
+
+ while (keys.hasNext()) {
+ String key = (String) keys.next();
+ String value = (String) action.get(key);
+ if(value != null && value.length() > 0) {
+ // Create an element with the name of the key
+ OMElement elem = fac.createOMElement(key, null);
+ // Set the text value of the element
+ elem.setText(value);
+ // Add the element as a child of this action element
+ actionElem.addChild(elem);
+ }
+ }
+
+ paramElement.addChild(actionElem);
+ }
+
+ Parameter param = new Parameter();
+ param.setParameterElement(paramElement);
+ param.setValue(paramElement);
+ param.setName(WSSHandlerConstants.OUTFLOW_SECURITY);
+ return param;
+ }
+
+ /**
+ * Moves to the next action. If this is called when the current action is the
+ * last action then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void nextAction() {
+ if (currentAction < this.actionList.length - 1) {
+ this.currentAction++;
+ }
+ }
+
+ /**
+ * Moves to previous action. If this is called when the current action is the
+ * first option then then the current action will not change.
+ *
+ * @throws Exception
+ */
+ public void previousAction() {
+ if (this.currentAction > 0) {
+ this.currentAction--;
+ }
+ }
+
+ /**
+ * Sets the action items.
+ *
+ * @param actionItems
+ */
+ public void setActionItems(String actionItems) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.ACTION_ITEMS, actionItems);
+ }
+
+ /**
+ * Returns the action items.
+ * @return Returns String.
+ */
+ public String getActionItems() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.ACTION_ITEMS);
+ }
+
+ /**
+ * Sets the user of the current action.
+ *
+ * @param user
+ */
+ public void setUser(String user) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.USER, user);
+ }
+
+ /**
+ * Returns the user of the current action.
+ * @return Returns String.
+ */
+ public String getUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.USER);
+ }
+
+ /**
+ * Sets the name of the password callback class of the current action.
+ *
+ * @param passwordCallbackClass
+ */
+ public void setPasswordCallbackClass(String passwordCallbackClass) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PW_CALLBACK_CLASS, passwordCallbackClass);
+ }
+
+ /**
+ * Returns the name of the password callback class of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PW_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the signature property file of the current action.
+ *
+ * @param signaturePropFile
+ */
+ public void setSignaturePropFile(String signaturePropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_FILE, signaturePropFile);
+ }
+
+ /**
+ * Sets the signature property ref key of the current action.
+ *
+ * @param signaturePropRefId
+ */
+ public void setSignaturePropRefId(String signaturePropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIG_PROP_REF_ID, signaturePropRefId);
+ }
+
+ /**
+ * Returns the signature property file of the current action.
+ * @return Returns String.
+ */
+ public String getSignaturePropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_PROP_FILE);
+ }
+
+ /**
+ * Sets the signatue key identifier of the current action.
+ *
+ * @param signatureKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setSignatureKeyIdentifier(String signatureKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_KEY_ID,
+ signatureKeyIdentifier);
+ }
+
+ /**
+ * Returns the signatue key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_KEY_ID);
+ }
+
+ public void setSignatureAlgorithm(String signatureAlgo) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.SIG_ALGO,
+ signatureAlgo);
+ }
+
+ public String getSignatureAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIG_ALGO);
+ }
+
+ /**
+ * Sets the encrypted key identifier of the current action.
+ * <br/>
+ * @param encryptionKeyIdentifier
+ * Valid values:
+ * <ul>
+ * <li>X509KeyIdentifier - {@link WSSHandlerConstants#X509_KEY_IDENTIFIER}</li>
+ * <li>SKIKeyIdentifier - {@link WSSHandlerConstants#SKI_KEY_IDENTIFIER}</li>
+ * <li>IssuerSerial - {@link WSSHandlerConstants#ISSUER_SERIAL}</li>
+ * <li>DirectReference - {@link WSSHandlerConstants#BST_DIRECT_REFERENCE}</li>
+ * <li>EmbeddedKeyName - {@link WSSHandlerConstants#EMBEDDED_KEYNAME}</li>
+ * <li>Thumbprint - {@link WSSHandlerConstants#THUMBPRINT_IDENTIFIER}</li>
+ * </ul>
+ */
+ public void setEncryptionKeyIdentifier(String encryptionKeyIdentifier) {
+ this.actionList[this.currentAction].put(WSHandlerConstants.ENC_KEY_ID,
+ encryptionKeyIdentifier);
+ }
+
+ /**
+ * Returns the encrypted key identifier of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyIdentifier() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_ID);
+ }
+
+ /**
+ * Sets the encryption user of the current action.
+ *
+ * @param encryptionUser
+ */
+ public void setEncryptionUser(String encryptionUser) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_USER, encryptionUser);
+ }
+
+ /**
+ * Returns the encryption user of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionUser() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_USER);
+ }
+
+ /**
+ * Sets the signature parts of the current action.
+ *
+ * @param signatureParts
+ */
+ public void setSignatureParts(String signatureParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SIGNATURE_PARTS, signatureParts);
+ }
+
+ /**
+ * Returns the signature parts of the current action.
+ * @return Returns String.
+ */
+ public String getSignatureParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SIGNATURE_PARTS);
+ }
+
+ /**
+ * Sets the encryption parts of the current action.
+ *
+ * @param encryptionParts
+ */
+ public void setEncryptionParts(String encryptionParts) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENCRYPTION_PARTS, encryptionParts);
+ }
+
+ /**
+ * Returns the encryption parts of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENCRYPTION_PARTS);
+ }
+
+ /**
+ * Sets the password type of the current action
+ *
+ * @param passwordType
+ */
+ public void setPasswordType(String passwordType) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.PASSWORD_TYPE, passwordType);
+ }
+
+ /**
+ * Returns the password type of the current action.
+ * @return Returns String.
+ */
+ public String getPasswordType() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.PASSWORD_TYPE);
+ }
+
+ /**
+ * Sets the encryption symmetric algorithm of the current action
+ *
+ * @param encryptionSymAlgorithm
+ */
+ public void setEncryptionSymAlgorithm(String encryptionSymAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_SYM_ALGO, encryptionSymAlgorithm);
+ }
+
+ /**
+ * Returns the encryption symmetric algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionSymAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_SYM_ALGO);
+ }
+
+ /**
+ * Sets the encryption key transport algorithm of the current action
+ *
+ * @param encryptionKeyTransportAlgorithm
+ */
+ public void setEncryptionKeyTransportAlgorithm(
+ String encryptionKeyTransportAlgorithm) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_TRANSPORT,
+ encryptionKeyTransportAlgorithm);
+ }
+
+ /**
+ * Returns the encryption key transport algorithm of the current action.
+ * @return Returns String.
+ */
+ public String getEncryptionKeyTransportAlgorithm() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_TRANSPORT);
+ }
+
+ /**
+ * Sets the embedded key callback class of the current action
+ *
+ * @param embeddedKeyCallbackClass
+ */
+ public void setEmbeddedKeyCallbackClass(String embeddedKeyCallbackClass) {
+ this.actionList[this.currentAction]
+ .put(WSHandlerConstants.ENC_CALLBACK_CLASS,
+ embeddedKeyCallbackClass);
+ }
+
+ /**
+ * Returns the embedded key callback class of the current action.
+ *
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyCallbackClass() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_CALLBACK_CLASS);
+ }
+
+ /**
+ * Sets the XPath expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @param optimizePartsXPathExpr
+ */
+ public void setOptimizeParts(String optimizePartsXPathExpr) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.OPTIMIZE_PARTS, optimizePartsXPathExpr);
+ }
+
+ /**
+ * Returns the Path expression to selecte the elements with content of the
+ * current action to be MTOM optimized.
+ *
+ * @return Returns String.
+ */
+ public String getOptimizeParts() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.OPTIMIZE_PARTS);
+ }
+
+ /**
+ * Sets the SAML property file of the current action.
+ * @param samlPropFile
+ */
+ public void setSamlPropFile(String samlPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.SAML_PROP_FILE, samlPropFile);
+ }
+
+ /**
+ * Returns the SAML property file of the current action.
+ * @return Returns String.
+ */
+ public String getSamlPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.SAML_PROP_FILE);
+ }
+
+ /**
+ * Sets the encryption property file.
+ * @param encPropFile
+ */
+ public void setEncryptionPropFile(String encPropFile) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_FILE, encPropFile);
+ }
+
+ /**
+ * Sets the encryption property ref key of the current action.
+ *
+ * @param encryptionPropRefId
+ */
+ public void setEncryptionPropRefId(String encryptionPropRefId) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_PROP_REF_ID, encryptionPropRefId);
+ }
+
+ /**
+ * Returns the encryption property file.
+ * @return Returns String.
+ */
+ public String getEncryptionPropFile() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_PROP_FILE);
+ }
+
+ /**
+ * Enable/Disable PrecisionInMilliseconds
+ * @param value
+ */
+ public void setPrecisionInMilliseconds(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.TIMESTAMP_PRECISION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether PrecisionInMilliseconds is enabled or not
+ * @return Returns String.
+ */
+ public String getPrecisionInMilliseconds() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.TIMESTAMP_PRECISION);
+ }
+
+ /**
+ * Option to add additional elements in the username token element.
+ * Example: Nonce and Create elements
+ * @param addUTElements
+ */
+ public void setAddUTElements(String addUTElements) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ADD_UT_ELEMENTS, addUTElements);
+ }
+
+ /**
+ * Returns the additional elements to be added to the username token element.
+ */
+ public String getAddUTElements() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ADD_UT_ELEMENTS);
+ }
+
+ /**
+ * Sets the text of the key name that needs to be sent.
+ * @param embeddedKeyName
+ */
+ public void setEmbeddedKeyName(String embeddedKeyName) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENC_KEY_NAME, embeddedKeyName);
+ }
+
+ /**
+ * Returns the text of the key name that needs to be sent.
+ * @return Returns String.
+ */
+ public String getEmbeddedKeyName() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENC_KEY_NAME);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not.
+ * @param value
+ */
+ public void setEnableSignatureConfirmation(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not
+ * @return Returns String.
+ */
+ public String getEnableSignatureConfirmation() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION);
+ }
+
+ /**
+ * Sets whether signature confirmation should be enabled or not
+ * @param value
+ */
+ public void setPreserveOriginalEnvelope(boolean value) {
+ this.actionList[this.currentAction].put(
+ WSSHandlerConstants.PRESERVE_ORIGINAL_ENV, value?"true":"false");
+ }
+
+ /**
+ * Returns whether signature confirmation should be enabled or not.
+ * @return Returns String.
+ */
+ public String getPreserveOriginalEnvelope() {
+ return (String) this.actionList[this.currentAction]
+ .get(WSSHandlerConstants.PRESERVE_ORIGINAL_ENV);
+ }
+
+
+ public void setSignAllHeadersAndBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_ALL_HEADERS, "true");
+ this.setSignBody();
+ }
+
+ public void setSignBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.SIGN_BODY, "true");
+ }
+
+ public void setEncryptBody() {
+ this.actionList[this.currentAction].put(WSSHandlerConstants.ENCRYPT_BODY, "true");
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
new file mode 100755
index 0000000..d199e68
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyBuilder.java
@@ -0,0 +1,323 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.EncryptionToken;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.SignatureToken;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.SymmetricAsymmetricBindingBase;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+import org.apache.ws.secpolicy.model.TokenWrapper;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class RampartPolicyBuilder {
+
+ private static Log log = LogFactory.getLog(RampartPolicyBuilder.class);
+
+ /**
+ * Compile the parsed security data into one Policy data block.
+ *
+ * This methods loops over all top level Policy Engine data elements,
+ * extracts the parsed parameters and sets them into a single data block.
+ * During this processing the method prepares the parameters in a format
+ * that is ready for processing by the WSS4J functions.
+ *
+ * <p/>
+ *
+ * The WSS4J policy enabled handler takes this data block to control the
+ * setup of the security header.
+ *
+ * @param topLevelAssertions
+ * The iterator of the top level policy assertions
+ * @return The compile Poilcy data block.
+ * @throws WSSPolicyException
+ */
+ public static RampartPolicyData build(List topLevelAssertions)
+ throws WSSPolicyException {
+
+ RampartPolicyData rpd = new RampartPolicyData();
+
+ for (Iterator iter = topLevelAssertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if (assertion instanceof Binding) {
+ if (assertion instanceof SymmetricBinding) {
+ processSymmetricPolicyBinding((SymmetricBinding) assertion, rpd);
+ } else if(assertion instanceof AsymmetricBinding) {
+ processAsymmetricPolicyBinding((AsymmetricBinding) assertion, rpd);
+ } else {
+ processTransportBinding((TransportBinding) assertion, rpd);
+ }
+
+ /*
+ * Don't change the order of Wss11 / Wss10 instance checks
+ * because Wss11 extends Wss10 - thus first check Wss11.
+ */
+ } else if (assertion instanceof Wss11) {
+ processWSS11((Wss11) assertion, rpd);
+ } else if (assertion instanceof Wss10) {
+ processWSS10((Wss10) assertion, rpd);
+ } else if (assertion instanceof SignedEncryptedElements) {
+ processSignedEncryptedElements((SignedEncryptedElements) assertion,
+ rpd);
+ } else if (assertion instanceof SignedEncryptedParts) {
+ processSignedEncryptedParts((SignedEncryptedParts) assertion, rpd);
+ } else if (assertion instanceof SupportingToken) {
+ processSupportingTokens((SupportingToken) assertion, rpd);
+ } else if (assertion instanceof Trust10) {
+ processTrust10((Trust10)assertion, rpd);
+ } else if (assertion instanceof RampartConfig) {
+ processRampartConfig((RampartConfig)assertion, rpd);
+ } else if (assertion instanceof MTOMAssertion){
+ processMTOMSerialization((MTOMAssertion)assertion, rpd);
+ } else {
+ log.debug("Unknown top level PED found: "
+ + assertion.getClass().getName());
+ }
+ }
+
+ return rpd;
+ }
+
+
+
+ /**
+ * @param binding
+ * @param rpd
+ */
+ private static void processTransportBinding(TransportBinding binding, RampartPolicyData rpd) {
+ binding(binding, rpd);
+ rpd.setTransportBinding(true);
+ }
+
+ /**
+ * Add TRust10 assertion info into rampart policy data
+ * @param trust10
+ * @param rpd
+ */
+ private static void processTrust10(Trust10 trust10, RampartPolicyData rpd) {
+ rpd.setTrust10(trust10);
+ }
+
+ /**
+ * Add the rampart configuration information into rampart policy data.
+ * @param config
+ * @param rpd
+ */
+ private static void processRampartConfig(RampartConfig config, RampartPolicyData rpd) {
+ rpd.setRampartConfig(config);
+ }
+
+ /**
+ * Evaluate the symmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processSymmetricPolicyBinding(
+ SymmetricBinding symmBinding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(true);
+ binding(symmBinding, rpd);
+ symmAsymmBinding(symmBinding, rpd);
+ symmetricBinding(symmBinding, rpd);
+ }
+
+ private static void processWSS10(Wss10 wss10, RampartPolicyData rpd) {
+ rpd.setWss10(wss10);
+ }
+
+ /**
+ * Evaluate the asymmetric policy binding data.
+ *
+ * @param binding
+ * The binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ * @throws WSSPolicyException
+ */
+ private static void processAsymmetricPolicyBinding(
+ AsymmetricBinding binding, RampartPolicyData rpd)
+ throws WSSPolicyException {
+ rpd.setSymmetricBinding(false);
+ binding(binding, rpd);
+ symmAsymmBinding(binding, rpd);
+ asymmetricBinding(binding, rpd);
+ }
+
+ private static void processWSS11(Wss11 wss11, RampartPolicyData rpd) {
+ rpd.setSignatureConfirmation(wss11.isRequireSignatureConfirmation());
+ rpd.setWss11(wss11);
+ }
+
+ /**
+ * Populate elements to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the elements (XPath)
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedElements(
+ SignedEncryptedElements see, RampartPolicyData rpd) {
+ Iterator it = see.getXPathExpressions().iterator();
+ if (see.isSignedElemets()) {
+ while (it.hasNext()) {
+ rpd.setSignedElements((String) it.next());
+ }
+ } else {
+ while (it.hasNext()) {
+ rpd.setEncryptedElements((String) it.next());
+ }
+ }
+ }
+
+ /**
+ * Populate parts to sign and/or encrypt with the message tokens.
+ *
+ * @param sep
+ * The data describing the parts
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void processSignedEncryptedParts(SignedEncryptedParts sep,
+ RampartPolicyData rpd) {
+ Iterator it = sep.getHeaders().iterator();
+ if (sep.isSignedParts()) {
+ rpd.setSignBody(sep.isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.addSignedPart(header.getNamespace(), header.getName());
+ }
+ } else {
+ rpd.setEncryptBody(sep.isBody());
+ while (it.hasNext()) {
+ Header header = (Header) it.next();
+ rpd.setEncryptedParts(header.getNamespace(), header.getName());
+ }
+ }
+ }
+
+ /**
+ * Evaluate policy data that is common to all bindings.
+ *
+ * @param binding
+ * The common binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void binding(Binding binding, RampartPolicyData rpd) {
+ rpd.setLayout(binding.getLayout().getValue());
+ rpd.setIncludeTimestamp(binding.isIncludeTimestamp());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is common to symmetric and asymmetric bindings.
+ *
+ * @param binding
+ * The symmetric/asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmAsymmBinding(
+ SymmetricAsymmetricBindingBase binding, RampartPolicyData rpd) {
+ rpd.setEntireHeadersAndBodySignatures(binding
+ .isEntireHeadersAndBodySignatures());
+ rpd.setProtectionOrder(binding.getProtectionOrder());
+ rpd.setSignatureProtection(binding.isSignatureProtection());
+ rpd.setTokenProtection(binding.isTokenProtection());
+ rpd.setAlgorithmSuite(binding.getAlgorithmSuite());
+ }
+
+ /**
+ * Evaluate policy data that is specific to symmetric binding.
+ *
+ * @param binding
+ * The symmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void symmetricBinding(SymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ Assertion token = binding.getProtectionToken();
+
+ if (token != null) {
+ rpd.setProtectionToken(((ProtectionToken)token).getProtectionToken());
+ } else {
+ token = binding.getEncryptionToken();
+ Assertion token1 = binding.getSignatureToken();
+ if (token == null && token1 == null) {
+ // this is an error - throw something
+ }
+ rpd.setEncryptionToken(
+ ((EncryptionToken) token).getEncryptionToken());
+ rpd.setSignatureToken(((SignatureToken) token).getSignatureToken());
+ }
+ }
+
+ /**
+ * Evaluate policy data that is specific to asymmetric binding.
+ *
+ * @param binding
+ * The asymmetric binding data
+ * @param rpd
+ * The WSS4J data to initialize
+ */
+ private static void asymmetricBinding(AsymmetricBinding binding,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ TokenWrapper tokWrapper = binding.getRecipientToken();
+ TokenWrapper tokWrapper1 = binding.getInitiatorToken();
+ if (tokWrapper == null && tokWrapper1 == null) {
+ // this is an error - throw something
+ }
+ rpd.setRecipientToken(((RecipientToken) tokWrapper).getReceipientToken());
+ rpd.setInitiatorToken(((InitiatorToken) tokWrapper1).getInitiatorToken());
+ }
+
+ private static void processSupportingTokens(SupportingToken token,
+ RampartPolicyData rpd) throws WSSPolicyException {
+ rpd.setSupportingTokens(token);
+ }
+
+
+ private static void processMTOMSerialization(MTOMAssertion mtomAssertion, RampartPolicyData rpd)
+ {
+ rpd.setMTOMAssertion(mtomAssertion);
+ }
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
new file mode 100755
index 0000000..fe0bfc4
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/RampartPolicyData.java
@@ -0,0 +1,671 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy;
+
+import org.apache.axis2.policy.model.MTOMAssertion;
+import org.apache.neethi.Policy;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.secpolicy.model.Wss10;
+import org.apache.ws.secpolicy.model.Wss11;
+import org.apache.ws.security.WSEncryptionPart;
+
+import java.util.HashMap;
+import java.util.Vector;
+
+public class RampartPolicyData {
+
+ /*
+ * Global settings for overall security processing
+ */
+ private boolean symmetricBinding;
+
+ private boolean transportBinding;
+
+ private String layout;
+
+ private boolean includeTimestamp;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ private String protectionOrder;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean signatureConfirmation;
+
+ /*
+ * Message tokens for symmetrical binding
+ */
+ private Token encryptionToken;
+
+ private Token signatureToken;
+
+ /*
+ * Message tokens for asymmetrical binding
+ */
+ private Token recipientToken; // used to encrypt data to
+
+ // receipient
+
+ private Token initiatorToken; // used to sign data by
+
+ // initiator
+
+ /*
+ * Which parts or elements of the message to sign/encrypt with the messagen
+ * tokens. Parts or elements to sign/encrypt with supporting tokens are
+ * stored together with the tokens (see WSS4JPolicyToken).
+ */
+ private boolean signBody;
+
+ private boolean encryptBody;
+
+ private Vector signedParts = new Vector();
+
+ private Vector signedElements = new Vector();
+
+ private Vector encryptedParts = new Vector();
+
+ private Vector encryptedElements = new Vector();
+
+ /*
+ * Holds the supporting tokens elements
+ */
+ private SupportingToken supportingTokens;
+
+ private SupportingToken signedSupportingTokens;
+
+ private SupportingToken endorsingSupportingTokens;
+
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private RampartConfig rampartConfig;
+
+ private MTOMAssertion mtomAssertion;
+
+ private Trust10 trust10;
+
+ private HashMap supportingTokensIdMap;
+ private HashMap signedSupportingTokensIdMap;
+ private HashMap endorsingSupportingTokensIdMap;
+ private HashMap signedEndorsingSupportingTokensIdMap;
+
+ private Wss10 wss10;
+ private Wss11 wss11;
+
+ private Policy issuerPolicy;
+
+ /**
+ * @return Returns the symmetricBinding.
+ */
+ public boolean isSymmetricBinding() {
+ return symmetricBinding;
+ }
+
+ /**
+ * @param symmetricBinding
+ * The symmetricBinding to set.
+ */
+ public void setSymmetricBinding(boolean symmetricBinding) {
+ this.symmetricBinding = symmetricBinding;
+ }
+
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures
+ * The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp
+ * The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public String getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout
+ * The layout to set.
+ */
+ public void setLayout(String layout) {
+ this.layout = layout;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder
+ * The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ this.protectionOrder = protectionOrder;
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection
+ * The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection
+ * The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+ /**
+ * @return Returns the signatureConfirmation.
+ */
+ public boolean isSignatureConfirmation() {
+ return signatureConfirmation;
+ }
+
+ /**
+ * @param signatureConfirmation
+ * The signatureConfirmation to set.
+ */
+ public void setSignatureConfirmation(boolean signatureConfirmation) {
+ this.signatureConfirmation = signatureConfirmation;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public Vector getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encElement
+ * The encrypted Element (XPath) to set.
+ */
+ public void setEncryptedElements(String encElement) {
+
+ encryptedElements.add(encElement);
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public Vector getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void setEncryptedParts(String namespace, String element) {
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Element");
+ encryptedParts.add(wep);
+ }
+
+ /**
+ * @return Returns the encryptBody.
+ */
+ public boolean isEncryptBody() {
+ return encryptBody;
+ }
+
+ /**
+ * @param encryptBody
+ * The encryptBody to set.
+ */
+ public void setEncryptBody(boolean encryptBody) {
+ this.encryptBody = encryptBody;
+ }
+
+ /**
+ * @return Returns the signBody.
+ */
+ public boolean isSignBody() {
+ return signBody;
+ }
+
+ /**
+ * @param signBody
+ * The signBody to set.
+ */
+ public void setSignBody(boolean signBody) {
+ this.signBody = signBody;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public Vector getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param sigElement
+ * The signed Element (XPath) to set.
+ */
+ public void setSignedElements(String sigElement) {
+
+ signedElements.add(sigElement);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public Vector getSignedParts() {
+ return signedParts;
+ }
+
+ /**
+ * @param namespace
+ * The namespace of the part.
+ * @param element
+ * The part's element name.
+ */
+ public void addSignedPart(String namespace, String element) {
+
+ WSEncryptionPart wep = new WSEncryptionPart(element, namespace,
+ "Content");
+ signedParts.add(wep);
+ }
+
+ public void addSignedPart(WSEncryptionPart part) {
+ signedParts.add(part);
+ }
+
+ public void setSignedParts(Vector signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ public void setSupportingTokens(SupportingToken suppTokens)
+ throws WSSPolicyException {
+
+ int tokenType = suppTokens.getTokenType();
+ if (tokenType == Constants.SUPPORTING_TOKEN_SUPPORTING) {
+ supportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED) {
+ signedSupportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_ENDORSING) {
+ endorsingSupportingTokens = suppTokens;
+ } else if (tokenType == Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING) {
+ signedEndorsingSupportingTokens = suppTokens;
+ }
+ }
+
+
+
+ /**
+ * @return Returns the rampartConfig.
+ */
+ public RampartConfig getRampartConfig() {
+ return rampartConfig;
+ }
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ this.extractIssuerPolicy(encryptionToken);
+ }
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public Token getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken The recipientToken to set.
+ */
+ public void setRecipientToken(Token recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public void setProtectionToken(Token protectionToken) {
+ this.setEncryptionToken(protectionToken);
+ this.setSignatureToken(protectionToken);
+ this.extractIssuerPolicy(protectionToken);
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ this.extractIssuerPolicy(signatureToken);
+ }
+
+ /**
+ * @return Returns the signedEndorsingSupportingToken.
+ */
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @param signedEndorsingSupportingTokens The signedEndorsingSupportingToken to set.
+ */
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the signedSupportingToken.
+ */
+ public SupportingToken getSignedSupportingTokens() {
+ return signedSupportingTokens;
+ }
+
+ /**
+ * @param signedSupportingTokens The signedSupportingToken to set.
+ */
+ public void setSignedSupportingTokens(SupportingToken signedSupportingTokens) {
+ this.signedSupportingTokens = signedSupportingTokens;
+ }
+
+ /**
+ * @return Returns the supportingToken.
+ */
+ public SupportingToken getSupportingTokens() {
+ return supportingTokens;
+ }
+
+ /**
+ * @param endorsingSupportingTokens The endorsingSupportingToken to set.
+ */
+ public void setEndorsingSupportingTokens(SupportingToken endorsingSupportingTokens) {
+ this.endorsingSupportingTokens = endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the endorsingSupportingToken.
+ */
+ public SupportingToken getEndorsingSupportingTokens() {
+ return endorsingSupportingTokens;
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the trust10.
+ */
+ public Trust10 getTrust10() {
+ return trust10;
+ }
+
+ /**
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * @param rampartConfig The rampartConfig to set.
+ */
+ public void setRampartConfig(RampartConfig rampartConfig) {
+ this.rampartConfig = rampartConfig;
+ }
+
+ /**
+ * @return Returns the transportBinding.
+ */
+ public boolean isTransportBinding() {
+ return transportBinding;
+ }
+
+ /**
+ * @param transportBinding The transportBinding to set.
+ */
+ public void setTransportBinding(boolean transportBinding) {
+ this.transportBinding = transportBinding;
+ }
+
+
+ /**
+ * Add the given token and id to the map.
+ * @param token
+ * @param id
+ */
+ public void setSupporttingtokenId(Token token, String id, int type) throws RampartException {
+
+ HashMap tokenMap = null;
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap == null) {
+ this.supportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.supportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap == null) {
+ this.signedSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap == null) {
+ this.endorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.endorsingSupportingTokensIdMap;
+ break;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ tokenMap = this.signedEndorsingSupportingTokensIdMap;
+ break;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+
+ tokenMap.put(token, id);
+ }
+
+ public String getSupportingTokenID(Token token, int type)
+ throws RampartException {
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ if(this.supportingTokensIdMap != null) {
+ return (String)this.supportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ if(this.signedSupportingTokensIdMap != null) {
+ return (String)this.signedSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ if(this.endorsingSupportingTokensIdMap != null) {
+ return (String)this.endorsingSupportingTokensIdMap.get(token);
+ }
+ return null;
+
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ if(this.signedEndorsingSupportingTokensIdMap == null) {
+ this.signedEndorsingSupportingTokensIdMap = new HashMap();
+ }
+ return null;
+
+ default:
+ throw new RampartException("invalidSupportingVersionType",
+ new String[] { Integer.toString(type) });
+ }
+ }
+
+ public Wss10 getWss10() {
+ return wss10;
+ }
+
+ public void setWss10(Wss10 wss10) {
+ this.wss10 = wss10;
+ }
+
+ public Wss11 getWss11() {
+ return wss11;
+ }
+
+ public void setWss11(Wss11 wss11) {
+ this.wss11 = wss11;
+ }
+
+ private void extractIssuerPolicy(Token token) {
+ if(token instanceof SecureConversationToken && this.issuerPolicy == null) {
+ this.issuerPolicy = ((SecureConversationToken)token).getBootstrapPolicy();
+ }
+ }
+
+ public Policy getIssuerPolicy() {
+ return issuerPolicy;
+ }
+
+ public void setMTOMAssertion(MTOMAssertion mtomAssertion){
+ this.mtomAssertion = mtomAssertion;
+ }
+
+ public MTOMAssertion getMTOMAssertion(){
+ return mtomAssertion;
+ }
+
+ public boolean isMTOMSerialize(){
+ if(mtomAssertion == null){
+ return false;
+ }
+ else if(mtomAssertion.isOptional()==false){
+ return true;
+ }
+ else
+ return false;
+ }
+
+ public OptimizePartsConfig getOptimizePartsConfig(){
+ return rampartConfig.getOptimizeParts();
+ }
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
new file mode 100644
index 0000000..dc70b03
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/CryptoConfigBuilder.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+public class CryptoConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ CryptoConfig cryptoCofig = new CryptoConfig();
+
+ OMAttribute attribute = element.getAttribute(new QName(CryptoConfig.PROVIDER_ATTR));
+ cryptoCofig.setProvider(attribute.getAttributeValue().trim());
+
+ Properties properties = new Properties();
+
+ OMElement childElement;
+ OMAttribute name;
+ String value;
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ /*
+ * In this senario we could have used
+ * element.getChildrenWithQName(USER); Unfortunately we can't do
+ * that due to a bug in this method. TODO Need to get it fixed
+ */
+
+ childElement = (OMElement) iterator.next();
+
+ QName prop = new QName(RampartConfig.NS, CryptoConfig.PROPERTY_LN);
+
+ if (prop.equals(childElement.getQName())) {
+ name = childElement.getAttribute(new QName(CryptoConfig.PROPERTY_NAME_ATTR));
+ value = childElement.getText();
+
+ properties.put(name.getAttributeValue(), value.trim());
+ }
+
+ }
+
+ cryptoCofig.setProp(properties);
+ return cryptoCofig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, CryptoConfig.CRYPTO_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
new file mode 100644
index 0000000..240a261
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/OptimizePartsBuilder.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+
+/**
+ * OptimizePartsBuilder creates the OptimizePartsConfig
+ *
+ * This clase deserialize the following XML fragment inside the RampartConfig.
+ * Example
+<pre>
+<ramp:optimizeParts><br />
+<ramp:expressions><br />
+<ramp:expression>//ns1:data1</ramp:expression><br />
+<ramp:expression>//ns2:data2</ramp:expression><br />
+</ramp:expressions><br />
+ <ramp:namespaces><br />
+<nampespace uri="http://test1.com" prefix="ns1"/><br />
+<nampespace uri="http://test2.com" prefix="ns2"/><br />
+</ramp:namespaces><br />
+</ramp:optimizeParts>
+</pre>
+ * @see OptimizePartsConfig
+ */
+public class OptimizePartsBuilder implements AssertionBuilder{
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ OptimizePartsConfig assertion = new OptimizePartsConfig();
+ OMElement expressionsElem = element.getFirstChildWithName(new QName(RampartConfig.NS, OptimizePartsConfig.EXPRESSIONS_LN));
+
+ if(expressionsElem != null){
+ Iterator iterator = expressionsElem.getChildElements();
+ while(iterator.hasNext()){
+ OMElement elem = (OMElement)iterator.next();
+ String expression = elem.getText();
+ assertion.addExpression(expression);
+ }
+
+ }
+
+ OMElement nsElem = element.getFirstChildWithName(new QName(RampartConfig.NS, OptimizePartsConfig.NAMESPACES_LN));
+ if(nsElem != null){
+ Iterator iterator = nsElem.getChildElements();
+ while(iterator.hasNext()){
+ OMElement elem = (OMElement)iterator.next();
+ String namespace = elem.getText();
+ String prefix = elem.getAttributeValue(new QName("", OptimizePartsConfig.PREFIX_ATTR));
+ String uri = elem.getAttributeValue(new QName("", OptimizePartsConfig.URI_ATTR));
+ assertion.addNamespaces(prefix, uri);
+ }
+
+ }
+ return assertion;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, OptimizePartsConfig.OPTIMIZE_PARTS_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
new file mode 100644
index 0000000..7e8fee4
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.OptimizePartsConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.policy.model.SSLConfig;
+
+public class RampartConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ RampartConfig rampartConfig = new RampartConfig();
+
+ OMElement childElement;
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.USER_LN));
+ if (childElement != null) {
+ rampartConfig.setUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.ENCRYPTION_USER_LN));
+ if (childElement != null) {
+ rampartConfig.setEncryptionUser(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.PW_CB_CLASS_LN));
+ if (childElement != null) {
+ rampartConfig.setPwCbClass(childElement.getText().trim());
+ }
+
+
+ // handle ssl config
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.SSL_CONFIG));
+ if (childElement != null) {
+ SSLConfig sslConfig = (SSLConfig)new SSLConfigBuilder().
+ build(childElement,
+ factory);
+ rampartConfig.setSSLConfig(sslConfig);
+
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.SIG_CRYPTO_LN));
+ if (childElement != null) {
+ rampartConfig.setSigCryptoConfig((CryptoConfig) factory
+ .build(childElement.getFirstElement()));
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_TTL_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampTTL(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.TS_MAX_SKEW_LN));
+ if (childElement != null) {
+ rampartConfig.setTimestampMaxSkew(childElement.getText().trim());
+ }
+
+ childElement = element.getFirstChildWithName(new QName(
+ RampartConfig.NS, RampartConfig.OPTIMISE_PARTS));
+ if (childElement != null) {
+ OptimizePartsConfig config = (OptimizePartsConfig)new OptimizePartsBuilder().
+ build(childElement, factory);
+ rampartConfig.setOptimizeParts(config);
+ }
+
+ return rampartConfig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, RampartConfig.RAMPART_CONFIG_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
new file mode 100644
index 0000000..d124b7d
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/SSLConfigBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.policy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.rampart.policy.model.SSLConfig;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+public class SSLConfigBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ SSLConfig sslCofig = new SSLConfig();
+ Properties properties = new Properties();
+ OMElement childElement;
+ OMAttribute name;
+ String value;
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+
+ childElement = (OMElement) iterator.next();
+
+ QName prop = new QName(RampartConfig.NS, SSLConfig.PROPERTY_LN);
+
+ if (prop.equals(childElement.getQName())) {
+ name = childElement.getAttribute(new QName(SSLConfig.PROPERTY_NAME_ATTR));
+ value = childElement.getText();
+
+ //setting the jsse properties to the vm
+ System.setProperty(name.getAttributeValue(), value);
+
+ properties.put(name.getAttributeValue(), value.trim());
+ }
+
+ }
+ sslCofig.setProp(properties);
+
+ return sslCofig;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {new QName(RampartConfig.NS, SSLConfig.SSL_LN)};
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
new file mode 100644
index 0000000..69e7361
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/CryptoConfig.java
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+/**
+ * Policy model bean to capture crypto information.
+ *
+ * Example:
+<pre>
+<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+</ramp:crypto>
+</pre>
+ */
+public class CryptoConfig implements Assertion {
+
+ public final static String CRYPTO_LN = "crypto";
+ public final static String PROVIDER_ATTR = "provider";
+ public final static String PROPERTY_LN = "property";
+ public final static String PROPERTY_NAME_ATTR = "name";
+
+ private String provider;
+ private Properties prop;
+
+ public Properties getProp() {
+ return prop;
+ }
+ public void setProp(Properties prop) {
+ this.prop = prop;
+ }
+ public String getProvider() {
+ return provider;
+ }
+ public void setProvider(String provider) {
+ this.provider = provider;
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, CRYPTO_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ writer.writeStartElement(prefix, CRYPTO_LN, RampartConfig.NS);
+
+ if (getProvider() != null) {
+ writer.writeAttribute(PROVIDER_ATTR, getProvider());
+ }
+
+ String key;
+ String value;
+
+ for (Iterator iterator = prop.keySet().iterator(); iterator.hasNext();) {
+ key = (String) iterator.next();
+ value = prop.getProperty(key);
+ writer.writeStartElement(RampartConfig.NS, PROPERTY_LN);
+
+ writer.writeAttribute("name", key);
+
+ writer.writeCharacters(value);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
new file mode 100644
index 0000000..dd6128a
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/OptimizePartsConfig.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+
+public class OptimizePartsConfig implements Assertion{
+
+ public final static String OPTIMIZE_PARTS_LN = RampartConfig.OPTIMISE_PARTS;
+ public final static String EXPRESSIONS_LN = "expressions";
+ public final static String EXPRESSION_LN = "expression";
+ public final static String NAMESPACES_LN = "namespaces";
+ public final static String NAMESPACE_LN = "namespace";
+ public final static String URI_ATTR = "uri";
+ public final static String PREFIX_ATTR = "prefix";
+
+ private Map namespaces = null;
+ private Vector expressions = null;
+
+ public OptimizePartsConfig(){
+ namespaces = new HashMap();
+ expressions = new Vector();
+ }
+
+ public void addExpression(String expression){
+ expressions.add(expression);
+ }
+
+ public void addNamespaces(String prefix, String ns){
+ namespaces.put(prefix, ns);
+ }
+
+ public Vector getExpressions() {
+ return expressions;
+ }
+
+ public Map getNamespaces() {
+ return namespaces;
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, OPTIMIZE_PARTS_LN);
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ writer.writeStartElement(RampartConfig.NS, OPTIMIZE_PARTS_LN);
+
+ if((expressions != null) && (expressions.size()>0)){
+ writer.writeStartElement(RampartConfig.NS, EXPRESSIONS_LN);
+ Iterator ite = expressions.iterator();
+ while(ite.hasNext()){
+ writer.writeStartElement(RampartConfig.NS, EXPRESSION_LN);
+ String exp = (String)ite.next();
+ writer.writeCharacters(exp);
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+ }
+
+ if((namespaces != null) && (namespaces.size()>0)){
+ writer.writeStartElement(RampartConfig.NS, NAMESPACES_LN);
+ Iterator ite = namespaces.keySet().iterator();
+ while(ite.hasNext()){
+ String strPrefix = (String)ite.next();
+ String strURI = (String) namespaces.get(strPrefix);
+ writer.writeAttribute(URI_ATTR , strURI);
+ writer.writeAttribute(PREFIX_ATTR, strPrefix);
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+ }
+ writer.writeEndElement();
+ }
+
+ public PolicyComponent normalize() {
+ //TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public boolean isOptional() {
+ throw new UnsupportedOperationException("Not relevant");
+ }
+
+ public boolean equal(PolicyComponent arg0) {
+ throw new UnsupportedOperationException("Not relevant");
+ }
+
+
+
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
new file mode 100644
index 0000000..02fe9c0
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
@@ -0,0 +1,318 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Rampart policy model bean to capture Rampart configuration assertion info.
+ *
+ * Example:
+ *
+ * <pre>
+ * <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ * <ramp:user>alice</ramp:user>
+ * <ramp:encryptionUser>bob</ramp:encryptionUser>
+ * <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+ * <ramp:timestampTTL>300</ramp:timestampTTL>
+ * <ramp:timestampMaxSkew>0</ramp:timestampMaxSkew>
+ * <ramp:tokenStoreClass>org.apache.rahas.StorageImpl</ramp:tokenStoreClass>
+ *
+ * <ramp:signatureCrypto>
+ * <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ * <ramp:property name="keystoreType">JKS</ramp:property>
+ * <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ * <ramp:property name="keystorePassword">password</ramp:property>
+ * </ramp:crypto>
+ * </ramp:signatureCrypto>
+ *
+ * <ramp:tokenIssuerPolicy>
+ * <wsp:Policy>
+ * ....
+ * ....
+ * </wsp:Policy>
+ * </ramp:tokenIssuerPolicy>
+ * </ramp:RampartConfig>
+ *
+ * </pre>
+ *
+ */
+public class RampartConfig implements Assertion {
+
+ public static final int DEFAULT_TIMESTAMP_TTL = 300;
+
+ public static final int DEFAULT_TIMESTAMP_MAX_SKEW = 300;
+
+ public final static String NS = "http://ws.apache.org/rampart/policy";
+
+ public final static String PREFIX = "rampart";
+
+ public final static String RAMPART_CONFIG_LN = "RampartConfig";
+
+ public final static String USER_LN = "user";
+
+ public final static String ENCRYPTION_USER_LN = "encryptionUser";
+
+ public final static String PW_CB_CLASS_LN = "passwordCallbackClass";
+
+ public final static String SIG_CRYPTO_LN = "signatureCrypto";
+
+ public final static String ENCR_CRYPTO_LN = "encryptionCypto";
+
+ public final static String DEC_CRYPTO_LN = "decryptionCrypto";
+
+ public final static String TS_TTL_LN = "timestampTTL";
+
+ public final static String TS_MAX_SKEW_LN = "timestampMaxSkew";
+
+ public final static String TOKEN_STORE_CLASS_LN = "tokenStoreClass";
+
+ public final static String OPTIMISE_PARTS = "optimizeParts";
+
+ public final static String SSL_CONFIG = "sslConfig";
+
+ private String user;
+
+ private String encryptionUser;
+
+ private String pwCbClass;
+
+ private CryptoConfig sigCryptoConfig;
+
+ private CryptoConfig encrCryptoConfig;
+
+ private CryptoConfig decCryptoConfig;
+
+ private String timestampTTL = Integer.toString(DEFAULT_TIMESTAMP_TTL);
+
+ private String timestampMaxSkew = Integer.toString(DEFAULT_TIMESTAMP_MAX_SKEW);
+
+ private OptimizePartsConfig optimizeParts;
+
+ private String tokenStoreClass;
+
+ private SSLConfig sslConfig;
+
+ public SSLConfig getSSLConfig() {
+ return sslConfig;
+ }
+
+ public void setSSLConfig(SSLConfig sslConfig) {
+ this.sslConfig = sslConfig;
+ }
+
+
+ /**
+ * @return Returns the tokenStoreClass.
+ */
+ public String getTokenStoreClass() {
+ return tokenStoreClass;
+ }
+
+ /**
+ * @param tokenStoreClass
+ * The tokenStoreClass to set.
+ */
+ public void setTokenStoreClass(String tokenStoreClass) {
+ this.tokenStoreClass = tokenStoreClass;
+ }
+
+ public CryptoConfig getDecCryptoConfig() {
+ return decCryptoConfig;
+ }
+
+ public void setDecCryptoConfig(CryptoConfig decCrypto) {
+ this.decCryptoConfig = decCrypto;
+ }
+
+ public CryptoConfig getEncrCryptoConfig() {
+ return encrCryptoConfig;
+ }
+
+ public void setEncrCryptoConfig(CryptoConfig encrCrypto) {
+ this.encrCryptoConfig = encrCrypto;
+ }
+
+ public String getEncryptionUser() {
+ return encryptionUser;
+ }
+
+ public void setEncryptionUser(String encryptionUser) {
+ this.encryptionUser = encryptionUser;
+ }
+
+ public String getPwCbClass() {
+ return pwCbClass;
+ }
+
+ public void setPwCbClass(String pwCbClass) {
+ this.pwCbClass = pwCbClass;
+ }
+
+ public CryptoConfig getSigCryptoConfig() {
+ return sigCryptoConfig;
+ }
+
+ public void setSigCryptoConfig(CryptoConfig sigCryptoConfig) {
+ this.sigCryptoConfig = sigCryptoConfig;
+ }
+
+ public String getUser() {
+ return user;
+ }
+
+ public void setUser(String user) {
+ this.user = user;
+ }
+
+ public QName getName() {
+ return new QName(NS, RAMPART_CONFIG_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(NS);
+
+ if (prefix == null) {
+ prefix = PREFIX;
+ writer.setPrefix(PREFIX, NS);
+ }
+
+ writer.writeStartElement(PREFIX, RAMPART_CONFIG_LN, NS);
+ writer.writeNamespace(prefix, NS);
+
+ if (getUser() != null) {
+ writer.writeStartElement(NS, USER_LN);
+ writer.writeCharacters(getUser());
+ writer.writeEndElement();
+ }
+
+ if (getEncryptionUser() != null) {
+ writer.writeStartElement(NS, ENCRYPTION_USER_LN);
+ writer.writeCharacters(getEncryptionUser());
+ writer.writeEndElement();
+ }
+
+ if (getPwCbClass() != null) {
+ writer.writeStartElement(NS, PW_CB_CLASS_LN);
+ writer.writeCharacters(getPwCbClass());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampTTL() != null) {
+ writer.writeStartElement(NS, TS_TTL_LN);
+ writer.writeCharacters(getTimestampTTL());
+ writer.writeEndElement();
+ }
+
+ if (getTimestampMaxSkew() != null) {
+ writer.writeStartElement(NS, TS_MAX_SKEW_LN);
+ writer.writeCharacters(getTimestampMaxSkew());
+ writer.writeEndElement();
+ }
+
+ if (getTokenStoreClass() != null) {
+ writer.writeStartElement(NS, TOKEN_STORE_CLASS_LN);
+ writer.writeCharacters(getTokenStoreClass());
+ writer.writeEndElement();
+ }
+
+ if (encrCryptoConfig != null) {
+ writer.writeStartElement(NS, ENCR_CRYPTO_LN);
+ encrCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+
+ }
+
+ if (decCryptoConfig != null) {
+ writer.writeStartElement(NS, DEC_CRYPTO_LN);
+ decCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (sigCryptoConfig != null) {
+ writer.writeStartElement(NS, SIG_CRYPTO_LN);
+ sigCryptoConfig.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ /**
+ * @return Returns the timestampTTL.
+ */
+ public String getTimestampTTL() {
+ return timestampTTL;
+ }
+
+ /**
+ * @param timestampTTL
+ * The timestampTTL to set.
+ */
+ public void setTimestampTTL(String timestampTTL) {
+ this.timestampTTL = timestampTTL;
+ }
+
+ /**
+ * @return Returns the timestampMaxSkew.
+ */
+ public String getTimestampMaxSkew() {
+ return timestampMaxSkew;
+ }
+
+ /**
+ * @param timestampMaxSkew
+ * The timestampMaxSkew to set.
+ */
+ public void setTimestampMaxSkew(String timestampMaxSkew) {
+ this.timestampMaxSkew = timestampMaxSkew;
+ }
+
+ public OptimizePartsConfig getOptimizeParts() {
+ return optimizeParts;
+ }
+
+ public void setOptimizeParts(OptimizePartsConfig optimizeParts) {
+ this.optimizeParts = optimizeParts;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
new file mode 100644
index 0000000..c293c5c
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/SSLConfig.java
@@ -0,0 +1,75 @@
+package org.apache.rampart.policy.model;
+
+import java.util.Iterator;
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+public class SSLConfig implements Assertion{
+ public final static String SSL_LN = RampartConfig.SSL_CONFIG;
+ public final static String PROPERTY_LN = "property";
+ public final static String PROPERTY_NAME_ATTR = "name";
+
+ private Properties prop;
+
+ public Properties getProp() {
+ return prop;
+ }
+ public void setProp(Properties prop) {
+ this.prop = prop;
+ }
+
+ public PolicyComponent normalize() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public QName getName() {
+ return new QName(RampartConfig.NS, SSL_LN);
+ }
+
+ public boolean isOptional() {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String prefix = writer.getPrefix(RampartConfig.NS);
+
+ if (prefix == null) {
+ prefix = RampartConfig.NS;
+ writer.setPrefix(prefix, RampartConfig.NS);
+ }
+
+ String key;
+ String value;
+
+ for (Iterator iterator = prop.keySet().iterator(); iterator.hasNext();) {
+ key = (String) iterator.next();
+ value = prop.getProperty(key);
+ writer.writeStartElement(RampartConfig.NS, PROPERTY_LN);
+
+ writer.writeAttribute("name", key);
+
+ writer.writeCharacters(value);
+ writer.writeEndElement();
+ }
+
+ writer.writeEndElement();
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
new file mode 100644
index 0000000..3514214
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/Axis2Util.java
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPFactory;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/**
+ * Utility class for the Axis2-WSS4J Module
+ */
+public class Axis2Util {
+
+ private static ThreadLocal doomTacker = new ThreadLocal();
+
+ public static boolean isUseDOOM() {
+ Object value = doomTacker.get();
+ return (value != null);
+ }
+
+ public static void useDOOM(boolean isDOOMRequired) {
+//TODO Enable this when we have DOOM fixed to be able to flow in and out of Axis2
+// if(isDOOMRequired) {
+// if(!isUseDOOM()) {
+// System.setProperty(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY, SOAP11Factory.class.getName());
+// System.setProperty(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY, SOAP12Factory.class.getName());
+// System.setProperty(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY, OMDOMFactory.class.getName());
+// doomTacker.set(new Object());
+// }
+// } else {
+// System.getProperties().remove(OMAbstractFactory.SOAP11_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.SOAP12_FACTORY_NAME_PROPERTY);
+// System.getProperties().remove(OMAbstractFactory.OM_FACTORY_NAME_PROPERTY);
+// doomTacker.set(null);
+// }
+ }
+
+
+ /**
+ * Creates a DOM Document using the SOAP Envelope.
+ * @param env An org.apache.axiom.soap.SOAPEnvelope instance
+ * @return Returns the DOM Document of the given SOAP Envelope.
+ * @throws Exception
+ */
+ public static Document getDocumentFromSOAPEnvelope(SOAPEnvelope env, boolean useDoom)
+ throws WSSecurityException {
+ try {
+ if(env instanceof Element) {
+ return ((Element)env).getOwnerDocument();
+ }
+
+ if (useDoom) {
+ env.build();
+
+ // Workaround to prevent a bug in AXIOM where
+ // there can be an incomplete OMElement as the first child body
+ OMElement firstElement = env.getBody().getFirstElement();
+ if (firstElement != null) {
+ firstElement.build();
+ }
+
+ //Get processed headers
+ SOAPHeader soapHeader = env.getHeader();
+ ArrayList processedHeaderQNames = new ArrayList();
+ if(soapHeader != null) {
+ Iterator headerBlocs = soapHeader.getChildElements();
+ while (headerBlocs.hasNext()) {
+ SOAPHeaderBlock element = (SOAPHeaderBlock) headerBlocs.next();
+ if(element.isProcessed()) {
+ processedHeaderQNames.add(element.getQName());
+ }
+ }
+ }
+
+ // Check the namespace and find SOAP version and factory
+ String nsURI = null;
+ SOAPFactory factory;
+ if (env.getNamespace().getNamespaceURI().equals(
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
+ nsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ factory = DOOMAbstractFactory.getSOAP11Factory();
+ } else {
+ nsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ factory = DOOMAbstractFactory.getSOAP12Factory();
+ }
+
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
+ env.getXMLStreamReader(), factory, nsURI);
+ SOAPEnvelope envelope = (stAXSOAPModelBuilder)
+ .getSOAPEnvelope();
+ ((OMNode) envelope.getParent()).build();
+
+ //Set the processed flag of the processed headers
+ SOAPHeader header = envelope.getHeader();
+ for (Iterator iter = processedHeaderQNames.iterator(); iter
+ .hasNext();) {
+ QName name = (QName) iter.next();
+ Iterator omKids = header.getChildrenWithName(name);
+ if(omKids.hasNext()) {
+ ((SOAPHeaderBlock)omKids.next()).setProcessed();
+ }
+ }
+
+ Element envElem = (Element) envelope;
+ return envElem.getOwnerDocument();
+ } else {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ env.build();
+ env.serialize(baos);
+ ByteArrayInputStream bais = new ByteArrayInputStream(baos
+ .toByteArray());
+ DocumentBuilderFactory factory = DocumentBuilderFactory
+ .newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().parse(bais);
+ }
+ } catch (Exception e) {
+ throw new WSSecurityException(
+ "Error in converting SOAP Envelope to Document", e);
+ }
+ }
+
+
+ public static SOAPEnvelope getSOAPEnvelopeFromDOMDocument(Document doc, boolean useDoom)
+ throws WSSecurityException {
+
+ if(useDoom) {
+ try {
+ //Get processed headers
+ SOAPEnvelope env = (SOAPEnvelope)doc.getDocumentElement();
+ ArrayList processedHeaderQNames = new ArrayList();
+ SOAPHeader soapHeader = env.getHeader();
+
+ if(soapHeader != null) {
+ Iterator headerBlocs = soapHeader.getChildElements();
+ while (headerBlocs.hasNext()) {
+ SOAPHeaderBlock element = (SOAPHeaderBlock) headerBlocs.next();
+ if(element.isProcessed()) {
+ processedHeaderQNames.add(element.getQName());
+ }
+ }
+
+ }
+ XMLStreamReader reader = ((OMElement) doc.getDocumentElement())
+ .getXMLStreamReader();
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(
+ reader, null);
+ SOAPEnvelope envelope = stAXSOAPModelBuilder.getSOAPEnvelope();
+
+ //Set the processed flag of the processed headers
+ SOAPHeader header = envelope.getHeader();
+ for (Iterator iter = processedHeaderQNames.iterator(); iter
+ .hasNext();) {
+ QName name = (QName) iter.next();
+ Iterator omKids = header.getChildrenWithName(name);
+ if(omKids.hasNext()) {
+ ((SOAPHeaderBlock)omKids.next()).setProcessed();
+ }
+ }
+
+ envelope.build();
+ return envelope;
+
+ } catch (FactoryConfigurationError e) {
+ throw new WSSecurityException(e.getMessage());
+ }
+ } else {
+ try {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ XMLUtils.outputDOM(doc.getDocumentElement(), os, true);
+ ByteArrayInputStream bais = new ByteArrayInputStream(os.toByteArray());
+
+ StAXSOAPModelBuilder stAXSOAPModelBuilder = new StAXSOAPModelBuilder(XMLInputFactory.newInstance().createXMLStreamReader(bais), null);
+ return stAXSOAPModelBuilder.getSOAPEnvelope();
+ } catch (Exception e) {
+ throw new WSSecurityException(e.getMessage());
+ }
+ }
+ }
+
+
+ /**
+ * Provides the appropriate key to pickup config params from the message context.
+ * This is acutally used when the outflow handler (WSDoAllSender)
+ * is repeated n number of times.
+ * @param originalKey The default key
+ * @param inHandler Whether the handler is the inflow handler or not
+ * @param repetition The current repetition number
+ * @return Returns the key to be used internally in the security module to pick
+ * up the config params.
+ */
+ public static String getKey(String originalKey, boolean inHandler, int repetition) {
+
+ if(repetition > 0 && !inHandler &&
+ !originalKey.equals(WSSHandlerConstants.OUTFLOW_SECURITY)&&
+ !originalKey.equals(WSSHandlerConstants.SENDER_REPEAT_COUNT)) {
+
+ return originalKey + repetition;
+ }
+ return originalKey;
+ }
+
+ /**
+ * This will build a DOOM Element that is of the same <code>Document</code>
+ * @param factory
+ * @param element
+ * @return
+ */
+ public static OMElement toDOOM(OMFactory factory, OMElement element){
+ StAXOMBuilder builder = new StAXOMBuilder(factory, element.getXMLStreamReader());
+ OMElement elem = builder.getDocumentElement();
+ elem.build();
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
new file mode 100644
index 0000000..92a8f69
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/HandlerParameterDecoder.java
@@ -0,0 +1,292 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+
+/**
+ * This is used to process the security parameters from the configuration files
+ *
+ * Example: <code>
+ <br>
+
+ </code>
+ *
+ */
+public class HandlerParameterDecoder {
+
+ /**
+ *
+ * @param msgCtx
+ * @param inflow
+ * @throws WSSecurityException
+ */
+ public static void processParameters(MessageContext msgCtx, boolean inflow)
+ throws Exception {
+ Parameter inFlowSecParam;
+ Parameter outFlowSecParam;
+
+ if(msgCtx.isServerSide()){
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_SERVER);
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_SERVER);
+ }else{
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY_CLIENT);
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY_CLIENT);
+ }
+
+ //TODO: check whether policy is available
+ if(inFlowSecParam == null){
+ inFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+
+ if(outFlowSecParam == null){
+ outFlowSecParam = (Parameter)msgCtx.getProperty(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+
+ //If the configs are not available in the file
+ if(inFlowSecParam == null) {
+ inFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.INFLOW_SECURITY);
+ }
+ if(outFlowSecParam == null) {
+ outFlowSecParam = msgCtx.getParameter(WSSHandlerConstants.OUTFLOW_SECURITY);
+ }
+
+ int repetitionCount = -1;
+
+ /*
+ * Populate the inflow parameters
+ */
+ if (inFlowSecParam != null && inflow) {
+ OMElement inFlowParamElem = inFlowSecParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new Exception(
+ "Inflow configuration must contain an 'action' "
+ + "elements the child of 'InflowSecurity' element");
+ }
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+ msgCtx.setProperty(element.getLocalName(), element.getText().trim());
+ }
+
+ }
+
+ /*
+ * Populate the outflow parameters
+ */
+ if (outFlowSecParam != null && !inflow) {
+ OMElement outFlowParamElem = outFlowSecParam.getParameterElement();
+
+ Iterator childElements = outFlowParamElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ if(!element.getLocalName().equals(WSSHandlerConstants.ACTION)) {
+ throw new Exception(
+ "Alian element '"
+ + element.getLocalName()
+ + "' in the 'OutFlowSecurity' element, "
+ + "only 'action' elements can be present");
+ }
+
+ boolean signAllHeaders = false;
+ boolean signBody = false;
+ boolean encryptBody = false;
+
+ repetitionCount++;
+ Iterator paramElements = element.getChildElements();
+ while (paramElements.hasNext()) {
+ OMElement elem = (OMElement) paramElements.next();
+ String localName = elem.getLocalName();
+ String text = elem.getText().trim();
+ if(localName.equals(WSSHandlerConstants.SIGN_ALL_HEADERS)) {
+ signAllHeaders = true;
+ } else if(localName.equals(WSSHandlerConstants.SIGN_BODY)) {
+ signBody = true;
+ } else if(localName.equals(WSSHandlerConstants.ENCRYPT_BODY)) {
+ encryptBody = true;
+ } else {
+ msgCtx.setProperty(Axis2Util.getKey(localName,
+ inflow,repetitionCount), text);
+ }
+ }
+
+ if(signAllHeaders || signBody || encryptBody) {
+ handleSignEncrParts(signAllHeaders, signBody, encryptBody,
+ msgCtx, repetitionCount);
+ }
+
+
+ }
+
+ msgCtx.setProperty(WSSHandlerConstants.SENDER_REPEAT_COUNT,
+ new Integer(repetitionCount));
+ }
+ }
+
+ public static OutflowConfiguration getOutflowConfiguration(Parameter outflowConfigParam) throws AxisFault {
+ if (outflowConfigParam != null) {
+ OMElement outflowParamElem = outflowConfigParam.getParameterElement();
+
+ OMElement actionElem = outflowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new AxisFault(
+ "Inflow configuration must contain an 'action' "
+ + "elements the child of 'InflowSecurity' element");
+ }
+
+ OutflowConfiguration outflowConfiguration = new OutflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ String text = element.getText().trim();
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ outflowConfiguration.setPasswordCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ outflowConfiguration.setSignaturePropFile(text);
+ } else if(localName.equals(WSHandlerConstants.ENC_PROP_FILE)) {
+ outflowConfiguration.setEncryptionPropFile(text);
+ } else if(localName.equals(WSHandlerConstants.ENC_CALLBACK_CLASS)) {
+ outflowConfiguration.setEmbeddedKeyCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.USER)) {
+ outflowConfiguration.setUser(text);
+ } else if(localName.equals(WSHandlerConstants.ENCRYPTION_USER)) {
+ outflowConfiguration.setEncryptionUser(text);
+ }
+ }
+ return outflowConfiguration;
+ }
+ return null;
+ }
+
+ public static InflowConfiguration getInflowConfiguration(Parameter inflowConfigParam) throws AxisFault {
+
+ if (inflowConfigParam != null) {
+ OMElement inFlowParamElem = inflowConfigParam.getParameterElement();
+
+ OMElement actionElem = inFlowParamElem
+ .getFirstChildWithName(new QName(WSSHandlerConstants.ACTION));
+ if (actionElem == null) {
+ throw new AxisFault(
+ "Inflow configuration must contain an 'action' "
+ + "elements the child of 'InflowSecurity' element");
+ }
+
+ InflowConfiguration inflowConfiguration = new InflowConfiguration();
+
+ Iterator childElements = actionElem.getChildElements();
+ while (childElements.hasNext()) {
+ OMElement element = (OMElement) childElements.next();
+
+ String localName = element.getLocalName();
+ String text = element.getText().trim();
+
+ if(localName.equals(WSHandlerConstants.PW_CALLBACK_CLASS)) {
+ inflowConfiguration.setPasswordCallbackClass(text);
+ } else if(localName.equals(WSHandlerConstants.SIG_PROP_FILE)) {
+ inflowConfiguration.setSignaturePropFile(text);
+ } else if(localName.equals(WSHandlerConstants.DEC_PROP_FILE)) {
+ inflowConfiguration.setDecryptionPropFile(text);
+ } else if (WSHandlerConstants.ENABLE_SIGNATURE_CONFIRMATION
+ .equals(localName)) {
+ if ("false".equals(text)
+ || "0".equals(text)) {
+ inflowConfiguration
+ .setEnableSignatureConfirmation(false);
+ }
+ }
+ }
+ return inflowConfiguration;
+ }
+ return null;
+ }
+
+ private static void handleSignEncrParts(boolean signAllHeaders,
+ boolean signBody, boolean encrBody, MessageContext msgCtx,
+ int repetition) {
+ String soapNs = msgCtx.getEnvelope().getNamespace().getNamespaceURI();
+ if(signBody) {
+ //Add body signPart
+ String sigBodySigPart = "{Element}{" + soapNs + "}Body";
+ addSigPart(sigBodySigPart, msgCtx, repetition);
+ }
+ if(encrBody) {
+ //Encrypt body content
+ String encrBodyEncrPart = "{}{" + soapNs + "}Body";
+ addEncrPart(encrBodyEncrPart, msgCtx, repetition);
+ }
+ if(signAllHeaders) {
+ Iterator children = msgCtx.getEnvelope().getHeader().getChildElements();
+ while (children.hasNext()) {
+ OMElement element = (OMElement) children.next();
+ //Sign only the qualified headers
+ //TODO check whether we can sign the unqualified header elements
+ String ns = element.getNamespace().getNamespaceURI();
+ if(ns != null && ns.length() > 0) {
+ addSigPart("{Element}{" + ns + "}" + element.getLocalName(),msgCtx, repetition);
+ }
+ }
+ }
+
+ }
+
+ private static void addSigPart(String sigPart, MessageContext msgCtx, int repetition) {
+ String key = Axis2Util.getKey(WSHandlerConstants.SIGNATURE_PARTS, false, repetition);
+ String existingSignParts = (String) msgCtx.getProperty(key);
+ if (existingSignParts != null && existingSignParts.length() > 0) {
+ // If the part is not already there as a sign part
+ if (existingSignParts.indexOf(sigPart) != -1) {
+ msgCtx.setProperty(key, existingSignParts + ";" + sigPart);
+ }
+ } else {
+ // If there are no signed parts
+ msgCtx.setProperty(key, sigPart);
+ }
+ }
+
+ private static void addEncrPart(String encrPart, MessageContext msgCtx, int repetition) {
+ String key = Axis2Util.getKey(WSHandlerConstants.ENCRYPTION_PARTS, false, repetition);
+ String existingEncrParts = (String) msgCtx.getProperty(key);
+ if (existingEncrParts != null && existingEncrParts.length() > 0) {
+ if (existingEncrParts.indexOf(encrPart) != -1) {
+ msgCtx.setProperty(key, existingEncrParts + ";" + encrPart);
+ }
+ } else {
+ msgCtx.setProperty(key, encrPart);
+ }
+ }
+
+}
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
new file mode 100644
index 0000000..68fa687
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMText;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.rampart.RampartException;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.jaxen.JaxenException;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.XPath;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+/**
+ * Utility class to handle MTOM-Optimizing Base64 Text values
+ */
+public class MessageOptimizer {
+
+ private static final String CIPHER_ELEMENT = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+
+ public static void optimize(SOAPEnvelope env, Vector expressions, Map namespaces) throws RampartException {
+
+ SimpleNamespaceContext nsCtx = new SimpleNamespaceContext();
+ nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS);
+ nsCtx.addNamespace(WSConstants.SIG_PREFIX,WSConstants.SIG_NS);
+ nsCtx.addNamespace(WSConstants.WSSE_PREFIX,WSConstants.WSSE_NS);
+ nsCtx.addNamespace(WSConstants.WSU_PREFIX,WSConstants.WSU_NS);
+
+ Iterator keys = namespaces.keySet().iterator();
+ while(keys.hasNext()){
+ String strPrefix = (String)keys.next();
+ String strNS = (String)namespaces.get(strPrefix);
+ nsCtx.addNamespace(strPrefix,strNS);
+ }
+
+ try {
+ for(int i=0; i<expressions.size(); i++){
+ String exp = (String)expressions.get(i);
+ XPath xp = new AXIOMXPath(exp);
+ xp.setNamespaceContext(nsCtx);
+ List list = xp.selectNodes(env);
+ Iterator elements = list.iterator();
+ while (elements.hasNext()) {
+ OMElement element = (OMElement) elements.next();
+ OMText text = (OMText)element.getFirstOMChild();
+ text.setOptimize(true);
+ }
+ }
+ } catch (JaxenException e) {
+ throw new RampartException("Error in XPath ", e);
+ }
+
+ }
+
+
+ /**
+ * Mark the requied Base64 text values as optimized
+ * @param env
+ * @param optimizeParts This is a set of xPath expressions
+ *
+ * @throws WSSecurityException
+ */
+ public static void optimize(SOAPEnvelope env, String optimizeParts) throws WSSecurityException {
+ String separater = "<>";
+ StringTokenizer tokenizer = new StringTokenizer(optimizeParts, separater);
+
+ while(tokenizer.hasMoreTokens()) {
+
+ String xpathExpr = tokenizer.nextToken();
+
+ //Find binary content
+ List list = findElements(env,xpathExpr);
+
+ Iterator cipherValueElements = list.iterator();
+
+ while (cipherValueElements.hasNext()) {
+ OMElement element = (OMElement) cipherValueElements.next();
+ OMText text = (OMText)element.getFirstOMChild();
+ System.out.println(text.getText().length());
+ text.setOptimize(true);
+ }
+ }
+ }
+
+
+ private static List findElements(OMElement elem, String expression) throws WSSecurityException {
+ try {
+ XPath xp = new AXIOMXPath(expression);
+
+ //Set namespaces
+ SimpleNamespaceContext nsCtx = new SimpleNamespaceContext();
+ nsCtx.addNamespace(WSConstants.ENC_PREFIX,WSConstants.ENC_NS);
+ nsCtx.addNamespace(WSConstants.SIG_PREFIX,WSConstants.SIG_NS);
+ nsCtx.addNamespace(WSConstants.WSSE_PREFIX,WSConstants.WSSE_NS);
+ nsCtx.addNamespace(WSConstants.WSU_PREFIX,WSConstants.WSU_NS);
+
+ xp.setNamespaceContext(nsCtx);
+
+ return xp.selectNodes(elem);
+
+ } catch (JaxenException e) {
+ throw new WSSecurityException(e.getMessage(), e);
+ }
+
+ }
+
+
+
+}
\ No newline at end of file
diff --git a/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
new file mode 100644
index 0000000..6b0b97c
--- /dev/null
+++ b/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
@@ -0,0 +1,944 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.util;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.xpath.AXIOMXPath;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.SOAPHeader;
+import org.apache.axiom.soap.SOAPHeaderBlock;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.client.STSClient;
+import org.apache.rampart.RampartException;
+import org.apache.rampart.RampartMessageData;
+import org.apache.rampart.policy.RampartPolicyData;
+import org.apache.rampart.policy.model.CryptoConfig;
+import org.apache.rampart.policy.model.RampartConfig;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+import org.apache.ws.secpolicy.model.X509Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSEncryptionPart;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Loader;
+import org.jaxen.JaxenException;
+import org.jaxen.XPath;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import javax.crypto.KeyGenerator;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.namespace.QName;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+import java.util.Vector;
+
+public class RampartUtil {
+
+ private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
+ private static Log log = LogFactory.getLog(RampartUtil.class);
+
+
+ public static CallbackHandler getPasswordCB(RampartMessageData rmd) throws RampartException {
+
+ MessageContext msgContext = rmd.getMsgContext();
+ RampartPolicyData rpd = rmd.getPolicyData();
+
+ return getPasswordCB(msgContext, rpd);
+ }
+
+ /**
+ * @param msgContext
+ * @param rpd
+ * @return The <code>CallbackHandler</code> instance
+ * @throws RampartException
+ */
+ public static CallbackHandler getPasswordCB(MessageContext msgContext, RampartPolicyData rpd) throws RampartException {
+
+ CallbackHandler cbHandler;
+
+ if (rpd.getRampartConfig() != null && rpd.getRampartConfig().getPwCbClass() != null) {
+
+ String cbHandlerClass = rpd.getRampartConfig().getPwCbClass();
+ ClassLoader classLoader = msgContext.getAxisService().getClassLoader();
+
+ log.debug("loading class : " + cbHandlerClass);
+
+ Class cbClass;
+ try {
+ cbClass = Loader.loadClass(classLoader, cbHandlerClass);
+ } catch (ClassNotFoundException e) {
+ throw new RampartException("cannotLoadPWCBClass",
+ new String[]{cbHandlerClass}, e);
+ }
+ try {
+ cbHandler = (CallbackHandler) cbClass.newInstance();
+ } catch (java.lang.Exception e) {
+ throw new RampartException("cannotCreatePWCBInstance",
+ new String[]{cbHandlerClass}, e);
+ }
+ } else {
+ cbHandler = (CallbackHandler) msgContext.getProperty(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ if(cbHandler == null) {
+ Parameter param = msgContext.getParameter(
+ WSHandlerConstants.PW_CALLBACK_REF);
+ if(param != null) {
+ cbHandler = (CallbackHandler)param.getValue();
+ }
+ }
+ }
+
+ return cbHandler;
+ }
+
+ /**
+ * Perform a callback to get a password.
+ * <p/>
+ * The called back function gets an indication why to provide a password:
+ * to produce a UsernameToken, Signature, or a password (key) for a given
+ * name.
+ */
+ public static WSPasswordCallback performCallback(CallbackHandler cbHandler,
+ String username,
+ int doAction)
+ throws RampartException {
+
+ WSPasswordCallback pwCb;
+ int reason = 0;
+
+ switch (doAction) {
+ case WSConstants.UT:
+ case WSConstants.UT_SIGN:
+ reason = WSPasswordCallback.USERNAME_TOKEN;
+ break;
+ case WSConstants.SIGN:
+ reason = WSPasswordCallback.SIGNATURE;
+ break;
+ case WSConstants.ENCR:
+ reason = WSPasswordCallback.KEY_NAME;
+ break;
+ }
+ pwCb = new WSPasswordCallback(username, reason);
+ Callback[] callbacks = new Callback[1];
+ callbacks[0] = pwCb;
+ /*
+ * Call back the application to get the password
+ */
+ try {
+ cbHandler.handle(callbacks);
+ } catch (Exception e) {
+ throw new RampartException("pwcbFailed", e);
+ }
+ return pwCb;
+ }
+
+ /**
+ * Create the <code>Crypto</code> instance for encryption using information
+ * from the rampart configuration assertion
+ *
+ * @param config
+ * @return The <code>Crypto</code> instance to be used for encryption
+ * @throws RampartException
+ */
+ public static Crypto getEncryptionCrypto(RampartConfig config, ClassLoader loader)
+ throws RampartException {
+ log.debug("Loading encryption crypto");
+
+ if(config != null && config.getEncrCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getEncrCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ return CryptoFactory.getInstance(prop, loader);
+ } else {
+ log.debug("Trying the signature crypto info");
+
+ //Try using signature crypto infomation
+ if(config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ return CryptoFactory.getInstance(prop, loader);
+ } else {
+ return null;
+ }
+ }
+ }
+
+ /**
+ * Create the <code>Crypto</code> instance for signature using information
+ * from the rampart configuration assertion
+ *
+ * @param config
+ * @return The <code>Crypto</code> instance to be used for signature
+ * @throws RampartException
+ */
+ public static Crypto getSignatureCrypto(RampartConfig config, ClassLoader loader)
+ throws RampartException {
+ log.debug("Loading Signature crypto");
+
+ if(config != null && config.getSigCryptoConfig() != null) {
+ CryptoConfig cryptoConfig = config.getSigCryptoConfig();
+ String provider = cryptoConfig.getProvider();
+ log.debug("Usig provider: " + provider);
+ Properties prop = cryptoConfig.getProp();
+ prop.put(CRYPTO_PROVIDER, provider);
+ return CryptoFactory.getInstance(prop, loader);
+ } else {
+ return null;
+ }
+ }
+
+
+ /**
+ * figureout the key identifier of a give X509Token
+ * @param token
+ * @return The key identifier of a give X509Token
+ * @throws RampartException
+ */
+ public static int getKeyIdentifier(X509Token token) throws RampartException {
+ if (token.isRequireIssuerSerialReference()) {
+ return WSConstants.ISSUER_SERIAL;
+ } else if (token.isRequireThumbprintReference()) {
+ return WSConstants.THUMBPRINT_IDENTIFIER;
+ } else if (token.isRequireEmbeddedTokenReference()) {
+ return WSConstants.BST_DIRECT_REFERENCE;
+ } else {
+ throw new RampartException(
+ "unknownKeyRefSpeficier");
+
+ }
+ }
+
+ /**
+ * Process a give issuer address element and return the address.
+ * @param issuerAddress
+ * @return The address of an issuer address element
+ * @throws RampartException If the issuer address element is malformed.
+ */
+ public static String processIssuerAddress(OMElement issuerAddress)
+ throws RampartException {
+ if(issuerAddress != null && issuerAddress.getText() != null &&
+ !"".equals(issuerAddress.getText())) {
+ return issuerAddress.getText().trim();
+ } else {
+ throw new RampartException("invalidIssuerAddress",
+ new String[] { issuerAddress.toString() });
+ }
+ }
+
+
+ public static OMElement createRSTTempalteForSCT(int conversationVersion,
+ int wstVersion) throws RampartException {
+ try {
+ log.debug("Creating RSTTemplate for an SCT request");
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+
+ OMNamespace wspNs = fac.createOMNamespace(Constants.SP_NS, "wsp");
+ OMElement rstTempl = fac.createOMElement(
+ Constants.REQUEST_SECURITY_TOKEN_TEMPLATE.getLocalPart(),
+ wspNs);
+
+ //Create TokenType element and set the value
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(
+ wstVersion, rstTempl);
+ String tokenType = ConversationConstants
+ .getWSCNs(conversationVersion)
+ + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN;
+ tokenTypeElem.setText(tokenType);
+
+ return rstTempl;
+ } catch (TrustException e) {
+ throw new RampartException("errorCreatingRSTTemplateForSCT", e);
+ } catch (ConversationException e) {
+ throw new RampartException("errorCreatingRSTTemplateForSCT", e);
+ }
+ }
+
+
+ public static int getTimeToLive(RampartMessageData messageData) {
+
+ RampartConfig rampartConfig = messageData.getPolicyData().getRampartConfig();
+ if (rampartConfig != null) {
+ String ttl = rampartConfig.getTimestampTTL();
+ int ttl_i = 0;
+ if (ttl != null) {
+ try {
+ ttl_i = Integer.parseInt(ttl);
+ } catch (NumberFormatException e) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ }
+ if (ttl_i <= 0) {
+ ttl_i = messageData.getTimeToLive();
+ }
+ return ttl_i;
+ } else {
+ return RampartConfig.DEFAULT_TIMESTAMP_TTL;
+ }
+ }
+
+ public static int getTimestampMaxSkew(RampartMessageData messageData) {
+
+ RampartConfig rampartConfig = messageData.getPolicyData().getRampartConfig();
+ if (rampartConfig != null) {
+ String maxSkew = rampartConfig.getTimestampMaxSkew();
+ int maxSkew_i = 0;
+ if (maxSkew != null) {
+ try {
+ maxSkew_i = Integer.parseInt(maxSkew);
+ } catch (NumberFormatException e) {
+ maxSkew_i = messageData.getTimestampMaxSkew();
+ }
+ }
+ if (maxSkew_i < 0) {
+ maxSkew_i = 0;
+ }
+ return maxSkew_i;
+ } else {
+ return RampartConfig.DEFAULT_TIMESTAMP_MAX_SKEW;
+ }
+ }
+
+ /**
+ * Obtain a security context token.
+ * @param rmd
+ * @param secConvTok
+ * @return Return the SecurityContextidentifier of the token
+ * @throws TrustException
+ * @throws RampartException
+ */
+ public static String getSecConvToken(RampartMessageData rmd,
+ SecureConversationToken secConvTok) throws TrustException,
+ RampartException {
+ String action = TrustUtil.getActionValue(
+ rmd.getWstVersion(),
+ RahasConstants.RST_ACTION_SCT);
+
+ // Get sts epr
+ OMElement issuerEpr = secConvTok.getIssuerEpr();
+ String issuerEprAddress = rmd.getMsgContext().getTo().getAddress();
+ if(issuerEpr != null) {
+ issuerEprAddress = RampartUtil.processIssuerAddress(issuerEpr);
+ }
+
+ //Find SC version
+ int conversationVersion = rmd.getSecConvVersion();
+
+ OMElement rstTemplate = RampartUtil.createRSTTempalteForSCT(
+ conversationVersion,
+ rmd.getWstVersion());
+
+ Policy stsPolicy = null;
+
+ //Try boot strap policy
+ Policy bsPol = secConvTok.getBootstrapPolicy();
+
+ if(bsPol != null) {
+ log.debug("BootstrapPolicy found");
+ bsPol.addAssertion(rmd.getPolicyData().getRampartConfig());
+ stsPolicy = bsPol;
+ } else {
+ //No bootstrap policy use issuer policy
+ log.debug("No bootstrap policy, using issuer policy");
+ stsPolicy = rmd.getPolicyData().getIssuerPolicy();
+ }
+
+ String id = getToken(rmd, rstTemplate,
+ issuerEprAddress, action, stsPolicy);
+
+ log.debug("SecureConversationToken obtained: id=" + id);
+ return id;
+ }
+
+
+ /**
+ * Obtain an issued token.
+ * @param rmd
+ * @param issuedToken
+ * @return The identifier of the issued token
+ * @throws RampartException
+ */
+ public static String getIssuedToken(RampartMessageData rmd,
+ IssuedToken issuedToken) throws RampartException {
+
+ try {
+
+ //TODO : Provide the overriding mechanism to provide a custom way of
+ //obtaining a token
+
+ String action = TrustUtil.getActionValue(rmd.getWstVersion(),
+ RahasConstants.RST_ACTION_ISSUE);
+
+ // Get sts epr
+ String issuerEprAddress = RampartUtil.processIssuerAddress(issuedToken
+ .getIssuerEpr());
+
+ OMElement rstTemplate = issuedToken.getRstTemplate();
+
+ // Get STS policy
+ Policy stsPolicy = rmd.getPolicyData().getIssuerPolicy();
+
+ String id = getToken(rmd, rstTemplate, issuerEprAddress, action,
+ stsPolicy);
+
+ log.debug("Issued token obtained: id=" + id);
+ return id;
+ } catch (TrustException e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ /**
+ * Request a token.
+ * @param rmd
+ * @param rstTemplate
+ * @param issuerEpr
+ * @param action
+ * @param issuerPolicy
+ * @return Return the identifier of the obtained token
+ * @throws RampartException
+ */
+ public static String getToken(RampartMessageData rmd, OMElement rstTemplate,
+ String issuerEpr, String action, Policy issuerPolicy) throws RampartException {
+
+ try {
+ //First check whether the user has provided the token
+ MessageContext msgContext = rmd.getMsgContext();
+ String customTokeId = (String) msgContext
+ .getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
+ if(customTokeId != null) {
+ return customTokeId;
+ } else {
+
+ Axis2Util.useDOOM(false);
+
+ STSClient client = new STSClient(rmd.getMsgContext()
+ .getConfigurationContext());
+ // Set request action
+ client.setAction(action);
+
+ client.setRstTemplate(rstTemplate);
+
+ // Set crypto information
+ Crypto crypto = RampartUtil.getSignatureCrypto(rmd.getPolicyData().getRampartConfig(),
+ rmd.getMsgContext().getAxisService().getClassLoader());
+ CallbackHandler cbh = RampartUtil.getPasswordCB(rmd);
+ client.setCryptoInfo(crypto, cbh);
+
+ // Get service policy
+ Policy servicePolicy = rmd.getServicePolicy();
+
+ // Get service epr
+ String servceEprAddress = rmd.getMsgContext()
+ .getOptions().getTo().getAddress();
+
+ //Make the request
+ org.apache.rahas.Token rst =
+ client.requestSecurityToken(servicePolicy,
+ issuerEpr,
+ issuerPolicy,
+ servceEprAddress);
+
+ //Add the token to token storage
+ rst.setState(Token.ISSUED);
+ rmd.getTokenStorage().add(rst);
+ Axis2Util.useDOOM(true);
+ return rst.getId();
+ }
+ } catch (Exception e) {
+ throw new RampartException("errorInObtainingToken", e);
+ }
+ }
+
+ public static String getSoapBodyId(SOAPEnvelope env) {
+ return addWsuIdToElement(env.getBody());
+ }
+
+ public static String addWsuIdToElement(OMElement elem) {
+ String id;
+
+ //first try to get the Id attr
+ OMAttribute idAttr = elem.getAttribute(new QName("Id"));
+ if(idAttr == null) {
+ //then try the wsu:Id value
+ idAttr = elem.getAttribute(new QName(WSConstants.WSU_NS, "Id"));
+ }
+
+ if(idAttr != null) {
+ id = idAttr.getAttributeValue();
+ } else {
+ //Add an id
+ OMNamespace ns = elem.getOMFactory().createOMNamespace(
+ WSConstants.WSU_NS, WSConstants.WSU_PREFIX);
+ id = "Id-" + elem.hashCode();
+ idAttr = elem.getOMFactory().createOMAttribute("Id", ns, id);
+ elem.addAttribute(idAttr);
+ }
+
+ return id;
+ }
+
+ public static Element appendChildToSecHeader(RampartMessageData rmd,
+ OMElement elem) {
+ return appendChildToSecHeader(rmd, (Element)elem);
+ }
+
+ public static Element appendChildToSecHeader(RampartMessageData rmd,
+ Element elem) {
+ Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
+ Node node = secHeaderElem.getOwnerDocument().importNode(
+ elem, true);
+ return (Element)secHeaderElem.appendChild(node);
+ }
+
+ public static Element insertSiblingAfter(RampartMessageData rmd,
+ Element child, Element sibling) {
+ if (child == null) {
+ return appendChildToSecHeader(rmd, sibling);
+ } else {
+ if (child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+
+ if (child.getParentNode() == null
+ && !child.getLocalName().equals("UsernameToken")) {
+ rmd.getSecHeader().getSecurityHeader().appendChild(child);
+ }
+ ((OMElement) child).insertSiblingAfter((OMElement) sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element) child.getOwnerDocument().importNode(
+ sibling, true);
+ ((OMElement) child).insertSiblingAfter((OMElement) newSib);
+ return newSib;
+ }
+ }
+ }
+
+ public static Element insertSiblingBefore(RampartMessageData rmd, Element child, Element sibling) {
+ if(child == null) {
+ return appendChildToSecHeader(rmd, sibling);
+ } else {
+ if(child.getOwnerDocument().equals(sibling.getOwnerDocument())) {
+ ((OMElement)child).insertSiblingBefore((OMElement)sibling);
+ return sibling;
+ } else {
+ Element newSib = (Element)child.getOwnerDocument().importNode(sibling, true);
+ ((OMElement)child).insertSiblingBefore((OMElement)newSib);
+ return newSib;
+ }
+ }
+
+ }
+
+ public static Vector getEncryptedParts(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(false, envelope, rpd.isEncryptBody(), rpd.getEncryptedParts(), rpd.getEncryptedElements() );
+ }
+
+ public static Vector getSignedParts(RampartMessageData rmd) {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ SOAPEnvelope envelope = rmd.getMsgContext().getEnvelope();
+ return getPartsAndElements(true, envelope, rpd.isSignBody(), rpd.getSignedParts(), rpd.getSignedElements() );
+ }
+
+ private static Set findAllPrefixNamespaces(OMElement currentElement)
+ {
+ Set results = new HashSet();
+
+ //Find declared namespaces
+ findPrefixNamespaces(currentElement,results);
+
+ //Get all default namespaces
+ List defaultNamespaces = getDefaultPrefixNamespaces(currentElement.getOMFactory());
+ for (Iterator iterator = defaultNamespaces.iterator(); iterator
+ .hasNext();) {
+ OMNamespace ns = (OMNamespace) iterator.next();
+ results.add(ns);
+ }
+ return results;
+ }
+
+ private static void findPrefixNamespaces(OMElement e, Set results)
+ {
+
+ Iterator iter = e.getAllDeclaredNamespaces();
+
+ if (iter!=null)
+ {
+ while (iter.hasNext())
+ results.add(iter.next());
+ }
+
+ Iterator children = e.getChildElements();
+
+ while (children.hasNext())
+ {
+ findPrefixNamespaces((OMElement)children.next(), results);
+ }
+ }
+
+ private static List getDefaultPrefixNamespaces(OMFactory factory)
+ {
+ List namespaces = new ArrayList();
+
+ // put default namespaces here (sp, soapenv, wsu, etc...)
+ namespaces.add(factory.createOMNamespace(WSConstants.ENC_PREFIX, WSConstants.ENC_NS));
+ namespaces.add(factory.createOMNamespace(WSConstants.SIG_PREFIX, WSConstants.SIG_NS));
+ namespaces.add(factory.createOMNamespace(WSConstants.WSSE_PREFIX, WSConstants.WSSE_NS));
+ namespaces.add(factory.createOMNamespace(WSConstants.WSU_PREFIX, WSConstants.WSU_NS));
+
+ return namespaces;
+
+ }
+
+ public static Vector getPartsAndElements(boolean sign, SOAPEnvelope envelope, boolean includeBody, Vector parts, Vector elements) {
+
+ Vector found = new Vector();
+ Vector result = new Vector();
+
+ // check body
+ if(includeBody) {
+ if( sign ) {
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody())));
+ } else {
+ result.add(new WSEncryptionPart(addWsuIdToElement(envelope.getBody()), "Content"));
+ }
+ found.add( envelope.getBody() );
+ }
+
+ // Search envelope header for 'parts' from Policy (SignedParts/EncryptedParts)
+
+ SOAPHeader header = envelope.getHeader();
+
+ for(int i=0; i<parts.size(); i++) {
+ WSEncryptionPart wsep = (WSEncryptionPart) parts.get( i );
+ if( wsep.getName() == null ) {
+ // NO name - search by namespace
+ ArrayList headerList = header.getHeaderBlocksWithNSURI( wsep.getNamespace() );
+
+ for(int j=0; j<headerList.size(); j++) {
+ SOAPHeaderBlock shb = (SOAPHeaderBlock) headerList.get( j );
+
+ // find reference in envelope
+ OMElement e = header.getFirstChildWithName( shb.getQName() );
+
+ if( ! found.contains( e ) ) {
+ // found new
+ found.add( e );
+
+ if( sign ) {
+ result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Content"));
+ } else {
+ result.add(new WSEncryptionPart(e.getLocalName(), wsep.getNamespace(), "Element"));
+ }
+ }
+ }
+ } else {
+ // try to find
+ OMElement e = header.getFirstChildWithName( new QName(wsep.getNamespace(), wsep.getName()) );
+ if( e != null ) {
+ if( ! found.contains( e ) ) {
+ // found new (reuse wsep)
+ found.add( e );
+ result.add( wsep );
+ }
+ }
+ }
+ }
+
+ // ?? Search for 'Elements' here
+
+ // decide what exactly is going to be used - only the default namespaces, or the list of all declared namespaces in the message !
+ Set namespaces = findAllPrefixNamespaces(envelope);
+
+ Iterator elementsIter = elements.iterator();
+ while (elementsIter.hasNext())
+ {
+ String expression = (String)elementsIter.next();
+ try {
+ XPath xp = new AXIOMXPath(expression);
+ Iterator nsIter = namespaces.iterator();
+
+ while (nsIter.hasNext())
+ {
+ OMNamespace tmpNs = (OMNamespace)nsIter.next();
+ xp.addNamespace(tmpNs.getPrefix(), tmpNs.getNamespaceURI());
+ }
+
+ List selectedNodes = xp.selectNodes(envelope);
+
+ Iterator nodesIter = selectedNodes.iterator();
+ while (nodesIter.hasNext())
+ {
+ OMElement e = (OMElement)nodesIter.next();
+
+ if (sign)
+ result.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Content"));
+ else
+ result.add(new WSEncryptionPart(e.getLocalName(), e.getNamespace().getNamespaceURI(), "Element"));
+ }
+
+ } catch (JaxenException e) {
+ // This has to be changed to propagate an instance of a RampartException up
+ throw new RuntimeException(e);
+ }
+ }
+
+ return result;
+ }
+
+
+ public static KeyGenerator getEncryptionKeyGenerator(String symEncrAlgo) throws WSSecurityException {
+ KeyGenerator keyGen;
+ try {
+ /*
+ * Assume AES as default, so initialize it
+ */
+ keyGen = KeyGenerator.getInstance("AES");
+ if (symEncrAlgo.equalsIgnoreCase(WSConstants.TRIPLE_DES)) {
+ keyGen = KeyGenerator.getInstance("DESede");
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_128)) {
+ keyGen.init(128);
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_192)) {
+ keyGen.init(192);
+ } else if (symEncrAlgo.equalsIgnoreCase(WSConstants.AES_256)) {
+ keyGen.init(256);
+ } else {
+ return null;
+ }
+ } catch (NoSuchAlgorithmException e) {
+ throw new WSSecurityException(
+ WSSecurityException.UNSUPPORTED_ALGORITHM, null, null, e);
+ }
+ return keyGen;
+ }
+
+ /**
+ * Creates the unique (reproducible) id for to hold the context identifier
+ * of the message exchange.
+ * @return Id to hold the context identifier in the message context
+ */
+ public static String getContextIdentifierKey(MessageContext msgContext) {
+ return msgContext.getAxisService().getName();
+ }
+
+
+ /**
+ * Returns the map of security context token identifiers
+ * @return the map of security context token identifiers
+ */
+ public static Hashtable getContextMap(MessageContext msgContext) {
+ //Fist check whether its there
+ Object map = msgContext.getConfigurationContext().getProperty(
+ ConversationConstants.KEY_CONTEXT_MAP);
+
+ if(map == null) {
+ //If not create a new one
+ map = new Hashtable();
+ //Set the map globally
+ msgContext.getConfigurationContext().setProperty(
+ ConversationConstants.KEY_CONTEXT_MAP, map);
+ }
+
+ return (Hashtable)map;
+ }
+
+ public static boolean isTokenValid(RampartMessageData rmd, String id) throws RampartException {
+ try {
+ org.apache.rahas.Token token = rmd.getTokenStorage().getToken(id);
+ return token!= null && token.getState() == org.apache.rahas.Token.ISSUED;
+ } catch (TrustException e) {
+ throw new RampartException("errorExtractingToken");
+ }
+ }
+
+ public static void setEncryptionUser(RampartMessageData rmd, WSSecEncryptedKey encrKeyBuilder) throws RampartException {
+ RampartPolicyData rpd = rmd.getPolicyData();
+ String encrUser = rpd.getRampartConfig().getEncryptionUser();
+ if(encrUser == null || "".equals(encrUser)) {
+ throw new RampartException("missingEncryptionUser");
+ }
+ if(encrUser.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
+ Object resultsObj = rmd.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
+ if(resultsObj != null) {
+ encrKeyBuilder.setUseThisCert(getReqSigCert((Vector)resultsObj));
+ } else {
+ throw new RampartException("noSecurityResults");
+ }
+ } else {
+ encrKeyBuilder.setUserInfo(encrUser);
+ }
+ }
+
+ private static X509Certificate getReqSigCert(Vector results) {
+ /*
+ * Scan the results for a matching actor. Use results only if the
+ * receiving Actor and the sending Actor match.
+ */
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ if (actInt.intValue() == WSConstants.SIGN) {
+ return (X509Certificate)wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static String getRequestEncryptedKeyId(Vector results) {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ String encrKeyId = (String)wser.get(WSSecurityEngineResult.TAG_ENCRYPTED_KEY_ID);
+ if (actInt.intValue() == WSConstants.ENCR &&
+ encrKeyId != null) {
+ return encrKeyId;
+ }
+ }
+ }
+
+ return null;
+ }
+
+ public static byte[] getRequestEncryptedKeyValue(Vector results) {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+
+ Vector wsSecEngineResults = rResult.getResults();
+ /*
+ * Scan the results for the first Signature action. Use the
+ * certificate of this Signature to set the certificate for the
+ * encryption action :-).
+ */
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ Integer actInt = (Integer)wser.get(WSSecurityEngineResult.TAG_ACTION);
+ byte[] decryptedKey = (byte[])wser.get(WSSecurityEngineResult.TAG_DECRYPTED_KEY);
+ if (actInt.intValue() == WSConstants.ENCR &&
+ decryptedKey != null) {
+ return decryptedKey;
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * If the child is present insert the element as a sibling after him.
+ *
+ * If the child is null, then prepend the element.
+ *
+ * @param rmd
+ * @param child
+ * @param elem - element mentioned above
+ * @return
+ */
+ public static Element insertSiblingAfterOrPrepend(RampartMessageData rmd, Element child, Element elem) {
+ Element retElem = null;
+ if(child != null){ // child is not null so insert sibling after
+ retElem = RampartUtil.insertSiblingAfter(rmd, child, elem);
+ }else{ //Prepend
+
+ Element secHeaderElem = rmd.getSecHeader().getSecurityHeader();
+ Node node = secHeaderElem.getOwnerDocument().importNode(
+ elem, true);
+ Element firstElem = (Element)secHeaderElem.getFirstChild();
+
+ if(firstElem == null){
+ retElem = (Element)secHeaderElem.appendChild(node);
+ }else{
+ if(firstElem.getOwnerDocument().equals(elem.getOwnerDocument())) {
+ ((OMElement)firstElem).insertSiblingBefore((OMElement)elem);
+ retElem = elem;
+ } else {
+ Element newSib = (Element)firstElem.getOwnerDocument().importNode(elem, true);
+ ((OMElement)firstElem).insertSiblingBefore((OMElement)newSib);
+ retElem = newSib;
+ }
+ }
+ }
+
+ return retElem;
+ }
+
+
+}
diff --git a/modules/rampart-integration/pom.xml b/modules/rampart-integration/pom.xml
new file mode 100644
index 0000000..9fbce98
--- /dev/null
+++ b/modules/rampart-integration/pom.xml
@@ -0,0 +1,672 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-integration</artifactId>
+ <packaging>jar</packaging>
+ <version>1.3-SNAPSHOT</version>
+ <name>Rampart - Integration</name>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-mars</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <version>${rampart.mar.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <version>${rahas.mar.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ <artifactItem>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <version>${addressing.mar.version}</version>
+ <type>mar</type>
+ <overWrite>true</overWrite>
+ <outputDirectory>target/artifacts</outputDirectory>
+ </artifactItem>
+ </artifactItems>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <version>1.1</version>
+ <executions>
+ <execution>
+ <id>generate-source</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <tasks>
+ <java classname="org.apache.axis2.wsdl.WSDL2Java" fork="true">
+ <arg line="-uri src/main/resources/ping/ping.wsdl -ss -o target/generated-code -p org.apache.axis2.oasis.ping -d xmlbeans -g"/>
+ <classpath refid="maven.dependency.classpath"/>
+ <classpath refid="maven.compile.classpath"/>
+ <classpath refid="maven.runtime.classpath"/>
+ </java>
+ <!-- copy the service impl -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
+ tofile="target/generated-code/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java"
+ overwrite="yes"/>
+ <!-- Password callback class for the interop service -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java"
+ tofile="target/generated-code/src/org/apache/axis2/security/PWCallback.java"
+ overwrite="yes"/>
+ <!-- Interop client -->
+ <copy file="src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java"
+ tofile="target/generated-code/src/org/apache/axis2/security/InteropScenarioClient.java"
+ overwrite="yes"/>
+
+ <copy todir="target/test-classes">
+ <fileset dir="target/generated-code/resources">
+ <include name="**/*"/>
+ </fileset>
+ </copy>
+
+ <javac srcdir="target/generated-code" destdir="target/classes" fork="true">
+ <classpath refid="maven.dependency.classpath"/>
+ <classpath refid="maven.compile.classpath"/>
+ <classpath refid="maven.runtime.classpath"/>
+ </javac>
+
+ </tasks>
+ </configuration>
+ </execution>
+ <execution>
+ <id>create-test-resources</id>
+ <phase>process-test-resources</phase>
+ <configuration>
+ <tasks>
+ <property name="addressing.mar" value="addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-classes/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-classes/modules/rampart-${rampart.mar.version}.mar"/>
+
+ <mkdir dir="target/temp-ramp"/>
+ <mkdir dir="target/temp-ramp/META-INF"/>
+
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rampart/Service.class"
+ tofile="target/temp-ramp/org/apache/rampart/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rampart/PWCallback.class"
+ tofile="target/temp-ramp/org/apache/rampart/PWCallback.class"/>
+ <copy overwrite="yes" file="src/test/resources/rampart/store.jks"
+ tofile="target/temp-ramp/store.jks"/>
+ <!--path id="ramp.client.props" location="test-resources/rampart"/-->
+ <!--maven:addPath id="maven.dependency.classpath" refid="ramp.client.props" -->
+ <mkdir dir="target/test-resources/rampart_client_repo"/>
+ <mkdir dir="target/test-resources/rampart_client_repo/conf"/>
+ <mkdir dir="target/test-resources/rampart_client_repo/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rampart_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <mkdir dir="target/test-resources/rampart_service_repo"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/conf"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/services"/>
+ <mkdir dir="target/test-resources/rampart_service_repo/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rampart_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+
+ <!-- Service 1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService1.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 2 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService2.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 3 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-3.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService3.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 4 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-4.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService4.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 5 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-5.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService5.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 6 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-6.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService6.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 7 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-7.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService7.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 8 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-8.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService8.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 9 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-9.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService9.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 10 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-10.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService10.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 11 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-11.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService11.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 12 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-12.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService12.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service 13 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-13.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureService13.aar"
+ basedir="target/temp-ramp"/>
+ <!-- Service SC-1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-1.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC1.aar"
+ basedir="target/temp-ramp"/>
+
+ <!-- Service SC-1 -->
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/issuer.properties"
+ tofile="target/temp-ramp/issuer.properties"/>
+ <copy overwrite="yes"
+ file="src/test/resources/rampart/services-sc-2.xml"
+ tofile="target/temp-ramp/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rampart_service_repo/services/SecureServiceSC2.aar"
+ basedir="target/temp-ramp"/>
+
+ <!--
+ Set up the infra for rahas tests and the rahas client repo
+ -->
+ <mkdir dir="target/temp-rahas"/>
+ <mkdir dir="target/temp-rahas/META-INF"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rahas/Service.class"
+ tofile="target/temp-rahas/org/apache/rahas/Service.class"/>
+ <copy overwrite="yes"
+ file="target/classes/org/apache/rahas/PWCallback.class"
+ tofile="target/temp-rahas/org/apache/rahas/PWCallback.class"/>
+ <copy overwrite="yes" todir="target/temp-rahas">
+ <fileset dir="src/test/resources/rahas">
+ <include name="issuer.properties"/>
+ <include name="rahas-sts.jks"/>
+ </fileset>
+ </copy>
+ <!--path id="rahas.client.props" location="test-resources/rahas" -->
+ <!--addPath id="maven.dependency.classpath" refid="rahas.client.props"-->
+ <mkdir dir="target/test-resources/rahas_client_repo"/>
+ <mkdir dir="target/test-resources/rahas_client_repo/conf"/>
+ <mkdir dir="target/test-resources/rahas_client_repo/modules"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <!-- Copying the DOM3 stuff to the endorsed dir -->
+ <mkdir dir="target/test-resources/endorsed"/>
+ <copy file="${user.home}/.m2/repository/xerces/xercesImpl/2.8.1/xercesImpl-2.8.1.jar"
+ todir="target/test-resources/endorsed"/>
+ <copy file="${user.home}/.m2/repository/xml-apis/xml-apis/1.3.03/xml-apis-1.3.03.jar"
+ todir="target/test-resources/endorsed"/>
+ <!-- Rahas Test1: SAML Token test -->
+ <mkdir dir="target/test-resources/rahas_service_repo_1"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_1/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_1/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s1-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_1/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+ <!-- Rahas Test1: SAML Token test : END -->
+ <!--
+ Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test
+ -->
+ <mkdir dir="target/test-resources/rahas_service_repo_3"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_3/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_3/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s3-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_3/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+ <!--
+ Rahas Test 3 & 4: RahasSAMLTokenUTForHoKTest and RahasSAMLTokenUTForHoKV1205Test : END
+ -->
+ <mkdir dir="target/test-resources/default_security_client_repo"/>
+ <mkdir dir="target/test-resources/default_security_client_repo/conf"/>
+ <mkdir dir="target/test-resources/default_security_client_repo/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/default_security_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="src/test/resources/conf/axis2.xml"
+ tofile="target/test-resources/default_security_client_repo/conf/axis2.xml"/>
+ <!--
+ RahasSAMLTokenAttributeTest
+ -->
+ <mkdir dir="target/test-resources/rahas_service_repo_5"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5/conf"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5/services"/>
+ <mkdir dir="target/test-resources/rahas_service_repo_5/modules"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/rahas-${rahas.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/rahas-${rahas.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/rahas_service_repo_5/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- copy the services.xml and create the aar -->
+ <copy overwrite="yes"
+ file="src/test/resources/rahas/s5-services.xml"
+ tofile="target/temp-rahas/META-INF/services.xml"/>
+ <jar jarfile="target/test-resources/rahas_service_repo_5/services/SecureService.aar"
+ basedir="target/temp-rahas"/>
+
+ <!--RahasAttributeTest END-->
+ <!-- Scenario 1 -->
+ <mkdir dir="target/test-resources/scenario1_client_repo"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario1_client_repo/services"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario1_service_repo/modules"/>
+ <!-- setup scenario 1 client repository-->
+ <copy file="src/test/resources/security/s1.client.axis2.xml"
+ tofile="target/test-resources/scenario1_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario1_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <!-- setup scenario 1 service repository-->
+ <copy file="src/test/resources/security/s1.service.axis2.xml"
+ tofile="target/test-resources/scenario1_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario1_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+
+ <mkdir dir="target/temp-interop/META-INF"/>
+
+ <!-- Create the .aar file -->
+ <copy file="src/test/resources/security/s1.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario1_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ <!-- Scenario 2 - Setup the client and service repos -->
+ <mkdir dir="target/test-resources/scenario2_client_repo"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/ conf"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario2_service_repo/modules"/>
+ <copy file="src/test/resources/security/s2.client.axis2.xml"
+ tofile="target/test-resources/scenario2_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2.service.axis2.xml"
+ tofile="target/test-resources/scenario2_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario2_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 2a - set up repos -->
+ <mkdir dir="target/test-resources/scenario2a_client_repo"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2a_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario2a_service_repo/modules"/>
+ <copy file="src/test/resources/security/s2a.client.axis2.xml"
+ tofile="target/test-resources/scenario2a_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2a_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2a.service.axis2.xml"
+ tofile="target/test-resources/scenario2a_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario2a_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s2a.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario2a_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ <!-- Scenario 3 -->
+ <mkdir dir="target/test-resources/scenario3_client_repo"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario3_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario3_service_repo/modules"/>
+ <copy file="src/test/resources/security/s3.client.axis2.xml"
+ tofile="target/test-resources/scenario3_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario3_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s3.service.axis2.xml"
+ tofile="target/test-resources/scenario3_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario3_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s3.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario3_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 4 -->
+ <mkdir dir="target/test-resources/scenario4_client_repo"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario4_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario4_service_repo/modules"/>
+ <copy file="src/test/resources/security/s4.client.axis2.xml"
+ tofile="target/test-resources/scenario4_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario4_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s4.service.axis2.xml"
+ tofile="target/test-resources/scenario4_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario4_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s4.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario4_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 5 -->
+ <mkdir dir="target/test-resources/scenario5_client_repo"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario5_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario5_service_repo/modules"/>
+ <copy file="src/test/resources/security/s5.client.axis2.xml"
+ tofile="target/test-resources/scenario5_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario5_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s5.service.axis2.xml"
+ tofile="target/test-resources/scenario5_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario5_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s5.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario5_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 6 -->
+ <mkdir dir="target/test-resources/scenario6_client_repo"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario6_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario6_service_repo/modules"/>
+ <copy file="src/test/resources/security/s6.client.axis2.xml"
+ tofile="target/test-resources/scenario6_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario6_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s6.service.axis2.xml"
+ tofile="target/test-resources/scenario6_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario6_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s6.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario6_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario 7 -->
+ <mkdir dir="target/test-resources/scenario7_client_repo"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario7_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenario7_service_repo/modules"/>
+ <copy file="src/test/resources/security/s7.client.axis2.xml"
+ tofile="target/test-resources/scenario7_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario7_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s7.service.axis2.xml"
+ tofile="target/test-resources/scenario7_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenario7_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/s7.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenario7_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Scenario ST1 -->
+ <mkdir dir="target/test-resources/scenarioST1_client_repo"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/conf"/>
+ <mkdir dir="target/test-resources/scenarioST1_client_repo/modules"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/conf"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/services"/>
+ <mkdir dir="target/test-resources/scenarioST1_service_repo/modules"/>
+ <copy file="src/test/resources/security/sST1.client.axis2.xml"
+ tofile="target/test-resources/scenarioST1_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenarioST1_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/sST1.service.axis2.xml"
+ tofile="target/test-resources/scenarioST1_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/scenarioST1_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/sST1.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/scenarioST1_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- MTOM Optimized Security Test -->
+ <mkdir dir="target/test-resources/mtom_sec_client_repo"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/conf"/>
+ <mkdir dir="target/test-resources/mtom_sec_client_repo/modules"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/conf"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/services"/>
+ <mkdir dir="target/test-resources/mtom_sec_service_repo/modules"/>
+ <copy file="src/test/resources/security/secMtom.client.axis2.xml"
+ tofile="target/test-resources/mtom_sec_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/mtom_sec_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/secMtom.service.axis2.xml"
+ tofile="target/test-resources/mtom_sec_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/mtom_sec_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="src/test/resources/security/secMtom.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <jar jarfile="target/test-resources/mtom_sec_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+
+ <!-- Test with addressing and MTOM -->
+ <mkdir dir="target/test-resources/complete_client_repo"/>
+ <mkdir dir="target/test-resources/complete_client_repo/conf"/>
+ <mkdir dir="target/test-resources/complete_client_repo/modules"/>
+ <mkdir dir="target/test-resources/complete_service_repo"/>
+ <mkdir dir="target/test-resources/complete_service_repo/conf"/>
+ <mkdir dir="target/test-resources/complete_service_repo/services"/>
+ <mkdir dir="target/test-resources/complete_service_repo/modules"/>
+ <!-- Test with addressing and MTOM client repository-->
+ <copy file="src/test/resources/security/complete.client.axis2.xml"
+ tofile="target/test-resources/complete_client_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/complete_client_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/complete_client_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <!-- Test with addressing and MTOMservice repository-->
+ <copy file="src/test/resources/security/complete.service.axis2.xml"
+ tofile="target/test-resources/complete_service_repo/conf/axis2.xml"/>
+ <copy file="target/artifacts/rampart-${rampart.mar.version}.mar"
+ tofile="target/test-resources/complete_service_repo/modules/rampart-${rampart.mar.version}.mar"/>
+ <copy file="target/artifacts/addressing-${addressing.mar.version}.mar"
+ tofile="target/test-resources/complete_service_repo/modules/addressing-${addressing.mar.version}.mar"/>
+ <copy file="src/test/resources/security/complete.service.xml"
+ tofile="target/temp-interop/META-INF/services.xml"
+ overwrite="true"/>
+ <!-- Create the .aar file -->
+ <jar jarfile="target/test-resources/complete_service_repo/services/PingPort.aar"
+ basedir="target/temp-interop"/>
+ </tasks>
+ </configuration>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <!--plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>build-helper-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>add-test-source</id>
+ <phase>process-resources</phase>
+ <goals>
+ <goal>add-test-source</goal>
+ </goals>
+ <configuration>
+ <sources>
+ <source>target/generated-code/resources</source>
+ </sources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin-->
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java
new file mode 100644
index 0000000..31732ac
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/TestingUtils.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+
+public class TestingUtils {
+ public static OMElement createDummyOMElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace("http://org.apache.axis2/xsd", "ns1");
+ OMElement method = fac.createOMElement("echoOM", omNs);
+ OMElement value = fac.createOMElement("myValue", omNs);
+ value.addChild(
+ fac.createOMText(value, "Isaac Asimov, The Foundation Trilogy"));
+ method.addChild(value);
+ return method;
+ }
+
+ public static OMElement createDummyOMElement(String nameSpace) {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(nameSpace, "ns1");
+ OMElement method = fac.createOMElement("echoOM", omNs);
+ OMElement value = fac.createOMElement("myValue", omNs);
+ value.addChild(
+ fac.createOMText(value, "Isaac Asimov, The Foundation Trilogy"));
+ method.addChild(value);
+ return method;
+ }
+
+
+ public static void campareWithCreatedOMElement(OMElement element) {
+ OMElement firstChild = element.getFirstElement();
+ TestCase.assertNotNull(firstChild);
+ String textValue = firstChild.getText();
+ TestCase.assertEquals(textValue, "Isaac Asimov, The Foundation Trilogy");
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java
new file mode 100644
index 0000000..40fbe74
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServer.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import junit.framework.TestCase;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.deployment.DeploymentEngine;
+import org.apache.axis2.description.AxisModule;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.description.TransportInDescription;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.http.SimpleHTTPServer;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+import java.io.FilenameFilter;
+
+public class UtilServer {
+ private static int count = 0;
+
+ private static SimpleHTTPServer receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().addService(
+ service);
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration()
+ .removeService(service.getLocalPart());
+ }
+
+ public static synchronized void unDeployClientService() throws AxisFault {
+ if (receiver.getConfigurationContext().getAxisConfiguration() != null) {
+ receiver.getConfigurationContext().getAxisConfiguration()
+ .removeService("AnonymousService");
+ }
+ }
+
+ public static synchronized void start() throws Exception {
+ start(org.apache.axis2.Constants.TESTING_REPOSITORY);
+ }
+
+ public static synchronized void start(String repository) throws Exception {
+ if (count == 0) {
+ ConfigurationContext er = getNewConfigurationContext(repository);
+
+ receiver = new SimpleHTTPServer(er, TESTING_PORT);
+
+ try {
+ receiver.start();
+ ListenerManager listenerManager = er.getListenerManager();
+ TransportInDescription trsIn = new TransportInDescription(
+ Constants.TRANSPORT_HTTP);
+ trsIn.setReceiver(receiver);
+ if (listenerManager == null) {
+ listenerManager = new ListenerManager();
+ listenerManager.init(er);
+ }
+ listenerManager.addListener(trsIn, true);
+ System.out.print("Server started on port "
+ + TESTING_PORT + ".....");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+
+
+ count++;
+ }
+
+ public static synchronized void start(String repository, String axis2xml) throws Exception {
+ if (count == 0) {
+ ConfigurationContext er = getNewConfigurationContext(repository, axis2xml);
+
+ receiver = new SimpleHTTPServer(er, TESTING_PORT);
+
+ try {
+ receiver.start();
+ System.out.print("Server started on port "
+ + TESTING_PORT + ".....");
+ } catch (Exception e) {
+ throw new AxisFault(e.getMessage(), e);
+ }
+
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+
+ }
+ count++;
+ }
+
+ public static ConfigurationContext getNewConfigurationContext(
+ String repository) throws Exception {
+ File file = new File(repository);
+ if (!file.exists()) {
+ throw new Exception("repository directory "
+ + file.getAbsolutePath() + " does not exists");
+ }
+ return ConfigurationContextFactory.createConfigurationContextFromFileSystem(file.getAbsolutePath(),
+ file.getAbsolutePath() + "/conf/axis2.xml");
+ }
+
+ public static ConfigurationContext getNewConfigurationContext(
+ String repository, String axis2xml) throws Exception {
+ File file = new File(repository);
+ if (!file.exists()) {
+ throw new Exception("repository directory "
+ + file.getAbsolutePath() + " does not exists");
+ }
+ return ConfigurationContextFactory.createConfigurationContextFromFileSystem(file.getAbsolutePath(),
+ axis2xml);
+ }
+
+ public static synchronized void stop() throws AxisFault {
+ if (count == 1) {
+ receiver.stop();
+ while (receiver.isRunning()) {
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e1) {
+ //nothing to do here
+ }
+ }
+ count = 0;
+// tp.doStop();
+ System.out.print("Server stopped .....");
+ } else {
+ count--;
+ }
+ receiver.getConfigurationContext().terminate();
+ }
+
+ public static ConfigurationContext getConfigurationContext() {
+ return receiver.getConfigurationContext();
+ }
+
+ public static ServiceContext createAdressedEnabledClientSide(
+ AxisService service) throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+ ConfigurationContext configContext = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(
+ "target/test-resources/integrationRepo", null);
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+ configContext.getAxisConfiguration().addModule(axisModule);
+
+ configContext.getAxisConfiguration().addService(service);
+
+ return new ServiceGroupContext(configContext, (AxisServiceGroup) service.getParent())
+ .getServiceContext(service);
+ }
+
+ static class AddressingFilter implements FilenameFilter {
+ public boolean accept(File dir, String name) {
+ return name.startsWith("addressing") && name.endsWith(".mar");
+ }
+ }
+
+ private static File getAddressingMARFile() {
+ File dir = new File(org.apache.axis2.Constants.TESTING_REPOSITORY + "/modules");
+ File[] files = dir.listFiles(new AddressingFilter());
+ TestCase.assertTrue(files.length == 1);
+ File file = files[0];
+ TestCase.assertTrue(file.exists());
+ return file;
+ }
+
+ public static ConfigurationContext createClientConfigurationContext() throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+
+ ConfigurationContext configContext = ConfigurationContextFactory .createConfigurationContextFromFileSystem(
+ "target/test-resources/integrationRepo",
+ "target/test-resources/integrationRepo/conf/axis2.xml");
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+ configContext.getAxisConfiguration().addModule(axisModule);
+ return configContext;
+ }
+
+ public static ConfigurationContext createClientConfigurationContext(String repo) throws AxisFault {
+ return ConfigurationContextFactory .createConfigurationContextFromFileSystem(
+ repo,
+ repo + "/conf/axis2.xml");
+ }
+
+ public static ServiceContext createAdressedEnabledClientSide(
+ AxisService service, String clientHome) throws AxisFault {
+ File file = getAddressingMARFile();
+ TestCase.assertTrue(file.exists());
+
+ ConfigurationContext configContext = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientHome, null);
+ AxisModule axisModule = DeploymentEngine.buildModule(file,
+ configContext.getAxisConfiguration());
+
+ configContext.getAxisConfiguration().addModule(axisModule);
+// sysContext.getAxisConfiguration().engageModule(moduleDesc.getName());
+
+ configContext.getAxisConfiguration().addService(service);
+
+ return new ServiceGroupContext(configContext, (AxisServiceGroup) service.getParent())
+ .getServiceContext(service);
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java
new file mode 100644
index 0000000..248ec07
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilServerBasedTestCase.java
@@ -0,0 +1,68 @@
+/*
+* Copyright 2004-2006 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.axis2.integration;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestCase;
+
+public class UtilServerBasedTestCase extends TestCase {
+
+ public UtilServerBasedTestCase() {
+ super(UtilServerBasedTestCase.class.getName());
+ }
+
+ public UtilServerBasedTestCase(java.lang.String string) {
+ super(string);
+ }
+
+ protected static Test getTestSetup(Test test) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start();
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+
+ protected static Test getTestSetup2(Test test, final String param) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start(param);
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+
+ protected static Test getTestSetup3(Test test, final String param1, final String param2) {
+ return new TestSetup(test) {
+ public void setUp() throws Exception {
+ UtilServer.start(param1, param2);
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ };
+ }
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsJMSServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsJMSServer.java
new file mode 100644
index 0000000..63a3d78
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsJMSServer.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.TransportInDescription;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.jms.JMSListener;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+
+public class UtilsJMSServer {
+ private static JMSListener receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+ public static final String REPOSITORY_JMS = "target/test-resources/jms-enabled-server-repository";
+
+ private static final Log log = LogFactory.getLog(UtilsJMSServer.class);
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+
+ receiver.getConfigurationContext().getAxisConfiguration().addService(service);
+
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().removeService(
+ service.getLocalPart());
+ }
+
+ public static synchronized void start() throws Exception {
+ // start JMS Listener
+ File file = new File(REPOSITORY_JMS);
+ System.out.println(file.getAbsoluteFile());
+ if (!file.exists()) {
+ throw new Exception("Repository directory does not exist");
+ }
+
+ ConfigurationContext configurationContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
+ .getAbsolutePath(),REPOSITORY_JMS + "/conf/axis2.xml");
+ try {
+ Thread.sleep(2000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+ receiver = new JMSListener();
+ ListenerManager listenerManager = configurationContext.getListenerManager();
+ TransportInDescription trsIn = configurationContext.getAxisConfiguration().getTransportIn(Constants.TRANSPORT_JMS);
+ trsIn.setReceiver(receiver);
+ if (listenerManager == null) {
+ listenerManager = new ListenerManager();
+ listenerManager.init(configurationContext);
+ }
+ listenerManager.addListener(trsIn, true);
+ receiver.init(configurationContext, trsIn);
+ receiver.start();
+ }
+
+ public static synchronized void stop() {
+ try {
+ receiver.stop();
+ System.out.print("Server stopped .....");
+ } catch (Exception e) {
+ log.error(e.getMessage(), e);
+ }
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
new file mode 100644
index 0000000..3b70d20
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/axis2/integration/UtilsTCPServer.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.integration;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.engine.ListenerManager;
+import org.apache.axis2.transport.tcp.TCPServer;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+import java.io.File;
+
+public class UtilsTCPServer {
+ private static int count = 0;
+
+ private static TCPServer receiver;
+
+ public static final int TESTING_PORT = 5555;
+
+ public static final String FAILURE_MESSAGE = "Intentional Failure";
+
+ private static final Log log = LogFactory.getLog(UtilsTCPServer.class);
+
+ public static synchronized void deployService(AxisService service)
+ throws AxisFault {
+
+ receiver.getConfigurationContext().getAxisConfiguration().addService(service);
+ ServiceGroupContext serviceGroupContext = new ServiceGroupContext(
+ receiver.getConfigurationContext(), (AxisServiceGroup) service.getParent());
+ }
+
+ public static synchronized void unDeployService(QName service)
+ throws AxisFault {
+ receiver.getConfigurationContext().getAxisConfiguration().removeService(
+ service.getLocalPart());
+ }
+
+ public static synchronized void start() throws Exception {
+ if (count == 0) {
+
+ // start tcp server
+
+ File file = new File(org.apache.axis2.Constants.TESTING_REPOSITORY);
+ System.out.println(file.getAbsoluteFile());
+ if (!file.exists()) {
+ throw new Exception("Repository directory does not exist");
+ }
+
+ ConfigurationContext er = ConfigurationContextFactory.createConfigurationContextFromFileSystem(file
+ .getAbsolutePath(), file
+ .getAbsolutePath() + "/conf/axis2.xml");
+ try {
+ Thread.sleep(1000);
+ } catch (InterruptedException e1) {
+ throw new AxisFault("Thread interuptted", e1);
+ }
+ receiver = new TCPServer(UtilServer.TESTING_PORT, er);
+ receiver.start();
+
+ }
+ count++;
+ }
+
+ public static synchronized void stop() throws AxisFault {
+ try {
+ if (count == 1) {
+ receiver.stop();
+ count = 0;
+ System.out.print("Server stopped .....");
+ } else {
+ count--;
+ }
+ } catch (AxisFault e) {
+ log.error(e.getMessage(), e);
+ }
+ receiver.getConfigurationContext().terminate();
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
new file mode 100755
index 0000000..6ec7792
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/PWCallback.java
@@ -0,0 +1,195 @@
+package org.apache.rahas;
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("joe")) {
+
+ pc.setPassword("eoj");
+
+ } else if(pc.getIdentifer().equals("ip")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java b/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java
new file mode 100644
index 0000000..bce2f98
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/Service.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ System.out.println("Service invoked");
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java b/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
new file mode 100644
index 0000000..3fdb63c
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rahas/TestClient.java
@@ -0,0 +1,186 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+import junit.framework.TestCase;
+
+public abstract class TestClient extends TestCase {
+
+ protected int port = UtilServer.TESTING_PORT;
+
+ public TestClient(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo(), null);
+ }
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+ /**
+ */
+ public void testRequest() {
+ try {
+
+ // Get the repository location from the args
+ String repo = Constants.TESTING_PATH + "rahas_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+ null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+ Options options = new Options();
+
+ System.setProperty("javax.net.ssl.keyStorePassword", "password");
+ System.setProperty("javax.net.ssl.keyStoreType", "JKS");
+ System.setProperty("javax.net.ssl.trustStore", "/home/ruchith/Desktop/interop/certs/interop2.jks");
+ System.setProperty("javax.net.ssl.trustStorePassword", "password");
+ System.setProperty("javax.net.ssl.trustStoreType","JKS");
+
+ options.setTo(new EndpointReference("http://127.0.0.1:" + port + "/axis2/services/SecureService"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLHoK"));
+// options.setTo(new EndpointReference("https://www-lk.wso2.com:8443/axis2/services/UTSAMLHoK"));
+// options.setTo(new EndpointReference("https://192.18.49.133:2343/jaxws-s1-sts/sts"));
+// options.setTo(new EndpointReference("https://207.200.37.116/SxSts/Scenario_1_IssuedTokenOverTransport_UsernameOverTransport"));
+// options.setTo(new EndpointReference("http://localhost:9090/SxSts/Scenario_4_IssuedToken_MutualCertificate10"));
+
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/MutualCertsSAMLHoK"));
+// options.setTo(new EndpointReference("http://www-lk.wso2.com:8888/axis2/services/MutualCertsSAMLHoK"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/Addressing2004/UserName"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/trust/X509WSS10"));
+// options.setTo(new EndpointReference("https://131.107.72.15/trust/UserName"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/jaxws-s4-sts/sts"));
+// options.setTo(new EndpointReference("http://127.0.0.1:9090/jaxws-s4/simple"));
+// options.setTo(new EndpointReference("http://127.0.0.1:" + 9090 + "/axis2/services/UTSAMLBearer"));
+
+ options.setTransportInProtocol(Constants.TRANSPORT_HTTP);
+ options.setAction(this.getRequestAction());
+// options.setProperty(AddressingConstants.WS_ADDRESSING_VERSION, this.getWSANamespace());
+
+ options.setTimeOutInMilliSeconds(200 * 1000);
+ OutflowConfiguration clientOutflowConfiguration = getClientOutflowConfiguration();
+ if (clientOutflowConfiguration != null) {
+ configContext.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, clientOutflowConfiguration.getProperty());
+ }
+ InflowConfiguration clientInflowConfiguration = getClientInflowConfiguration();
+ if (clientInflowConfiguration != null) {
+ configContext.setProperty(WSSHandlerConstants.INFLOW_SECURITY, clientInflowConfiguration.getProperty());
+ }
+
+ serviceClient.engageModule(new QName("addressing"));
+ serviceClient.engageModule(new QName("rampart"));
+
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+
+ OMElement result = serviceClient.sendReceive(getRequest());
+
+ this.validateRsponse(result);
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ protected String getWSANamespace() {
+ return AddressingConstants.Submission.WSA_NAMESPACE;
+ }
+
+ public abstract OMElement getRequest();
+
+ public abstract OutflowConfiguration getClientOutflowConfiguration();
+
+ public abstract InflowConfiguration getClientInflowConfiguration();
+
+ public abstract String getServiceRepo();
+
+ public abstract String getRequestAction() throws TrustException;
+
+ public abstract void validateRsponse(OMElement resp);
+
+//
+// /**
+// * This test will use WS-SecPolicy
+// */
+// public void testWithStsClient() {
+//
+// // Get the repository location from the args
+// String repo = Constants.TESTING_PATH + "rahas_client_repo";
+//
+// try {
+// ConfigurationContext configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(repo,
+// null);
+//
+// STSClient client = new STSClient(configContext);
+//
+// client.setAction(this.getRequestAction());
+//
+// client.setRstTemplate(this.getRSTTemplate());
+// client.setVersion(this.getTrstVersion());
+//
+// Token tok =
+// client.requestSecurityToken(this.getServicePolicy(),
+// "http://127.0.0.1:" + port + "/axis2/services/SecureService",
+// this.getSTSPolicy(),
+// "http://localhost:5555/axis2/services/SecureService");
+//
+// assertNotNull("Response token missing", tok);
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+//
+// }
+
+ public abstract int getTrstVersion();
+
+ public abstract Policy getServicePolicy() throws Exception;
+
+ public abstract Policy getSTSPolicy() throws Exception;
+
+ public abstract OMElement getRSTTemplate() throws TrustException;
+
+ protected Policy getPolicy(String filePath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(filePath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(elem);
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java b/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
new file mode 100644
index 0000000..7b82942
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rampart/PWCallback.java
@@ -0,0 +1,193 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("joe") && pc.getPassword().equals("eoj")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ if(pc.getIdentifer().equals("alice") && pc.getPassword().equals("password")) {
+ return;
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else if(pc.getIdentifer().equals("joe")) {
+
+ pc.setPassword("eoj");
+
+ } else if(pc.getIdentifer().equals("ip")) {
+
+ pc.setPassword("password");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java b/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java
new file mode 100644
index 0000000..122982a
--- /dev/null
+++ b/modules/rampart-integration/src/main/java/org/apache/rampart/Service.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+import org.apache.axiom.om.OMElement;
+
+public class Service {
+
+ public OMElement echo(OMElement elem) {
+ elem.build();
+ elem.detach();
+ System.out.println("Service invoked");
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-integration/src/main/resources/ping/ping.wsdl b/modules/rampart-integration/src/main/resources/ping/ping.wsdl
new file mode 100644
index 0000000..788518d
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/ping.wsdl
@@ -0,0 +1,68 @@
+<definitions xmlns:s1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:s="http://www.w3.org/2001/XMLSchema"
+ xmlns:tns="http://xmlsoap.org/Ping"
+ xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:tm="http://microsoft.com/wsdl/mime/textMatching/"
+ xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
+ targetNamespace="http://xmlsoap.org/Ping"
+ xmlns="http://schemas.xmlsoap.org/wsdl/">
+ <types>
+ <s:schema elementFormDefault="qualified" targetNamespace="http://xmlsoap.org/Ping">
+ <s:import namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/>
+ <s:element name="Ping" nillable="true" type="tns:ping"/>
+ <s:complexType name="ping">
+ <s:sequence>
+ <s:element minOccurs="0" maxOccurs="1" name="ticket" type="tns:ticketType"/>
+ <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+ </s:sequence>
+ </s:complexType>
+ <s:complexType name="ticketType">
+ <s:simpleContent>
+ <s:extension base="s:string">
+ <s:attribute ref="s1:Id"/>
+ </s:extension>
+ </s:simpleContent>
+ </s:complexType>
+ <s:element name="PingResponse" nillable="true" type="tns:pingResponse"/>
+ <s:complexType name="pingResponse">
+ <s:sequence>
+ <s:element minOccurs="1" maxOccurs="1" name="text" nillable="true" type="s:string"/>
+ </s:sequence>
+ </s:complexType>
+ </s:schema>
+ <s:schema elementFormDefault="qualified" targetNamespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+ <s:attribute name="Id" type="s:string"/>
+ </s:schema>
+ </types>
+ <message name="PingRequest">
+ <part name="ping" element="tns:Ping"/>
+ </message>
+ <message name="PingResponse">
+ <part name="pingResponse" element="tns:PingResponse"/>
+ </message>
+ <portType name="PingPort">
+ <operation name="Ping" >
+ <input message="tns:PingRequest"/>
+ <output message="tns:PingResponse"/>
+ </operation>
+ </portType>
+ <binding name="PingBinding" type="tns:PingPort">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="Ping">
+ <soap:operation soapAction="urn:Ping" style="document"/>
+ <input>
+ <soap:body use="literal"/>
+ </input>
+ <output>
+ <soap:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="PingPort">
+ <port name="Ping1" binding="tns:PingBinding">
+ <soap:address location="http://localhost:9080/pingservice/Ping1"/>
+ </port>
+ </service>
+</definitions>
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
new file mode 100644
index 0000000..f63b844
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/oasis/ping/PingPortSkeleton.java
@@ -0,0 +1,74 @@
+/*
+* Copyright 2004,2005 The Apache Software Foundation.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package org.apache.axis2.oasis.ping;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+import org.xmlsoap.ping.PingDocument;
+import org.xmlsoap.ping.PingResponse;
+import org.xmlsoap.ping.PingResponseDocument;
+
+import java.util.Vector;
+
+/**
+ * Auto generated java skeleton for the service by the Axis code generator
+ */
+public class PingPortSkeleton{
+ /**
+ * Auto generated method signature
+ *
+ * @param param0
+ */
+ public PingResponseDocument Ping
+ (PingDocument param0) {
+ Vector results = null;
+ MessageContext msgCtx = MessageContext.getCurrentMessageContext();
+ if ((results =
+ (Vector) msgCtx.getProperty(WSHandlerConstants.RECV_RESULTS))
+ == null) {
+ System.out.println("No security results!!");
+ throw new RuntimeException("No security results!!");
+ } else {
+ System.out.println("Number of results: " + results.size());
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult =
+ (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser =
+ (WSSecurityEngineResult) wsSecEngineResults.get(j);
+ if (wser.getAction() != WSConstants.ENCR && wser.getPrincipal() != null) {
+ System.out.println(wser.getPrincipal().getName());
+ }
+ }
+ }
+ PingResponseDocument response = PingResponseDocument.Factory.newInstance();
+ PingResponse pingRes = response.addNewPingResponse();
+ pingRes.setText("Response: " + param0.getPing().getText());
+ return response;
+ }
+ }
+
+}
+
\ No newline at end of file
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
new file mode 100644
index 0000000..6f15155
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/InteropScenarioClient.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.Constants;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.oasis.ping.PingPortStub;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.xmlsoap.ping.Ping;
+import org.xmlsoap.ping.PingDocument;
+import org.xmlsoap.ping.PingResponse;
+import org.xmlsoap.ping.PingResponseDocument;
+import org.xmlsoap.ping.TicketType;
+
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * Client for the interop service This MUST be used with the codegen'ed classes
+ */
+public class InteropScenarioClient {
+
+ String soapNsURI = SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+
+ public InteropScenarioClient(boolean useSOAP12InStaticConfigTest) {
+ if (useSOAP12InStaticConfigTest) {
+ soapNsURI = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+ }
+ }
+
+ public void invokeWithStaticConfig(String clientRepo, String url)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ ConfigurationContext configCtx = ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml");
+ PingPortStub stub = new PingPortStub(configCtx, url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ stub._getServiceClient().getOptions().setSoapVersionURI(soapNsURI);
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+
+ PingResponseDocument pingResDoc = stub.Ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ }
+
+ public void invokeWithGivenConfig(String clientRepo, String url,
+ OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ PingPortStub stub = new PingPortStub(ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml"), url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ // Engage the security module
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+ if (outflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.OUTFLOW_SECURITY,
+ outflowConfig.getProperty());
+ }
+ if (inflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.INFLOW_SECURITY,
+ inflowConfig.getProperty());
+ }
+ PingResponseDocument pingResDoc = stub.Ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ stub = null;
+ }
+
+ public void invokeWithGivenConfigWithProRefs(String clientRepo, String url,
+ OutflowConfiguration outflowConfig, InflowConfiguration inflowConfig,
+ Hashtable propRefs)
+ throws Exception {
+ TicketType ticket = TicketType.Factory.newInstance();
+ ticket.setId("My ticket Id");
+
+ Ping ping = Ping.Factory.newInstance();
+ ping.setText("Testing rampart");
+ ping.setTicket(ticket);
+
+ PingDocument pingDoc = PingDocument.Factory.newInstance();
+ pingDoc.setPing(ping);
+
+ PingPortStub stub = new PingPortStub(ConfigurationContextFactory
+ .createConfigurationContextFromFileSystem(clientRepo,
+ clientRepo + "/conf/axis2.xml"), url);
+
+ // Enable MTOM to those scenarios where they are configured using:
+ // <optimizeParts>xpathExpression</optimizeParts>
+ stub._getServiceClient().getOptions().setProperty(
+ Constants.Configuration.ENABLE_MTOM, Constants.VALUE_TRUE);
+ // Engage the security module
+ stub._getServiceClient().engageModule(
+ new javax.xml.namespace.QName("rampart"));
+
+ if (outflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.OUTFLOW_SECURITY,
+ outflowConfig.getProperty());
+ }
+ if (inflowConfig != null) {
+ stub._getServiceClient().getServiceContext().setProperty(
+ WSSHandlerConstants.INFLOW_SECURITY,
+ inflowConfig.getProperty());
+ }
+
+ if(propRefs != null) {
+ Enumeration keysEnum = propRefs.keys();
+ while (keysEnum.hasMoreElements()) {
+ String refKey = (String) keysEnum.nextElement();
+
+ stub._getServiceClient().getServiceContext().setProperty(refKey,
+ propRefs.get(refKey));
+ }
+ }
+
+ PingResponseDocument pingResDoc = stub.Ping(pingDoc);
+
+ PingResponse pingRes = pingResDoc.getPingResponse();
+
+ System.out.println(pingRes.getText());
+ stub = null;
+ }
+}
diff --git a/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
new file mode 100644
index 0000000..df9d4de
--- /dev/null
+++ b/modules/rampart-integration/src/main/resources/ping/src/org/apache/axis2/security/PWCallback.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java
new file mode 100644
index 0000000..4de2640
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/AddressingMTOMSecurityTest.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axis2.Constants;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+
+public class AddressingMTOMSecurityTest extends InteropTestBase {
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts("{Element}{" + ADDR_NS + "}To;" +
+ "{Element}{" + ADDR_NS + "}ReplyTo;" +
+ "{Element}{" + ADDR_NS + "}MessageID;" +
+ "{Element}{" + WSU_NS + "}Timestamp");
+ ofc.setOptimizeParts(
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return COMPLETE_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return COMPLETE_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts("{Element}{" + ADDR_NS + "}To;" +
+ "{Element}{" + ADDR_NS + "}ReplyTo;" +
+ "{Element}{" + ADDR_NS + "}MessageID;" +
+ "{Element}{" + WSU_NS + "}Timestamp");
+ ofc.setOptimizeParts(
+ "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java
new file mode 100644
index 0000000..407a71e
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/InteropTestBase.java
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
+import java.util.Hashtable;
+
+import junit.framework.TestCase;
+
+public abstract class InteropTestBase extends TestCase {
+
+ protected static final String SCENARIO1_SERVICE_REPOSITORY =
+ "scenario1_service_repo";
+
+ protected static final String SCENARIO1_CLIENT_REPOSITORY =
+ "scenario1_client_repo";
+
+ protected static final String SCENARIO2_SERVICE_REPOSITORY =
+ "scenario2_service_repo";
+
+ protected static final String SCENARIO2_CLIENT_REPOSITORY =
+ "scenario2_client_repo";
+
+ protected static final String SCENARIO2a_SERVICE_REPOSITORY =
+ "scenario2a_service_repo";
+
+ protected static final String SCENARIO2a_CLIENT_REPOSITORY =
+ "scenario2a_client_repo";
+
+ protected static final String SCENARIO3_SERVICE_REPOSITORY =
+ "scenario3_service_repo";
+
+ protected static final String SCENARIO3_CLIENT_REPOSITORY =
+ "scenario3_client_repo";
+
+ protected static final String SCENARIO4_SERVICE_REPOSITORY =
+ "scenario4_service_repo";
+
+ protected static final String SCENARIO4_CLIENT_REPOSITORY =
+ "scenario4_client_repo";
+
+ protected static final String SCENARIO5_SERVICE_REPOSITORY =
+ "scenario5_service_repo";
+
+ protected static final String SCENARIO5_CLIENT_REPOSITORY =
+ "scenario5_client_repo";
+
+ protected static final String SCENARIO6_SERVICE_REPOSITORY =
+ "scenario6_service_repo";
+
+ protected static final String SCENARIO6_CLIENT_REPOSITORY =
+ "scenario6_client_repo";
+
+ protected static final String SCENARIO7_SERVICE_REPOSITORY =
+ "scenario7_service_repo";
+
+ protected static final String SCENARIO7_CLIENT_REPOSITORY =
+ "scenario7_client_repo";
+
+ protected static final String SCENARIO_ST1_SERVICE_REPOSITORY =
+ "scenarioST1_service_repo";
+
+ protected static final String SCENARIO_ST1_CLIENT_REPOSITORY =
+ "scenarioST1_client_repo";
+
+ protected static final String SCENARIO_ST3_SERVICE_REPOSITORY =
+ "scenarioST3_service_repo";
+
+ protected static final String SCENARIO_ST3_CLIENT_REPOSITORY =
+ "scenarioST3_client_repo";
+
+ protected static final String SCENARIO_ST4_SERVICE_REPOSITORY =
+ "scenarioST4_service_repo";
+
+ protected static final String SCENARIO_ST4_CLIENT_REPOSITORY =
+ "scenarioST4_client_repo";
+
+ protected static final String MTOM_SEC_SERVICE_REPOSITORY =
+ "mtom_sec_service_repo";
+
+ protected static final String MTOM_SEC_CLIENT_REPOSITORY =
+ "mtom_sec_client_repo";
+
+ protected static final String COMPLETE_SERVICE_REPOSITORY =
+ "complete_service_repo";
+
+ protected static final String COMPLETE_CLIENT_REPOSITORY =
+ "complete_client_repo";
+
+ protected static final String DEFAULT_CLIENT_REPOSITORY =
+ "default_security_client_repo";
+
+ protected static final String WSSE_NS = WSConstants.WSSE_NS;
+
+ protected static final String WSU_NS = WSConstants.WSU_NS;
+
+ protected static final String ADDR_NS =
+ AddressingConstants.Final.WSA_NAMESPACE;
+
+ private String targetEpr = "http://127.0.0.1:" +
+// 5556 +
+ UtilServer.TESTING_PORT +
+ "/axis2/services/PingPort";
+
+ public InteropTestBase() {
+ super();
+ }
+
+ public InteropTestBase(String arg0) {
+ super(arg0);
+ }
+
+ public void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + getServiceRepo());
+ }
+
+ public void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+ /**
+ * Do test
+ */
+ public void testInteropWithConfigFiles() {
+ try {
+
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithStaticConfig", new Class[]{String.class,
+ String.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + getClientRepo(), targetEpr});
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+ }
+
+ public void testInteropWithDynamicConfig() {
+ try {
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithGivenConfig", new Class[]{String.class,
+ String.class, OutflowConfiguration.class,
+ InflowConfiguration.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + DEFAULT_CLIENT_REPOSITORY,
+ targetEpr, getOutflowConfiguration(),
+ getInflowConfiguration()});
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+
+ }
+
+ public void testInteropWithDynamicConfigWithProfRefs() {
+ if(getPropertyRefs() != null) {
+ try {
+
+ Class interopScenarioClientClass = Class
+ .forName("org.apache.axis2.security.InteropScenarioClient");
+ Constructor c = interopScenarioClientClass
+ .getConstructor(new Class[]{boolean.class});
+ Object clientObj = c.newInstance(new Object[]{this
+ .isUseSOAP12InStaticConfigTest() ? Boolean.TRUE
+ : Boolean.FALSE});
+ Method m = interopScenarioClientClass.getMethod(
+ "invokeWithGivenConfigWithProRefs", new Class[]{
+ String.class,
+ String.class, OutflowConfiguration.class,
+ InflowConfiguration.class, Hashtable.class});
+ m.invoke(clientObj, new Object[]{
+ Constants.TESTING_PATH + DEFAULT_CLIENT_REPOSITORY,
+ targetEpr, getOutflowConfigurationWithRefs(),
+ getInflowConfigurationWithRefs(),
+ getPropertyRefs()});
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail("Error in introperating with " + targetEpr
+ + ", client configuration: " + getClientRepo());
+ }
+ }
+ }
+
+ protected abstract OutflowConfiguration getOutflowConfiguration();
+
+ protected abstract InflowConfiguration getInflowConfiguration();
+
+ protected abstract OutflowConfiguration getOutflowConfigurationWithRefs();
+
+ protected abstract InflowConfiguration getInflowConfigurationWithRefs();
+
+ protected abstract Hashtable getPropertyRefs();
+
+ protected abstract String getClientRepo();
+
+ protected abstract String getServiceRepo();
+
+ protected abstract boolean isUseSOAP12InStaticConfigTest();
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java
new file mode 100644
index 0000000..e96599e
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/MTOMOptimizedSecurityTest.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+
+/**
+ * Testing optimizing the base 64 elements with
+ * <code><parameter name="optimizeParts" locked="false">//xenc:Encrypted
+ * Data/xenc:CipherData/xenc:CipherValue</parameter></code>
+ */
+public class MTOMOptimizedSecurityTest extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setOptimizeParts("//xenc:EncryptedData/xenc:CipherData/" +
+ "xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return MTOM_SEC_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return MTOM_SEC_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setOptimizeParts("//xenc:EncryptedData/xenc:CipherData/" +
+ "xenc:CipherValue");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java
new file mode 100644
index 0000000..505b507
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario1Test.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+
+
+/**
+ * WS-Security interop scenario 1
+ */
+public class Scenario1Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+ ofc.setActionItems("UsernameToken");
+ ofc.setUser("Chris");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setPasswordType("PasswordText");
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO1_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO1_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ return null;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java
new file mode 100644
index 0000000..2e626b7
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2Test.java
@@ -0,0 +1,105 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security inteorp scenario 2
+ */
+public class Scenario2Test extends InteropTestBase {
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Encrypt");
+ ofc.setUser("Chris");
+ ofc.setAddUTElements("Nonce Created");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO2_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO2_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getOutflowConfigurationWithRefs()
+ */
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Encrypt");
+ ofc.setUser("Chris");
+ ofc.setAddUTElements("Nonce Created");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ ofc.setEncryptionPropRefId("key1");
+
+ return ofc;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.axis2.security.InteropTestBase#getInflowConfigurationWithRefs()
+ */
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java
new file mode 100644
index 0000000..2cbf860
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario2aTest.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+
+/**
+ * WS-Security interop scenario 2a
+ */
+public class Scenario2aTest extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameTokenSignature Encrypt Timestamp");
+ ofc.setUser("Chris");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO2a_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO2a_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameTokenSignature Encrypt Timestamp");
+ ofc.setUser("Chris");
+ ofc.setEncryptionParts("{Element}{" + WSSE_NS + "}UsernameToken");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+
+ ofc.setEncryptionPropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ return table;
+
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java
new file mode 100644
index 0000000..679cdce
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario3Test.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 3
+ */
+public class Scenario3Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEnableSignatureConfirmation(false);
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+ ifc.setEnableSignatureConfirmation(false);
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO3_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO3_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEnableSignatureConfirmation(false);
+
+ ofc.setSignaturePropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setEnableSignatureConfirmation(false);
+
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
new file mode 100644
index 0000000..99c2d0e
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario4Test.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 4
+ */
+public class Scenario4Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.EMBEDDED_KEYNAME);
+ ofc.setEmbeddedKeyName("SessionKey");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO4_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO4_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.EMBEDDED_KEYNAME);
+ ofc.setEmbeddedKeyName("SessionKey");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEmbeddedKeyCallbackClass("org.apache.axis2.security.PWCallback");
+
+ ofc.setSignaturePropRefId("key1");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
new file mode 100644
index 0000000..d9ee697
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario5Test.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 5
+ */
+public class Scenario5Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ ofc.setActionItems("Signature NoSerialization");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setSignatureParts("{}{http://xmlsoap.org/Ping}ticket");
+
+ ofc.nextAction();
+
+ ofc.setActionItems("Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ return null;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO5_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO5_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ ofc.setActionItems("Signature NoSerialization");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setSignatureParts("{}{http://xmlsoap.org/Ping}ticket");
+
+ ofc.nextAction();
+
+ ofc.setActionItems("Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key2");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ return null;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+
+ //IMPORTANT: Note that the key of the first repetition has "1" appended to it
+ table.put("key21", prop2);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java
new file mode 100644
index 0000000..3a5033d
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario6Test.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 6
+ */
+public class Scenario6Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Encrypt Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Encrypt Signature Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO6_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO6_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return true;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Encrypt Signature Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Encrypt Signature Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key2");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java
new file mode 100644
index 0000000..af3e63f
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/axis2/security/Scenario7Test.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.security.WSConstants;
+
+import java.util.Hashtable;
+import java.util.Properties;
+
+/**
+ * WS-Security interop scenario 7
+ */
+public class Scenario7Test extends InteropTestBase {
+
+
+ protected OutflowConfiguration getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropFile("interop.properties");
+ ofc.setEncryptionPropFile("interop.properties");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+ ofc.setSignatureParts("{}{" +
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI +
+ "}Body;STRTransform");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropFile("interop.properties");
+ ifc.setDecryptionPropFile("interop.properties");
+
+ return ifc;
+ }
+
+ protected String getClientRepo() {
+ return SCENARIO7_CLIENT_REPOSITORY;
+ }
+
+ protected String getServiceRepo() {
+ return SCENARIO7_SERVICE_REPOSITORY;
+ }
+
+ protected boolean isUseSOAP12InStaticConfigTest() {
+ return false;
+ }
+
+ protected OutflowConfiguration getOutflowConfigurationWithRefs() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("bob");
+ ofc.setSignaturePropRefId("key1");
+ ofc.setEncryptionPropRefId("key2");
+ ofc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ofc.setEncryptionSymAlgorithm(WSConstants.TRIPLE_DES);
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEmbeddedKeyCallbackClass("rg.apache.axis2.security.PWCallback");
+ ofc.setSignatureParts("{}{" +
+ SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI +
+ "}Body;STRTransform");
+
+ return ofc;
+ }
+
+ protected InflowConfiguration getInflowConfigurationWithRefs() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass("org.apache.axis2.security.PWCallback");
+ ifc.setSignaturePropRefId("key3");
+ ifc.setDecryptionPropRefKey("key4");
+
+ return ifc;
+ }
+
+ protected Hashtable getPropertyRefs() {
+ Properties prop1 = new Properties();
+ prop1.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop1.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop2 = new Properties();
+ prop2.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop2.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop3 = new Properties();
+ prop3.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop3.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Properties prop4 = new Properties();
+ prop4.setProperty("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", "password");
+ prop4.setProperty("org.apache.ws.security.crypto.merlin.file", "interop2.jks");
+
+ Hashtable table = new Hashtable();
+ table.put("key1", prop1);
+ table.put("key2", prop2);
+ table.put("key3", prop3);
+ table.put("key4", prop4);
+
+ return table;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
new file mode 100644
index 0000000..fd8b7c2
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenAttributeTest.java
@@ -0,0 +1,103 @@
+package org.apache.rahas;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+public class RahasSAMLTokenAttributeTest extends TestClient{
+
+ public RahasSAMLTokenAttributeTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_5";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
new file mode 100644
index 0000000..fd60bc3
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKTest.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.rahas.PWCallback;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+
+public class RahasSAMLTokenCertForHoKTest extends TestClient {
+
+ public RahasSAMLTokenCertForHoKTest(String name) {
+ super(name);
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+"http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
new file mode 100644
index 0000000..ff8af42
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenCertForHoKV1205Test.java
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenCertForHoKV1205Test extends TestClient {
+
+
+ public RahasSAMLTokenCertForHoKV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+ TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12,
+ rstElem,
+ RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "http://207.200.37.116/Ping/Scenario4", this.getWSANamespace());
+"http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+// ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setEncryptionKeyTransportAlgorithm(XMLCipher.RSA_OAEP);
+// ofc.setEncryptionSymAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ ofc.setEnableSignatureConfirmation(false);
+// ofc.setSignatureParts("{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}To;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}ReplyTo;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}MessageID;" +
+// "{Element}{" + RahasConstants.WSA_NS + "}Action;" +
+// "{Element}{" + WSConstants.WSU_NS + "}Timestamp");
+
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ifc.setEnableSignatureConfirmation(false);
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr =
+ resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst =
+ rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem =
+ factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(),
+ factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(), "wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).
+ setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem,
+ RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
new file mode 100644
index 0000000..20d6574
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenTest.java
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.rahas.PWCallback;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenTest extends TestClient {
+
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenTest(String name) {
+ super(name);
+ }
+
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
new file mode 100644
index 0000000..241f954
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class RahasSAMLTokenUTForBearerTest extends TestClient {
+
+ public RahasSAMLTokenUTForBearerTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_BEARER);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
new file mode 100644
index 0000000..09d8084
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForBearerV1205Test.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenUTForBearerV1205Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenUTForBearerV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_BEARER);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_BEARER);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
new file mode 100644
index 0000000..17c0b85
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKTest.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class RahasSAMLTokenUTForHoKTest extends TestClient {
+
+ public RahasSAMLTokenUTForHoKTest(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
new file mode 100644
index 0000000..17142d3
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenUTForHoKV1205Test.java
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.neethi.Policy;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.opensaml.XML;
+
+public class RahasSAMLTokenUTForHoKV1205Test extends TestClient {
+
+ byte[] clientEntr;
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenUTForHoKV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem,
+// "https://207.200.37.116/Ping/Scenario1", this.getWSANamespace());
+ "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ byte[] nonce = WSSecurityUtil.generateNonce(16);
+ clientEntr = nonce;
+ OMElement entrElem = TrustUtil.createEntropyElement(RahasConstants.VERSION_05_12, rstElem);
+ TrustUtil.createBinarySecretElement(RahasConstants.VERSION_05_12, entrElem, RahasConstants.BIN_SEC_TYPE_NONCE).setText(Base64.encode(nonce));
+ TrustUtil.createComputedKeyAlgorithm(RahasConstants.VERSION_05_12,rstElem, RahasConstants.COMPUTED_KEY_PSHA1);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("UsernameToken Timestamp");
+ ofc.setUser("joe");
+ ofc.setPasswordType(WSConstants.PW_TEXT);
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Timestamp");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_3";
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_12, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityTokenResponse missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+
+ //Uncomment for inteorp - START
+// String respEntrB64 = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.ENTROPY_LN)).getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12, RahasConstants.BINARY_SECRET_LN)).getText().trim();
+//
+//
+//
+// OMElement attrStmtElem = elem.getFirstChildWithName(new QName(XML.SAML_NS, "AttributeStatement"));
+// OMElement kiElem = attrStmtElem.getFirstChildWithName(new QName(XML.SAML_NS,"Subject")).getFirstChildWithName(new QName(XML.SAML_NS,"SubjectConfirmation")).getFirstChildWithName(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"));
+// OMElement encrKey = kiElem.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"));
+//
+//
+// String cipherValue = encrKey.getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherData")).getFirstChildWithName(new QName("http://www.w3.org/2001/04/xmlenc#", "CipherValue")).getText();
+//
+// byte[] serviceEntr = Base64.decode(respEntrB64);
+
+// try {
+// this.requestService(elem, clientEntr, serviceEntr);
+// } catch (Exception e) {
+// e.printStackTrace();
+// }
+
+ //Uncomment for inteorp - END
+
+
+
+ }
+
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-transport-binding.xml");
+ }
+
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-transport-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+// private void requestService(OMElement assertion, byte[] reqEnt, byte[] respEnt) throws Exception {
+//
+// StAXOMBuilder builder = new StAXOMBuilder(new OMDOMFactory(), assertion.getXMLStreamReader());
+// Element domAssertionElem = (Element)builder.getDocumentElement();
+//
+// DocumentBuilderFactoryImpl.setDOOMRequired(true);
+// Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+//
+// SOAPFactory fac = new SOAP11Factory((DocumentImpl)doc);
+// SOAPEnvelope envelope = fac.getDefaultEnvelope();
+// this.addPayload(envelope);
+//
+// WSSecHeader secHeader = new WSSecHeader();
+// secHeader.insertSecurityHeader(doc);
+//
+// WSSecTimestamp ts = new WSSecTimestamp();
+// ts.prepare(doc);
+// ts.prependToHeader(secHeader);
+//
+// WSSecDKSign sig = new WSSecDKSign();
+// sig.setSignatureAlgorithm(XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+// P_SHA1 p_sha1 = new P_SHA1();
+// SecurityTokenReference ref = new SecurityTokenReference(doc);
+// ref.setSAMLKeyIdentifier(assertion.getAttributeValue(new QName("AssertionID")));
+//
+// System.out.println("\nRequest Entropy: " + Base64.encode(reqEnt));
+// System.out.println("Response Entropy: " + Base64.encode(respEnt));
+//
+// byte[] ephmeralKey = p_sha1.createKey(reqEnt, respEnt, 0, 32);
+//
+// System.out.println( ephmeralKey.length * 8 + " bit Key: " + Base64.encode(ephmeralKey));
+//
+// sig.setExternalKey(ephmeralKey, ref.getElement());
+//
+// WSEncryptionPart part = new WSEncryptionPart(WSConstants.TIMESTAMP_TOKEN_LN, WSConstants.WSU_NS, "Element");
+// Vector partsVector = new Vector();
+// partsVector.add(part);
+// sig.setParts(partsVector);
+//
+// sig.prepare(doc, secHeader);
+// sig.addReferencesToSign(partsVector, secHeader);
+// sig.computeSignature();
+//
+// Element importedAssertionElement = (Element) doc.importNode(domAssertionElem, true);
+// WSSecurityUtil.appendChildElement(doc, secHeader.getSecurityHeader(), importedAssertionElement);
+// sig.appendDKElementToHeader(secHeader);
+// sig.appendSigToHeader(secHeader);
+//
+//
+// System.out.println(envelope);
+//
+//
+// //Create a service client and send the request
+// AxisService service = new AxisService("ping");
+// AxisOperation op = new OutInAxisOperation(new QName("Ping"));
+// service.addChild(op);
+//
+// ServiceClient client = new ServiceClient(ConfigurationContextFactory.createConfigurationContextFromFileSystem(Constants.TESTING_PATH + "rahas_client_repo", null), service);
+//
+//
+// OperationClient opClient = client.createClient(new QName("Ping"));
+// MessageContext mc = new MessageContext();
+// mc.setEnvelope(envelope);
+//
+// client.engageModule(new QName("addressing"));
+// client.engageModule(new QName("rampart"));
+//
+// opClient.addMessageContext(mc);
+//// opClient.getOptions().setTo(new EndpointReference("https://131.107.72.15/PingService/OasisScenario1"));
+// opClient.getOptions().setTo(new EndpointReference("https://207.200.37.116/Ping/Scenario1"));
+//
+// opClient.getOptions().setAction("http://example.org/Ping");
+//// opClient.getOptions().setProperty(AddressingConstants.WS_ADDRESSING_VERSION, AddressingConstants.Submission.WSA_NAMESPACE);
+//
+// opClient.execute(true);
+// MessageContext response = opClient.getMessageContext(WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+// System.out.println("------------------------------RESPONSE------------------------------\n" + response.getEnvelope());
+//
+// }
+//
+// private void addPayload(SOAPEnvelope env) {
+// //<Ping xmlns="http://example.org/Ping">Ping</Ping>
+// OMNamespace ns = env.getOMFactory().createOMNamespace("http://example.org/Ping", "");
+// OMElement elem = env.getOMFactory().createOMElement("Ping", ns);
+// elem.setText("Ping");
+//
+// env.getBody().addChild(elem);
+// }
+
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
new file mode 100644
index 0000000..5924f80
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAMLTokenV1205Test.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.neethi.Policy;
+import org.apache.rahas.PWCallback;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.ws.secpolicy.Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+/**
+ * RahasSAMLTokenTest with the WS-SX namespaces
+ */
+public class RahasSAMLTokenV1205Test extends TestClient {
+
+ /**
+ * @param name
+ */
+ public RahasSAMLTokenV1205Test(String name) {
+ super(name);
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_12);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_12, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:5555/axis2/services/SecureService", this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public void validateRsponse(OMElement resp) {
+ OMElement rstr = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE));
+ assertNotNull("RequestedSecurityToken missing", rstr);
+ OMElement rst = rstr.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_12,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ assertNotNull("Missing SAML Assertoin", elem);
+ }
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_12, RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem = factory.createOMElement(Constants.RST_TEMPLATE.getLocalPart(), factory.createOMNamespace(Constants.RST_TEMPLATE.getNamespaceURI(),"wsp"));
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_12, elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_12, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_12, elem, 256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_12;
+ }
+
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java b/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
new file mode 100644
index 0000000..afedce4
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rahas/SAMLDataProvider.java
@@ -0,0 +1,31 @@
+package org.apache.rahas;
+
+import java.util.Arrays;
+
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
+
+public class SAMLDataProvider implements SAMLCallbackHandler{
+
+ public void handle(SAMLCallback callback) throws SAMLException{
+
+ if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK){
+ SAMLAttributeCallback cb = (SAMLAttributeCallback)callback;
+ SAMLAttribute attribute = new SAMLAttribute("Name",
+ "https://rahas.apache.org/saml/attrns", null, -1, Arrays
+ .asList(new String[] { "Custom/Rahas" }));
+ cb.addAttributes(attribute);
+ }else if(callback.getCallbackType() == SAMLCallback.NAME_IDENTIFIER_CALLBACK){
+ SAMLNameIdentifierCallback cb = (SAMLNameIdentifierCallback)callback;
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+ "David", null, SAMLNameIdentifier.FORMAT_EMAIL);
+ cb.setNameId(nameId);
+ }
+
+ }
+}
diff --git a/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
new file mode 100644
index 0000000..6d22e05
--- /dev/null
+++ b/modules/rampart-integration/src/test/java/org/apache/rampart/RampartTest.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.integration.UtilServer;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+import junit.framework.TestCase;
+
+
+public class RampartTest extends TestCase {
+
+ public final static int PORT = UtilServer.TESTING_PORT;
+
+ public RampartTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ UtilServer.start(Constants.TESTING_PATH + "rampart_service_repo" ,null);
+ }
+
+
+ protected void tearDown() throws Exception {
+ UtilServer.stop();
+ }
+
+
+ public void testWithPolicy() {
+ try {
+
+ String repo = Constants.TESTING_PATH + "rampart_client_repo";
+
+ ConfigurationContext configContext = ConfigurationContextFactory.
+ createConfigurationContextFromFileSystem(repo, null);
+ ServiceClient serviceClient = new ServiceClient(configContext, null);
+
+
+ serviceClient.engageModule("addressing");
+ serviceClient.engageModule("rampart");
+
+ //TODO : figure this out !!
+ boolean basic256Supported = true;
+
+ if(basic256Supported) {
+ System.out.println("\nWARNING: We are using key sizes from JCE " +
+ "Unlimited Strength Jurisdiction Policy !!!");
+ }
+
+ for (int i = 1; i <= 13; i++) { //<-The number of tests we have
+ if(!basic256Supported && (i == 3 || i == 4 || i ==5)) {
+ //Skip the Basic256 tests
+ continue;
+ }
+ Options options = new Options();
+
+ if(i == 13) {
+ //Username token created with user/pass from options
+ options.setUserName("alice");
+ options.setPassword("password");
+ }
+
+ System.out.println("Testing WS-Sec: custom scenario " + i);
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference("http://127.0.0.1:" +
+ PORT +
+ "/axis2/services/SecureService" + i));
+
+ ServiceContext context = serviceClient.getServiceContext();
+ context.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
+ loadPolicy("/rampart/policy/" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ }
+
+
+ for (int i = 1; i <= 2; i++) { //<-The number of tests we have
+
+ Options options = new Options();
+ System.out.println("Testing WS-SecConv: custom scenario " + i);
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference("http://127.0.0.1:" + PORT + "/axis2/services/SecureServiceSC" + i));
+ serviceClient.getServiceContext().setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("/rampart/policy/sc-" + i + ".xml"));
+ serviceClient.setOptions(options);
+
+ //Blocking invocation
+ serviceClient.sendReceive(getEchoElement());
+ serviceClient.sendReceive(getEchoElement());
+
+ //Cancel the token
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ serviceClient.sendReceive(getEchoElement());
+
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_FALSE);
+ serviceClient.sendReceive(getEchoElement());
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ serviceClient.sendReceive(getEchoElement());
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private OMElement getEchoElement() {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ OMNamespace omNs = fac.createOMNamespace(
+ "http://example1.org/example1", "example1");
+ OMElement method = fac.createOMElement("echo", omNs);
+ OMElement value = fac.createOMElement("Text", omNs);
+ value.addChild(fac.createOMText(value, "Testing Rampart with WS-SecPolicy"));
+ method.addChild(value);
+
+ return method;
+ }
+
+ private Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(RampartTest.class.getResourceAsStream(xmlPath));
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+
+
+}
diff --git a/modules/rampart-integration/src/test/resources/conf/axis2.xml b/modules/rampart-integration/src/test/resources/conf/axis2.xml
new file mode 100755
index 0000000..3e96ade
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/conf/axis2.xml
@@ -0,0 +1,279 @@
+<axisconfig name="AxisJava2.0">
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+ <parameter name="enableSwA" locked="false">false</parameter>
+
+ <!--Uncomment if you want to enable file caching for attachments -->
+ <!--parameter name="cacheAttachments" locked="false">true</parameter>
+ <parameter name="attachmentDIR" locked="false"></parameter>
+ <parameter name="sizeThreshold" locked="false">4000</parameter-->
+
+ <!--This will give out the timout of the configuration contexts, in seconds-->
+ <parameter name="ConfigContextTimeoutInterval" locked="false">30</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the expcetion-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distingiush those endpoints-->
+ <!--In case of a servlet, if you change this you have to manually change the settings of your servlet container to map this -->
+ <!--context path to proper Axis2 servlets-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+
+ <!--Set the flag to true if you want to enable transport level session mangment-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">false</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+ <!-- If you have a frontend host which exposes this webservice using a different public URL -->
+ <!-- use this parameter to override autodetected url -->
+ <!--<parameter name="httpFrontendHostUrl" locked="false">https://someotherhost/context</parameter>-->
+
+
+ <!-- The way of adding listener to the system-->
+ <!-- <listener class="org.apache.axis2.ObserverIMPL">-->
+ <!-- <parameter name="RSS_URL" locked="false">http://127.0.0.1/rss</parameter>-->
+ <!-- </listener>-->
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Deafult Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can ovride this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!-- Here is the complete list of supported parameters (see example settings further below):
+ port: the port to listen on (default 6060)
+ hostname: if non-null, url prefix used in reply-to endpoint references (default null)
+ originServer: value of http Server header in outgoing messages (default "Simple-Server/1.1")
+ requestTimeout: value in millis of time that requests can wait for data (default 20000)
+ requestTcpNoDelay: true to maximize performance and minimize latency (default true)
+ false to minimize bandwidth consumption by combining segments
+ requestCoreThreadPoolSize: number of threads available for request processing (unless queue fills up) (default 25)
+ requestMaxThreadPoolSize: number of threads available for request processing if queue fills us (default 150)
+ note that default queue never fills up: see HttpFactory
+ threadKeepAliveTime: time to keep threads in excess of core size alive while inactive (default 180)
+ note that no such threads can exist with default unbounded request queue
+ threadKeepAliveTimeUnit: TimeUnit of value in threadKeepAliveTime (default SECONDS) (default SECONDS)
+ -->
+ <!-- <parameter name="hostname" locked="false">http://www.myApp.com/ws</parameter> -->
+ <!-- <parameter name="originServer" locked="false">My-Server/1.1</parameter> -->
+ <!-- <parameter name="requestTimeout" locked="false">10000</parameter> -->
+ <!-- <parameter name="requestTcpNoDelay" locked="false">false</parameter> -->
+ <!-- <parameter name="requestCoreThreadPoolSize" locked="false">50</parameter> -->
+ <!-- <parameter name="RequestMaxThreadPoolSize" locked="false">100</parameter> -->
+ <!-- <parameter name="threadKeepAliveTime" locked="false">240000</parameter> -->
+ <!-- <parameter name="threadKeepAliveTimeUnit" locked="false">MILLISECONDS</parameter> -->
+ </transportReceiver>
+
+ <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)
+ <transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
+ <parameter name="myTopicConnectionFactory" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="myQueueConnectionFactory" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+ </parameter>
+
+ <parameter name="default" locked="false">
+ <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
+ <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
+ <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
+ </parameter>
+ </transportReceiver>-->
+
+ <!--Uncomment if you want to have SMTP transport support-->
+ <!--<transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">-->
+ <!--<parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>-->
+ <!--<parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>-->
+ <!--<parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>-->
+ <!--<parameter name="transport.mail.pop3.port" locked="false">110</parameter>-->
+ <!--<parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>-->
+ <!--</transportReceiver>-->
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncommet following paramter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <!-- ================================================= -->
+ <!-- Global Modules -->
+ <!-- ================================================= -->
+ <!-- Comment this to disable Addressing -->
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+<phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/interop.properties b/modules/rampart-integration/src/test/resources/interop.properties
new file mode 100644
index 0000000..0d6de68
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/interop.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=interop2.jks
+
diff --git a/modules/rampart-integration/src/test/resources/interop2.jks b/modules/rampart-integration/src/test/resources/interop2.jks
new file mode 100644
index 0000000..a7d1a3f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/interop2.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rahas/issuer.properties b/modules/rampart-integration/src/test/resources/rahas/issuer.properties
new file mode 100755
index 0000000..40abfa2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/issuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rahas-sts.jks
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
new file mode 100644
index 0000000..ff9595d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding.xml
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
new file mode 100644
index 0000000..275cbec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-transport-binding.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
+ <t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/store.jks b/modules/rampart-integration/src/test/resources/rahas/policy/store.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/store.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
new file mode 100644
index 0000000..7827334
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-asymm-binding.xml
@@ -0,0 +1,66 @@
+<wsp:Policy wsu:Id="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
new file mode 100644
index 0000000..a539223
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-symm-binding.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
new file mode 100644
index 0000000..357b1ec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/policy/sts-policy-transport-binding.xml
@@ -0,0 +1,63 @@
+<wsp:Policy wsu:Id="2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties b/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties
new file mode 100755
index 0000000..9a97673
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/rahas-sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rahas/rahas-sts.jks
+
diff --git a/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks b/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/rahas-sts.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rahas/s1-services.xml b/modules/rampart-integration/src/test/resources/rahas/s1-services.xml
new file mode 100644
index 0000000..1bc8b06
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/s1-services.xml
@@ -0,0 +1,74 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <signaturePropFile>issuer.properties</signaturePropFile>
+ <decryptionPropFile>issuer.properties</decryptionPropFile>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>ip</user>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile xmlns="">issuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rahas/s3-services.xml b/modules/rampart-integration/src/test/resources/rahas/s3-services.xml
new file mode 100644
index 0000000..5d81ffd
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/s3-services.xml
@@ -0,0 +1,70 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ <user>ip</user>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rahas/s5-services.xml b/modules/rampart-integration/src/test/resources/rahas/s5-services.xml
new file mode 100644
index 0000000..406eccf
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/s5-services.xml
@@ -0,0 +1,70 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rahas.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+ <issuerKeyAlias>ip</issuerKeyAlias>
+ <issuerKeyPassword>password</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+ <dataCallbackHandlerClass>org.apache.rahas.SAMLDataProvider</dataCallbackHandlerClass>
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="bob">http://localhost:5555/axis2/services/SecureService</service>
+ <service alias="bob1">http://localhost:5555/axis2/services/SecureService1</service>
+ <service alias="bob2">http://localhost:5555/axis2/services/SecureService2</service>
+ <service alias="bob3">http://localhost:5555/axis2/services/SecureService3</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ <user>ip</user>
+ <passwordCallbackClass xmlns="">org.apache.rahas.PWCallback</passwordCallbackClass>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties b/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties
new file mode 100644
index 0000000..90487b1
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/saml.s1.properties
@@ -0,0 +1,9 @@
+org.apache.ws.security.saml.issuerClass=org.apache.ws.security.saml.SAMLIssuerImpl
+org.apache.ws.security.saml.issuer.cryptoProp.file=sctIssuer.properties
+org.apache.ws.security.saml.issuer.key.name=bob
+org.apache.ws.security.saml.issuer.key.password=security
+org.apache.ws.security.saml.issuer=www.example.com
+org.apache.ws.security.saml.subjectNameId.name=uid=joe,ou=people,ou=saml-demo,o=example.com
+org.apache.ws.security.saml.subjectNameId.qualifier=www.example.com
+org.apache.ws.security.saml.authenticationMethod=password
+#org.apache.ws.security.saml.confirmationMethod=senderVouches
diff --git a/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties b/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/samlIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-integration/src/test/resources/rahas/sec.jks b/modules/rampart-integration/src/test/resources/rahas/sec.jks
new file mode 100755
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rahas/sec.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rampart/issuer.properties b/modules/rampart-integration/src/test/resources/rampart/issuer.properties
new file mode 100755
index 0000000..51d7b00
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/issuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=rampart/store.jks
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
new file mode 100644
index 0000000..0ac2b8c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/1.xml
@@ -0,0 +1,52 @@
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/10.xml b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
new file mode 100644
index 0000000..ddd0585
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/10.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <!--No timestamp test-->
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/11.xml b/modules/rampart-integration/src/test/resources/rampart/policy/11.xml
new file mode 100644
index 0000000..704b32b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/11.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigEncrXPath" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
+ </sp:EncryptedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/12.xml b/modules/rampart-integration/src/test/resources/rampart/policy/12.xml
new file mode 100644
index 0000000..394b616
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/12.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/13.xml b/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
new file mode 100644
index 0000000..37c6c47
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/13.xml
@@ -0,0 +1,31 @@
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/2.xml b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
new file mode 100644
index 0000000..a3bf1bb
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/2.xml
@@ -0,0 +1,69 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/3.xml b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
new file mode 100644
index 0000000..651188d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/3.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/4.xml b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
new file mode 100644
index 0000000..4ad5d3b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/4.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/5.xml b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
new file mode 100644
index 0000000..368d94e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/5.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/6.xml b/modules/rampart-integration/src/test/resources/rampart/policy/6.xml
new file mode 100644
index 0000000..5a0092f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/6.xml
@@ -0,0 +1,72 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/7.xml b/modules/rampart-integration/src/test/resources/rampart/policy/7.xml
new file mode 100644
index 0000000..e1a4548
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/7.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/8.xml b/modules/rampart-integration/src/test/resources/rampart/policy/8.xml
new file mode 100644
index 0000000..fb2a6b0
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/8.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/9.xml b/modules/rampart-integration/src/test/resources/rampart/policy/9.xml
new file mode 100644
index 0000000..8545c0f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/9.xml
@@ -0,0 +1,73 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
new file mode 100644
index 0000000..9739b9b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-1.xml
@@ -0,0 +1,123 @@
+<wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml b/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml
new file mode 100644
index 0000000..f3311cf
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/policy/sc-2.xml
@@ -0,0 +1,131 @@
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
new file mode 100644
index 0000000..269de58
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-1.xml
@@ -0,0 +1,50 @@
+<service name="SecureService1">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-10.xml b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
new file mode 100644
index 0000000..d101098
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-10.xml
@@ -0,0 +1,76 @@
+<service name="SecureService10">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <!--sp:IncludeTimestamp/-->
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-11.xml b/modules/rampart-integration/src/test/resources/rampart/services-11.xml
new file mode 100644
index 0000000..8866ea2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-11.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService11">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrXPath" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+
+ <sp:EncryptedElements xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
+ </sp:EncryptedElements>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-12.xml b/modules/rampart-integration/src/test/resources/rampart/services-12.xml
new file mode 100644
index 0000000..91dec2c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-12.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<service name="SecureService12">
+ <!--No timestamp test-->
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+<wsp:Policy wsu:Id="policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireKeyIdentifierReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+</service>
\ No newline at end of file
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-13.xml b/modules/rampart-integration/src/test/resources/rampart/services-13.xml
new file mode 100644
index 0000000..f6f4dcc
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-13.xml
@@ -0,0 +1,50 @@
+<service name="SecureService13">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-2.xml b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
new file mode 100644
index 0000000..d03d8a4
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-2.xml
@@ -0,0 +1,76 @@
+<service name="SecureService2">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-3.xml b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
new file mode 100644
index 0000000..e231681
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-3.xml
@@ -0,0 +1,88 @@
+<service name="SecureService3">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-4.xml b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
new file mode 100644
index 0000000..dfe5e62
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-4.xml
@@ -0,0 +1,89 @@
+<service name="SecureService4">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+<wsp:Policy wsu:Id="EncrSig" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-5.xml b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
new file mode 100644
index 0000000..807f41c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-5.xml
@@ -0,0 +1,89 @@
+<service name="SecureService5">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrDK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-6.xml b/modules/rampart-integration/src/test/resources/rampart/services-6.xml
new file mode 100644
index 0000000..bc656ec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-6.xml
@@ -0,0 +1,86 @@
+<service name="SecureService6">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-7.xml b/modules/rampart-integration/src/test/resources/rampart/services-7.xml
new file mode 100644
index 0000000..5b14f7b
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-7.xml
@@ -0,0 +1,89 @@
+<service name="SecureService7">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-8.xml b/modules/rampart-integration/src/test/resources/rampart/services-8.xml
new file mode 100644
index 0000000..92d8f72
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-8.xml
@@ -0,0 +1,89 @@
+<service name="SecureService8">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-9.xml b/modules/rampart-integration/src/test/resources/rampart/services-9.xml
new file mode 100644
index 0000000..6654929
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-9.xml
@@ -0,0 +1,87 @@
+<service name="SecureService9">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
new file mode 100644
index 0000000..e3e029c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-1.xml
@@ -0,0 +1,176 @@
+<service name="SecureServiceSC1">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml b/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml
new file mode 100644
index 0000000..b6207cf
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/services-sc-2.xml
@@ -0,0 +1,186 @@
+<service name="SecureServiceSC2">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/rampart/store.jks b/modules/rampart-integration/src/test/resources/rampart/store.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/store.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/rampart/sts.jks b/modules/rampart-integration/src/test/resources/rampart/sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/rampart/sts.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/sctIssuer.properties b/modules/rampart-integration/src/test/resources/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-integration/src/test/resources/sec.jks b/modules/rampart-integration/src/test/resources/sec.jks
new file mode 100755
index 0000000..7af24b2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sec.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/sec.properties b/modules/rampart-integration/src/test/resources/sec.properties
new file mode 100755
index 0000000..3c3298d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sec.jks
+
diff --git a/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml
new file mode 100644
index 0000000..f5de4ec
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/complete.client.axis2.xml
@@ -0,0 +1,132 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <module ref="addressing"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- Test with addressing and MTOM: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>bob</encryptionUser>
+ <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://www.w3.org/2005/08/addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Test with addressing and MTOM: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
new file mode 100644
index 0000000..003fba1
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/complete.service.axis2.xml
@@ -0,0 +1,146 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+ <parameter name="enableMTOM" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the addressing module -->
+ <module ref="addressing"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!--Configuring module , providing parameters for modules whether they refer or not-->
+ <moduleConfig name="addressing">
+ <parameter name="includeOptionalHeaders" locked="false">true</parameter>
+ </moduleConfig>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/complete.service.xml b/modules/rampart-integration/src/test/resources/security/complete.service.xml
new file mode 100644
index 0000000..6782fd5
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/complete.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>alice</encryptionUser>
+ <signatureParts>{Element}{http://www.w3.org/2005/08/addressing}To;{Element}{http://www.w3.org/2005/08/addressing}ReplyTo;{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml
new file mode 100644
index 0000000..40c0700
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s1.client.axis2.xml
@@ -0,0 +1,108 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 1: Client's Configuration:START-->
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <user>Chris</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ </action>
+ </parameter>
+ <!-- Scenario 1: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
new file mode 100644
index 0000000..b62d740
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s1.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s1.service.xml b/modules/rampart-integration/src/test/resources/security/s1.service.xml
new file mode 100644
index 0000000..d6afa98
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s1.service.xml
@@ -0,0 +1,15 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml
new file mode 100644
index 0000000..a21f69d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2.client.axis2.xml
@@ -0,0 +1,117 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 2: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken Encrypt</items>
+ <user>Chris</user>
+ <addUTElements>Nonce Created</addUTElements>
+ <encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
+ <encryptionUser>bob</encryptionUser>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ </action>
+ </parameter>
+
+ <!-- Scenario 2: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
new file mode 100644
index 0000000..eaba759
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2.service.xml b/modules/rampart-integration/src/test/resources/security/s2.service.xml
new file mode 100644
index 0000000..77c8eac
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Encrypt</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml
new file mode 100644
index 0000000..aba65e1
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2a.client.axis2.xml
@@ -0,0 +1,115 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 2: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameTokenSignature Encrypt Timestamp</items>
+ <user>Chris</user>
+ <encryptionParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</encryptionParts>
+ <encryptionUser>bob</encryptionUser>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ </action>
+ </parameter>
+
+ <!-- Scenario 2: Client's Configuration:END-->
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+<phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
new file mode 100644
index 0000000..f1ab131
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.axis2.xml
@@ -0,0 +1,137 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s2a.service.xml b/modules/rampart-integration/src/test/resources/security/s2a.service.xml
new file mode 100644
index 0000000..d2e7727
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s2a.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameTokenSignature UsernameToken Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml
new file mode 100644
index 0000000..db16a9a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s3.client.axis2.xml
@@ -0,0 +1,126 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 3: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <!-- Scenario 3: Client's Configuration:END-->
+
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
new file mode 100644
index 0000000..9642bbc
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s3.service.axis2.xml
@@ -0,0 +1,137 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+<phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s3.service.xml b/modules/rampart-integration/src/test/resources/security/s3.service.xml
new file mode 100644
index 0000000..12cf1c7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s3.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <enableSignatureConfirmation>false</enableSignatureConfirmation>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
new file mode 100644
index 0000000..7058a79
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s4.client.axis2.xml
@@ -0,0 +1,123 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 4: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 4: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
new file mode 100644
index 0000000..d7904d2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.axis2.xml
@@ -0,0 +1,138 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s4.service.xml b/modules/rampart-integration/src/test/resources/security/s4.service.xml
new file mode 100644
index 0000000..7f422a9
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s4.service.xml
@@ -0,0 +1,30 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <EmbeddedKeyCallbackClass>org.apache.axis2.security.PWCallback</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
new file mode 100644
index 0000000..4144298
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s5.client.axis2.xml
@@ -0,0 +1,121 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 5: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+
+ <action>
+ <items>Signature NoSerialization</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signatureParts>{}{http://xmlsoap.org/Ping}ticket</signatureParts>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+
+ <action>
+ <items>Signature Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+
+ </parameter>
+
+ <!-- Scenario 5: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
new file mode 100644
index 0000000..6866adb
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s5.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s5.service.xml b/modules/rampart-integration/src/test/resources/security/s5.service.xml
new file mode 100644
index 0000000..6c9089d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s5.service.xml
@@ -0,0 +1,16 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml
new file mode 100644
index 0000000..2d75271
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s6.client.axis2.xml
@@ -0,0 +1,124 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 6: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 6: Client's Configuration:END-->
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
new file mode 100644
index 0000000..e6a4733
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s6.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s6.service.xml b/modules/rampart-integration/src/test/resources/security/s6.service.xml
new file mode 100644
index 0000000..c67c3d8
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s6.service.xml
@@ -0,0 +1,29 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt Signature Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml
new file mode 100644
index 0000000..a4d95f4
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s7.client.axis2.xml
@@ -0,0 +1,124 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 7: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>bob</encryptionUser>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ <signatureParts>{}{http://schemas.xmlsoap.org/soap/envelope/}Body;STRTransform</signatureParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 7: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
new file mode 100644
index 0000000..56c9aa7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s7.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/s7.service.xml b/modules/rampart-integration/src/test/resources/security/s7.service.xml
new file mode 100644
index 0000000..f8111e7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/s7.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <decryptionPropFile>interop.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <encryptionKeyIdentifier>DirectReference</encryptionKeyIdentifier>
+ <encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
+ <encryptionUser>alice</encryptionUser>
+ <signatureKeyIdentifier>SKIKeyIdentifier</signatureKeyIdentifier>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <encryptionPropFile>interop.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml
new file mode 100644
index 0000000..ff1ce4a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sST1.client.axis2.xml
@@ -0,0 +1,108 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario ST1: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp SAMLTokenUnsigned</items>
+ <samlPropFile>axis2.saml.properties</samlPropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario ST1: Client's Configuration:END-->
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
new file mode 100644
index 0000000..cdade02
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sST1.service.axis2.xml
@@ -0,0 +1,139 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/sST1.service.xml b/modules/rampart-integration/src/test/resources/security/sST1.service.xml
new file mode 100644
index 0000000..1bb5dc7
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sST1.service.xml
@@ -0,0 +1,14 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp SAMLTokenUnsigned</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml
new file mode 100644
index 0000000..1d92054
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s1-services.xml
@@ -0,0 +1,84 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <!-- <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </sct-issuer-config>
+ </parameter>-->
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <addRequestedAttachedRef/>
+ <addRequestedUnattachedRef/>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>EncryptedKey</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+ <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml
new file mode 100644
index 0000000..8c942a6
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s2-services.xml
@@ -0,0 +1,64 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml
new file mode 100644
index 0000000..754a0ca
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s3-services.xml
@@ -0,0 +1,66 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml b/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml
new file mode 100644
index 0000000..50b850a
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/s4-services.xml
@@ -0,0 +1,67 @@
+<service name="SecureService">
+
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.security.sc.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter xmlns="" name="sc-configuration">
+ <sc-configuration xmlns="">
+ <scope xmlns="">service</scope>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ <cryptoProperties xmlns="">sctIssuer.properties</cryptoProperties>
+ </sc-configuration>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ <user>sts</user>
+ <signaturePropFile xmlns="">sctIssuer.properties</signaturePropFile>
+ <passwordCallbackClass xmlns="">org.apache.axis2.security.sc.PWCallback</passwordCallbackClass>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties b/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sec.jks b/modules/rampart-integration/src/test/resources/security/sc/sec.jks
new file mode 100755
index 0000000..7af24b2
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sec.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sec.properties b/modules/rampart-integration/src/test/resources/security/sc/sec.properties
new file mode 100755
index 0000000..3c3298d
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sec.properties
@@ -0,0 +1,5 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sec.jks
+
diff --git a/modules/rampart-integration/src/test/resources/security/sc/sts.jks b/modules/rampart-integration/src/test/resources/security/sc/sts.jks
new file mode 100644
index 0000000..2db0a7c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/sc/sts.jks
Binary files differ
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml b/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml
new file mode 100644
index 0000000..58b5079
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.client.axis2.xml
@@ -0,0 +1,125 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Scenario 3 with MTOM: Client's Configuration:START-->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>alice</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>bob</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- Scenario 3 with MTOM: Client's Configuration:END-->
+
+
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
new file mode 100644
index 0000000..c469b5e
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.service.axis2.xml
@@ -0,0 +1,140 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+ <parameter name="enableMTOM" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+ <!-- Engage the security module -->
+ <module ref="rampart"/>
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http" class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportReceiver name="mail" class="org.apache.axis2.transport.mail.SimpleMailListener">
+ <parameter name="transport.mail.pop3.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.pop3.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.pop3.port" locked="false">110</parameter>
+ <parameter name="transport.mail.replyToAddress" locked="false">axis2@127.0.0.1</parameter>
+ </transportReceiver> -->
+
+ <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local" class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ </transportSender>
+
+ <!-- Uncomment this one with the appropriate papameters to enable the SMTP transport Receiver
+ <transportSender name="mail" class="org.apache.axis2.transport.mail.MailTransportSender">
+ <parameter name="transport.mail.smtp.host" locked="false">127.0.0.1</parameter>
+ <parameter name="transport.mail.smtp.user" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.password" locked="false">axis2</parameter>
+ <parameter name="transport.mail.smtp.port" locked="false">25</parameter>
+ </transportSender>
+ -->
+
+ <phaseOrder type="InFlow">
+ <!-- System predefined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- System predefined phases -->
+ <!-- After Postdispatch phase module author or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="Addressing">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.dispatchers.AddressingBasedDispatcher">
+ <order phase="Addressing"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIBasedDispatcher"/>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPActionBasedDispatcher"/>
+ <handler name="RequestURIOperationDispatcher"
+ class="org.apache.axis2.dispatchers.RequestURIOperationDispatcher"/>
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.dispatchers.SOAPMessageBodyBasedDispatcher"/>
+
+ <handler name="HTTPLocationBasedDispatcher"
+ class="org.apache.axis2.dispatchers.HTTPLocationBasedDispatcher"/>
+ </phase>
+ <phase name="RMPhase"/>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ <phase name="soapmonitorPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="soapmonitorPhase"/>
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="RMPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-integration/src/test/resources/security/secMtom.service.xml b/modules/rampart-integration/src/test/resources/security/secMtom.service.xml
new file mode 100644
index 0000000..45f7a1f
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/security/secMtom.service.xml
@@ -0,0 +1,31 @@
+<service name="PingPort">
+ <parameter locked="false" name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
+ <!--Mounting the method Ping-->
+ <operation name="Ping">
+ <messageReceiver class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
+ </operation>
+
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Signature Encrypt Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
+ <signaturePropFile>interop.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>alice</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-integration/src/test/resources/sts.jks b/modules/rampart-integration/src/test/resources/sts.jks
new file mode 100644
index 0000000..2db0a7c
--- /dev/null
+++ b/modules/rampart-integration/src/test/resources/sts.jks
Binary files differ
diff --git a/modules/rampart-mar/module.xml b/modules/rampart-mar/module.xml
new file mode 100644
index 0000000..8482ba9
--- /dev/null
+++ b/modules/rampart-mar/module.xml
@@ -0,0 +1,29 @@
+<module name="rampart" class="org.apache.rampart.Rampart">
+
+ <Description>This module provides the WS-Security and WS-SecureConversation
+ functionalities for Axis2, based on Apache WSS4J, Apache XML-Security
+ and Apache Rahas implementations.
+ </Description>
+
+ <InFlow>
+ <handler name="PolicyBasedSecurityInHandler" class="org.apache.rampart.handler.RampartReceiver">
+ <order phase="Security" phaseFirst="true"/>
+ </handler>
+ <handler name="SecurityInHandler" class="org.apache.rampart.handler.WSDoAllReceiver">
+ <order phase="Security"/>
+ </handler>
+ </InFlow>
+
+ <OutFlow>
+ <handler name="SecurityOutHandler" class="org.apache.rampart.handler.WSDoAllSender">
+ <order phase="Security"/>
+ </handler>
+ <handler name="PolicyBasedSecurityOutHandler" class="org.apache.rampart.handler.RampartSender">
+ <order phase="Security" phaseLast="true"/>
+ </handler>
+ </OutFlow>
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+ <local-policy-assertions>
+ <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy" />
+ </local-policy-assertions>
+</module>
diff --git a/modules/rampart-mar/pom.xml b/modules/rampart-mar/pom.xml
new file mode 100644
index 0000000..53bd89a
--- /dev/null
+++ b/modules/rampart-mar/pom.xml
@@ -0,0 +1,109 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart</artifactId>
+ <packaging>mar</packaging>
+ <version>${rampart.mar.version}</version>
+ <name>Rampart - Mar</name>
+
+ <scm>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.2</version>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${rampart.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${rampart.version}</version>
+ </dependency>
+ </dependencies>
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>apache-m2</id>
+ <name>Apache M2 Repository</name>
+ <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Snapshots Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
diff --git a/modules/rampart-policy/pom.xml b/modules/rampart-policy/pom.xml
new file mode 100644
index 0000000..5bdccef
--- /dev/null
+++ b/modules/rampart-policy/pom.xml
@@ -0,0 +1,50 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-policy</artifactId>
+ <packaging>jar</packaging>
+ <version>1.3-SNAPSHOT</version>
+ <name>Rampart - Policy</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder b/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
new file mode 100644
index 0000000..ddebc4b
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/META-INF/services/org.apache.neethi.builders.AssertionBuilder
@@ -0,0 +1,22 @@
+org.apache.ws.secpolicy.builders.AlgorithmSuiteBuilder
+org.apache.ws.secpolicy.builders.AsymmetricBindingBuilder
+org.apache.ws.secpolicy.builders.EncryptedElementsBuilder
+org.apache.ws.secpolicy.builders.EncryptedPartsBuilder
+org.apache.ws.secpolicy.builders.InitiatorTokenBuilder
+org.apache.ws.secpolicy.builders.LayoutBuilder
+org.apache.ws.secpolicy.builders.ProtectionTokenBuilder
+org.apache.ws.secpolicy.builders.RecipientTokenBuilder
+org.apache.ws.secpolicy.builders.SignedElementsBuilder
+org.apache.ws.secpolicy.builders.SignedPartsBuilder
+org.apache.ws.secpolicy.builders.SupportingTokensBuilder
+org.apache.ws.secpolicy.builders.TransportBindingBuilder
+org.apache.ws.secpolicy.builders.TransportTokenBuilder
+org.apache.ws.secpolicy.builders.UsernameTokenBuilder
+org.apache.ws.secpolicy.builders.WSS10Builder
+org.apache.ws.secpolicy.builders.WSS11Builder
+org.apache.ws.secpolicy.builders.X509TokenBuilder
+org.apache.ws.secpolicy.builders.Trust10Builder
+org.apache.ws.secpolicy.builders.SecurityContextTokenBuilder
+org.apache.ws.secpolicy.builders.SecureConversationTokenBuilder
+org.apache.ws.secpolicy.builders.SymmetricBindingBuilder
+org.apache.ws.secpolicy.builders.IssuedTokenBuilder
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
new file mode 100644
index 0000000..be7066a
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
@@ -0,0 +1,435 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+import javax.xml.namespace.QName;
+
+public class Constants {
+
+ public static final String P_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+
+ public static final String P_PREFIX = "wsp";
+
+ public static final QName POLICY = new QName(P_NS, "Policy", P_PREFIX);
+
+ public final static String SP_NS = "http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+
+ public final static String SP_PREFIX = "sp";
+
+ public final static String ATTR_INCLUDE_TOKEN = "IncludeToken";
+
+ public final static String INCLUDE_NEVER = Constants.SP_NS
+ + "/IncludeToken/Never";
+
+ public final static String INCLUDE_ONCE = Constants.SP_NS
+ + "/IncludeToken/Once";
+
+ public final static String INCLUDE_ALWAYS_TO_RECIPIENT = Constants.SP_NS
+ + "/IncludeToken/AlwaysToRecipient";
+
+ public final static String INCLUDE_ALWAYS = Constants.SP_NS
+ + "/IncludeToken/Always";
+
+ public final static int SUPPORTING_TOKEN_SUPPORTING = 1;
+
+ public final static int SUPPORTING_TOKEN_ENDORSING = 2;
+
+ public final static int SUPPORTING_TOKEN_SIGNED = 3;
+
+ public final static int SUPPORTING_TOKEN_SIGNED_ENDORSING = 4;
+
+ /**
+ * Security Header Layout : Strict
+ */
+ public final static String LAYOUT_STRICT = "Strict";
+
+ /**
+ * Security Header Layout : Lax
+ */
+ public final static String LAYOUT_LAX = "Lax";
+
+ /**
+ * Security Header Layout : LaxTimestampFirst
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_FIRST = "LaxTimestampFirst";
+
+ /**
+ * Security Header Layout : LaxTimestampLast
+ */
+ public final static String LAYOUT_LAX_TIMESTAMP_LAST = "LaxTimestampLast";
+
+ /**
+ * Protection Order : EncryptBeforeSigning
+ */
+ public final static String ENCRYPT_BEFORE_SIGNING = "EncryptBeforeSigning";
+
+ /**
+ * Protection Order : SignBeforeEncrypting
+ */
+ public final static String SIGN_BEFORE_ENCRYPTING = "SignBeforeEncrypting";
+
+ public final static String ONLY_SIGN_ENTIRE_HEADERS_AND_BODY = "OnlySignEntireHeadersAndBody";
+
+ public final static String WSS_X509_V1_TOKEN10 = "WssX509V1Token10";
+
+ public final static String WSS_X509_V3_TOKEN10 = "WssX509V3Token10";
+
+ public final static String WSS_X509_PKCS7_TOKEN10 = "WssX509Pkcs7Token10";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN10 = "WssX509PkiPathV1Token10";
+
+ public final static String WSS_X509_V1_TOKEN11 = "WssX509V1Token11";
+
+ public final static String WSS_X509_V3_TOKEN11 = "WssX509V3Token11";
+
+ public final static String WSS_X509_PKCS7_TOKEN11 = "WssX509Pkcs7Token11";
+
+ public final static String WSS_X509_PKI_PATH_V1_TOKEN11 = "WssX509PkiPathV1Token11";
+
+ // /
+ // /Algorithm Suites
+ // /
+ public final static String ALGO_SUITE_BASIC256 = "Basic256";
+
+ public final static String ALGO_SUITE_BASIC192 = "Basic192";
+
+ public final static String ALGO_SUITE_BASIC128 = "Basic128";
+
+ public final static String ALGO_SUITE_TRIPLE_DES = "TripleDes";
+
+ public final static String ALGO_SUITE_BASIC256_RSA15 = "Basic256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_RSA15 = "Basic192Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_RSA15 = "Basic128Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_RSA15 = "TripleDesRsa15";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256 = "Basic256Sha256";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256 = "Basic192Sha256";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256 = "Basic128Sha256";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256 = "TripleDesSha256";
+
+ public final static String ALGO_SUITE_BASIC256_SHA256_RSA15 = "Basic256Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC192_SHA256_RSA15 = "Basic192Sha256Rsa15";
+
+ public final static String ALGO_SUITE_BASIC128_SHA256_RSA15 = "Basic128Sha256Rsa15";
+
+ public final static String ALGO_SUITE_TRIPLE_DES_SHA256_RSA15 = "TripleDesSha256Rsa15";
+
+ // /
+ // /Algorithms
+ // /
+ public final static String HMAC_SHA1 = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+
+ public final static String RSA_SHA1 = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+ public final static String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
+
+ public final static String SHA256 = "http://www.w3.org/2001/04/xmlenc#sha256";
+
+ public final static String SHA512 = "http://www.w3.org/2001/04/xmlenc#sha512";
+
+ public final static String AES128 = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+
+ public final static String AES192 = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+
+ public final static String AES256 = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+
+ public final static String TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+ public final static String KW_AES128 = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
+
+ public final static String KW_AES192 = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
+
+ public final static String KW_AES256 = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
+
+ public final static String KW_TRIPLE_DES = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
+
+ public final static String KW_RSA_OAEP = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+
+ public final static String KW_RSA15 = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+
+ public final static String P_SHA1 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L128 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L192 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String P_SHA1_L256 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
+
+ public final static String XPATH = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+
+ public final static String XPATH20 = "http://www.w3.org/2002/06/xmldsig-filter2";
+
+ public final static String C14N = "http://www.w3.org/2001/10/xml-c14n#";
+
+ public final static String EX_C14N = "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+ public final static String SNT = "http://www.w3.org/TR/soap12-n11n";
+
+ public final static String STRT10 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform";
+
+ // //////////////////////////////////////////////////////////////////////
+
+ public static final String INCLUSIVE_C14N = "InclusiveC14N";
+
+ public static final String SOAP_NORMALIZATION_10 = "SoapNormalization10";
+
+ public static final String STR_TRANSFORM_10 = "STRTransform10";
+
+ public static final String XPATH10 = "XPath10";
+
+ public static final String XPATH_FILTER20 = "XPathFilter20";
+
+ // /////////////////////////////////////////////////////////////////////
+
+ public static final QName ATTR_XPATH_VERSION = new QName(SP_NS, "XPathVersion", Constants.SP_PREFIX);
+
+ ////////////////////////////////////////////////////////////////////////
+ public static final QName INCLUDE_TOKEN = new QName(SP_NS, "IncludeToken",
+ Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_BINDING = new QName(SP_NS,
+ "TransportBinding", Constants.SP_PREFIX);
+
+ public static final QName ALGORITHM_SUITE = new QName(SP_NS,
+ "AlgorithmSuite", Constants.SP_PREFIX);
+
+ public static final QName LAYOUT = new QName(SP_NS, "Layout", SP_PREFIX);
+
+ // ///////////////////
+
+ public static final QName STRICT = new QName(Constants.SP_NS, "Strict",
+ Constants.SP_PREFIX);
+
+ public static final QName LAX = new QName(Constants.SP_NS, "Lax",
+ Constants.SP_PREFIX);
+
+ public static final QName LAXTSFIRST = new QName(Constants.SP_NS,
+ "LaxTsFirst", Constants.SP_PREFIX);
+
+ public static final QName LAXTSLAST = new QName(Constants.SP_NS,
+ "LaxTsLast", Constants.SP_PREFIX);
+
+ // ////////////////
+
+ public static final QName INCLUDE_TIMESTAMP = new QName(SP_NS,
+ "IncludeTimestamp", Constants.SP_PREFIX);
+
+ public static final QName TRANSPORT_TOKEN = new QName(SP_NS,
+ "TransportToken", Constants.SP_PREFIX);
+
+ public static final QName HTTPS_TOKEN = new QName(Constants.SP_NS,
+ "HttpsToken", Constants.SP_PREFIX);
+
+ public static final QName SECURITY_CONTEXT_TOKEN = new QName(
+ Constants.SP_NS, "SecurityContextToken", Constants.SP_PREFIX);
+
+ public static final QName SECURE_CONVERSATION_TOKEN = new QName(
+ Constants.SP_NS, "SecureConversationToken", Constants.SP_PREFIX);
+
+ public static final QName SIGNATURE_TOKEN = new QName(Constants.SP_NS,
+ "SignatureToken", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_PARTS = new QName(Constants.SP_NS,
+ "SignedParts", Constants.SP_PREFIX);
+
+ public static final QName USERNAME_TOKEN = new QName(Constants.SP_NS,
+ "UsernameToken", Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN10 = new QName(Constants.SP_NS,
+ "WssUsernameToken10", Constants.SP_PREFIX);
+
+ public static final QName WSS_USERNAME_TOKEN11 = new QName(Constants.SP_NS,
+ "WssUsernameToken11", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_PARTS = new QName(Constants.SP_NS,
+ "EncryptedParts", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ELEMENTS = new QName(Constants.SP_NS,
+ "SignedElements", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTED_ELEMENTS = new QName(Constants.SP_NS,
+ "EncryptedElements", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPTION_TOKEN = new QName(Constants.SP_NS,
+ "EncryptionToken", Constants.SP_PREFIX);
+
+ public static final QName X509_TOKEN = new QName(Constants.SP_NS,
+ "X509Token", Constants.SP_PREFIX);
+
+ public static final QName ISSUED_TOKEN = new QName(Constants.SP_NS,
+ "IssuedToken", Constants.SP_PREFIX);
+
+ public static final QName SUPPORIING_TOKENS = new QName(Constants.SP_NS,
+ "SupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "SignedSupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName ENDORSING_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "EndorsingSupportingTokens", Constants.SP_PREFIX);
+
+ public static final QName SIGNED_ENDORSING_SUPPORTING_TOKENS = new QName(
+ Constants.SP_NS, "SignedEndorsingSupportingTokens",
+ Constants.SP_PREFIX);
+
+ public static final QName PROTECTION_TOKEN = new QName(Constants.SP_NS,
+ "ProtectionToken", Constants.SP_PREFIX);
+
+ public static final QName ASYMMETRIC_BINDING = new QName(Constants.SP_NS,
+ "AsymmetricBinding", Constants.SP_PREFIX);
+
+ public static final QName SYMMETRIC_BINDING = new QName(Constants.SP_NS,
+ "SymmetricBinding", Constants.SP_PREFIX);
+
+ public static final QName INITIATOR_TOKEN = new QName(Constants.SP_NS,
+ "InitiatorToken", Constants.SP_PREFIX);
+
+ public static final QName RECIPIENT_TOKEN = new QName(Constants.SP_NS,
+ "RecipientToken", Constants.SP_PREFIX);
+
+ public static final QName ENCRYPT_SIGNATURE = new QName(Constants.SP_NS,
+ "EncryptSignature", Constants.SP_PREFIX);
+
+ public static final QName PROTECT_TOKENS = new QName(Constants.SP_NS,
+ "ProtectTokens", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_KEY_IDENTIFIRE_REFERENCE = new QName(
+ Constants.SP_NS, "RequireKeyIdentifireReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_ISSUER_SERIAL_REFERENCE = new QName(
+ Constants.SP_NS, "RequireIssuerSerializerReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EMBEDDED_TOKEN_REFERENCE = new QName(
+ Constants.SP_NS, "RequireEmbeddedTokenReference",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_THUMBPRINT_REFERENCE = new QName(
+ Constants.SP_NS, "RequireThumbprintReference", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_10 = new QName(Constants.SP_NS,
+ "WssX509V1Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_10 = new QName(Constants.SP_NS,
+ "WssX509V3Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_10 = new QName(
+ Constants.SP_NS, "WssX509Pkcs7Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_10 = new QName(
+ Constants.SP_NS, "WssX509PkiPathV1Token10", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V1_TOKEN_11 = new QName(Constants.SP_NS,
+ "WssX509V1Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_V3_TOKEN_11 = new QName(Constants.SP_NS,
+ "WssX509V3Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKCS7_TOKEN_11 = new QName(
+ Constants.SP_NS, "WssX509Pkcs7Token11", Constants.SP_PREFIX);
+
+ public static final QName WSS_X509_PKI_PATH_V1_TOKEN_11 = new QName(
+ Constants.SP_NS, "WssX509PkiPathV1Token11", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_KEY_IDENTIFIER = new QName(
+ Constants.SP_NS, "MustSupportRefKeyIdentifier", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ISSUER_SERIAL = new QName(
+ Constants.SP_NS, "MustSupportRefIssuerSerial", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EXTERNAL_URI = new QName(
+ Constants.SP_NS, "MustSupportRefExternalURI", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_EMBEDDED_TOKEN = new QName(
+ Constants.SP_NS, "MustSupportRefEmbeddedToken", Constants.SP_PREFIX);
+
+ public static final QName WSS10 = new QName(Constants.SP_NS, "Wss10",
+ Constants.SP_PREFIX);
+
+ public static final QName WSS11 = new QName(Constants.SP_NS, "Wss11",
+ Constants.SP_PREFIX);
+
+ public static final QName TRUST_10 = new QName(Constants.SP_NS, "Trust10",
+ Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_THUMBPRINT = new QName(
+ Constants.SP_NS, "MustSupportRefThumbprint", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_REF_ENCRYPTED_KEY = new QName(
+ Constants.SP_NS, "MustSupportRefEncryptedkey", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SIGNATURE_CONFIRMATION = new QName(
+ Constants.SP_NS, "RequireSignatureConfirmation",
+ Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_CLIENT_CHALLENGE = new QName(
+ Constants.SP_NS, "MustSupportClientChanllenge", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_SERVER_CHALLENGE = new QName(
+ Constants.SP_NS, "MustSupportServerChanllenge", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_CLIENT_ENTROPY = new QName(
+ Constants.SP_NS, "RequireClientEntropy", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_SERVER_ENTROPY = new QName(
+ Constants.SP_NS, "RequireServerEntropy", Constants.SP_PREFIX);
+
+ public static final QName MUST_SUPPORT_ISSUED_TOKENS = new QName(
+ Constants.SP_NS, "MustSupportIssuedTokens", Constants.SP_PREFIX);
+
+ public static final QName ISSUER = new QName(Constants.SP_NS, "Issuer",
+ Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_DERIVED_KEYS = new QName(Constants.SP_NS,
+ "RequireDerivedKeys", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_URI_REFERNCE = new QName(
+ Constants.SP_NS, "RequireExternalUriReference", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_EXTERNAL_REFERNCE = new QName(
+ Constants.SP_NS, "RequireExternalReference", Constants.SP_PREFIX);
+
+ public static final QName REQUIRE_INTERNAL_REFERNCE = new QName(
+ Constants.SP_NS, "RequireInternalReference", Constants.SP_PREFIX);
+
+ public static final QName REQUEST_SECURITY_TOKEN_TEMPLATE = new QName(
+ Constants.SP_NS, "RequestSecurityTokenTemplate",
+ Constants.SP_PREFIX);
+
+ public static final QName SC10_SECURITY_CONTEXT_TOKEN = new QName(
+ Constants.SP_NS, "SC10SecurityContextToken", Constants.SP_PREFIX);
+
+ public static final QName BOOTSTRAP_POLICY = new QName(Constants.SP_NS,
+ "BootstrapPolicy", Constants.SP_PREFIX);
+
+ public static final QName RST_TEMPLATE = new QName(Constants.SP_NS,
+ "RequestSecurityTokenTemplate", Constants.SP_PREFIX);
+
+ public final static QName REQUIRE_CLIENT_CERTIFICATE = new QName(
+ "RequireClientCertificate");
+
+ public final static QName XPATH_ = new QName(Constants.SP_NS, "XPath",
+ Constants.SP_PREFIX);
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
new file mode 100644
index 0000000..7f7ef32
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/WSSPolicyException.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy;
+
+public class WSSPolicyException extends Exception {
+
+ private static final long serialVersionUID = 5904800255533588133L;
+
+ public WSSPolicyException(String message, Throwable e) {
+ super(message, e);
+ }
+
+ public WSSPolicyException(String message) {
+ super(message);
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java
new file mode 100644
index 0000000..9613b32
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AlgorithmSuiteBuilder.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+
+import javax.xml.namespace.QName;
+
+public class AlgorithmSuiteBuilder implements AssertionBuilder {
+
+ public static final String INCLUSIVE_C14N = "InclusiveC14N";
+ public static final String SOAP_NORMALIZATION_10 = "SoapNormalization10";
+ public static final String STR_TRANSFORM_10 = "STRTransform10";
+ public static final String XPATH10 = "XPath10";
+ public static final String XPATH_FILTER20 = "XPathFilter20";
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ AlgorithmSuite algorithmSuite = new AlgorithmSuite();
+
+ OMElement policyElem = element.getFirstElement();
+ algorithmSuite.setAlgorithmSuite(policyElem.getFirstElement().getLocalName());
+
+ return algorithmSuite;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.ALGORITHM_SUITE};
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java
new file mode 100644
index 0000000..ab41eff
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/AsymmetricBindingBuilder.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.AsymmetricBinding;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.RecipientToken;
+
+public class AsymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ AsymmetricBinding asymmetricBinding = new AsymmetricBinding();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), asymmetricBinding);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return asymmetricBinding;
+ }
+
+ private void processAlternative(List assertions, AsymmetricBinding asymmetricBinding) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.INITIATOR_TOKEN.equals(name)) {
+ asymmetricBinding.setInitiatorToken((InitiatorToken) assertion);
+
+ } else if (Constants.RECIPIENT_TOKEN.equals(name)){
+ asymmetricBinding.setRecipientToken((RecipientToken) assertion);
+
+ } else if (Constants.ALGORITHM_SUITE.equals(name)) {
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (Constants.LAYOUT.equals(name)) {
+ asymmetricBinding.setLayout((Layout) assertion);
+
+ } else if (Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ asymmetricBinding.setIncludeTimestamp(true);
+
+ } else if (Constants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
+ asymmetricBinding.setProtectionOrder(Constants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (Constants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
+ asymmetricBinding.setProtectionOrder(Constants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ asymmetricBinding.setSignatureProtection(true);
+
+ } else if (Constants.PROTECT_TOKENS.equals(name)) {
+ asymmetricBinding.setTokenProtection(true);
+
+ } else if (Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
+ asymmetricBinding.setEntireHeadersAndBodySignatures(true);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[]{Constants.ASYMMETRIC_BINDING};
+ }
+
+}
+
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java
new file mode 100644
index 0000000..bc0d982
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedElementsBuilder.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class EncryptedElementsBuilder implements AssertionBuilder {
+
+ public static final QName ATTR_XPATH_VERSION = new QName(Constants.SP_NS, "XPathVersion");
+ public static final QName XPATH = new QName(Constants.SP_NS, "XPath");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(false);
+
+ OMAttribute attribute = element.getAttribute(ATTR_XPATH_VERSION);
+ if (attribute != null) {
+ signedEncryptedElements.setXPathVersion(attribute.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.ENCRYPTED_ELEMENTS};
+ }
+
+
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ if (XPATH.equals(element.getQName())) {
+ parent.addXPathExpression(element.getText());
+ }
+ }
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java
new file mode 100644
index 0000000..efc8e87
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/EncryptedPartsBuilder.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class EncryptedPartsBuilder implements AssertionBuilder {
+
+ public static final QName HEADER = new QName(Constants.SP_NS, "Header");
+ public static final QName NAME = new QName(Constants.SP_NS, "Name");
+ public static final QName NAMESPACE = new QName(Constants.SP_NS, "Namespace");
+ public static final QName BODY = new QName(Constants.SP_NS, "Body");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(false);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedParts);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.ENCRYPTED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ } else if (BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java
new file mode 100644
index 0000000..6657d06
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/InitiatorTokenBuilder.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.InitiatorToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class InitiatorTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ InitiatorToken initiatorToken = new InitiatorToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), initiatorToken);
+ break; // TODO process all the token that must be set ..
+ }
+
+ return initiatorToken;
+ }
+
+ private void processAlternative(List assertions, InitiatorToken parent) {
+
+ Object token;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ token = iterator.next();
+
+ if (token instanceof Token) {
+ parent.setInitiatorToken((Token) token);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.INITIATOR_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java
new file mode 100644
index 0000000..5aa4e40
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/IssuedTokenBuilder.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.IssuedToken;
+
+import javax.xml.namespace.QName;
+
+import java.util.Iterator;
+import java.util.List;
+
+public class IssuedTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ IssuedToken issuedToken = new IssuedToken();
+
+ OMAttribute includeAttr = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ issuedToken.setInclusion(includeAttr.getAttributeValue());
+ }
+ // Extract Issuer
+ OMElement issuerElem = element.getFirstChildWithName(Constants.ISSUER);
+ if (issuerElem != null && issuerElem.getFirstElement() != null) {
+ issuedToken.setIssuerEpr(issuerElem.getFirstElement());
+ }
+
+ // Extract RSTTemplate
+ OMElement rstTmplElem = element.getFirstChildWithName(Constants.RST_TEMPLATE);
+ if (rstTmplElem != null) {
+ issuedToken.setRstTemplate(rstTmplElem);
+ }
+
+ OMElement policyElement = element.getFirstChildWithName(org.apache.neethi.Constants.Q_ELEM_POLICY);
+
+ if (policyElement != null) {
+
+ Policy policy = PolicyEngine.getPolicy(policyElement);
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), issuedToken);
+ break; // since there should be only one alternative ..
+ }
+ }
+
+ return issuedToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { Constants.ISSUED_TOKEN };
+ }
+
+ private void processAlternative(List assertions, IssuedToken parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.REQUIRE_DERIVED_KEYS.equals(name)) {
+ parent.setDerivedKeys(true);
+ } else if (Constants.REQUIRE_EXTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireExternalReference(true);
+ } else if (Constants.REQUIRE_INTERNAL_REFERNCE.equals(name)) {
+ parent.setRequireInternalReference(true);
+ }
+ }
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java
new file mode 100644
index 0000000..6899bb6
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/LayoutBuilder.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Layout;
+
+public class LayoutBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ Layout layout = new Layout();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext(); ) {
+ processAlternative((List) iterator.next(), layout);
+ break; // there should be only one alternative
+ }
+
+ return layout;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.LAYOUT};
+ }
+
+ public void processAlternative(List assertions, Layout parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (Constants.STRICT.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_STRICT);
+ } else if (Constants.LAX.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_LAX);
+ } else if (Constants.LAXTSFIRST.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_LAX_TIMESTAMP_FIRST);
+ } else if (Constants.LAXTSLAST.equals(qname)) {
+ parent.setValue(Constants.LAYOUT_LAX_TIMESTAMP_LAST);
+ }
+
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java
new file mode 100644
index 0000000..59f0f1d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/ProtectionTokenBuilder.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class ProtectionTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ ProtectionToken protectionToken = new ProtectionToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), protectionToken);
+ break; // since there should be only one alternative ..
+ }
+
+ return protectionToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.PROTECTION_TOKEN};
+ }
+
+ private void processAlternative(List assertions, ProtectionToken parent) {
+ Object token = assertions.get(0);
+
+ if (token instanceof Token) {
+ parent.setToken((Token) token);
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java
new file mode 100644
index 0000000..81667c5
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/RecipientTokenBuilder.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.RecipientToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class RecipientTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ RecipientToken recipientToken = new RecipientToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), recipientToken);
+
+ /*
+ * for the moment we will pick the first token specified in the policy
+ */
+ break;
+ }
+
+ return recipientToken;
+ }
+
+ private void processAlternative(List assertions, RecipientToken parent) {
+
+ Assertion assertion;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+
+ if (assertion instanceof Token) {
+ parent.setToken((Token) assertion);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.RECIPIENT_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java
new file mode 100644
index 0000000..85386d9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecureConversationTokenBuilder.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SecureConversationToken;
+
+public class SecureConversationTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ SecureConversationToken conversationToken = new SecureConversationToken();
+
+ OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if (attribute == null) {
+ throw new IllegalArgumentException(
+ "SecurityContextToken doesn't contain any sp:IncludeToken attribute");
+ }
+
+ String inclusionValue = attribute.getAttributeValue().trim();
+
+ if (inclusionValue.endsWith(Constants.INCLUDE_NEVER)) {
+ conversationToken.setInclusion(Constants.INCLUDE_NEVER);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ONCE)) {
+ conversationToken.setInclusion(Constants.INCLUDE_ONCE);
+
+ } else if (inclusionValue
+ .endsWith(Constants.INCLUDE_ALWAYS_TO_RECIPIENT)) {
+ conversationToken.setInclusion(Constants.INCLUDE_ALWAYS_TO_RECIPIENT);
+
+ } else if (inclusionValue.endsWith(Constants.INCLUDE_ALWAYS)) {
+ conversationToken.setInclusion(Constants.INCLUDE_ALWAYS);
+ }
+
+ OMElement issuer = element.getFirstChildWithName(Constants.ISSUER);
+ if ( issuer != null) {
+ conversationToken.setIssuerEpr(issuer.getFirstElement());
+ }
+
+ element = element.getFirstChildWithName(Constants.POLICY);
+ if (element != null) {
+ if (element.getFirstChildWithName(Constants.REQUIRE_DERIVED_KEYS) != null) {
+ conversationToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ conversationToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ conversationToken.setSc10SecurityContextToken(true);
+ }
+
+ OMElement bootstrapPolicyElement = element.getFirstChildWithName(Constants.BOOTSTRAP_POLICY);
+ if (bootstrapPolicyElement != null) {
+ Policy policy = PolicyEngine.getPolicy(bootstrapPolicyElement.getFirstElement());
+ conversationToken.setBootstrapPolicy(policy);
+ }
+ }
+
+ return conversationToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SECURE_CONVERSATION_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java
new file mode 100644
index 0000000..640ee01
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SecurityContextTokenBuilder.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SecurityContextToken;
+
+import javax.xml.namespace.QName;
+
+public class SecurityContextTokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ SecurityContextToken contextToken = new SecurityContextToken();
+
+ OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
+
+ OMAttribute includeAttr = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ contextToken.setInclusion(includeAttr.getAttributeValue());
+ }
+
+ element = element.getFirstChildWithName(Constants.POLICY);
+
+ if (element != null) {
+
+ if (element.getFirstChildWithName(Constants.REQUIRE_DERIVED_KEYS) != null) {
+ contextToken.setDerivedKeys(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.REQUIRE_EXTERNAL_URI_REFERNCE) != null) {
+ contextToken.setRequireExternalUriRef(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.SC10_SECURITY_CONTEXT_TOKEN) != null) {
+ contextToken.setSc10SecurityContextToken(true);
+ }
+ }
+
+ return contextToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SECURITY_CONTEXT_TOKEN};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
new file mode 100644
index 0000000..bcc0494
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedElementsBuilder.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+
+public class SignedElementsBuilder implements AssertionBuilder {
+
+ public static final QName ATTR_XPATH_VERSION = new QName(Constants.SP_NS, "XPathVersion");
+ public static final QName XPATH = new QName(Constants.SP_NS, "XPath");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+
+ SignedEncryptedElements signedEncryptedElements = new SignedEncryptedElements(true);
+ OMAttribute attrXPathVersion = element.getAttribute(ATTR_XPATH_VERSION);
+
+ if (attrXPathVersion != null) {
+ signedEncryptedElements.setXPathVersion(attrXPathVersion.getAttributeValue());
+ }
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedElements);
+ }
+
+ return signedEncryptedElements;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SIGNED_ELEMENTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedElements parent) {
+ QName name = element.getQName();
+ if (XPATH.equals(name)) {
+ parent.addXPathExpression(element.getText());
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java
new file mode 100644
index 0000000..eb7fb76
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SignedPartsBuilder.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Header;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+
+public class SignedPartsBuilder implements AssertionBuilder {
+ public static final QName HEADER = new QName(Constants.SP_NS, "Header");
+ public static final QName NAME = new QName("Name");
+ public static final QName NAMESPACE = new QName("Namespace");
+ public static final QName BODY = new QName(Constants.SP_NS, "Body");
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true);
+
+ for (Iterator iterator = element.getChildElements(); iterator.hasNext();) {
+ processElement((OMElement) iterator.next(), signedEncryptedParts);
+ }
+
+ return signedEncryptedParts;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SIGNED_PARTS};
+ }
+
+ private void processElement(OMElement element, SignedEncryptedParts parent) {
+
+ QName name = element.getQName();
+
+ if (HEADER.equals(name)) {
+ Header header = new Header();
+
+ OMAttribute nameAttribute = element.getAttribute(NAME);
+ if( nameAttribute != null ) {
+ header.setName(nameAttribute.getAttributeValue());
+ }
+
+ OMAttribute namespaceAttribute = element.getAttribute(NAMESPACE);
+ header.setNamespace(namespaceAttribute.getAttributeValue());
+
+ parent.addHeader(header);
+
+ } else if (BODY.equals(name)) {
+ parent.setBody(true);
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java
new file mode 100644
index 0000000..0e8cca5
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SupportingTokensBuilder.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.SignedEncryptedElements;
+import org.apache.ws.secpolicy.model.SignedEncryptedParts;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.Token;
+
+public class SupportingTokensBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ QName name = element.getQName();
+ SupportingToken supportingToken = null;
+
+ if (Constants.SUPPORIING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_SUPPORTING);
+ } else if (Constants.SIGNED_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_SIGNED);
+ } else if (Constants.ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_ENDORSING);
+ } else if (Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS.equals(name)) {
+ supportingToken = new SupportingToken(
+ Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), supportingToken);
+ /*
+ * for the moment we will say there should be only one alternative
+ */
+ break;
+ }
+
+ return supportingToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] { Constants.SUPPORIING_TOKENS,
+ Constants.SIGNED_SUPPORTING_TOKENS,
+ Constants.ENDORSING_SUPPORTING_TOKENS,
+ Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS};
+ }
+
+ private void processAlternative(List assertions, SupportingToken supportingToken) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName qname = primitive.getName();
+
+ if (Constants.ALGORITHM_SUITE.equals(qname)) {
+ supportingToken.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (Constants.SIGNED_PARTS.equals(qname)) {
+ supportingToken
+ .setSignedParts((SignedEncryptedParts) primitive);
+
+ } else if (Constants.SIGNED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setSignedElements((SignedEncryptedElements) primitive);
+
+ } else if (Constants.ENCRYPTED_PARTS.equals(qname)) {
+ supportingToken
+ .setEncryptedParts((SignedEncryptedParts) primitive);
+
+ } else if (Constants.ENCRYPTED_ELEMENTS.equals(qname)) {
+ supportingToken
+ .setEncryptedElements((SignedEncryptedElements) primitive);
+
+ } else if (primitive instanceof Token) {
+ supportingToken.addToken((Token) primitive);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
new file mode 100644
index 0000000..7ead454
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/SymmetricBindingBuilder.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.ProtectionToken;
+import org.apache.ws.secpolicy.model.SymmetricBinding;
+
+public class SymmetricBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ SymmetricBinding symmetricBinding = new SymmetricBinding();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternatives((List) iterator.next(), symmetricBinding);
+
+ /*
+ * since there should be only one alternative ..
+ */
+ break;
+ }
+ return symmetricBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.SYMMETRIC_BINDING};
+ }
+
+ private void processAlternatives(List assertions, SymmetricBinding symmetricBinding) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.ALGORITHM_SUITE.equals(name)) {
+ symmetricBinding.setAlgorithmSuite((AlgorithmSuite) assertion);
+
+ } else if (Constants.LAYOUT.equals(name)) {
+ symmetricBinding.setLayout((Layout) assertion);
+
+ } else if (Constants.INCLUDE_TIMESTAMP.equals(name)) {
+ symmetricBinding.setIncludeTimestamp(true);
+
+ } else if (Constants.PROTECTION_TOKEN.equals(name)) {
+ symmetricBinding.setProtectionToken((ProtectionToken) assertion);
+
+ } else if (Constants.ENCRYPT_BEFORE_SIGNING.equals(name.getLocalPart())) {
+ symmetricBinding.setProtectionOrder(Constants.ENCRYPT_BEFORE_SIGNING);
+
+ } else if (Constants.SIGN_BEFORE_ENCRYPTING.equals(name.getLocalPart())) {
+ symmetricBinding.setProtectionOrder(Constants.SIGN_BEFORE_ENCRYPTING);
+
+ } else if (Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY.equals(name.getLocalPart())) {
+ symmetricBinding.setEntireHeadersAndBodySignatures(true);
+ } else if (Constants.ENCRYPT_SIGNATURE.equals(name)) {
+ symmetricBinding.setSignatureProtection(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java
new file mode 100644
index 0000000..064e9ae
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportBindingBuilder.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Layout;
+import org.apache.ws.secpolicy.model.SupportingToken;
+import org.apache.ws.secpolicy.model.TransportBinding;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportBindingBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportBinding transportBinding = new TransportBinding();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportBinding, factory);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return transportBinding;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.TRANSPORT_BINDING};
+ }
+
+ private void processAlternative(List assertionList, TransportBinding parent, AssertionBuilderFactory factory) {
+
+ for (Iterator iterator = assertionList.iterator(); iterator.hasNext(); ) {
+
+ Assertion primitive = (Assertion) iterator.next();
+ QName name = primitive.getName();
+
+ if (name.equals(Constants.ALGORITHM_SUITE)) {
+ parent.setAlgorithmSuite((AlgorithmSuite) primitive);
+
+ } else if (name.equals(Constants.TRANSPORT_TOKEN)) {
+ parent.setTransportToken(((TransportToken) primitive));
+
+ } else if (name.equals(Constants.INCLUDE_TIMESTAMP)) {
+ parent.setIncludeTimestamp(true);
+
+ } else if (name.equals(Constants.LAYOUT)) {
+ parent.setLayout((Layout) primitive);
+
+ } else if (name.equals(Constants.SIGNED_SUPPORTING_TOKENS)) {
+ parent.setSignedSupportingToken((SupportingToken) primitive);
+
+ } else if (name.equals(Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS)) {
+ parent.setSignedEndorsingSupportingTokens((SupportingToken) primitive);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java
new file mode 100644
index 0000000..905dbf9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/TransportTokenBuilder.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.neethi.builders.xml.XmlPrimtiveAssertion;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.HttpsToken;
+import org.apache.ws.secpolicy.model.TransportToken;
+
+public class TransportTokenBuilder implements AssertionBuilder {
+
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ TransportToken transportToken = new TransportToken();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), transportToken);
+ break; // since there should be only one alternative
+ }
+
+ return transportToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.TRANSPORT_TOKEN};
+ }
+
+ private void processAlternative(List assertions, TransportToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ XmlPrimtiveAssertion primtive = (XmlPrimtiveAssertion) iterator.next();
+ QName qname = primtive.getName();
+
+ if (Constants.HTTPS_TOKEN.equals(qname)) {
+ HttpsToken httpsToken = new HttpsToken();
+ OMAttribute attr = primtive.getValue().getAttribute(Constants.REQUIRE_CLIENT_CERTIFICATE);
+ if(attr != null) {
+ httpsToken.setRequireClientCertificate("true".equals(attr.getAttributeValue()));
+ }
+ parent.setToken(httpsToken);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java
new file mode 100644
index 0000000..7a92b24
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/Trust10Builder.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Trust10;
+
+public class Trust10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ element = element.getFirstChildWithName(Constants.POLICY);
+
+ if (element == null) {
+ throw new IllegalArgumentException(
+ "Trust10 assertion doesn't contain any Policy");
+ }
+
+ Trust10 trust10 = new Trust10();
+
+ if (element
+ .getFirstChildWithName(Constants.MUST_SUPPORT_CLIENT_CHALLENGE) != null) {
+ trust10.setMustSupportClientChallenge(true);
+ }
+
+ if (element
+ .getFirstChildWithName(Constants.MUST_SUPPORT_SERVER_CHALLENGE) != null) {
+ trust10.setMustSupportServerChallenge(true);
+ }
+
+ if (element.getFirstChildWithName(Constants.REQUIRE_CLIENT_ENTROPY) != null) {
+ trust10.setRequireClientEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(Constants.REQUIRE_SERVER_ENTROPY) != null) {
+ trust10.setRequireServerEntropy(true);
+ }
+
+ if (element.getFirstChildWithName(Constants.MUST_SUPPORT_ISSUED_TOKENS) != null) {
+ trust10.setMustSupportIssuedTokens(true);
+ }
+
+ return trust10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.TRUST_10};
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java
new file mode 100644
index 0000000..314db63
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/UsernameTokenBuilder.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.UsernameToken;
+
+public class UsernameTokenBuilder implements AssertionBuilder {
+
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory) throws IllegalArgumentException {
+ UsernameToken usernameToken = new UsernameToken();
+
+ OMAttribute attribute = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if(attribute != null) {
+ usernameToken.setInclusion(attribute.getAttributeValue());
+ }
+
+ OMElement policyElement = element.getFirstElement();
+
+ if (policyElement != null && !policyElement.getQName().equals(org.apache.neethi.Constants.Q_ELEM_POLICY)) {
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), usernameToken);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+
+ return usernameToken;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.USERNAME_TOKEN};
+ }
+
+ private void processAlternative(List assertions, UsernameToken parent) {
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ Assertion assertion = (Assertion) iterator.next();
+ QName qname = assertion.getName();
+
+ if (Constants.WSS_USERNAME_TOKEN10.equals(qname)) {
+ parent.setUseUTProfile10(true);
+
+ } else if (Constants.WSS_USERNAME_TOKEN11.equals(qname)) {
+ parent.setUseUTProfile11(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java
new file mode 100644
index 0000000..dcbcbd0
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS10Builder.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Wss10;
+
+public class WSS10Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+
+ Wss10 wss10 = new Wss10();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss10);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss10;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.WSS10};
+ }
+
+ private void processAlternative(List assertions, Wss10 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext(); ) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java
new file mode 100644
index 0000000..f787171
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/WSS11Builder.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.Wss11;
+
+public class WSS11Builder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ Wss11 wss11 = new Wss11();
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator.hasNext();) {
+ processAlternative((List) iterator.next(), wss11);
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+
+ return wss11;
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.WSS11};
+ }
+
+ private void processAlternative(List assertions, Wss11 parent) {
+
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.equals(name)) {
+ parent.setMustSupportRefKeyIdentifier(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.equals(name)) {
+ parent.setMustSupportRefIssuerSerial(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EXTERNAL_URI.equals(name)) {
+ parent.setMustSupportRefExternalURI(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.equals(name)) {
+ parent.setMustSupportRefEmbeddedToken(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_THUMBPRINT.equals(name)) {
+ parent.setMustSupportRefThumbprint(true);
+
+ } else if (Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY.equals(name)) {
+ parent.setMustSupportRefEncryptedKey(true);
+
+ } else if (Constants.REQUIRE_SIGNATURE_CONFIRMATION.equals(name)) {
+ parent.setRequireSignatureConfirmation(true);
+ }
+ }
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
new file mode 100644
index 0000000..96e35df
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/builders/X509TokenBuilder.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.builders;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.AssertionBuilderFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.neethi.builders.AssertionBuilder;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.model.X509Token;
+
+public class X509TokenBuilder implements AssertionBuilder {
+
+ public Assertion build(OMElement element, AssertionBuilderFactory factory)
+ throws IllegalArgumentException {
+ X509Token x509Token = new X509Token();
+
+ OMElement policyElement = element.getFirstElement();
+
+ //Process token inclusion
+ OMAttribute includeAttr = element.getAttribute(Constants.INCLUDE_TOKEN);
+ if(includeAttr != null) {
+ x509Token.setInclusion(includeAttr.getAttributeValue());
+ }
+
+ if (policyElement != null) {
+
+ if (policyElement.getFirstChildWithName(Constants.REQUIRE_DERIVED_KEYS) != null) {
+ x509Token.setDerivedKeys(true);
+ }
+
+ Policy policy = PolicyEngine.getPolicy(element.getFirstElement());
+ policy = (Policy) policy.normalize(false);
+
+ for (Iterator iterator = policy.getAlternatives(); iterator
+ .hasNext();) {
+ processAlternative((List) iterator.next(), x509Token);
+
+ /*
+ * since there should be only one alternative
+ */
+ break;
+ }
+ }
+ return x509Token;
+ }
+
+ private void processAlternative(List assertions, X509Token parent) {
+ Assertion assertion;
+ QName name;
+
+ for (Iterator iterator = assertions.iterator(); iterator.hasNext();) {
+ assertion = (Assertion) iterator.next();
+ name = assertion.getName();
+
+ if (Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.equals(name)) {
+ parent.setRequireKeyIdentifierReference(true);
+
+ } else if (Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.equals(name)) {
+ parent.setRequireIssuerSerialReference(true);
+
+ } else if (Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.equals(name)) {
+ parent.setRequireEmbeddedTokenReference(true);
+
+ } else if (Constants.REQUIRE_THUMBPRINT_REFERENCE.equals(name)) {
+ parent.setRequireThumbprintReference(true);
+
+ } else if (Constants.WSS_X509_V1_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V1_TOKEN10);
+
+ } else if (Constants.WSS_X509_V1_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V1_TOKEN11);
+
+ } else if (Constants.WSS_X509_V3_TOKEN_10.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V3_TOKEN10);
+
+ } else if (Constants.WSS_X509_V3_TOKEN_11.equals(name)) {
+ parent.setTokenVersionAndType(Constants.WSS_X509_V3_TOKEN11);
+
+ } else if (Constants.WSS_X509_PKCS7_TOKEN_10.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKCS7_TOKEN10);
+
+ } else if (Constants.WSS_X509_PKCS7_TOKEN_11.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKCS7_TOKEN11);
+
+ } else if (Constants.WSS_X509_PKI_PATH_V1_TOKEN_10.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKI_PATH_V1_TOKEN10);
+
+ } else if (Constants.WSS_X509_PKI_PATH_V1_TOKEN_11.equals(name)) {
+ parent
+ .setTokenVersionAndType(Constants.WSS_X509_PKI_PATH_V1_TOKEN11);
+ }
+ }
+ }
+
+ public QName[] getKnownElements() {
+ return new QName[] {Constants.X509_TOKEN};
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
new file mode 100644
index 0000000..7f088d6
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractConfigurableSecurityAssertion.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.neethi.Assertion;
+
+public abstract class AbstractConfigurableSecurityAssertion extends AbstractSecurityAssertion {
+
+ protected ArrayList configurations = null;
+
+ public void addConfiguration(Assertion assertion) {
+ if (configurations == null) {
+ configurations = new ArrayList();
+ }
+ configurations.add(assertion);
+ }
+
+ public List getConfigurations() {
+ return configurations;
+ }
+
+ public Assertion getDefaultAssertion() {
+ if (configurations != null) {
+ return (Assertion) configurations.get(0);
+ }
+ return null;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
new file mode 100644
index 0000000..0f2d125
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AbstractSecurityAssertion.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Constants;
+import org.apache.neethi.PolicyComponent;
+
+public abstract class AbstractSecurityAssertion implements Assertion {
+
+ private boolean isOptional;
+
+ private boolean normalized = false;
+
+ public boolean isOptional() {
+ return isOptional;
+ }
+
+ public void setOptional(boolean isOptional) {
+ this.isOptional = isOptional;
+ }
+
+ public short getType() {
+ return Constants.TYPE_ASSERTION;
+ }
+
+ public boolean equal(PolicyComponent policyComponent) {
+ throw new UnsupportedOperationException();
+ }
+
+ public void setNormalized(boolean normalized) {
+ this.normalized = normalized;
+ }
+
+ public boolean isNormalized() {
+ return true;
+ }
+
+ public PolicyComponent normalize() {
+
+ /*
+ * TODO: Handling the isOptional:TRUE case
+ */
+ return this;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
new file mode 100644
index 0000000..318be2e
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmSuite.java
@@ -0,0 +1,452 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+import org.apache.ws.secpolicy.WSSPolicyException;
+
+public class AlgorithmSuite extends AbstractConfigurableSecurityAssertion {
+
+ private String algoSuiteString;
+
+ private String symmetricSignature = Constants.HMAC_SHA1;
+
+ private String asymmetricSignature = Constants.RSA_SHA1;
+
+ private String computedKey = Constants.P_SHA1;
+
+ private int maximumSymmetricKeyLength = 256;
+
+ private int minimumAsymmetricKeyLength = 1024;
+
+ private int maximumAsymmetricKeyLength = 4096;
+
+ private String digest;
+
+ private String encryption;
+
+ private String symmetricKeyWrap;
+
+ private String asymmetricKeyWrap;
+
+ private String encryptionKeyDerivation;
+
+ private String signatureKeyDerivation;
+
+ private int minimumSymmetricKeyLength;
+
+ private String c14n = Constants.EX_C14N;
+
+ private String soapNormalization;
+
+ private String strTransform;
+
+ private String xPath;
+
+ /**
+ * Set the algorithm suite
+ *
+ * @param algoSuite
+ * @throws WSSPolicyException
+ * @see Constants#ALGO_SUITE_BASIC128
+ * @see Constants#ALGO_SUITE_BASIC128_RSA15
+ * @see Constants#ALGO_SUITE_BASIC128_SHA256
+ * @see Constants#ALGO_SUITE_BASIC128_SHA256_RSA15
+ * @see Constants#ALGO_SUITE_BASIC192
+ * @see Constants#ALGO_SUITE_BASIC192_RSA15
+ * @see Constants#ALGO_SUITE_BASIC192_SHA256
+ * @see Constants#ALGO_SUITE_BASIC192_SHA256_RSA15
+ * @see Constants#ALGO_SUITE_BASIC256
+ * @see Constants#ALGO_SUITE_BASIC256_RSA15
+ * @see Constants#ALGO_SUITE_BASIC256_SHA256
+ * @see Constants#ALGO_SUITE_BASIC256_SHA256_RSA15
+ * @see Constants#ALGO_SUITE_TRIPLE_DES
+ * @see Constants#ALGO_SUITE_TRIPLE_DES_RSA15
+ * @see Constants#ALGO_SUITE_TRIPLE_DES_SHA256
+ * @see Constants#ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
+ */
+ public void setAlgorithmSuite(String algoSuite) {
+ setAlgoSuiteString(algoSuite);
+ this.algoSuiteString = algoSuite;
+
+ // TODO: Optimize this :-)
+ if (Constants.ALGO_SUITE_BASIC256.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA1;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC256_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES_SHA256.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA_OAEP;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC256_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES256;
+ this.symmetricKeyWrap = Constants.KW_AES256;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L256;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 256;
+ } else if (Constants.ALGO_SUITE_BASIC192_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES192;
+ this.symmetricKeyWrap = Constants.KW_AES192;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else if (Constants.ALGO_SUITE_BASIC128_SHA256_RSA15.equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.AES128;
+ this.symmetricKeyWrap = Constants.KW_AES128;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L128;
+ this.signatureKeyDerivation = Constants.P_SHA1_L128;
+ this.minimumSymmetricKeyLength = 128;
+ } else if (Constants.ALGO_SUITE_TRIPLE_DES_SHA256_RSA15
+ .equals(algoSuite)) {
+ this.digest = Constants.SHA256;
+ this.encryption = Constants.TRIPLE_DES;
+ this.symmetricKeyWrap = Constants.KW_TRIPLE_DES;
+ this.asymmetricKeyWrap = Constants.KW_RSA15;
+ this.encryptionKeyDerivation = Constants.P_SHA1_L192;
+ this.signatureKeyDerivation = Constants.P_SHA1_L192;
+ this.minimumSymmetricKeyLength = 192;
+ } else {
+ // throw new WSSPolicyException("Invalid algorithm suite : " +
+ // algoSuite);
+ }
+ }
+
+ /**
+ * @return Returns the asymmetricKeyWrap.
+ */
+ public String getAsymmetricKeyWrap() {
+ return asymmetricKeyWrap;
+ }
+
+ /**
+ * @return Returns the asymmetricSignature.
+ */
+ public String getAsymmetricSignature() {
+ return asymmetricSignature;
+ }
+
+ /**
+ * @return Returns the computedKey.
+ */
+ public String getComputedKey() {
+ return computedKey;
+ }
+
+ /**
+ * @return Returns the digest.
+ */
+ public String getDigest() {
+ return digest;
+ }
+
+ /**
+ * @return Returns the encryption.
+ */
+ public String getEncryption() {
+ return encryption;
+ }
+
+ /**
+ * @return Returns the encryptionKeyDerivation.
+ */
+ public String getEncryptionKeyDerivation() {
+ return encryptionKeyDerivation;
+ }
+
+ /**
+ * @return Returns the maximumAsymmetricKeyLength.
+ */
+ public int getMaximumAsymmetricKeyLength() {
+ return maximumAsymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the maximumSymmetricKeyLength.
+ */
+ public int getMaximumSymmetricKeyLength() {
+ return maximumSymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the minimumAsymmetricKeyLength.
+ */
+ public int getMinimumAsymmetricKeyLength() {
+ return minimumAsymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the minimumSymmetricKeyLength.
+ */
+ public int getMinimumSymmetricKeyLength() {
+ return minimumSymmetricKeyLength;
+ }
+
+ /**
+ * @return Returns the signatureKeyDerivation.
+ */
+ public String getSignatureKeyDerivation() {
+ return signatureKeyDerivation;
+ }
+
+ /**
+ * @return Returns the symmetricKeyWrap.
+ */
+ public String getSymmetricKeyWrap() {
+ return symmetricKeyWrap;
+ }
+
+ /**
+ * @return Returns the symmetricSignature.
+ */
+ public String getSymmetricSignature() {
+ return symmetricSignature;
+ }
+
+ /**
+ * @return Returns the c14n.
+ */
+ public String getInclusiveC14n() {
+ return c14n;
+ }
+
+ /**
+ * @param c14n
+ * The c14n to set.
+ */
+ public void setC14n(String c14n) {
+ this.c14n = c14n;
+ }
+
+ /**
+ * @return Returns the soapNormalization.
+ */
+ public String getSoapNormalization() {
+ return soapNormalization;
+ }
+
+ /**
+ * @param soapNormalization
+ * The soapNormalization to set.
+ */
+ public void setSoapNormalization(String soapNormalization) {
+ this.soapNormalization = soapNormalization;
+ }
+
+ /**
+ * @return Returns the strTransform.
+ */
+ public String getStrTransform() {
+ return strTransform;
+ }
+
+ /**
+ * @param strTransform
+ * The strTransform to set.
+ */
+ public void setStrTransform(String strTransform) {
+ this.strTransform = strTransform;
+ }
+
+ /**
+ * @return Returns the xPath.
+ */
+ public String getXPath() {
+ return xPath;
+ }
+
+ /**
+ * @param path
+ * The xPath to set.
+ */
+ public void setXPath(String path) {
+ xPath = path;
+ }
+
+ private void setAlgoSuiteString(String algoSuiteString) {
+ this.algoSuiteString = algoSuiteString;
+ }
+
+ private String getAlgoSuiteString() {
+ return algoSuiteString;
+ }
+
+ public QName getName() {
+ return Constants.ALGORITHM_SUITE;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException(
+ "AlgorithmSuite.normalize() is not supported");
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = Constants.ALGORITHM_SUITE.getLocalPart();
+ String namespaceURI = Constants.ALGORITHM_SUITE.getNamespaceURI();
+
+ String prefix = writer.getPrefix(Constants.ALGORITHM_SUITE
+ .getNamespaceURI());
+
+ if (prefix == null) {
+ prefix = Constants.ALGORITHM_SUITE.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ writer.writeStartElement(prefix, localName, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY
+ .getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ //
+ writer.writeStartElement(prefix, getAlgoSuiteString(), namespaceURI);
+ writer.writeEndElement();
+
+ if (Constants.C14N.equals(getInclusiveC14n())) {
+ writer.writeStartElement(prefix, Constants.INCLUSIVE_C14N, prefix);
+ writer.writeEndElement();
+ }
+
+ if (Constants.SNT.equals(getSoapNormalization())) {
+ writer.writeStartElement(prefix, Constants.SOAP_NORMALIZATION_10,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.STRT10.equals(getStrTransform())) {
+ writer.writeStartElement(prefix, Constants.STR_TRANSFORM_10,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.XPATH.equals(getXPath())) {
+ writer.writeStartElement(prefix, Constants.XPATH10, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.XPATH20.equals(getXPath())) {
+ writer.writeStartElement(prefix, Constants.XPATH_FILTER20,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:AlgorithmSuite>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
new file mode 100644
index 0000000..d0c8c6c
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AlgorithmWrapper.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public interface AlgorithmWrapper {
+
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite);
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
new file mode 100644
index 0000000..1a085ff
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/AsymmetricBinding.java
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class AsymmetricBinding extends SymmetricAsymmetricBindingBase {
+
+ private InitiatorToken initiatorToken;
+
+ private RecipientToken recipientToken;
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public InitiatorToken getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken
+ * The initiatorToken to set.
+ */
+ public void setInitiatorToken(InitiatorToken initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ /**
+ * @return Returns the recipientToken.
+ */
+ public RecipientToken getRecipientToken() {
+ return recipientToken;
+ }
+
+ /**
+ * @param recipientToken
+ * The recipientToken to set.
+ */
+ public void setRecipientToken(RecipientToken recipientToken) {
+ this.recipientToken = recipientToken;
+ }
+
+ public QName getName() {
+ return Constants.ASYMMETRIC_BINDING;
+ }
+
+ public PolicyComponent normalize() {
+
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configs = algorithmSuite.getConfigurations();
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ policy.addPolicyComponent(exactlyOne);
+
+ All wrapper;
+ AsymmetricBinding asymmetricBinding;
+
+ for (Iterator iterator = configs.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ asymmetricBinding = new AsymmetricBinding();
+
+ asymmetricBinding.setAlgorithmSuite((AlgorithmSuite) iterator
+ .next());
+ asymmetricBinding
+ .setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
+ asymmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
+ asymmetricBinding.setInitiatorToken(getInitiatorToken());
+ asymmetricBinding.setLayout(getLayout());
+ asymmetricBinding.setProtectionOrder(getProtectionOrder());
+ asymmetricBinding.setRecipientToken(getRecipientToken());
+ asymmetricBinding.setSignatureProtection(isSignatureProtection());
+ asymmetricBinding
+ .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ asymmetricBinding.setTokenProtection(isTokenProtection());
+
+ asymmetricBinding.setNormalized(true);
+ wrapper.addPolicyComponent(wrapper);
+ }
+
+ return policy;
+
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.ASYMMETRIC_BINDING.getLocalPart();
+ String namespaceURI = Constants.ASYMMETRIC_BINDING.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.ASYMMETRIC_BINDING.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:AsymmetricBinding>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(),
+ Constants.POLICY.getNamespaceURI());
+
+ if (initiatorToken == null) {
+ throw new RuntimeException("InitiatorToken is not set");
+ }
+
+ // <sp:InitiatorToken>
+ initiatorToken.serialize(writer);
+ // </sp:InitiatorToken>
+
+ if (recipientToken == null) {
+ throw new RuntimeException("RecipientToken is not set");
+ }
+
+ // <sp:RecipientToken>
+ recipientToken.serialize(writer);
+ // </sp:RecipientToken>
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ if (algorithmSuite == null) {
+ throw new RuntimeException("AlgorithmSuite is not set");
+ }
+
+ // <sp:AlgorithmSuite>
+ algorithmSuite.serialize(writer);
+ // </sp:AlgorithmSuite>
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout>
+ layout.serialize(writer);
+ // </sp:Layout>
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp>
+ writer.writeStartElement(Constants.INCLUDE_TIMESTAMP.getPrefix(),
+ Constants.INCLUDE_TIMESTAMP.getLocalPart(),
+ Constants.INCLUDE_TIMESTAMP.getNamespaceURI());
+ writer.writeEndElement();
+ // </sp:IncludeTimestamp>
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(getProtectionOrder())) {
+ // <sp:EncryptBeforeSign />
+ writer.writeStartElement(prefix, Constants.ENCRYPT_BEFORE_SIGNING,
+ namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isSignatureProtection()) {
+ // <sp:EncryptSignature />
+ // FIXME move the String constants to a QName
+ writer.writeStartElement(prefix, Constants.ENCRYPT_SIGNATURE
+ .getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isTokenProtection()) {
+ // <sp:ProtectTokens />
+ writer.writeStartElement(prefix, Constants.PROTECT_TOKENS
+ .getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isEntireHeadersAndBodySignatures()) {
+ // <sp:OnlySignEntireHeaderAndBody />
+ writer.writeStartElement(prefix,
+ Constants.ONLY_SIGN_ENTIRE_HEADERS_AND_BODY, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:AsymmetircBinding>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
new file mode 100644
index 0000000..a7a2eb0
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Binding.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public abstract class Binding extends AbstractSecurityAssertion implements AlgorithmWrapper {
+
+ private AlgorithmSuite algorithmSuite;
+ private boolean includeTimestamp;
+ private Layout layout = new Layout();
+ private SupportingToken signedSupportingToken;
+ private SupportingToken signedEndorsingSupportingTokens;
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the includeTimestamp.
+ */
+ public boolean isIncludeTimestamp() {
+ return includeTimestamp;
+ }
+
+ /**
+ * @param includeTimestamp The includeTimestamp to set.
+ */
+ public void setIncludeTimestamp(boolean includeTimestamp) {
+ this.includeTimestamp = includeTimestamp;
+ }
+
+ /**
+ * @return Returns the layout.
+ */
+ public Layout getLayout() {
+ return layout;
+ }
+
+ /**
+ * @param layout The layout to set.
+ */
+ public void setLayout(Layout layout) {
+ this.layout = layout;
+ }
+
+ public SupportingToken getSignedEndorsingSupportingTokens() {
+ return signedEndorsingSupportingTokens;
+ }
+
+ public void setSignedEndorsingSupportingTokens(
+ SupportingToken signedEndorsingSupportingTokens) {
+ this.signedEndorsingSupportingTokens = signedEndorsingSupportingTokens;
+ }
+
+ public SupportingToken getSignedSupportingToken() {
+ return signedSupportingToken;
+ }
+
+ public void setSignedSupportingToken(SupportingToken signedSupportingToken) {
+ this.signedSupportingToken = signedSupportingToken;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
new file mode 100644
index 0000000..7af329d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/EncryptionToken.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+
+public class EncryptionToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token encryptionToken;
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public Token getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(Token encryptionToken) {
+ this.encryptionToken = encryptionToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setEncryptionToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.ENCRYPTION_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.ENCRYPTION_TOKEN.getLocalPart();
+ String namespaceURI = Constants.ENCRYPTION_TOKEN.getNamespaceURI();
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.ENCRYPTION_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:EncryptionToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String wspNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, Constants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (encryptionToken == null) {
+ throw new RuntimeException("EncryptionToken is not set");
+ }
+
+ encryptionToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:EncryptionToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
new file mode 100644
index 0000000..8e95a29
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Header.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public class Header {
+
+ private String name;
+ private String namespace;
+
+ /**
+ * @return Returns the name.
+ */
+ public String getName() {
+ return name;
+ }
+ /**
+ * @param name The name to set.
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+ /**
+ * @return Returns the namespace.
+ */
+ public String getNamespace() {
+ return namespace;
+ }
+ /**
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ this.namespace = namespace;
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
new file mode 100644
index 0000000..af1f4a3
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/HttpsToken.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+/**
+ *
+ * @author Ruchith Fernando (ruchith.fernando@gmail.com)
+ */
+public class HttpsToken extends Token {
+
+ private boolean requireClientCertificate = false;
+
+ public boolean isRequireClientCertificate() {
+ return requireClientCertificate;
+ }
+
+ public void setRequireClientCertificate(boolean requireClientCertificate) {
+ this.requireClientCertificate = requireClientCertificate;
+ }
+
+ public QName getName() {
+ return Constants.HTTPS_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.HTTPS_TOKEN.getLocalPart();
+ String namespaceURI = Constants.HTTPS_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.HTTPS_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:HttpsToken
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // RequireClientCertificate=".."
+ writer
+ .writeAttribute(Constants.REQUIRE_CLIENT_CERTIFICATE
+ .getLocalPart(), Boolean
+ .toString(isRequireClientCertificate()));
+
+ writer.writeEndElement();
+ // </sp:HttpsToken>
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
new file mode 100644
index 0000000..6f7570f
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/InitiatorToken.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class InitiatorToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token initiatorToken;
+
+ /**
+ * @return Returns the initiatorToken.
+ */
+ public Token getInitiatorToken() {
+ return initiatorToken;
+ }
+
+ /**
+ * @param initiatorToken The initiatorToken to set.
+ */
+ public void setInitiatorToken(Token initiatorToken) {
+ this.initiatorToken = initiatorToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setInitiatorToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.INITIATOR_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.INITIATOR_TOKEN.getLocalPart();
+ String namespaceURI = Constants.INITIATOR_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.INITIATOR_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:InitiatorToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ Token token = getInitiatorToken();
+ if (token == null) {
+ throw new RuntimeException("InitiatorToken doesn't contain any token assertions");
+ }
+ token.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:InitiatorToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
new file mode 100644
index 0000000..a3bc9f9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/IssuedToken.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model bean for the IssuedToken assertion.
+ */
+public class IssuedToken extends Token {
+
+ private OMElement issuerEpr;
+
+ private OMElement rstTemplate;
+
+ boolean requireExternalReference;
+
+ boolean requireInternalReference;
+
+ /**
+ * @return Returns the issuerEpr.
+ */
+ public OMElement getIssuerEpr() {
+ return issuerEpr;
+ }
+
+ /**
+ * @param issuerEpr
+ * The issuerEpr to set.
+ */
+ public void setIssuerEpr(OMElement issuerEpr) {
+ this.issuerEpr = issuerEpr;
+ }
+
+ /**
+ * @return Returns the requireExternalReference.
+ */
+ public boolean isRequireExternalReference() {
+ return requireExternalReference;
+ }
+
+ /**
+ * @param requireExternalReference
+ * The requireExternalReference to set.
+ */
+ public void setRequireExternalReference(boolean requireExternalReference) {
+ this.requireExternalReference = requireExternalReference;
+ }
+
+ /**
+ * @return Returns the requireInternalReference.
+ */
+ public boolean isRequireInternalReference() {
+ return requireInternalReference;
+ }
+
+ /**
+ * @param requireInternalReference
+ * The requireInternalReference to set.
+ */
+ public void setRequireInternalReference(boolean requireInternalReference) {
+ this.requireInternalReference = requireInternalReference;
+ }
+
+ /**
+ * @return Returns the rstTemplate.
+ */
+ public OMElement getRstTemplate() {
+ return rstTemplate;
+ }
+
+ /**
+ * @param rstTemplate
+ * The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
+
+ public QName getName() {
+ return Constants.ISSUED_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.ISSUED_TOKEN.getLocalPart();
+ String namespaceURI = Constants.ISSUED_TOKEN.getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.ISSUED_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:IssuedToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String inclusion = getInclusion();
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI,
+ Constants.ATTR_INCLUDE_TOKEN, inclusion);
+ }
+
+ if (issuerEpr != null) {
+ writer.writeStartElement(prefix, Constants.ISSUER.getLocalPart(),
+ namespaceURI);
+ issuerEpr.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ if (rstTemplate != null) {
+ // <sp:RequestSecurityTokenTemplate>
+ writer.writeStartElement(prefix,
+ Constants.REQUEST_SECURITY_TOKEN_TEMPLATE.getLocalPart(),
+ namespaceURI);
+
+ rstTemplate.serialize(writer);
+
+ // </sp:RequestSecurityTokenTemplate>
+ writer.writeEndElement();
+ }
+
+ String policyLocalName = Constants.PROTECTION_TOKEN.getLocalPart();
+ String policyNamespaceURI = Constants.PROTECTION_TOKEN
+ .getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.PROTECTION_TOKEN.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ if (isRequireExternalReference() || isRequireInternalReference()) {
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName,
+ policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, policyNamespaceURI);
+ }
+
+ if (isRequireExternalReference()) {
+ // <sp:RequireExternalReference />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_EXTERNAL_REFERNCE.getLocalPart(), namespaceURI);
+ }
+
+ if (isRequireInternalReference()) {
+ // <sp:RequireInternalReference />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_INTERNAL_REFERNCE.getLocalPart(), namespaceURI);
+ }
+
+ // <wsp:Policy>
+ writer.writeEndElement();
+ }
+
+ // </sp:IssuedToken>
+ writer.writeEndElement();
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
new file mode 100644
index 0000000..59b2499
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Layout.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class Layout extends AbstractSecurityAssertion {
+
+ private String value = Constants.LAYOUT_LAX;
+
+ /**
+ * @return Returns the value.
+ */
+ public String getValue() {
+ return value;
+ }
+
+ /**
+ * @param value
+ * The value to set.
+ */
+ public void setValue(String value) {
+ if (Constants.LAYOUT_LAX.equals(value)
+ || Constants.LAYOUT_STRICT.equals(value)
+ || Constants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)
+ || Constants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
+ this.value = value;
+ } else {
+ // throw new WSSPolicyException("Incorrect layout value : " +
+ // value);
+ }
+ }
+
+ public QName getName() {
+ return Constants.LAYOUT;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = Constants.LAYOUT.getLocalPart();
+ String namespaceURI = Constants.LAYOUT.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.LAYOUT.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Layout>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY
+ .getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ // .. <sp:Strict /> | <sp:Lax /> | <sp:LaxTsFirst /> | <sp:LaxTsLast /> ..
+ if (Constants.LAYOUT_STRICT.equals(value)) {
+ writer.writeStartElement(prefix, Constants.STRICT.getLocalPart(), namespaceURI);
+
+ } else if (Constants.LAYOUT_LAX.equals(value)) {
+ writer.writeStartElement(prefix, Constants.LAX.getLocalPart(), namespaceURI);
+
+ } else if (Constants.LAYOUT_LAX_TIMESTAMP_FIRST.equals(value)) {
+ writer.writeStartElement(prefix, Constants.LAXTSFIRST.getLocalPart(), namespaceURI);
+
+ } else if (Constants.LAYOUT_LAX_TIMESTAMP_LAST.equals(value)) {
+ writer.writeStartElement(prefix, Constants.LAXTSLAST.getLocalPart(), namespaceURI);
+ }
+
+ writer.writeEndElement();
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Layout>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
new file mode 100644
index 0000000..2867953
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/ProtectionToken.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class ProtectionToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token protectionToken;
+
+ /**
+ * @return Returns the protectionToken.
+ */
+ public Token getProtectionToken() {
+ return protectionToken;
+ }
+
+ /**
+ * @param protectionToken The protectionToken to set.
+ */
+ public void setProtectionToken(Token protectionToken) {
+ this.protectionToken = protectionToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setProtectionToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.PROTECTION_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ /*
+ * ProtectionToken can not contain multiple values. Hence we consider it
+ * to always be in the normalized format.
+ */
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.PROTECTION_TOKEN.getLocalPart();
+ String namespaceURI = Constants.PROTECTION_TOKEN.getNamespaceURI();
+
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+ if (writerPrefix == null) {
+ prefix = Constants.PROTECTION_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:ProtectionToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String policyLocalName = Constants.PROTECTION_TOKEN.getLocalPart();
+ String policyNamespaceURI = Constants.PROTECTION_TOKEN.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.PROTECTION_TOKEN.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, policyNamespaceURI);
+ }
+
+ if (protectionToken == null) {
+ throw new RuntimeException("ProtectionToken is not set");
+ }
+
+ protectionToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:ProtectionToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
new file mode 100644
index 0000000..b4ce19d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/RecipientToken.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class RecipientToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token receipientToken;
+
+ /**
+ * @return Returns the receipientToken.
+ */
+ public Token getReceipientToken() {
+ return receipientToken;
+ }
+
+ /**
+ * @param receipientToken The receipientToken to set.
+ */
+ public void setReceipientToken(Token receipientToken) {
+ this.receipientToken = receipientToken;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
+ */
+ public void setToken(Token tok) {
+ this.setReceipientToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.RECIPIENT_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.RECIPIENT_TOKEN.getLocalPart();
+ String namespaceURI = Constants.RECIPIENT_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.RECIPIENT_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:RecipientToken>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ Token token = getReceipientToken();
+ if (token == null) {
+ throw new RuntimeException("RecipientToken doesn't contain any token assertions");
+ }
+ token.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:RecipientToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
new file mode 100644
index 0000000..4141aff
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecureConversationToken.java
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model class of SecureConversationToken assertion
+ */
+public class SecureConversationToken extends SecurityContextToken {
+
+ private Policy bootstrapPolicy;
+
+ private OMElement issuerEpr;
+
+ /**
+ * @return Returns the bootstrapPolicy.
+ */
+ public Policy getBootstrapPolicy() {
+ return bootstrapPolicy;
+ }
+
+ /**
+ * @param bootstrapPolicy
+ * The bootstrapPolicy to set.
+ */
+ public void setBootstrapPolicy(Policy bootstrapPolicy) {
+ this.bootstrapPolicy = bootstrapPolicy;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return Constants.SECURE_CONVERSATION_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.SECURE_CONVERSATION_TOKEN.getLocalPart();
+ String namespaceURI = Constants.SECURE_CONVERSATION_TOKEN
+ .getNamespaceURI();
+ String prefix;
+
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.SECURE_CONVERSATION_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SecureConversationToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ String inclusion = getInclusion();
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, Constants.INCLUDE_TOKEN
+ .getLocalPart(), inclusion);
+ }
+
+ if (issuerEpr != null) {
+ // <sp:Issuer>
+ writer.writeStartElement(prefix, Constants.ISSUER.getLocalPart(),
+ namespaceURI);
+
+ issuerEpr.serialize(writer);
+
+ writer.writeEndElement();
+ }
+
+ if (isDerivedKeys() || isRequireExternalUriRef()
+ || isSc10SecurityContextToken() || (bootstrapPolicy != null)) {
+
+ String wspNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix,
+ Constants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (isDerivedKeys()) {
+ // <sp:RequireDerivedKeys />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_DERIVED_KEYS.getLocalPart(), wspWriterPrefix);
+ }
+
+ if (isRequireExternalUriRef()) {
+ // <sp:RequireExternalUriReference />
+ writer.writeEmptyElement(prefix, Constants.REQUIRE_EXTERNAL_URI_REFERNCE.getLocalPart(), namespaceURI);
+ }
+
+ if (isSc10SecurityContextToken()) {
+ // <sp:SC10SecurityContextToken />
+ writer.writeEmptyElement(prefix, Constants.SC10_SECURITY_CONTEXT_TOKEN.getLocalPart(), namespaceURI);
+ }
+
+ if (bootstrapPolicy != null) {
+ // <sp:BootstrapPolicy ..>
+ writer.writeStartElement(prefix, Constants.BOOTSTRAP_POLICY.getLocalPart(), namespaceURI);
+ bootstrapPolicy.serialize(writer);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+ }
+
+ // </sp:SecureConversationToken>
+ writer.writeEndElement();
+ }
+
+ /**
+ * @return Returns the issuerEpr.
+ */
+ public OMElement getIssuerEpr() {
+ return issuerEpr;
+ }
+
+ /**
+ * @param issuerEpr
+ * The issuerEpr to set.
+ */
+ public void setIssuerEpr(OMElement issuerEpr) {
+ this.issuerEpr = issuerEpr;
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
new file mode 100644
index 0000000..978d525
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SecurityContextToken.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+/**
+ * Model class of SecurityContextToken assertion
+ */
+public class SecurityContextToken extends Token {
+
+ boolean requireExternalUriRef;
+
+ boolean sc10SecurityContextToken;
+
+ /**
+ * @return Returns the requireExternalUriRef.
+ */
+ public boolean isRequireExternalUriRef() {
+ return requireExternalUriRef;
+ }
+
+ /**
+ * @param requireExternalUriRef The requireExternalUriRef to set.
+ */
+ public void setRequireExternalUriRef(boolean requireExternalUriRef) {
+ this.requireExternalUriRef = requireExternalUriRef;
+ }
+
+ /**
+ * @return Returns the sc10SecurityContextToken.
+ */
+ public boolean isSc10SecurityContextToken() {
+ return sc10SecurityContextToken;
+ }
+
+ /**
+ * @param sc10SecurityContextToken The sc10SecurityContextToken to set.
+ */
+ public void setSc10SecurityContextToken(boolean sc10SecurityContextToken) {
+ this.sc10SecurityContextToken = sc10SecurityContextToken;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return Constants.SECURITY_CONTEXT_TOKEN;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#normalize()
+ */
+ public PolicyComponent normalize() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.PolicyComponent#serialize(javax.xml.stream.XMLStreamWriter)
+ */
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
new file mode 100644
index 0000000..257d9b1
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignatureToken.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+
+public class SignatureToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token signatureToken;
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public Token getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(Token signatureToken) {
+ this.signatureToken = signatureToken;
+ }
+
+ public void setToken(Token tok) {
+ this.setSignatureToken(tok);
+ }
+
+ public QName getName() {
+ return Constants.SIGNATURE_TOKEN;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.SIGNATURE_TOKEN.getLocalPart();
+ String namespaceURI = Constants.SIGNATURE_TOKEN.getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.SIGNATURE_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SignatureToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String wspNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, wspNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, Constants.POLICY.getLocalPart(), wspNamespaceURI);
+
+ if (wspWriterPrefix == null) {
+ // xmlns:wsp=".."
+ writer.writeNamespace(wspPrefix, wspNamespaceURI);
+ }
+
+ if (signatureToken == null) {
+ throw new RuntimeException("EncryptionToken is not set");
+ }
+
+ signatureToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:SignatureToken>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
new file mode 100644
index 0000000..191d655
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedElements.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SignedEncryptedElements extends AbstractSecurityAssertion {
+
+ private ArrayList xPathExpressions = new ArrayList();
+
+ private String xPathVersion;
+
+ /**
+ * Just a flag to identify whether this holds sign element info or encr
+ * elements info
+ */
+ private boolean signedElemets;
+
+ public SignedEncryptedElements(boolean signedElements) {
+ this.signedElemets = signedElements;
+ }
+
+ /**
+ * @return Returns the xPathExpressions.
+ */
+ public ArrayList getXPathExpressions() {
+ return xPathExpressions;
+ }
+
+ public void addXPathExpression(String expr) {
+ this.xPathExpressions.add(expr);
+ }
+
+ /**
+ * @return Returns the xPathVersion.
+ */
+ public String getXPathVersion() {
+ return xPathVersion;
+ }
+
+ /**
+ * @param pathVersion
+ * The xPathVersion to set.
+ */
+ public void setXPathVersion(String pathVersion) {
+ xPathVersion = pathVersion;
+ }
+
+ /**
+ * @return Returns the signedElemets.
+ */
+ public boolean isSignedElemets() {
+ return signedElemets;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SignedElements> | <sp:EncryptedElements>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+ if (xPathVersion != null) {
+ writer.writeAttribute(prefix, namespaceURI,
+ Constants.ATTR_XPATH_VERSION.getLocalPart(), xPathVersion);
+ }
+
+ String xpathExpression;
+
+ for (Iterator iterator = xPathExpressions.iterator(); iterator
+ .hasNext();) {
+ xpathExpression = (String) iterator.next();
+ // <sp:XPath ..>
+ writer.writeStartElement(prefix, Constants.XPATH_.getLocalPart(),
+ namespaceURI);
+ writer.writeCharacters(xpathExpression);
+ writer.writeEndElement();
+ }
+
+ // </sp:SignedElements> | </sp:EncryptedElements>
+ writer.writeEndElement();
+ }
+
+ public QName getName() {
+ if (signedElemets) {
+ return Constants.SIGNED_ELEMENTS;
+ }
+
+ return Constants.ENCRYPTED_ELEMENTS;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
new file mode 100644
index 0000000..65f7501
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SignedEncryptedParts.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SignedEncryptedParts extends AbstractSecurityAssertion {
+
+ private boolean body;
+
+ private ArrayList headers = new ArrayList();
+
+ private boolean signedParts;
+
+ public SignedEncryptedParts(boolean signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ /**
+ * @return Returns the body.
+ */
+ public boolean isBody() {
+ return body;
+ }
+
+ /**
+ * @param body The body to set.
+ */
+ public void setBody(boolean body) {
+ this.body = body;
+ }
+
+ /**
+ * @return Returns the headers.
+ */
+ public ArrayList getHeaders() {
+ return this.headers;
+ }
+
+ /**
+ * @param headers The headers to set.
+ */
+ public void addHeader(Header header) {
+ this.headers.add(header);
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public boolean isSignedParts() {
+ return signedParts;
+ }
+
+ public QName getName() {
+ if (signedParts) {
+ return Constants.SIGNED_PARTS;
+ }
+ return Constants.ENCRYPTED_PARTS;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = getName().getLocalPart();
+ String namespaceURI = getName().getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = getName().getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:SignedParts> | <sp:EncryptedParts>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ if (isBody()) {
+ // <sp:Body />
+ // FIXME : move 'Body' to Constants
+ writer.writeStartElement(prefix, "Body", namespaceURI);
+ writer.writeEndElement();
+ }
+
+ Header header;
+ for (Iterator iterator = headers.iterator(); iterator.hasNext();) {
+ header = (Header) iterator.next();
+ // <sp:Header Name=".." Namespace=".." />
+ // FIXME move 'Header' to Constants
+ writer.writeStartElement(prefix, "Header", namespaceURI);
+
+ writer.writeAttribute("Name", header.getName());
+ writer.writeAttribute("Namespace", header.getNamespace());
+
+ writer.writeEndElement();
+ }
+
+ // </sp:SignedParts> | </sp:EncryptedParts>
+ writer.writeEndElement();
+ }
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
new file mode 100644
index 0000000..66ef9fd
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SupportingToken.java
@@ -0,0 +1,265 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SupportingToken extends AbstractSecurityAssertion implements
+ AlgorithmWrapper, TokenWrapper {
+
+ /**
+ * Type of SupportingToken
+ *
+ * @see SupportingToken#SUPPORTING
+ * @see SupportingToken#ENDORSING
+ * @see SupportingToken#SIGNED
+ * @see SupportingToken#SIGNED_ENDORSING
+ */
+ private int type;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private ArrayList tokens = new ArrayList();
+
+ private SignedEncryptedElements signedElements;
+
+ private SignedEncryptedElements encryptedElements;
+
+ private SignedEncryptedParts signedParts;
+
+ private SignedEncryptedParts encryptedParts;
+
+ public SupportingToken(int type) {
+ this.type = type;
+ }
+
+ /**
+ * @return Returns the algorithmSuite.
+ */
+ public AlgorithmSuite getAlgorithmSuite() {
+ return algorithmSuite;
+ }
+
+ /**
+ * @param algorithmSuite
+ * The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @return Returns the token.
+ */
+ public ArrayList getTokens() {
+ return tokens;
+ }
+
+ /**
+ * @param token
+ * The token to set.
+ */
+ public void addToken(Token token) {
+ this.tokens.add(token);
+ }
+
+ /**
+ * @return Returns the type.
+ */
+ public int getTokenType() {
+ return type;
+ }
+
+ /**
+ * @param type
+ * The type to set.
+ */
+ public void setTokenType(int type) {
+ this.type = type;
+ }
+
+ /**
+ * @return Returns the encryptedElements.
+ */
+ public SignedEncryptedElements getEncryptedElements() {
+ return encryptedElements;
+ }
+
+ /**
+ * @param encryptedElements
+ * The encryptedElements to set.
+ */
+ public void setEncryptedElements(SignedEncryptedElements encryptedElements) {
+ this.encryptedElements = encryptedElements;
+ }
+
+ /**
+ * @return Returns the encryptedParts.
+ */
+ public SignedEncryptedParts getEncryptedParts() {
+ return encryptedParts;
+ }
+
+ /**
+ * @param encryptedParts
+ * The encryptedParts to set.
+ */
+ public void setEncryptedParts(SignedEncryptedParts encryptedParts) {
+ this.encryptedParts = encryptedParts;
+ }
+
+ /**
+ * @return Returns the signedElements.
+ */
+ public SignedEncryptedElements getSignedElements() {
+ return signedElements;
+ }
+
+ /**
+ * @param signedElements
+ * The signedElements to set.
+ */
+ public void setSignedElements(SignedEncryptedElements signedElements) {
+ this.signedElements = signedElements;
+ }
+
+ /**
+ * @return Returns the signedParts.
+ */
+ public SignedEncryptedParts getSignedParts() {
+ return signedParts;
+ }
+
+ /**
+ * @param signedParts
+ * The signedParts to set.
+ */
+ public void setSignedParts(SignedEncryptedParts signedParts) {
+ this.signedParts = signedParts;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.ws.security.policy.TokenWrapper#setToken(org.apache.ws.security.policy.Token)
+ */
+ public void setToken(Token tok) {
+ this.addToken(tok);
+ }
+
+ public QName getName() {
+ switch (type) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ return Constants.SUPPORIING_TOKENS;
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ return Constants.SIGNED_SUPPORTING_TOKENS;
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ return Constants.ENDORSING_SUPPORTING_TOKENS;
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ return Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS;
+ default:
+ return null;
+ }
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String namespaceURI = Constants.SUPPORIING_TOKENS.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.SUPPORIING_TOKENS.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ String localname = null;
+
+ switch (getTokenType()) {
+ case Constants.SUPPORTING_TOKEN_SUPPORTING:
+ localname = Constants.SUPPORIING_TOKENS.getLocalPart();
+ break;
+ case Constants.SUPPORTING_TOKEN_SIGNED:
+ localname = Constants.SIGNED_SUPPORTING_TOKENS.getLocalPart();
+ break;
+ case Constants.SUPPORTING_TOKEN_ENDORSING:
+ localname = Constants.ENDORSING_SUPPORTING_TOKENS.getLocalPart();
+ break;
+ case Constants.SUPPORTING_TOKEN_SIGNED_ENDORSING:
+ localname = Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS
+ .getLocalPart();
+ break;
+ default:
+ throw new RuntimeException("Invalid SupportingTokenType");
+ }
+
+ // <sp:SupportingToken>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(),
+ Constants.POLICY.getNamespaceURI());
+
+ Token token;
+ for (Iterator iterator = getTokens().iterator(); iterator.hasNext();) {
+ // [Token Assertion] +
+ token = (Token) iterator.next();
+ token.serialize(writer);
+ }
+
+
+ if (signedParts != null) {
+ signedParts.serialize(writer);
+
+ } else if (signedElements != null) {
+ signedElements.serialize(writer);
+
+ } else if (encryptedParts != null) {
+ encryptedParts.serialize(writer);
+
+ } else if (encryptedElements != null) {
+ encryptedElements.serialize(writer);
+ }
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ writer.writeEndElement();
+ // </sp:SupportingToken>
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
new file mode 100644
index 0000000..7b5fba5
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricAsymmetricBindingBase.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.ws.secpolicy.Constants;
+
+public abstract class SymmetricAsymmetricBindingBase extends Binding {
+
+ private String protectionOrder = Constants.SIGN_BEFORE_ENCRYPTING;
+
+ private boolean signatureProtection;
+
+ private boolean tokenProtection;
+
+ private boolean entireHeadersAndBodySignatures;
+
+ /**
+ * @return Returns the entireHeaderAndBodySignatures.
+ */
+ public boolean isEntireHeadersAndBodySignatures() {
+ return entireHeadersAndBodySignatures;
+ }
+
+ /**
+ * @param entireHeaderAndBodySignatures The entireHeaderAndBodySignatures to set.
+ */
+ public void setEntireHeadersAndBodySignatures(
+ boolean entireHeaderAndBodySignatures) {
+ this.entireHeadersAndBodySignatures = entireHeaderAndBodySignatures;
+ }
+
+ /**
+ * @return Returns the protectionOrder.
+ */
+ public String getProtectionOrder() {
+ return protectionOrder;
+ }
+
+ /**
+ * @param protectionOrder The protectionOrder to set.
+ */
+ public void setProtectionOrder(String protectionOrder) {
+ if(Constants.ENCRYPT_BEFORE_SIGNING.equals(protectionOrder) ||
+ Constants.SIGN_BEFORE_ENCRYPTING.equals(protectionOrder)) {
+ this.protectionOrder = protectionOrder;
+ } else {
+// throw new WSSPolicyException("Incorrect protection order value : "
+// + protectionOrder);
+ }
+ }
+
+ /**
+ * @return Returns the signatureProtection.
+ */
+ public boolean isSignatureProtection() {
+ return signatureProtection;
+ }
+
+ /**
+ * @param signatureProtection The signatureProtection to set.
+ */
+ public void setSignatureProtection(boolean signatureProtection) {
+ this.signatureProtection = signatureProtection;
+ }
+
+ /**
+ * @return Returns the tokenProtection.
+ */
+ public boolean isTokenProtection() {
+ return tokenProtection;
+ }
+
+ /**
+ * @param tokenProtection The tokenProtection to set.
+ */
+ public void setTokenProtection(boolean tokenProtection) {
+ this.tokenProtection = tokenProtection;
+ }
+
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
new file mode 100644
index 0000000..1d39db2
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/SymmetricBinding.java
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class SymmetricBinding extends SymmetricAsymmetricBindingBase {
+
+ private EncryptionToken encryptionToken;
+
+ private SignatureToken signatureToken;
+
+ private ProtectionToken protectionToken;
+
+ /**
+ * @return Returns the encryptionToken.
+ */
+ public EncryptionToken getEncryptionToken() {
+ return encryptionToken;
+ }
+
+ /**
+ * @param encryptionToken The encryptionToken to set.
+ */
+ public void setEncryptionToken(EncryptionToken encryptionToken) {
+ if(this.protectionToken != null) {
+// throw new WSSPolicyException("Cannot use an EncryptionToken in a " +
+// "SymmetricBinding when there is a ProtectionToken");
+ }
+ this.encryptionToken = encryptionToken;
+ }
+
+ /**
+ * @return Returns the protectionToken.
+ */
+ public ProtectionToken getProtectionToken() {
+ return protectionToken;
+ }
+
+ /**
+ * @param protectionToken The protectionToken to set.
+ */
+ public void setProtectionToken(ProtectionToken protectionToken) {
+ if(this.encryptionToken != null || this.signatureToken != null) {
+// throw new WSSPolicyException("Cannot use a ProtectionToken in a " +
+// "SymmetricBinding when there is a SignatureToken or an" +
+// "EncryptionToken");
+ }
+ this.protectionToken = protectionToken;
+ }
+
+ /**
+ * @return Returns the signatureToken.
+ */
+ public SignatureToken getSignatureToken() {
+ return signatureToken;
+ }
+
+ /**
+ * @param signatureToken The signatureToken to set.
+ */
+ public void setSignatureToken(SignatureToken signatureToken) {
+ if(this.protectionToken != null) {
+// throw new WSSPolicyException("Cannot use a SignatureToken in a " +
+// "SymmetricBinding when there is a ProtectionToken");
+ }
+ this.signatureToken = signatureToken;
+ }
+
+ public QName getName() {
+ return Constants.SYMMETRIC_BINDING;
+ }
+
+ public PolicyComponent normalize() {
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configurations = algorithmSuite.getConfigurations();
+
+ if (configurations == null && configurations.size() == 1) {
+ setNormalized(true);
+ return this;
+ }
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ All wrapper;
+ SymmetricBinding symmetricBinding;
+
+ for (Iterator iterator = configurations.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ symmetricBinding = new SymmetricBinding();
+
+ algorithmSuite = (AlgorithmSuite) iterator.next();
+ symmetricBinding.setAlgorithmSuite(algorithmSuite);
+
+ symmetricBinding.setEncryptionToken(getEncryptionToken());
+ symmetricBinding.setEntireHeadersAndBodySignatures(isEntireHeadersAndBodySignatures());
+ symmetricBinding.setIncludeTimestamp(isIncludeTimestamp());
+ symmetricBinding.setLayout(getLayout());
+ symmetricBinding.setProtectionOrder(getProtectionOrder());
+ symmetricBinding.setProtectionToken(getProtectionToken());
+ symmetricBinding.setSignatureProtection(isSignatureProtection());
+ symmetricBinding.setSignatureToken(getSignatureToken());
+ symmetricBinding.setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ symmetricBinding.setSignedSupportingToken(getSignedSupportingToken());
+ symmetricBinding.setTokenProtection(isTokenProtection());
+
+ symmetricBinding.setNormalized(true);
+ wrapper.addPolicyComponent(symmetricBinding);
+ exactlyOne.addPolicyComponent(wrapper);
+ }
+
+ policy.addPolicyComponent(exactlyOne);
+ return policy;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.SYMMETRIC_BINDING.getLocalPart();
+ String namespaceURI = Constants.SYMMETRIC_BINDING.getNamespaceURI();
+
+ String prefix;
+ String writerPrefix = writer.getPrefix(namespaceURI);
+
+ if (writerPrefix == null) {
+ prefix = Constants.SYMMETRIC_BINDING.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ } else {
+ prefix = writerPrefix;
+ }
+
+ // <sp:SymmetricBinding>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ if (writerPrefix == null) {
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+ }
+
+
+ String policyLocalName = Constants.POLICY.getLocalPart();
+ String policyNamespaceURI = Constants.POLICY.getNamespaceURI();
+
+ String wspPrefix;
+
+ String wspWriterPrefix = writer.getPrefix(policyNamespaceURI);
+ if (wspWriterPrefix == null) {
+ wspPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(wspPrefix, policyNamespaceURI);
+
+ } else {
+ wspPrefix = wspWriterPrefix;
+ }
+ // <wsp:Policy>
+ writer.writeStartElement(wspPrefix, policyLocalName, policyNamespaceURI);
+
+ if (encryptionToken != null) {
+ encryptionToken.serialize(writer);
+
+ } else if ( protectionToken != null) {
+ protectionToken.serialize(writer);
+
+ } else {
+ throw new RuntimeException("Either EncryptionToken or ProtectionToken must be set");
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+
+ if (algorithmSuite == null) {
+ throw new RuntimeException("AlgorithmSuite must be set");
+ }
+ // <sp:AlgorithmSuite />
+ algorithmSuite.serialize(writer);
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout />
+ layout.serialize(writer);
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp />
+ writer.writeStartElement(prefix, Constants.INCLUDE_TIMESTAMP.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (Constants.ENCRYPT_BEFORE_SIGNING.equals(protectionToken)) {
+ // <sp:EncryptBeforeSigning />
+ writer.writeStartElement(prefix, Constants.ENCRYPT_BEFORE_SIGNING, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isSignatureProtection()) {
+ // <sp:EncryptSignature />
+ writer.writeStartElement(prefix, Constants.ENCRYPT_SIGNATURE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (protectionToken != null) {
+ protectionToken.serialize(writer);
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:SymmetricBinding>
+ writer.writeEndElement();
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
new file mode 100644
index 0000000..fb90cd4
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Token.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.ws.secpolicy.Constants;
+
+public abstract class Token extends AbstractSecurityAssertion {
+
+ /**
+ * Inclusion property of a TokenAssertion
+ */
+ private String inclusion = Constants.INCLUDE_ALWAYS;
+
+ /**
+ * Whether to derive keys or not
+ */
+ private boolean derivedKeys;
+
+ /**
+ * @return Returns the inclusion.
+ */
+ public String getInclusion() {
+ return inclusion;
+ }
+
+ /**
+ * @param inclusion The inclusion to set.
+ */
+ public void setInclusion(String inclusion) {
+ if(Constants.INCLUDE_ALWAYS.equals(inclusion) ||
+ Constants.INCLUDE_ALWAYS_TO_RECIPIENT.equals(inclusion) ||
+ Constants.INCLUDE_NEVER.equals(inclusion) ||
+ Constants.INCLUDE_ONCE.equals(inclusion)) {
+ this.inclusion = inclusion;
+ } else {
+// throw new WSSPolicyException("Incorrect inclusion value: " + inclusion);
+ }
+ }
+
+ /**
+ * @return Returns the derivedKeys.
+ */
+ public boolean isDerivedKeys() {
+ return derivedKeys;
+ }
+
+ /**
+ * @param derivedKeys The derivedKeys to set.
+ */
+ public void setDerivedKeys(boolean derivedKeys) {
+ this.derivedKeys = derivedKeys;
+ }
+
+}
\ No newline at end of file
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
new file mode 100644
index 0000000..1da62f7
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TokenWrapper.java
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+public interface TokenWrapper {
+
+ public void setToken(Token tok);
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
new file mode 100644
index 0000000..ffba0b3
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportBinding.java
@@ -0,0 +1,184 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.All;
+import org.apache.neethi.ExactlyOne;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class TransportBinding extends Binding {
+
+ private TransportToken transportToken;
+
+ private List transportBindings;
+
+ /**
+ * @return Returns the transportToken.
+ */
+ public TransportToken getTransportToken() {
+ return transportToken;
+ }
+
+ /**
+ * @param transportToken
+ * The transportToken to set.
+ */
+ public void setTransportToken(TransportToken transportToken) {
+ this.transportToken = transportToken;
+ }
+
+ public List getConfigurations() {
+ return transportBindings;
+ }
+
+ public TransportBinding getDefaultConfiguration() {
+ if (transportBindings != null) {
+ return (TransportBinding) transportBindings.get(0);
+ }
+ return null;
+ }
+
+ public void addConfiguration(TransportBinding transportBinding) {
+ if (transportBindings == null) {
+ transportBindings = new ArrayList();
+ }
+ transportBindings.add(transportBinding);
+ }
+
+ public QName getName() {
+ return Constants.TRANSPORT_BINDING;
+ }
+
+ public PolicyComponent normalize() {
+ if (isNormalized()) {
+ return this;
+ }
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ List configurations = algorithmSuite.getConfigurations();
+
+ if (configurations != null && configurations.size() == 1) {
+ setNormalized(true);
+ return this;
+ }
+
+ Policy policy = new Policy();
+ ExactlyOne exactlyOne = new ExactlyOne();
+
+ All wrapper;
+ TransportBinding transportBinding;
+
+ for (Iterator iterator = configurations.iterator(); iterator.hasNext();) {
+ wrapper = new All();
+ transportBinding = new TransportBinding();
+
+ algorithmSuite = (AlgorithmSuite) iterator.next();
+ transportBinding.setAlgorithmSuite(algorithmSuite);
+ transportBinding.setIncludeTimestamp(isIncludeTimestamp());
+ transportBinding.setLayout(getLayout());
+ transportBinding
+ .setSignedEndorsingSupportingTokens(getSignedEndorsingSupportingTokens());
+ transportBinding
+ .setSignedSupportingToken(getSignedSupportingToken());
+ transportBinding.setTransportToken(getTransportToken());
+
+ wrapper.addPolicyComponent(transportBinding);
+ exactlyOne.addPolicyComponent(wrapper);
+ }
+
+ policy.addPolicyComponent(exactlyOne);
+ return policy;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.TRANSPORT_BINDING.getLocalPart();
+ String namespaceURI = Constants.TRANSPORT_BINDING.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.TRANSPORT_BINDING.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:TransportBinding>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+
+ if (transportToken == null) {
+ // TODO more meaningful exception
+ throw new RuntimeException("no TransportToken found");
+ }
+
+ // <sp:TransportToken>
+ transportToken.serialize(writer);
+ // </sp:TransportToken>
+
+ AlgorithmSuite algorithmSuite = getAlgorithmSuite();
+ if (algorithmSuite == null) {
+ throw new RuntimeException("no AlgorithmSuite found");
+ }
+
+ // <sp:AlgorithmSuite>
+ algorithmSuite.serialize(writer);
+ // </sp:AlgorithmSuite>
+
+ Layout layout = getLayout();
+ if (layout != null) {
+ // <sp:Layout>
+ layout.serialize(writer);
+ // </sp:Layout>
+ }
+
+ if (isIncludeTimestamp()) {
+ // <sp:IncludeTimestamp>
+ writer.writeStartElement(Constants.INCLUDE_TIMESTAMP.getPrefix(),
+ Constants.INCLUDE_TIMESTAMP.getLocalPart(),
+ Constants.INCLUDE_TIMESTAMP.getNamespaceURI());
+ writer.writeEndElement();
+ // </sp:IncludeTimestamp>
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:TransportBinding>
+ writer.writeEndElement();
+
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
new file mode 100644
index 0000000..65fce43
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/TransportToken.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+
+public class TransportToken extends AbstractSecurityAssertion implements TokenWrapper {
+
+ private Token transportToken;
+
+ /**
+ * @return Returns the transportToken.
+ */
+ public Token getTransportToken() {
+ return transportToken;
+ }
+
+ public QName getName() {
+ return new QName(Constants.SP_NS, "TransportToken");
+ }
+
+ public boolean isOptional() {
+ throw new UnsupportedOperationException();
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localName = Constants.TRANSPORT_TOKEN.getLocalPart();
+ String namespaceURI = Constants.TRANSPORT_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:TransportToken>
+
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (wspPrefix == null) {
+ writer.setPrefix(wspPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ // serialization of the token ..
+ transportToken.serialize(writer);
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ writer.writeEndElement();
+ // </sp:TransportToken>
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.ws.secpolicy.model.TokenWrapper#setToken(org.apache.ws.secpolicy.model.Token)
+ */
+ public void setToken(Token tok) {
+ this.transportToken = tok;
+ }
+
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
new file mode 100644
index 0000000..ce6d9e2
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Trust10.java
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+/**
+ * Model bean to capture Trust10 assertion info
+ */
+public class Trust10 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportClientChallenge;
+ private boolean mustSupportServerChallenge;
+ private boolean requireClientEntropy;
+ private boolean requireServerEntropy;
+ private boolean mustSupportIssuedTokens;
+
+ /**
+ * @return Returns the mustSupportClientChallenge.
+ */
+ public boolean isMustSupportClientChallenge() {
+ return mustSupportClientChallenge;
+ }
+
+ /**
+ * @param mustSupportClientChallenge The mustSupportClientChallenge to set.
+ */
+ public void setMustSupportClientChallenge(boolean mustSupportClientChallenge) {
+ this.mustSupportClientChallenge = mustSupportClientChallenge;
+ }
+
+ /**
+ * @return Returns the mustSupportIssuedTokens.
+ */
+ public boolean isMustSupportIssuedTokens() {
+ return mustSupportIssuedTokens;
+ }
+
+ /**
+ * @param mustSupportIssuedTokens The mustSupportIssuedTokens to set.
+ */
+ public void setMustSupportIssuedTokens(boolean mustSupportIssuedTokens) {
+ this.mustSupportIssuedTokens = mustSupportIssuedTokens;
+ }
+
+ /**
+ * @return Returns the mustSupportServerChallenge.
+ */
+ public boolean isMustSupportServerChallenge() {
+ return mustSupportServerChallenge;
+ }
+
+ /**
+ * @param mustSupportServerChallenge The mustSupportServerChallenge to set.
+ */
+ public void setMustSupportServerChallenge(boolean mustSupportServerChallenge) {
+ this.mustSupportServerChallenge = mustSupportServerChallenge;
+ }
+
+ /**
+ * @return Returns the requireClientEntropy.
+ */
+ public boolean isRequireClientEntropy() {
+ return requireClientEntropy;
+ }
+
+ /**
+ * @param requireClientEntropy The requireClientEntropy to set.
+ */
+ public void setRequireClientEntropy(boolean requireClientEntropy) {
+ this.requireClientEntropy = requireClientEntropy;
+ }
+
+ /**
+ * @return Returns the requireServerEntropy.
+ */
+ public boolean isRequireServerEntropy() {
+ return requireServerEntropy;
+ }
+
+ /**
+ * @param requireServerEntropy The requireServerEntropy to set.
+ */
+ public void setRequireServerEntropy(boolean requireServerEntropy) {
+ this.requireServerEntropy = requireServerEntropy;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#getName()
+ */
+ public QName getName() {
+ return Constants.TRUST_10;
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.neethi.Assertion#isOptional()
+ */
+ public boolean isOptional() {
+ // TODO TODO Sanka
+ throw new UnsupportedOperationException("TODO Sanka");
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+
+ String localname = Constants.TRUST_10.getLocalPart();
+ String namespaceURI = Constants.TRUST_10.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.TRUST_10.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Trust10>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String wspPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (wspPrefix == null) {
+ writer.setPrefix(wspPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(Constants.POLICY.getPrefix(), Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ if (isMustSupportClientChallenge()) {
+ // <sp:MustSupportClientChallenge />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_CLIENT_CHALLENGE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportServerChallenge()) {
+ // <sp:MustSupportServerChallenge />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_SERVER_CHALLENGE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireClientEntropy()) {
+ // <sp:RequireClientEntropy />
+ writer.writeStartElement(prefix, Constants.REQUIRE_CLIENT_ENTROPY.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+
+ if (isRequireServerEntropy()) {
+ // <sp:RequireServerEntropy />
+ writer.writeStartElement(prefix, Constants.REQUIRE_SERVER_ENTROPY.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportIssuedTokens()) {
+ // <sp:MustSupportIssuedTokens />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_ISSUED_TOKENS.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+
+ // </sp:Trust10>
+ writer.writeEndElement();
+
+
+
+
+ }
+
+ public short getType() {
+ return org.apache.neethi.Constants.TYPE_ASSERTION;
+ }
+
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
new file mode 100644
index 0000000..56318cd
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/UsernameToken.java
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class UsernameToken extends Token {
+
+ private boolean useUTProfile10 = false;
+
+ private boolean useUTProfile11 = false;
+
+ /**
+ * @return Returns the useUTProfile11.
+ */
+ public boolean isUseUTProfile11() {
+ return useUTProfile11;
+ }
+
+ /**
+ * @param useUTProfile11
+ * The useUTProfile11 to set.
+ */
+ public void setUseUTProfile11(boolean useUTProfile11) {
+ this.useUTProfile11 = useUTProfile11;
+ }
+
+ public boolean isUseUTProfile10() {
+ return useUTProfile10;
+ }
+
+ public void setUseUTProfile10(boolean useUTProfile10) {
+ this.useUTProfile10 = useUTProfile10;
+ }
+
+ public QName getName() {
+ return Constants.USERNAME_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.USERNAME_TOKEN.getLocalPart();
+ String namespaceURI = Constants.USERNAME_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.USERNAME_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:UsernameToken
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String inclusion = getInclusion();
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, Constants.INCLUDE_TOKEN
+ .getLocalPart(), inclusion);
+ }
+
+ if (isUseUTProfile10() || isUseUTProfile11()) {
+ String pPrefix = writer.getPrefix(Constants.POLICY
+ .getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(Constants.POLICY.getPrefix(), Constants.POLICY
+ .getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, Constants.POLICY.getLocalPart(),
+ Constants.POLICY.getNamespaceURI());
+
+ // CHECKME
+ if (isUseUTProfile10()) {
+ // <sp:WssUsernameToken10 />
+ writer.writeStartElement(prefix, Constants.WSS_USERNAME_TOKEN10
+ .getLocalPart(), namespaceURI);
+ } else {
+ // <sp:WssUsernameToken11 />
+ writer.writeStartElement(prefix, Constants.WSS_USERNAME_TOKEN11
+ .getLocalPart(), namespaceURI);
+ }
+ writer.writeEndElement();
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ }
+
+ writer.writeEndElement();
+ // </sp:UsernameToken>
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
new file mode 100644
index 0000000..43fbcc9
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss10.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class Wss10 extends AbstractSecurityAssertion {
+
+ private boolean mustSupportRefKeyIdentifier;
+ private boolean MustSupportRefIssuerSerial;
+ private boolean MustSupportRefExternalURI;
+ private boolean MustSupportRefEmbeddedToken;
+
+ /**
+ * @return Returns the mustSupportRefEmbeddedToken.
+ */
+ public boolean isMustSupportRefEmbeddedToken() {
+ return MustSupportRefEmbeddedToken;
+ }
+ /**
+ * @param mustSupportRefEmbeddedToken The mustSupportRefEmbeddedToken to set.
+ */
+ public void setMustSupportRefEmbeddedToken(boolean mustSupportRefEmbeddedToken) {
+ MustSupportRefEmbeddedToken = mustSupportRefEmbeddedToken;
+ }
+ /**
+ * @return Returns the mustSupportRefExternalURI.
+ */
+ public boolean isMustSupportRefExternalURI() {
+ return MustSupportRefExternalURI;
+ }
+ /**
+ * @param mustSupportRefExternalURI The mustSupportRefExternalURI to set.
+ */
+ public void setMustSupportRefExternalURI(boolean mustSupportRefExternalURI) {
+ MustSupportRefExternalURI = mustSupportRefExternalURI;
+ }
+ /**
+ * @return Returns the mustSupportRefIssuerSerial.
+ */
+ public boolean isMustSupportRefIssuerSerial() {
+ return MustSupportRefIssuerSerial;
+ }
+ /**
+ * @param mustSupportRefIssuerSerial The mustSupportRefIssuerSerial to set.
+ */
+ public void setMustSupportRefIssuerSerial(boolean mustSupportRefIssuerSerial) {
+ MustSupportRefIssuerSerial = mustSupportRefIssuerSerial;
+ }
+ /**
+ * @return Returns the mustSupportRefKeyIdentifier.
+ */
+ public boolean isMustSupportRefKeyIdentifier() {
+ return mustSupportRefKeyIdentifier;
+ }
+ /**
+ * @param mustSupportRefKeyIdentifier The mustSupportRefKeyIdentifier to set.
+ */
+ public void setMustSupportRefKeyIdentifier(boolean mustSupportRefKeyIdentifier) {
+ this.mustSupportRefKeyIdentifier = mustSupportRefKeyIdentifier;
+ }
+
+ public QName getName() {
+ return Constants.WSS10;
+ }
+
+ public PolicyComponent normalize() {
+ return this;
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.WSS10.getLocalPart();
+ String namespaceURI = Constants.WSS10.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.WSS10.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Wss10>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(Constants.POLICY.getPrefix(), Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ if (isMustSupportRefKeyIdentifier()) {
+ // <sp:MustSupportRefKeyIdentifier />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefIssuerSerial()) {
+ // <sp:MustSupportRefIssuerSerial />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefExternalURI()) {
+ // <sp:MustSupportRefExternalURI />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EXTERNAL_URI.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEmbeddedToken()) {
+ // <sp:MustSupportRefEmbeddedToken />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+
+
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Wss10>
+ writer.writeEndElement();
+
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
new file mode 100644
index 0000000..e64042d
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/Wss11.java
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.ws.secpolicy.Constants;
+
+public class Wss11 extends Wss10 {
+
+ private boolean MustSupportRefThumbprint;
+ private boolean MustSupportRefEncryptedKey;
+ private boolean RequireSignatureConfirmation;
+
+ /**
+ * @return Returns the mustSupportRefEncryptedKey.
+ */
+ public boolean isMustSupportRefEncryptedKey() {
+ return MustSupportRefEncryptedKey;
+ }
+ /**
+ * @param mustSupportRefEncryptedKey The mustSupportRefEncryptedKey to set.
+ */
+ public void setMustSupportRefEncryptedKey(boolean mustSupportRefEncryptedKey) {
+ MustSupportRefEncryptedKey = mustSupportRefEncryptedKey;
+ }
+ /**
+ * @return Returns the mustSupportRefThumbprint.
+ */
+ public boolean isMustSupportRefThumbprint() {
+ return MustSupportRefThumbprint;
+ }
+ /**
+ * @param mustSupportRefThumbprint The mustSupportRefThumbprint to set.
+ */
+ public void setMustSupportRefThumbprint(boolean mustSupportRefThumbprint) {
+ MustSupportRefThumbprint = mustSupportRefThumbprint;
+ }
+ /**
+ * @return Returns the requireSignatureConfirmation.
+ */
+ public boolean isRequireSignatureConfirmation() {
+ return RequireSignatureConfirmation;
+ }
+ /**
+ * @param requireSignatureConfirmation The requireSignatureConfirmation to set.
+ */
+ public void setRequireSignatureConfirmation(boolean requireSignatureConfirmation) {
+ RequireSignatureConfirmation = requireSignatureConfirmation;
+ }
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localname = Constants.WSS11.getLocalPart();
+ String namespaceURI = Constants.WSS11.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+ if (prefix == null) {
+ prefix = Constants.WSS11.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:Wss11>
+ writer.writeStartElement(prefix, localname, namespaceURI);
+
+ // xmlns:sp=".."
+ writer.writeNamespace(prefix, namespaceURI);
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ writer.setPrefix(Constants.POLICY.getPrefix(), Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(prefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ // <sp:MustSupportRefKeyIndentifier />
+ if (isMustSupportRefKeyIdentifier()) {
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_KEY_IDENTIFIER.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefIssuerSerial()) {
+ // <sp:MustSupportRefIssuerSerial />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_ISSUER_SERIAL.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefExternalURI()) {
+ // <sp:MustSupportRefExternalURI />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EXTERNAL_URI.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEmbeddedToken()) {
+ // <sp:MustSupportRefEmbeddedToken />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_EMBEDDED_TOKEN.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefThumbprint()) {
+ // <sp:MustSupportRefThumbprint />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_THUMBPRINT.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isMustSupportRefEncryptedKey()) {
+ // <sp:MustSupportRefEncryptedKey />
+ writer.writeStartElement(prefix, Constants.MUST_SUPPORT_REF_ENCRYPTED_KEY.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireSignatureConfirmation()) {
+ // <sp:RequireSignatureConfirmation />
+ writer.writeStartElement(prefix, Constants.REQUIRE_SIGNATURE_CONFIRMATION.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:Wss11>
+ writer.writeEndElement();
+ }
+}
diff --git a/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
new file mode 100644
index 0000000..753bfb1
--- /dev/null
+++ b/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/X509Token.java
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.neethi.PolicyComponent;
+import org.apache.ws.secpolicy.Constants;
+
+public class X509Token extends Token {
+
+ private boolean requireKeyIdentifierReference;
+
+ private boolean requireIssuerSerialReference;
+
+ private boolean requireEmbeddedTokenReference;
+
+ private boolean requireThumbprintReference;
+
+ private String tokenVersionAndType;
+
+ /**
+ * @return Returns the requireEmbeddedTokenReference.
+ */
+ public boolean isRequireEmbeddedTokenReference() {
+ return requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @param requireEmbeddedTokenReference The requireEmbeddedTokenReference to set.
+ */
+ public void setRequireEmbeddedTokenReference(
+ boolean requireEmbeddedTokenReference) {
+ this.requireEmbeddedTokenReference = requireEmbeddedTokenReference;
+ }
+
+ /**
+ * @return Returns the requireIssuerSerialReference.
+ */
+ public boolean isRequireIssuerSerialReference() {
+ return requireIssuerSerialReference;
+ }
+
+ /**
+ * @param requireIssuerSerialReference The requireIssuerSerialReference to set.
+ */
+ public void setRequireIssuerSerialReference(boolean requireIssuerSerialReference) {
+ this.requireIssuerSerialReference = requireIssuerSerialReference;
+ }
+
+ /**
+ * @return Returns the requireKeyIdentifierReference.
+ */
+ public boolean isRequireKeyIdentifierReference() {
+ return requireKeyIdentifierReference;
+ }
+
+ /**
+ * @param requireKeyIdentifierReference The requireKeyIdentifierReference to set.
+ */
+ public void setRequireKeyIdentifierReference(
+ boolean requireKeyIdentifierReference) {
+ this.requireKeyIdentifierReference = requireKeyIdentifierReference;
+ }
+
+ /**
+ * @return Returns the requireThumbprintReference.
+ */
+ public boolean isRequireThumbprintReference() {
+ return requireThumbprintReference;
+ }
+
+ /**
+ * @param requireThumbprintReference The requireThumbprintReference to set.
+ */
+ public void setRequireThumbprintReference(boolean requireThumbprintReference) {
+ this.requireThumbprintReference = requireThumbprintReference;
+ }
+
+ /**
+ * @return Returns the tokenVersionAndType.
+ */
+ public String getTokenVersionAndType() {
+ return tokenVersionAndType;
+ }
+
+ /**
+ * @param tokenVersionAndType The tokenVersionAndType to set.
+ */
+ public void setTokenVersionAndType(String tokenVersionAndType) {
+ this.tokenVersionAndType = tokenVersionAndType;
+ }
+
+ public QName getName() {
+ return Constants.X509_TOKEN;
+ }
+
+ public PolicyComponent normalize() {
+ throw new UnsupportedOperationException();
+ }
+
+ public void serialize(XMLStreamWriter writer) throws XMLStreamException {
+ String localName = Constants.X509_TOKEN.getLocalPart();
+ String namespaceURI = Constants.X509_TOKEN.getNamespaceURI();
+
+ String prefix = writer.getPrefix(namespaceURI);
+
+ if (prefix == null) {
+ prefix = Constants.X509_TOKEN.getPrefix();
+ writer.setPrefix(prefix, namespaceURI);
+ }
+
+ // <sp:X509Token>
+ writer.writeStartElement(prefix, localName, namespaceURI);
+
+ String inclusion = getInclusion();
+
+ if (inclusion != null) {
+ writer.writeAttribute(prefix, namespaceURI, Constants.INCLUDE_TOKEN
+ .getLocalPart(), inclusion);
+ }
+
+
+ String pPrefix = writer.getPrefix(Constants.POLICY.getNamespaceURI());
+ if (pPrefix == null) {
+ pPrefix = Constants.POLICY.getPrefix();
+ writer.setPrefix(pPrefix, Constants.POLICY.getNamespaceURI());
+ }
+
+ // <wsp:Policy>
+ writer.writeStartElement(pPrefix, Constants.POLICY.getLocalPart(), Constants.POLICY.getNamespaceURI());
+
+ if (isRequireKeyIdentifierReference()) {
+ // <sp:RequireKeyIdentifierReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_KEY_IDENTIFIRE_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireIssuerSerialReference()) {
+ // <sp:RequireIssuerSerialReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_ISSUER_SERIAL_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireEmbeddedTokenReference()) {
+ // <sp:RequireEmbeddedTokenReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_EMBEDDED_TOKEN_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (isRequireThumbprintReference()) {
+ // <sp:RequireThumbprintReference />
+ writer.writeStartElement(prefix, Constants.REQUIRE_THUMBPRINT_REFERENCE.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if (tokenVersionAndType != null) {
+ // <sp:WssX509V1Token10 /> | ..
+ writer.writeStartElement(prefix, tokenVersionAndType, namespaceURI);
+ writer.writeEndElement();
+ }
+
+ if(isDerivedKeys()) {
+ // <sp:RequireDerivedKeys/>
+ writer.writeStartElement(prefix, Constants.REQUIRE_DERIVED_KEYS.getLocalPart(), namespaceURI);
+ writer.writeEndElement();
+ }
+
+ // </wsp:Policy>
+ writer.writeEndElement();
+
+ // </sp:X509Token>
+ writer.writeEndElement();
+ }
+
+}
diff --git a/modules/rampart-samples/README.txt b/modules/rampart-samples/README.txt
new file mode 100644
index 0000000..ce5e119
--- /dev/null
+++ b/modules/rampart-samples/README.txt
@@ -0,0 +1,17 @@
+********************************************************************************
+**************************** Apache Rampart Samples ****************************
+********************************************************************************
+
+This directory contains three sub directories:
+
+ - basic - A set of samples that uses basic rampart configuration using
+ parameters
+
+ - policy - A set of samples that uses rampart with WS-SecurityPolicy
+
+ - keys - The keystore files that contains the keys used by the samples
+
+Please use Apache Ant with the build.xml file available here to copy all jars
+and mars to required places.
+
+ - Please copy log4j.jar to AXIS2_HOME/lib directory before trying out samples.
diff --git a/modules/rampart-samples/basic/README.txt b/modules/rampart-samples/basic/README.txt
new file mode 100644
index 0000000..18f66b1
--- /dev/null
+++ b/modules/rampart-samples/basic/README.txt
@@ -0,0 +1,44 @@
+********************************************************************************
+**************************** Apache Rampart Samples ****************************
+********************************************************************************
+
+This is a set of Apache Rampart samples which uses configuraiton parameters
+to configure rampart.
+
+Each "sampleX" directory contains :
+
+ - client.axis2.xml - Client configuration
+ - services.xml - Service configuration
+ - src - Source of the sample
+ - README.txt - you have to read this :-)
+
+We use two parameters named "InflowSecurity" and "OutflowSecurity" within
+these files to configure rampart.
+
+01.) Rampart Engaged and no configuration
+02.) UsernameToken authentication
+03.) UsernameToken authentication with a plain text password
+04.) Message integrity and non-repudiation with signature
+05.) Encryption
+06.) Sign and encrypt a messages
+07.) Encrypt and sign messages
+08.) Signing twice
+09.) Encryption with a key known to both parties
+10.) MTOM Optimizing base64 content in the secured message
+11.) Dynamic configuration : Get rid of the config files ... let's use code!
+
+You can use the ant build script provided here to run these samples.
+
+Exmaple: Running sample - 01
+ - Start two shell instnaces and change to the directory where this file is
+ - To start the service:
+ $ ant service.01
+ - To run client:
+ $ ant client.01
+
+--------------------------------------------------------------------------------
+NOTE: To view the messages exchanged
+ - Change the "client.port" property in the "build.xml" to an available port
+ E.g. : <property name="client.port" value="9080"/>
+ - Setup tcpmon (http://ws.apache.org/commons/tcpmon/) to listen on the above
+ port and to point to port 8080 (value of the service.port property)
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/build.xml b/modules/rampart-samples/basic/build.xml
new file mode 100644
index 0000000..4192f0b
--- /dev/null
+++ b/modules/rampart-samples/basic/build.xml
@@ -0,0 +1,259 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="clean">
+
+ <property name="service.repos.dir" value="build/service_repositories"/>
+ <property name="client.repos.dir" value="build/client_repositories"/>
+ <property name="temp.dir" value="build/temp"/>
+ <property name="keys.dir" value="../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.3.mar"/>
+ <property name="rampart.mar" value="rampart-1.3.mar"/>
+
+ <property name="client.port" value="8080"/>
+ <property name="server.port" value="8080"/>
+
+ <property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Sample Service 01 -->
+ <target name="service.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="01"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="01"/>
+ </target>
+
+ <!-- Sample Service 02 -->
+ <target name="service.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="02"/>
+ </target>
+
+ <!-- Sample Client 02 -->
+ <target name="client.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="02"/>
+ </target>
+
+ <!-- Sample Service 03 -->
+ <target name="service.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="03"/>
+ </target>
+
+ <!-- Sample Client 03 -->
+ <target name="client.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="03"/>
+ </target>
+
+ <!-- Sample Service 04 -->
+ <target name="service.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="04"/>
+ </target>
+
+ <!-- Sample Client 04 -->
+ <target name="client.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="04"/>
+ </target>
+
+ <!-- Sample Service 05 -->
+ <target name="service.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="05"/>
+ </target>
+
+ <!-- Sample Client 05 -->
+ <target name="client.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="05"/>
+ </target>
+
+ <!-- Sample Service 06 -->
+ <target name="service.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="06"/>
+ </target>
+
+ <!-- Sample Client 06 -->
+ <target name="client.06" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="06"/>
+ </target>
+
+ <!-- Sample Service 07 -->
+ <target name="service.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="07"/>
+ </target>
+
+ <!-- Sample Client 07 -->
+ <target name="client.07" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="07"/>
+ </target>
+
+ <!-- Sample Service 08 -->
+ <target name="service.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="08"/>
+ </target>
+
+ <!-- Sample Client 08 -->
+ <target name="client.08" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="08"/>
+ </target>
+
+ <!-- Sample Service 09 -->
+ <target name="service.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="09"/>
+ </target>
+
+ <!-- Sample Client 09 -->
+ <target name="client.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="09"/>
+ </target>
+
+ <!-- Sample Service 10 -->
+ <target name="service.10" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="10"/>
+ </target>
+
+ <!-- Sample Client 10 -->
+ <target name="client.10" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="10"/>
+ </target>
+
+ <!-- Sample Service 11 -->
+ <target name="service.11" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="11"/>
+ </target>
+
+ <!-- Sample Client 11 -->
+ <target name="client.11" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="11"/>
+ </target>
+
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <macrodef name="create.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="create.and.run.client">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/conf"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- Copy axis2.xml file -->
+ <copy file="sample@{sample.number}/client.axis2.xml" tofile="${client.repos.dir}/sample@{sample.number}/conf/axis2.xml" overwrite="true"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Compile client -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
+ <copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
+
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.samples.sample@{sample.number}.Client" fork="true">
+ <arg value="${sample.services.url}/sample@{sample.number}"/>
+ <arg value="${client.repos.dir}/sample@{sample.number}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+
+<!-- <delete dir="${temp.client.dir}"/> -->
+ </sequential>
+ </macrodef>
+
+</project>
diff --git a/modules/rampart-samples/basic/sample01/README.txt b/modules/rampart-samples/basic/sample01/README.txt
new file mode 100644
index 0000000..a4c35f9
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/README.txt
@@ -0,0 +1,6 @@
+Rampart Engaged and no configuration
+
+This sample shows that Apache Rampart does not work on the messages when simply
+engagd without any configuration
+
+Note: <module ref="rampart"/> in both client.axis2.xml and services.xml
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample01/client.axis2.xml b/modules/rampart-samples/basic/sample01/client.axis2.xml
new file mode 100644
index 0000000..f16592e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/client.axis2.xml
@@ -0,0 +1,221 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample01/services.xml b/modules/rampart-samples/basic/sample01/services.xml
new file mode 100644
index 0000000..f76daf9
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/services.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : No Security-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample01.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+</service>
diff --git a/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java
new file mode 100644
index 0000000..b47c6be
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample01;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample01.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java
new file mode 100644
index 0000000..3247722
--- /dev/null
+++ b/modules/rampart-samples/basic/sample01/src/org/apache/rampart/samples/sample01/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.sample01;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample02/README.txt b/modules/rampart-samples/basic/sample02/README.txt
new file mode 100644
index 0000000..de24747
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/README.txt
@@ -0,0 +1,10 @@
+UsernameToken authentication
+
+The client is configured to add a UsernameToken to the outgoing message.
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml
+
+Note how org.apache.rampart.samples.sample02.PWCBHandler supplies the password
+to wss4j to compute the digest for comparison.
diff --git a/modules/rampart-samples/basic/sample02/client.axis2.xml b/modules/rampart-samples/basic/sample02/client.axis2.xml
new file mode 100644
index 0000000..85625b0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/client.axis2.xml
@@ -0,0 +1,228 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample02/services.xml b/modules/rampart-samples/basic/sample02/services.xml
new file mode 100644
index 0000000..ac94b4b
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/services.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Timestamp and UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample02.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken Timestamp</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java
new file mode 100644
index 0000000..542ed61
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample02;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample02.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java
new file mode 100644
index 0000000..35074f4
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/PWCBHandler.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample02;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("bob".equals(id)) {
+ pwcb.setPassword("bobPW");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java
new file mode 100644
index 0000000..3249257
--- /dev/null
+++ b/modules/rampart-samples/basic/sample02/src/org/apache/rampart/samples/sample02/SimpleService.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package org.apache.rampart.samples.sample02;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample03/README.txt b/modules/rampart-samples/basic/sample03/README.txt
new file mode 100644
index 0000000..1446348
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/README.txt
@@ -0,0 +1,12 @@
+UsernameToken authentication with a plain text password
+
+The client is configured to add a UsernameToken to the outgoing message.
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+ - Note the <passwordType>PasswordText</passwordType> element
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml
+
+Note how org.apache.rampart.samples.sample03.PWCBHandler authenticates the
+password
+
diff --git a/modules/rampart-samples/basic/sample03/client.axis2.xml b/modules/rampart-samples/basic/sample03/client.axis2.xml
new file mode 100644
index 0000000..e864e46
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/client.axis2.xml
@@ -0,0 +1,229 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <user>bob</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample03.PWCBHandler</passwordCallbackClass>
+ <passwordType>PasswordText</passwordType>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample03/services.xml b/modules/rampart-samples/basic/sample03/services.xml
new file mode 100644
index 0000000..1d0e6c5
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/services.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-3 : Timestamp and UsernameToken (with plaintext password)-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample03.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>UsernameToken</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample03.PWCBHandler</passwordCallbackClass>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java
new file mode 100644
index 0000000..9aa0c34
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample03;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample03.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java
new file mode 100644
index 0000000..cb52caf
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/PWCBHandler.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample03;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("bob") && pwcb.getPassword().equals("bobPW")) {
+ //If authentication successful, simply return
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java
new file mode 100644
index 0000000..630cf80
--- /dev/null
+++ b/modules/rampart-samples/basic/sample03/src/org/apache/rampart/samples/sample03/SimpleService.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.sample03;
+
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.OperationContext;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import java.util.Vector;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample04/README.txt b/modules/rampart-samples/basic/sample04/README.txt
new file mode 100644
index 0000000..df4599d
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/README.txt
@@ -0,0 +1,7 @@
+Message integrity and non-repudiation with signature
+
+Both client and servce are configured to sign the outgoing message and to verify
+the signature of the incoming message using their key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample04/client.axis2.xml b/modules/rampart-samples/basic/sample04/client.axis2.xml
new file mode 100644
index 0000000..0b05648
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/client.axis2.xml
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <user>client</user>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample04/services.xml b/modules/rampart-samples/basic/sample04/services.xml
new file mode 100644
index 0000000..daff4d3
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/services.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-4 : Signature only -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample04.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java
new file mode 100644
index 0000000..e27bf8f
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample04;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample04.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java
new file mode 100644
index 0000000..557755c
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample04;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java
new file mode 100644
index 0000000..9132949
--- /dev/null
+++ b/modules/rampart-samples/basic/sample04/src/org/apache/rampart/samples/sample04/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample04;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample05/README.txt b/modules/rampart-samples/basic/sample05/README.txt
new file mode 100644
index 0000000..8ca2fd8
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/README.txt
@@ -0,0 +1,7 @@
+Encrypting messages
+
+Both client and servce are configured to encrypt the outgoing message and to
+decrypt incoming message using their key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample05/client.axis2.xml b/modules/rampart-samples/basic/sample05/client.axis2.xml
new file mode 100644
index 0000000..eec3aa0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/client.axis2.xml
@@ -0,0 +1,236 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <encryptionUser>service</encryptionUser>
+ <encryptionPropFile>client.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>client.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample05/services.xml b/modules/rampart-samples/basic/sample05/services.xml
new file mode 100644
index 0000000..2b329a8
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/services.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-5 : Encryption only -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample05.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample05.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>service.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <encryptionUser>client</encryptionUser>
+ <encryptionPropFile>service.properties</encryptionPropFile>
+ </action>
+ </parameter>
+
+
+
+</service>
diff --git a/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java
new file mode 100644
index 0000000..7695f88
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample05;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample05.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java
new file mode 100644
index 0000000..b5f97d4
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample05;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java
new file mode 100644
index 0000000..083a322
--- /dev/null
+++ b/modules/rampart-samples/basic/sample05/src/org/apache/rampart/samples/sample05/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample05;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample06/README.txt b/modules/rampart-samples/basic/sample06/README.txt
new file mode 100644
index 0000000..54642b5
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/README.txt
@@ -0,0 +1,8 @@
+Sign and encrypt messages
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample06/client.axis2.xml b/modules/rampart-samples/basic/sample06/client.axis2.xml
new file mode 100644
index 0000000..d40948f
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/client.axis2.xml
@@ -0,0 +1,242 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <!--Signature and Encryption : Using the request's certificate-->
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample06/services.xml b/modules/rampart-samples/basic/sample06/services.xml
new file mode 100644
index 0000000..2c9b865
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/services.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-6 : Signature and Encryption : Using the request's certificate-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample06.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample06.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java
new file mode 100644
index 0000000..441950c
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample06;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample06.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java
new file mode 100644
index 0000000..148b24d
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample06;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java
new file mode 100644
index 0000000..185825e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample06/src/org/apache/rampart/samples/sample06/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample06;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample07/README.txt b/modules/rampart-samples/basic/sample07/README.txt
new file mode 100644
index 0000000..f524604
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/README.txt
@@ -0,0 +1,8 @@
+Encrypt and sign messages
+
+Both client and servce are configured to first encrypt and then sign the
+outgoing message and to verify and decrypt the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+
diff --git a/modules/rampart-samples/basic/sample07/client.axis2.xml b/modules/rampart-samples/basic/sample07/client.axis2.xml
new file mode 100644
index 0000000..ab26716
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/client.axis2.xml
@@ -0,0 +1,240 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample07/services.xml b/modules/rampart-samples/basic/sample07/services.xml
new file mode 100644
index 0000000..0b12f2b
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-7 : Encryption and Signature -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample07.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Encrypt Signature</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample07.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java
new file mode 100644
index 0000000..c05d746
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample07;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample07.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java
new file mode 100644
index 0000000..2169966
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample07;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java
new file mode 100644
index 0000000..cd14fc0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample07/src/org/apache/rampart/samples/sample07/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample07;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample08/README.txt b/modules/rampart-samples/basic/sample08/README.txt
new file mode 100644
index 0000000..4643e47
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/README.txt
@@ -0,0 +1,10 @@
+Signing twice
+
+The client is configured to sign the outgoing message twice
+ - See the "OutflowSecurity" parameter in the client.axis2.xml
+ - Note the aditional <action> element that defines the second signature.
+
+The service is configured to process it.
+ - See the "InflowSecurity" parameter in the services.xml. Not that we
+ simply use "Signature Signature" as action items.
+
diff --git a/modules/rampart-samples/basic/sample08/client.axis2.xml b/modules/rampart-samples/basic/sample08/client.axis2.xml
new file mode 100644
index 0000000..626fc25
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/client.axis2.xml
@@ -0,0 +1,241 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- sample-8 : Double Signature -->
+ <parameter name="OutflowSecurity">
+
+ <action>
+ <items>Timestamp Signature NoSerialization</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp</signatureParts>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+
+ <action>
+ <items>Signature</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample08/services.xml b/modules/rampart-samples/basic/sample08/services.xml
new file mode 100644
index 0000000..38a8ce2
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/services.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-8 : Double Signature -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample08.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Signature</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample08.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java
new file mode 100644
index 0000000..c08c279
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample08;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample08.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java
new file mode 100644
index 0000000..98c13be
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample08;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java
new file mode 100644
index 0000000..a61f706
--- /dev/null
+++ b/modules/rampart-samples/basic/sample08/src/org/apache/rampart/samples/sample08/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample08;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample09/README.txt b/modules/rampart-samples/basic/sample09/README.txt
new file mode 100644
index 0000000..7202cc6
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/README.txt
@@ -0,0 +1,8 @@
+Encryption with a key known to both parties
+
+Both client and servce are configured to encrypt the outgoing message and to
+decrypt incoming message using a known named key
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+ - Note the use of <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ - Note that org.apache.rampart.samples.sample09.PWCBHandler sets the key
diff --git a/modules/rampart-samples/basic/sample09/client.axis2.xml b/modules/rampart-samples/basic/sample09/client.axis2.xml
new file mode 100644
index 0000000..34dcae5
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/client.axis2.xml
@@ -0,0 +1,239 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <user>client</user>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
+ <encryptionPropFile>client.properties</encryptionPropFile>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>client.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample09/services.xml b/modules/rampart-samples/basic/sample09/services.xml
new file mode 100644
index 0000000..9c2f5c0
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-9 : Encryption using a known key -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample09.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</passwordCallbackClass>
+ <decryptionPropFile>service.properties</decryptionPropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Encrypt</items>
+ <user>service</user>
+ <encryptionKeyIdentifier>EmbeddedKeyName</encryptionKeyIdentifier>
+ <encryptionPropFile>service.properties</encryptionPropFile>
+ <EmbeddedKeyCallbackClass>org.apache.rampart.samples.sample09.PWCBHandler</EmbeddedKeyCallbackClass>
+ <EmbeddedKeyName>SessionKey</EmbeddedKeyName>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java
new file mode 100644
index 0000000..9478f1e
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample09;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample09.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java
new file mode 100644
index 0000000..92adde4
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/PWCBHandler.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample09;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e };
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback) callbacks[i];
+
+ if (pwcb.getUsage() == WSPasswordCallback.KEY_NAME) {
+ pwcb.setKey(key);
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java
new file mode 100644
index 0000000..7862caf
--- /dev/null
+++ b/modules/rampart-samples/basic/sample09/src/org/apache/rampart/samples/sample09/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample09;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample10/README.txt b/modules/rampart-samples/basic/sample10/README.txt
new file mode 100644
index 0000000..0ad0c6a
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/README.txt
@@ -0,0 +1,8 @@
+Sign and encrypt messages
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - See the "OutflowSecurity" and "InflowSecurity" parameters in the
+ client.axis2.xml and serivces.xml files
+ - Note the use of <optimizeParts>[xpath expression]</optimizeParts>
diff --git a/modules/rampart-samples/basic/sample10/client.axis2.xml b/modules/rampart-samples/basic/sample10/client.axis2.xml
new file mode 100644
index 0000000..b6cad86
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/client.axis2.xml
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <module ref="rampart" />
+
+ <!-- sample-10 : MTOM optimize encrypted content -->
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>client</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>service</encryptionUser>
+
+ <optimizeParts>//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue</optimizeParts>
+
+ </action>
+ </parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>client.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample10/services.xml b/modules/rampart-samples/basic/sample10/services.xml
new file mode 100644
index 0000000..8cada6d
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/services.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-10 : MTOM optimize encrypted content -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample10.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample10.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java
new file mode 100644
index 0000000..1704002
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/Client.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample10;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ client.setOptions(options);
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample10.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java
new file mode 100644
index 0000000..2675cdb
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample10;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java
new file mode 100644
index 0000000..93743ea
--- /dev/null
+++ b/modules/rampart-samples/basic/sample10/src/org/apache/rampart/samples/sample10/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample10;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/basic/sample11/README.txt b/modules/rampart-samples/basic/sample11/README.txt
new file mode 100644
index 0000000..2a60545
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/README.txt
@@ -0,0 +1,8 @@
+Dynamic configuration : Get rid of the config files ... let's use code!
+
+Both client and servce are configured to first sign and then encrypt the
+outgoing message and to decrypt and verify the incoming message using their
+key pairs.
+ - Note that we don't use any parameters in the client.axis2.xml
+ - See org.apache.rampart.samples.sample11.Client's getOutflowConfiguration()
+ getInflowConfiguration() methods and their usage.
diff --git a/modules/rampart-samples/basic/sample11/client.axis2.xml b/modules/rampart-samples/basic/sample11/client.axis2.xml
new file mode 100644
index 0000000..ba44dab
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/client.axis2.xml
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<axisconfig name="AxisJava2.0">
+
+ <!-- ================================================= -->
+ <!-- Parameters -->
+ <!-- ================================================= -->
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">false</parameter>
+ <parameter name="enableMTOM" locked="false">false</parameter>
+
+ <!--During a fault, stacktrace can be sent with the fault message. The following flag will control -->
+ <!--that behaviour.-->
+ <parameter name="sendStacktraceDetailsWithFaults" locked="false">true</parameter>
+
+ <!--If there aren't any information available to find out the fault reason, we set the message of the exception-->
+ <!--as the faultreason/Reason. But when a fault is thrown from a service or some where, it will be -->
+ <!--wrapped by different levels. Due to this the initial exception message can be lost. If this flag-->
+ <!--is set then, Axis2 tries to get the first exception and set its message as the faultreason/Reason.-->
+ <parameter name="DrillDownToRootCauseForFaultReason" locked="false">false</parameter>
+
+ <!--This is the user name and password of admin console-->
+ <parameter name="userName" locked="false">admin</parameter>
+ <parameter name="password" locked="false">axis2</parameter>
+
+ <!--To override repository/services you need to uncomment following parameter and value SHOULD be absolute file path.-->
+ <!--<parameter name="services" locked="false">service</parameter>-->
+ <!--To override repository/modules you need to uncomment following parameter and value SHOULD be absolute file path-->
+ <!--<parameter name="modules" locked="false">modules</parameter>-->
+
+ <!--Following params will set the proper context paths for invocations. All the endpoints will have a commons context-->
+ <!--root which can configured using the following contextRoot parameter-->
+ <!--<parameter name="contextRoot" locked="false">axis2</parameter>-->
+
+ <!--Our HTTP endpoints can handle both REST and SOAP. Following parameters can be used to distinguish those endpoints-->
+ <!--<parameter name="servicePath" locked="false">services</parameter>-->
+ <!--<parameter name="restPath" locked="false">rest</parameter>-->
+
+ <!--Set the flag to true if you want to enable transport level session management-->
+ <parameter name="manageTransportSession" locked="false">false</parameter>
+
+ <!--Following two parameters will be used to handle REST in Axis2. The default settings will make Axis2 to have two-->
+ <!--different endpoints, one for REST (AxisRESTServlet) one for SOAP message handling (AxisServlet). But following-->
+ <!--parameters help to tweak the message handling of two main servlets. -->
+
+ <!-- If the enableRESTInAxis2MainServlet is true, then Axis2MainServlet will handle both SOAP and REST messages -->
+ <parameter name="enableRESTInAxis2MainServlet" locked="true">true</parameter>
+
+ <!-- Following parameter will completely disable REST handling in both the servlets-->
+ <parameter name="disableREST" locked="true">false</parameter>
+
+ <!-- This will disable the separate servlet we have for REST handling. -->
+ <parameter name="disableSeparateEndpointForREST" locked="true">false</parameter>
+
+
+
+ <!-- ================================================= -->
+ <!-- Message Receivers -->
+ <!-- ================================================= -->
+ <!--This is the Default Message Receiver for the system , if you want to have MessageReceivers for -->
+ <!--all the other MEP implement it and add the correct entry to here , so that you can refer from-->
+ <!--any operation -->
+ <!--Note : You can override this for particular service by adding the same element with your requirement-->
+ <messageReceivers>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-only"
+ class="org.apache.axis2.receivers.RawXMLINOnlyMessageReceiver"/>
+ <messageReceiver mep="http://www.w3.org/2004/08/wsdl/in-out"
+ class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ </messageReceivers>
+
+ <!-- ================================================= -->
+ <!-- Target Resolvers -->
+ <!-- ================================================= -->
+ <!-- Uncomment the following and specify the class name for your TargetResolver to add -->
+ <!-- a TargetResolver. TargetResolvers are used to process the To EPR for example to -->
+ <!-- choose a server in a cluster -->
+ <!--<targetResolvers>-->
+ <!--<targetResolver class="" />-->
+ <!--</targetResolvers>-->
+
+
+ <!-- ================================================= -->
+ <!-- Transport Ins -->
+ <!-- ================================================= -->
+ <transportReceiver name="http"
+ class="org.apache.axis2.transport.http.SimpleHTTPServer">
+ <parameter name="port" locked="false">6060</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">http://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <transportReceiver name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPServer">
+ <parameter name="port" locked="false">6061</parameter>
+ <!--If you want to give your own host address for EPR generation-->
+ <!--uncomment following parameter , and set as you required.-->
+ <!--<parameter name="hostname" locked="false">tcp://myApp.com/ws</parameter>-->
+ </transportReceiver>
+
+ <!-- ================================================= -->
+ <!-- Transport Outs -->
+ <!-- ================================================= -->
+
+ <transportSender name="jms"
+ class="org.apache.axis2.transport.jms.JMSSender"/>
+ <transportSender name="tcp"
+ class="org.apache.axis2.transport.tcp.TCPTransportSender"/>
+ <transportSender name="local"
+ class="org.apache.axis2.transport.local.LocalTransportSender"/>
+ <transportSender name="http"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+ <transportSender name="https"
+ class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.1</parameter>
+ <parameter name="Transfer-Encoding" locked="false">chunked</parameter>
+ </transportSender>
+
+ <!-- ================================================= -->
+ <!-- Phases -->
+ <!-- ================================================= -->
+ <phaseOrder type="InFlow">
+ <!-- System pre-defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Transport"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ <phase name="Security"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
\ No newline at end of file
diff --git a/modules/rampart-samples/basic/sample11/services.xml b/modules/rampart-samples/basic/sample11/services.xml
new file mode 100644
index 0000000..28715e1
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/services.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-11 : Dynamic client configuration -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.sample11.SimpleService</parameter>
+
+ <module ref="rampart" />
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp Signature Encrypt</items>
+ <user>service</user>
+ <passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</passwordCallbackClass>
+ <signaturePropFile>service.properties</signaturePropFile>
+ <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
+ <encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
+ <encryptionUser>useReqSigCert</encryptionUser>
+ </action>
+ </parameter>
+</service>
diff --git a/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
new file mode 100644
index 0000000..bef552a
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample11;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.axis2.description.Parameter;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 2) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], args[1] + "/conf/axis2.xml");
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+
+ //Set the rampart parameters
+ options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY, getOutflowConfiguration());
+ options.setProperty(WSSHandlerConstants.INFLOW_SECURITY, getInflowConfiguration());
+
+ client.setOptions(options);
+
+ //Engage rampart
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample11.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+ private static Parameter getOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+ ofc.setActionItems("Timestamp Signature Encrypt");
+ ofc.setUser("client");
+ ofc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandler");
+ ofc.setSignaturePropFile("client.properties");
+ ofc.setSignatureKeyIdentifier(WSSHandlerConstants.BST_DIRECT_REFERENCE);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.ISSUER_SERIAL);
+ ofc.setEncryptionUser("service");
+
+ return ofc.getProperty();
+ }
+
+ private static Parameter getInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+ ifc.setActionItems("Timestamp Signature Encrypt");
+ ifc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandler");
+ ifc.setSignaturePropFile("client.properties");
+
+ return ifc.getProperty();
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java
new file mode 100644
index 0000000..1e10288
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/PWCBHandler.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.sample11;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java
new file mode 100644
index 0000000..012bd62
--- /dev/null
+++ b/modules/rampart-samples/basic/sample11/src/org/apache/rampart/samples/sample11/SimpleService.java
@@ -0,0 +1,25 @@
+package org.apache.rampart.samples.sample11;
+/*
+
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/build.xml b/modules/rampart-samples/build.xml
new file mode 100644
index 0000000..6a51e7e
--- /dev/null
+++ b/modules/rampart-samples/build.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="../lib"/>
+ <property name="modules.dir" value="../"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
\ No newline at end of file
diff --git a/modules/rampart-samples/keys/client.jks b/modules/rampart-samples/keys/client.jks
new file mode 100644
index 0000000..e3dabb9
--- /dev/null
+++ b/modules/rampart-samples/keys/client.jks
Binary files differ
diff --git a/modules/rampart-samples/keys/client.properties b/modules/rampart-samples/keys/client.properties
new file mode 100644
index 0000000..985250f
--- /dev/null
+++ b/modules/rampart-samples/keys/client.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=apache
+org.apache.ws.security.crypto.merlin.file=client.jks
\ No newline at end of file
diff --git a/modules/rampart-samples/keys/service.jks b/modules/rampart-samples/keys/service.jks
new file mode 100644
index 0000000..1a06520
--- /dev/null
+++ b/modules/rampart-samples/keys/service.jks
Binary files differ
diff --git a/modules/rampart-samples/keys/service.properties b/modules/rampart-samples/keys/service.properties
new file mode 100644
index 0000000..cdd231c
--- /dev/null
+++ b/modules/rampart-samples/keys/service.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=apache
+org.apache.ws.security.crypto.merlin.file=service.jks
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
new file mode 100644
index 0000000..6ab4e5f
--- /dev/null
+++ b/modules/rampart-samples/policy/build.xml
@@ -0,0 +1,199 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="clean">
+
+ <property name="service.repos.dir" value="build/service_repositories"/>
+ <property name="client.repos.dir" value="build/client_repositories"/>
+ <property name="temp.dir" value="build/temp"/>
+ <property name="keys.dir" value="../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.3.mar"/>
+ <property name="rampart.mar" value="rampart-1.3.mar"/>
+ <property name="rahas.mar" value="rahas-1.3.mar"/>
+
+ <property name="client.port" value="8080"/>
+ <property name="server.port" value="8080"/>
+
+ <property name="sample.services.url" value="http://localhost:${client.port}/axis2/services"/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Sample Service 01 -->
+ <target name="service.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="01"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.01" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="01"/>
+ </target>
+
+ <!-- Sample Service 02 -->
+ <target name="service.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="02"/>
+ </target>
+
+ <!-- Sample Client 02 -->
+ <target name="client.02" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="02"/>
+ </target>
+
+ <!-- Sample Service 03 -->
+ <target name="service.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="03"/>
+ </target>
+
+ <!-- Sample Client 01 -->
+ <target name="client.03" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="03"/>
+ </target>
+
+ <!-- Sample Service 04 -->
+ <target name="service.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="04"/>
+ </target>
+
+ <!-- Sample Client 04 -->
+ <target name="client.04" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="04"/>
+ </target>
+
+ <!-- Sample Service 05 -->
+ <target name="service.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="05"/>
+ </target>
+
+ <!-- Sample Client 05 -->
+ <target name="client.05" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="05"/>
+ </target>
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <macrodef name="create.service.repo">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/services"/>
+ <mkdir dir="${service.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rahas.mar}" tofile="${service.repos.dir}/sample@{sample.number}/modules/${rahas.mar}" overwrite="true"/>
+
+ <!-- create service -->
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="sample@{sample.number}/services.xml" tofile="${temp.dir}/META-INF/services.xml" overwrite="true"/>
+ <copy file="${keys.dir}/service.jks" tofile="${temp.dir}/service.jks" overwrite="true"/>
+ <copy file="${keys.dir}/service.properties" tofile="${temp.dir}/service.properties" overwrite="true"/>
+
+ <jar destfile="${service.repos.dir}/sample@{sample.number}/services/sample@{sample.number}.aar">
+ <fileset dir="${temp.dir}"></fileset>
+ </jar>
+
+ <delete dir="${temp.dir}" />
+ <!-- start SimpleHTTPserver -->
+ <java classname="org.apache.axis2.transport.http.SimpleHTTPServer" fork="true">
+ <arg value="${service.repos.dir}/sample@{sample.number}"/>
+ <arg value="-p${server.port}"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ </java>
+
+ </sequential>
+ </macrodef>
+
+ <macrodef name="create.and.run.client">
+ <attribute name="sample.number" default="sample"/>
+ <sequential>
+
+ <property name="modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/conf"/>
+ <mkdir dir="${client.repos.dir}/sample@{sample.number}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${modules.dir}/${addressing.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${modules.dir}/${rampart.mar}" tofile="${client.repos.dir}/sample@{sample.number}/modules/${rampart.mar}" overwrite="true"/>
+
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Compile client -->
+ <javac srcdir="sample@{sample.number}/src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
+ <copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
+
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.samples.policy.sample@{sample.number}.Client" fork="true">
+ <arg value="${sample.services.url}/sample@{sample.number}"/>
+ <arg value="${client.repos.dir}/sample@{sample.number}"/>
+ <arg value="sample@{sample.number}/policy.xml"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+
+<!-- <delete dir="${temp.client.dir}"/> -->
+ </sequential>
+ </macrodef>
+
+</project>
diff --git a/modules/rampart-samples/policy/sample-tomcat/README b/modules/rampart-samples/policy/sample-tomcat/README
new file mode 100644
index 0000000..ec3e928
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/README
@@ -0,0 +1,37 @@
+********************************************************************************
+**************************** Apache Rampart Tomcat Samples *********************
+********************************************************************************
+
+It is strongly recommended to run other samples before trying this. Because it will create the directory structure to expected by the build file.
+
+UsernameToken Authentication over HTTPS.
+
+Step1: Install Axis2 in Tomcat by reading the Axis2 installation guide available in http://ws.apache.org/axis2/. Then test axis2 in Tomcat.
+
+Step2: Copy keystores into Tomcat by giving the following command in this directory.
+$ant copy.keys
+
+Step3: Copy rampart jars and mars into Tomcat by giving the following command in this directory.
+$ant copy.rampart.to.tomcat
+
+Step4: Enable HTTPS on Tomcat. For Tomcat5 uncomment the "SSL HTTP/1.1 Connector". The default HTTPS port for Tomcat is 8443. For more information "http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html"
+
+Step5: Add the key store information by adding the following into the Connector element in server.xml.
+
+truststoreFile="rampart-sample-keys.jks"
+truststorePass="apache"
+truststoreType="JKS"
+keystoreFile="rampart-sample-keys.jks"
+keystorePass="apache"
+
+Start tomcat and check the service by typing "https://127.0.0.1:8443/axis2/services/listServices" in the browser. If you have changed the SSL port then type the correct port number and please change the build.xml's ssl.port accordingly.
+
+Step6: The following command will copy the ut-over-https.aar into the ${CATALINA_HOME}/webapps/axis2/WEB-INF/services/ut-over-https.aar
+$ant create.and.copy.service
+
+Step7: Start tomcat. View https://127.0.0.1:8443/axis2/services/listServices to see wether the service is available.
+
+Step8: The following command will create and run the client.
+$ant create.and.run.client
+
+
diff --git a/modules/rampart-samples/policy/sample-tomcat/build.xml b/modules/rampart-samples/policy/sample-tomcat/build.xml
new file mode 100644
index 0000000..88053ce
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/build.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="clean">
+
+ <property name="client.repos.dir" value="build/client_repository"/>
+ <property name="service.dir" value="build/ut-over-https"/>
+ <property name="temp.dir" value="build"/>
+ <property name="keys.dir" value="../../keys"/>
+ <property name="temp.client.dir" value="build/temp_client"/>
+
+ <property name="addressing.mar" value="addressing-1.3.mar"/>
+ <property name="rampart.mar" value="rampart-1.3.mar"/>
+
+ <property name="ssl.port" value="8443"/>
+ <!--can be removed-->
+ <property name="sample.services.url" value="https://127.0.0.1:${ssl.port}/axis2/services/ut-over-https"/>
+
+ <property environment="env"/>
+
+ <target name="check.tomcat" unless="env.CATALINA_HOME">
+ <echo message="CATALINA_HOME must be set"/>
+ </target>
+
+ <target name="copy.keys" depends="check.tomcat">
+ <copy file="${keys.dir}/service.jks" tofile="${env.CATALINA_HOME}/rampart-sample-keys.jks" overwrite="true"/>
+ </target>
+
+ <target name="copy.rampart.to.tomcat" depends="check.tomcat">
+ <property name="to.modules.dir" value="${env.CATALINA_HOME}/webapps/axis2/WEB-INF/modules"/>
+ <property name="to.lib.dir" value="${env.CATALINA_HOME}/webapps/axis2/WEB-INF/lib"/>
+
+ <property name="from.lib.dir" value="$../../../../../lib"/>
+ <property name="from.module.dir" value="$../../../../../"/>
+
+
+ <copy todir="${to.lib.dir}">
+ <fileset dir="${from.lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${to.modules.dir}">
+ <fileset dir="${from.module.dir}">
+ <include name="*.mar"/>
+ </fileset>
+ </copy>
+
+ <!-- copy modules rampart mar and libs xx-->
+ </target>
+
+ <target name="clean">
+ <delete dir="build" />
+ </target>
+
+ <!-- Macro to create a service repo for a given sample -->
+ <target name="create.and.copy.service" depends="check.tomcat,clean">
+
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+ <mkdir dir="${temp.dir}"/>
+
+ <!-- create service -->
+ <mkdir dir="${service.dir}"/>
+ <mkdir dir="${service.dir}/META-INF"/>
+
+ <!-- Compile service -->
+ <javac srcdir="src" destdir="${service.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/Client.java"/>
+ </javac>
+
+ <copy file="services.xml" tofile="${service.dir}/META-INF/services.xml" overwrite="true"/>
+ <jar destfile="${temp.dir}/ut-over-https.aar">
+ <fileset dir="${service.dir}"></fileset>
+ </jar>
+
+ <copy file="${temp.dir}/ut-over-https.aar" tofile="${env.CATALINA_HOME}/webapps/axis2/WEB-INF/services/ut-over-https.aar" overwrite="true"/>
+
+ </target>
+
+ <target name="create.and.run.client" depends="check.tomcat,clean">
+
+ <property name="from.modules" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <mkdir dir="${temp.dir}"/>
+ <mkdir dir="${temp.client.dir}"/>
+
+ <!-- Create the client repo -->
+ <mkdir dir="${client.repos.dir}"/>
+ <mkdir dir="${client.repos.dir}/conf"/>
+ <mkdir dir="${client.repos.dir}/modules"/>
+
+ <!-- copy modules -->
+ <copy file="${from.modules}/${addressing.mar}" tofile="${client.repos.dir}/modules/${addressing.mar}" overwrite="true"/>
+ <copy file="${from.modules}/${rampart.mar}" tofile="${client.repos.dir}/modules/${rampart.mar}" overwrite="true"/>
+
+ <!-- Compile client -->
+ <javac srcdir="src" destdir="${temp.client.dir}">
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </classpath>
+ <exclude name="**/SimpleService.java"/>
+ </javac>
+
+ <copy file="${keys.dir}/client.jks" tofile="${temp.dir}/client.jks" overwrite="true"/>
+
+ <!-- Run client -->
+ <java classname="org.apache.rampart.tomcat.sample.Client" fork="true">
+ <arg value="${sample.services.url}"/>
+ <arg value="${client.repos.dir}"/>
+ <arg value="policy.xml"/>
+ <classpath>
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ <dirset dir="${temp.client.dir}" />
+ </classpath>
+ </java>
+ </target>
+
+</project>
diff --git a/modules/rampart-samples/policy/sample-tomcat/policy.xml b/modules/rampart-samples/policy/sample-tomcat/policy.xml
new file mode 100644
index 0000000..cd62aaf
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/policy.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
+ <ramp:sslConfig>
+ <ramp:property name="javax.net.ssl.trustStore">build/client.jks</ramp:property>
+ <ramp:property name="javax.net.ssl.trustStorePassword">apache</ramp:property>
+ </ramp:sslConfig>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample-tomcat/services.xml b/modules/rampart-samples/policy/sample-tomcat/services.xml
new file mode 100644
index 0000000..8184637
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/services.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.tomcat.sample.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.tomcat.sample.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
new file mode 100644
index 0000000..2bc3ecb
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/Client.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.tomcat.sample;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample.tomcat.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
new file mode 100644
index 0000000..114fd3f
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/PWCBHandler.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.tomcat.sample;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("alice") && pwcb.getPassword().equals("bobPW")) {
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/SimpleService.java b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/SimpleService.java
new file mode 100644
index 0000000..dce7a69
--- /dev/null
+++ b/modules/rampart-samples/policy/sample-tomcat/src/org/apache/rampart/tomcat/sample/SimpleService.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.tomcat.sample;
+
+
+public class SimpleService {
+
+ public String echo(String arg) throws Exception {
+ System.out.println("Tomcat service accessed successfully.. :)");
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample01/README.txt b/modules/rampart-samples/policy/sample01/README.txt
new file mode 100644
index 0000000..ad75ce6
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/README.txt
@@ -0,0 +1,8 @@
+UsernameToken Authentication
+
+The policy uses a TransportBinding and requires a SignedSupportingToken which
+is a UsernameToken and the inclusion of a TimeStamp.
+
+Note that Rampart does not enforce the use of HTTPS transport and that
+{http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample01/policy.xml b/modules/rampart-samples/policy/sample01/policy.xml
new file mode 100644
index 0000000..7e7209d
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/policy.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample01/services.xml b/modules/rampart-samples/policy/sample01/services.xml
new file mode 100644
index 0000000..24dad18
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/services.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample01.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java
new file mode 100644
index 0000000..4e0600f
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample01;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample01.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
new file mode 100644
index 0000000..a7c0011
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/PWCBHandler.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample01;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+
+ //When the server side need to authenticate the user
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ if (pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+ if(pwcb.getIdentifer().equals("alice") && pwcb.getPassword().equals("bobPW")) {
+ return;
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "check failed");
+ }
+ }
+
+ //When the client requests for the password to be added in to the
+ //UT element
+ pwcb.setPassword("bobPW");
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java
new file mode 100644
index 0000000..2dd8e82
--- /dev/null
+++ b/modules/rampart-samples/policy/sample01/src/org/apache/rampart/samples/policy/sample01/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample01;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample02/README.txt b/modules/rampart-samples/policy/sample02/README.txt
new file mode 100644
index 0000000..47a2fa7
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/README.txt
@@ -0,0 +1,7 @@
+Sign only
+
+An AsymmetricBinding is used. Entire headers and body to be signed.
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample02/policy.xml b/modules/rampart-samples/policy/sample02/policy.xml
new file mode 100644
index 0000000..f5951b9
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/policy.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample02/services.xml b/modules/rampart-samples/policy/sample02/services.xml
new file mode 100644
index 0000000..3fbcbe7
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/services.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample02.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java
new file mode 100644
index 0000000..2dafb82
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample02;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample02.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
new file mode 100644
index 0000000..684fb99
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample02;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java
new file mode 100644
index 0000000..7404669
--- /dev/null
+++ b/modules/rampart-samples/policy/sample02/src/org/apache/rampart/samples/policy/sample02/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample02;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample03/README.txt b/modules/rampart-samples/policy/sample03/README.txt
new file mode 100644
index 0000000..57bf529
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/README.txt
@@ -0,0 +1,9 @@
+Sign and Encrypt messages
+
+An AsymmetricBinding is used. Entire headers and body to be signed.
+EncryptionParts specifies the Body to be encrypted.
+
+Algorithm suite is TripleDesRsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample03/policy.xml b/modules/rampart-samples/policy/sample03/policy.xml
new file mode 100644
index 0000000..63253ec
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/policy.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample03/services.xml b/modules/rampart-samples/policy/sample03/services.xml
new file mode 100644
index 0000000..d3a3b4d
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/services.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample03.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+
+<wsp:Policy wsu:Id="SigEncr" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample03.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java
new file mode 100644
index 0000000..cf593ea
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/Client.java
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample03;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample03.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
new file mode 100644
index 0000000..2d8ef1f
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample03;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java
new file mode 100644
index 0000000..2ed33a6
--- /dev/null
+++ b/modules/rampart-samples/policy/sample03/src/org/apache/rampart/samples/policy/sample03/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample03;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample04/README.txt b/modules/rampart-samples/policy/sample04/README.txt
new file mode 100644
index 0000000..33a0168
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/README.txt
@@ -0,0 +1,15 @@
+SecureConversation
+
+The secure session is bootstrapped using a SymetricBinding which uses
+derived keys based on an ephemeral key.
+
+Messages in the secure conversation :
+ - Includes a timestamp
+ - All headers are signed along with the timestamp
+ - Signature encrypted
+ - Body encrypted
+
+Algorithm suite is Basic128Rsa15
+
+Note that {http://ws.apache.org/rampart/policy}RampartConfig assertion provides
+additional information required to secure the message.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample04/policy.xml b/modules/rampart-samples/policy/sample04/policy.xml
new file mode 100644
index 0000000..07ab984
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/policy.xml
@@ -0,0 +1,150 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<wsp:Policy wsu:Id="SecConvPolicy2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample04/services.xml b/modules/rampart-samples/policy/sample04/services.xml
new file mode 100644
index 0000000..61a8c12
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/services.xml
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-2 : Sign only-->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample04.SimpleService</parameter>
+
+ <module ref="rampart" />
+ <module ref="rahas" />
+ <module ref="addressing" />
+
+ <wsp:Policy wsu:Id="SecConvPolicy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+
+ </token-canceler-config>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java
new file mode 100644
index 0000000..ac6a5a0
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/Client.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample04;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.Constants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world1"));
+ System.out.println("Response 1 : " + response);
+ response = client.sendReceive(getPayload("Hello world2"));
+ System.out.println("Response 2 : " + response);
+ response = client.sendReceive(getPayload("Hello world3"));
+ System.out.println("Response 3 : " + response);
+
+ System.out.println("Sending cancel request");
+ options.setProperty(RampartMessageData.CANCEL_REQUEST, Constants.VALUE_TRUE);
+ response = client.sendReceive(getPayload("Hello world3"));
+ System.out.println("Cancel response: " + response);
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample04.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", null);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
new file mode 100644
index 0000000..c3b3a47
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample04;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java
new file mode 100644
index 0000000..d539c87
--- /dev/null
+++ b/modules/rampart-samples/policy/sample04/src/org/apache/rampart/samples/policy/sample04/SimpleService.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2003-2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.rampart.samples.policy.sample04;
+
+public class SimpleService {
+
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/policy/sample05/README.txt b/modules/rampart-samples/policy/sample05/README.txt
new file mode 100644
index 0000000..82100c5
--- /dev/null
+++ b/modules/rampart-samples/policy/sample05/README.txt
@@ -0,0 +1,2 @@
+WS-Trust - RST - Resquest Security Token Service - Issuing a SAML token - issuing a token
+
diff --git a/modules/rampart-samples/policy/sample05/policy.xml b/modules/rampart-samples/policy/sample05/policy.xml
new file mode 100644
index 0000000..9dbd910
--- /dev/null
+++ b/modules/rampart-samples/policy/sample05/policy.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample05/services.xml b/modules/rampart-samples/policy/sample05/services.xml
new file mode 100644
index 0000000..8ef7f50
--- /dev/null
+++ b/modules/rampart-samples/policy/sample05/services.xml
@@ -0,0 +1,134 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+<!-- services.xml of sample-1 : UsernameToken-->
+<service>
+ <!--operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample01.SimpleService</parameter-->
+
+ <module ref="rampart" />
+ <module ref="addressing" />
+ <module ref="rahas" />
+ <parameter name="saml-issuer-config">
+ <saml-issuer-config>
+ <issuerName>SAMPLE_STS</issuerName>
+ <issuerKeyAlias>service</issuerKeyAlias>
+ <issuerKeyPassword>apache</issuerKeyPassword>
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">service.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
+ </crypto>
+ </cryptoProperties>
+ <timeToLive>300000</timeToLive>
+ <keySize>256</keySize>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ <trusted-services>
+ <service alias="client">http://localhost:8080/axis2/services/SimpleService</service>
+ </trusted-services>
+ </saml-issuer-config>
+ </parameter>
+
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>client</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample05.PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</service>
diff --git a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
new file mode 100644
index 0000000..fc45cd9
--- /dev/null
+++ b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/Client.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample05;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rampart.RampartMessageData;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ String action = TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
+ options.setAction(action);
+ options.setTo(new EndpointReference(args[0]));
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy(args[2]));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload());
+ OMElement saml = getSAMLToken(response);
+
+ System.out.println(saml);
+
+ }
+
+ private static Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getSAMLToken(OMElement resp) {
+ OMElement rst = resp.getFirstChildWithName(new QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ OMElement elem = rst.getFirstChildWithName(new QName(XML.SAML_NS, "Assertion"));
+ return elem;
+ }
+
+ private static OMElement getPayload() throws TrustException{
+ OMElement rstElem = TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02, rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem = TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_10);
+
+ TrustUtil.createAppliesToElement(rstElem, "http://localhost:8080/axis2/services/SimpleService", AddressingConstants.Final.WSA_NAMESPACE);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, rstElem, 256);
+
+ return rstElem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
new file mode 100644
index 0000000..e2573d6
--- /dev/null
+++ b/modules/rampart-samples/policy/sample05/src/org/apache/rampart/samples/policy/sample05/PWCBHandler.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.samples.policy.sample05;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifer();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-tests/pom.xml b/modules/rampart-tests/pom.xml
new file mode 100644
index 0000000..b75f603
--- /dev/null
+++ b/modules/rampart-tests/pom.xml
@@ -0,0 +1,73 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-tests</artifactId>
+ <packaging>jar</packaging>
+ <version>1.3-SNAPSHOT</version>
+ <name>Rampart - Test Suite</name>
+
+ <build>
+ <sourceDirectory>src/test/java</sourceDirectory>
+ <testSourceDirectory>src/test/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>test-resources</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/*.xml</include>
+ <include>**/*.xsl</include>
+ </includes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-core</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
new file mode 100644
index 0000000..e824232
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/SimpleTokenStoreTest.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import junit.framework.TestCase;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+
+import java.util.Date;
+
+public class SimpleTokenStoreTest extends TestCase {
+
+ public void testAdd() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ store.add(getTestToken("id-1"));
+ } catch (TrustException e) {
+ fail("Adding a new token to an empty store should not fail, " +
+ "message : " + e.getMessage());
+ }
+ Token token = null;
+ try {
+ token = getTestToken("id-1");
+ store.add(token);
+ fail("Adding an existing token must throw an exception");
+ } catch (TrustException e) {
+ assertEquals("Incorrect exception message",
+ TrustException.getMessage("tokenAlreadyExists",
+ new String[]{token.getId()}), e.getMessage());
+ }
+ }
+
+ public void testGettokenIdentifiers() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ String[] ids = store.getTokenIdentifiers();
+ assertEquals("There should not be any token ids at this point", 0, ids.length);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ try {
+ store.add(getTestToken("id-1"));
+ store.add(getTestToken("id-2"));
+ store.add(getTestToken("id-3"));
+ String[] ids = store.getTokenIdentifiers();
+ assertEquals("Incorrect number fo token ids", 3, ids.length);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ public void testUpdate() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ Token token1 = null;
+ try {
+ token1 = getTestToken("id-1");
+ } catch (TrustException e) {
+ fail();
+ }
+ try {
+ store.update(token1);
+ fail("An exception must be thrown at this point : noTokenToUpdate");
+ } catch (TrustException e) {
+ assertEquals("Incorrect exception message", TrustException
+ .getMessage("noTokenToUpdate", new String[]{token1
+ .getId()}), e.getMessage());
+ }
+ try {
+ store.add(token1);
+ store.add(getTestToken("id-2"));
+ store.add(getTestToken("id-3"));
+ token1.setState(Token.EXPIRED);
+ store.update(token1);
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ public void testGetValidExpiredRenewedTokens() {
+ SimpleTokenStore store = new SimpleTokenStore();
+ try {
+ Token token1 = getTestToken("id-1", new Date(System.currentTimeMillis() + 10000));
+ Token token2 = getTestToken("id-2", new Date(System.currentTimeMillis() + 10000));
+ Token token3 = getTestToken("id-3", new Date(System.currentTimeMillis() + 10000));
+ Token token4 = getTestToken("id-4", new Date(System.currentTimeMillis() + 10000));
+ Token token5 = getTestToken("id-5", new Date(System.currentTimeMillis() + 10000));
+ Token token6 = getTestToken("id-6", new Date(System.currentTimeMillis() + 10000));
+ Token token7 = getTestToken("id-7", new Date(System.currentTimeMillis() + 10000));
+
+ token1.setState(Token.ISSUED);
+ token2.setState(Token.ISSUED);
+ token3.setState(Token.ISSUED);
+ token4.setState(Token.RENEWED);
+ token5.setState(Token.RENEWED);
+ token6.setState(Token.EXPIRED);
+ token7.setState(Token.CANCELLED);
+
+ store.add(token1);
+ store.add(token2);
+ store.add(token3);
+ store.add(token4);
+ store.add(token5);
+ store.add(token6);
+ store.add(token7);
+
+ Token[] list = store.getValidTokens();
+ Token[] list2 = store.getExpiredTokens();
+ Token[] list3 = store.getRenewedTokens();
+ Token[] list4 = store.getCancelledTokens();
+
+ assertEquals("Incorrect number of valid tokens", 5, list.length);
+ assertEquals("Incorrect number of expired tokens", 1, list2.length);
+ assertEquals("Incorrect number of newed tokens", 2, list3.length);
+ assertEquals("Incorrect number of newed tokens", 1, list4.length);
+
+ } catch (TrustException e) {
+ fail(e.getMessage());
+ }
+ }
+
+ private Token getTestToken(String tokenId) throws TrustException {
+ return getTestToken(tokenId, new Date());
+ }
+
+ private Token getTestToken(String tokenId, Date expiry) throws TrustException {
+ OMFactory factory = DOOMAbstractFactory.getOMFactory();
+ OMElement tokenEle = factory.createOMElement("testToken", "", "");
+ Token token = new Token(tokenId, tokenEle, new Date(), expiry);
+ token.setAttachedReference(tokenEle);
+ token.setPreviousToken(tokenEle);
+ token.setState(Token.ISSUED);
+ token.setSecret("Top secret!".getBytes());
+ return token;
+ }
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java b/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java
new file mode 100644
index 0000000..042713e
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/TempIssuer.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public class TempIssuer implements TokenIssuer {
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(org.apache.axiom.om.OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#setConfigurationParamName(java.lang.String)
+ */
+ public void setConfigurationParamName(String configParamName) {
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#issue(org.apache.rahas.RahasData)
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TokenIssuer#getResponseAction(org.apache.rahas.RahasData)
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ // TODO TODO
+ throw new UnsupportedOperationException("TODO");
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java b/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java
new file mode 100644
index 0000000..44bbc2f
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rahas/TokenRequestDispatcherConfigTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import junit.framework.TestCase;
+
+public class TokenRequestDispatcherConfigTest extends TestCase {
+
+ public TokenRequestDispatcherConfigTest() {
+ super();
+ }
+
+ public TokenRequestDispatcherConfigTest(String arg0) {
+ super(arg0);
+ }
+
+ /**
+ * Testing a valid config file
+ */
+ public void testWithConfigFile() {
+ try {
+ TokenRequestDispatcherConfig config = TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.xml");
+
+ assertEquals("Incorrect default issuer class name",
+ "org.apache.rahas.TempIssuer", config
+ .getDefaultIssuerName());
+
+ TokenIssuer issuer = config
+ .getIssuer("http://example.org/mySpecialToken1");
+
+ assertEquals("Incorrect issuer for token type : "
+ + "http://example.org/mySpecialToken1", TempIssuer.class
+ .getName(), issuer.getClass().getName());
+
+ } catch (TrustException e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ /**
+ * Testing expected faliure when the default issuer is not specified
+ */
+ public void testInvalidCOnfigWithMissingDefaultIssuer() {
+ try {
+ TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.invalid.1.xml");
+ fail("This should fail since there's no default isser specified");
+ } catch (TrustException e) {
+ assertEquals("Incorrect error", TrustException.getMessage(
+ "defaultIssuerMissing", null), e.getMessage());
+ }
+ }
+
+ /**
+ * Testing expected faliure when the tokenType value is missing from a
+ * tokenType definition
+ */
+ public void testInvalidRequestTypeDef() {
+ try {
+ TokenRequestDispatcherConfig
+ .load("test-resources/trust/dispatcher.config.invalid.2.xml");
+ fail("This should fail since there is an invalid " +
+ "requestType definition");
+ } catch (TrustException e) {
+ assertEquals("Incorrect error", TrustException.getMessage(
+ "invalidTokenTypeDefinition", new String[] { "Issuer",
+ TempIssuer.class.getName() }), e.getMessage());
+ }
+ }
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
new file mode 100644
index 0000000..ff949a9
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/AsymmetricBindingBuilderTest.java
@@ -0,0 +1,249 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+import javax.xml.namespace.QName;
+
+import java.util.ArrayList;
+
+public class AsymmetricBindingBuilderTest extends MessageBuilderTestBase {
+//
+// public void testAsymmBinding() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingServerSide() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// ctx.setServerSide(true);
+// String policyXml = "test-resources/policy/rampart-asymm-binding-1.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingWithSigDK() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-2-sig-dk.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingWithDK() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-3-dk.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+// public void testAsymmBindingWithDKEncrBeforeSig() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+// list.add(new QName(ConversationConstants.WSC_NS_05_02, ConversationConstants.DERIVED_KEY_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+//
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+//
+// public void testAsymmBindingEncrBeforeSig() {
+// try {
+// MessageContext ctx = getMsgCtx();
+//
+// String policyXml = "test-resources/policy/rampart-asymm-binding-5-ebs.xml";
+// Policy policy = this.loadPolicy(policyXml);
+//
+// ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+//
+// MessageBuilder builder = new MessageBuilder();
+// builder.build(ctx);
+//
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.REF_LIST_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+// } catch (Exception e) {
+// e.printStackTrace();
+// fail(e.getMessage());
+// }
+// }
+//
+ public void testAsymmBindingTripleDesRSA15() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+ System.out.println(ctx.getEnvelope());
+ ArrayList list = new ArrayList();
+
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBindingTripleDesRSA15DK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ System.out.println(ctx.getEnvelope());
+
+// ArrayList list = new ArrayList();
+//
+// list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+// list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+// list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+//
+// this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
new file mode 100644
index 0000000..0bc5d94
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/MessageBuilderTestBase.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.soap.impl.builder.StAXSOAPModelBuilder;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.ServiceContext;
+import org.apache.axis2.context.ServiceGroupContext;
+import org.apache.axis2.description.AxisMessage;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.AxisServiceGroup;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.axis2.wsdl.WSDLConstants;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.ws.security.WSConstants;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.FactoryConfigurationError;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+
+import java.io.FileInputStream;
+import java.util.Iterator;
+
+import junit.framework.TestCase;
+
+public class MessageBuilderTestBase extends TestCase {
+
+ public MessageBuilderTestBase() {
+ super();
+ }
+
+ public MessageBuilderTestBase(String arg0) {
+ super(arg0);
+ }
+
+ /**
+ * @throws XMLStreamException
+ * @throws FactoryConfigurationError
+ * @throws AxisFault
+ */
+ protected MessageContext getMsgCtx() throws Exception {
+ MessageContext ctx = new MessageContext();
+
+ AxisConfiguration axisConfiguration = new AxisConfiguration();
+ AxisService axisService = new AxisService("TestService");
+ axisConfiguration.addService(axisService);
+ AxisServiceGroup axisServiceGroup = new AxisServiceGroup();
+ axisConfiguration.addServiceGroup(axisServiceGroup);
+ ctx.setConfigurationContext(new ConfigurationContext(axisConfiguration));
+ axisServiceGroup.addService(axisService);
+ ServiceGroupContext gCtx = ctx.getConfigurationContext().createServiceGroupContext(axisServiceGroup);
+ ServiceContext serviceContext = gCtx.getServiceContext(axisService);
+ ctx.setServiceContext(serviceContext);
+ ctx.setAxisService(axisService);
+ OutInAxisOperation outInAxisOperation = new OutInAxisOperation(new QName("http://rampart.org", "test"));
+ AxisMessage msg = new AxisMessage();
+ outInAxisOperation.addMessage(msg,WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
+ outInAxisOperation.addMessage(msg,WSDLConstants.MESSAGE_LABEL_IN_VALUE);
+ ctx.setAxisOperation(outInAxisOperation);
+ ctx.setAxisMessage(msg);
+ Options options = new Options();
+ options.setAction("urn:testOperation");
+ ctx.setOptions(options);
+
+ XMLStreamReader reader =
+ XMLInputFactory.newInstance().
+ createXMLStreamReader(new FileInputStream("test-resources/policy/soapmessage.xml"));
+ ctx.setEnvelope(new StAXSOAPModelBuilder(reader, null).getSOAPEnvelope());
+ return ctx;
+ }
+
+ protected Policy loadPolicy(String xmlPath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ protected void verifySecHeader(Iterator qnameList, SOAPEnvelope env) {
+ Iterator secHeaderChildren =
+ env.getHeader().
+ getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ WSConstants.WSSE_LN)).getChildElements();
+
+ while (secHeaderChildren.hasNext()) {
+ OMElement element = (OMElement) secHeaderChildren.next();
+ if (qnameList.hasNext()) {
+ if (!element.getQName().equals(qnameList.next())) {
+ fail("Incorrect Element" + element);
+ }
+ } else {
+ fail("Extra child in the security header: " + element.toString());
+ }
+ }
+
+ if (qnameList.hasNext()) {
+ fail("Incorrect number of children in the security header: " +
+ "next expected element" + qnameList.next().toString());
+ }
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
new file mode 100644
index 0000000..b5145f8
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/RampartEngineTest.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+
+public class RampartEngineTest extends MessageBuilderTestBase {
+
+
+ public RampartEngineTest(String name) {
+ super(name);
+ }
+
+ public void testEmptySOAPMessage() throws Exception {
+
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-asymm-binding-6-3des-r15.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ RampartEngine engine = new RampartEngine();
+ engine.process(ctx);
+ } catch (RampartException e) {
+ assertEquals(
+ "Expected rampart to complain about missing security header",
+ "Missing wsse:Security header in request", e.getMessage());
+ }
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java b/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
new file mode 100644
index 0000000..ef43f08
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/TestCBHandler.java
@@ -0,0 +1,174 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+
+public class TestCBHandler implements CallbackHandler {
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java
new file mode 100644
index 0000000..34d8c7d
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/TransportBindingBuilderTest.java
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart;
+
+import org.apache.axis2.context.MessageContext;
+import org.apache.neethi.Policy;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.conversation.ConversationConstants;
+
+import javax.xml.namespace.QName;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TransportBindingBuilderTest extends MessageBuilderTestBase {
+
+ public void testTransportBinding() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.BINARY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingNoBST() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-no-bst.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingWithDK() {
+ try {
+ MessageContext ctx = getMsgCtx();
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ list.add(new QName(WSConstants.WSSE_NS, WSConstants.USERNAME_TOKEN_LN));
+ list.add(new QName(WSConstants.ENC_NS, WSConstants.ENC_KEY_LN));
+ list.add(new QName(ConversationConstants.WSC_NS_05_02,
+ ConversationConstants.DERIVED_KEY_TOKEN_LN));
+ list.add(new QName(WSConstants.SIG_NS, WSConstants.SIG_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBindingWithDKServerSide() {
+ try {
+ MessageContext ctx = getMsgCtx();
+ ctx.setServerSide(true);
+
+ String policyXml = "test-resources/policy/rampart-transport-binding-dk.xml";
+ Policy policy = this.loadPolicy(policyXml);
+
+ ctx.setProperty(RampartMessageData.KEY_RAMPART_POLICY, policy);
+
+ MessageBuilder builder = new MessageBuilder();
+ builder.build(ctx);
+
+ List list = new ArrayList();
+ list.add(new QName(WSConstants.WSU_NS, WSConstants.TIMESTAMP_TOKEN_LN));
+ this.verifySecHeader(list.iterator(), ctx.getEnvelope());
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java
new file mode 100644
index 0000000..4f2ca7b
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/InflowConfigurationTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+import junit.framework.TestCase;
+
+public class InflowConfigurationTest extends TestCase {
+
+ public InflowConfigurationTest() {
+ super();
+ }
+
+ public InflowConfigurationTest(String name) {
+ super(name);
+ }
+
+ public void testGetProperty() {
+ String actionItems = "Timestamp Signature Encrypt";
+ String sigPropFile = "sig.properties";
+ String decPropFile = "enc.properties";
+ String pwcb = "org.apache.axis2.security.PWCallback";
+
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems(actionItems);
+ ifc.setSignaturePropFile(sigPropFile);
+ ifc.setDecryptionPropFile(decPropFile);
+ ifc.setPasswordCallbackClass(pwcb);
+
+ // Check whether the props are there
+ assertTrue("Action items missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ + actionItems + "</"
+ + WSSHandlerConstants.ACTION_ITEMS + ">"));
+
+ assertTrue("passwordCallbackClass missing", -1 < ifc.getProperty().getParameterElement()
+ .toString().indexOf(
+ "<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ + "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ + ">"));
+
+ assertTrue("sigPropFile missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ + sigPropFile + "</"
+ + WSHandlerConstants.SIG_PROP_FILE + ">"));
+
+ assertTrue("decPropFile missing", -1 < ifc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.DEC_PROP_FILE + ">"
+ + decPropFile + "</"
+ + WSHandlerConstants.DEC_PROP_FILE + ">"));
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java
new file mode 100644
index 0000000..01f786a
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/handler/config/OutflowConfigurationTest.java
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.handler.config;
+
+import junit.framework.TestCase;
+import org.apache.rampart.handler.WSSHandlerConstants;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.handler.WSHandlerConstants;
+
+/**
+ * Tests the org.apache.axis2.security.handler.config.OutflowConfiguration
+ */
+public class OutflowConfigurationTest extends TestCase {
+
+ public OutflowConfigurationTest() {
+ super();
+ }
+
+ public OutflowConfigurationTest(String name) {
+ super(name);
+ }
+
+ /**
+ * This sets all the possible properties that can be set with
+ * the outflow configuration
+ */
+ public void testGetProperty() {
+
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ String actionItems = "Timestamp Signature Encrypt";
+ String user = "alice";
+ String pwcb = "org.apache.axis2.security.PWCallback";
+ String sigKeyId = "interop.properties";
+ String sigParts = "{Element}{http://schemas.xmlsoap.org/ws/2004/08/"
+ + "addressing}MessageID;{Element}{http://docs.oasis-open.org/wss/"
+ + "2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp";
+ String optimizeParts = "//xenc:EncryptedData/xenc:CipherData/xenc:CipherValue";
+ String embeddedKeyCallbackClass = "org.apache.axis2.security.PWCallback";
+ String encrUser = "bob";
+ String samlPropFile = "saml.properties";
+ String sigPropFile = "sig.properties";
+ String encPropFile = "enc.properties";
+
+ // Setting the properties in the ofc
+ ofc.setActionItems(actionItems);
+ ofc.setUser(user);
+ ofc.setPasswordCallbackClass(pwcb);
+ ofc.setSignatureKeyIdentifier(sigKeyId);
+ ofc.setEncryptionKeyIdentifier(WSSHandlerConstants.SKI_KEY_IDENTIFIER);
+ ofc.setSignatureParts(sigParts);
+ ofc.setOptimizeParts(optimizeParts);
+ ofc.setEmbeddedKeyCallbackClass(embeddedKeyCallbackClass);
+ ofc.setEncryptionKeyTransportAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
+ ofc.setEncryptionSymAlgorithm(WSConstants.AES_128);
+ ofc.setEncryptionUser(encrUser);
+ ofc.setPasswordType(WSConstants.PW_DIGEST);
+ ofc.setSamlPropFile(samlPropFile);
+ ofc.setSignaturePropFile(sigPropFile);
+ ofc.setEncryptionPropFile(encPropFile);
+
+ // Check whether the props are there
+ assertTrue("Action items missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.ACTION_ITEMS + ">"
+ + actionItems + "</"
+ + WSSHandlerConstants.ACTION_ITEMS + ">"));
+
+ assertTrue("User missing", -1 < ofc.getProperty().getParameterElement().toString().indexOf(
+ "<" + WSHandlerConstants.USER + ">" + user + "</"
+ + WSHandlerConstants.USER + ">"));
+
+ assertTrue("passwordCallbackClass missing", -1 < ofc.getProperty().getParameterElement()
+ .toString().indexOf(
+ "<" + WSHandlerConstants.PW_CALLBACK_CLASS + ">" + pwcb
+ + "</" + WSHandlerConstants.PW_CALLBACK_CLASS
+ + ">"));
+
+ assertTrue("sigKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_KEY_ID + ">" + sigKeyId
+ + "</" + WSHandlerConstants.SIG_KEY_ID + ">"));
+
+ assertTrue("encKeyId missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_KEY_ID + ">"
+ + WSSHandlerConstants.SKI_KEY_IDENTIFIER + "</"
+ + WSHandlerConstants.ENC_KEY_ID + ">"));
+
+ assertTrue("signature parts missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIGNATURE_PARTS + ">"
+ + sigParts + "</"
+ + WSHandlerConstants.SIGNATURE_PARTS + ">"));
+
+ assertTrue("optimize parts missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSSHandlerConstants.OPTIMIZE_PARTS + ">"
+ + optimizeParts + "</"
+ + WSSHandlerConstants.OPTIMIZE_PARTS + ">"));
+
+ assertTrue("EmbeddedKeyCallbackClass missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"
+ + embeddedKeyCallbackClass + "</"
+ + WSHandlerConstants.ENC_CALLBACK_CLASS + ">"));
+
+ assertTrue("encryptionKeyTransportAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"
+ + WSConstants.KEYTRANSPORT_RSA15 + "</"
+ + WSHandlerConstants.ENC_KEY_TRANSPORT + ">"));
+
+ assertTrue("encryptionSymAlgorithm missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_SYM_ALGO + ">"
+ + WSConstants.AES_128 + "</"
+ + WSHandlerConstants.ENC_SYM_ALGO + ">"));
+
+ assertTrue("encrUser missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENCRYPTION_USER + ">"
+ + encrUser + "</"
+ + WSHandlerConstants.ENCRYPTION_USER + ">"));
+
+ assertTrue("passwordType missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.PASSWORD_TYPE + ">"
+ + WSConstants.PW_DIGEST + "</"
+ + WSHandlerConstants.PASSWORD_TYPE + ">"));
+
+ assertTrue("samlPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SAML_PROP_FILE + ">"
+ + samlPropFile + "</"
+ + WSHandlerConstants.SAML_PROP_FILE + ">"));
+
+ assertTrue("sigPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.SIG_PROP_FILE + ">"
+ + sigPropFile + "</"
+ + WSHandlerConstants.SIG_PROP_FILE + ">"));
+ assertTrue("encPropFile missing", -1 < ofc.getProperty().getParameterElement().toString()
+ .indexOf(
+ "<" + WSHandlerConstants.ENC_PROP_FILE + ">"
+ + encPropFile + "</"
+ + WSHandlerConstants.ENC_PROP_FILE + ">"));
+ }
+
+ /**
+ * This tests multiple action configurations
+ */
+ public void testMultipleActions() {
+ OutflowConfiguration ofc = new OutflowConfiguration(2);
+
+ String actionItems1 = "Timestamp Signature Encrypt";
+ String user1 = "alice";
+
+ String actionItems2 = "Signature Encrypt Timestamp";
+ String user2 = "alice2";
+
+ ofc.setActionItems(actionItems1);
+ ofc.setUser(user1);
+
+ ofc.nextAction();
+
+ ofc.setActionItems(actionItems2);
+ ofc.setUser(user2);
+
+ assertEquals("Action items mismatch", actionItems2, ofc.getActionItems());
+ assertEquals("Action items mismatch", user2, ofc.getUser());
+
+ ofc.previousAction();
+
+ assertEquals("Action items mismatch", actionItems1, ofc.getActionItems());
+ assertEquals("Action items mismatch", user1, ofc.getUser());
+
+ }
+
+}
diff --git a/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java b/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
new file mode 100644
index 0000000..db78554
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/rampart/policy/model/RampartPolicyTest.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rampart.policy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+
+import javax.xml.namespace.QName;
+
+import java.util.Properties;
+
+import junit.framework.TestCase;
+
+public class RampartPolicyTest extends TestCase {
+
+ public final static QName RAMPART_CONFIG_NAME = new QName(RampartConfig.NS,RampartConfig.RAMPART_CONFIG_LN);
+ public final static QName CRYPTO_CONFIG_NAME = new QName(RampartConfig.NS,CryptoConfig.CRYPTO_LN);
+
+ public void testLoadPolicy() {
+ try {
+ String xmlPath = "test-resources/policy/rampart-policy-1.xml";
+ StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
+
+ OMElement elem = builder.getDocumentElement();
+
+ Policy policy = PolicyEngine.getPolicy(elem);
+
+ Assertion assertion = (Assertion)policy.getAssertions().get(0);
+
+ assertEquals("Incorrect namespace in RampartConfig",
+ RAMPART_CONFIG_NAME.getNamespaceURI(), assertion.getName()
+ .getNamespaceURI());
+ assertEquals("Incorrect localname in RampartConfig",
+ RAMPART_CONFIG_NAME.getLocalPart(), assertion.getName()
+ .getLocalPart());
+
+ RampartConfig config = (RampartConfig) assertion;
+ CryptoConfig sigCryptoConfig = config.getSigCryptoConfig();
+
+ assertNotNull("Signature Crypto missing", sigCryptoConfig);
+
+ assertEquals("Incorrect namespace in SignatureCrypto",
+ CRYPTO_CONFIG_NAME.getNamespaceURI(), sigCryptoConfig
+ .getName().getNamespaceURI());
+ assertEquals("Incorrect localname in SignatureCrypto",
+ CRYPTO_CONFIG_NAME.getLocalPart(), sigCryptoConfig.getName()
+ .getLocalPart());
+
+ assertEquals("Incorrect provider value",
+ "org.apache.ws.security.components.crypto.Merlin",
+ sigCryptoConfig.getProvider());
+
+ Properties prop = sigCryptoConfig.getProp();
+ assertEquals("Incorrect number of properties", 3, prop.size());
+
+ assertEquals("Incorrect property value", "JKS", prop
+ .getProperty("keystoreType"));
+ assertEquals("Incorrect property value", "/path/to/file.jks", prop
+ .getProperty("keystoreFile"));
+ assertEquals("Incorrect property value", "password", prop
+ .getProperty("keystorePassword"));
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+
+ }
+
+}
\ No newline at end of file
diff --git a/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
new file mode 100644
index 0000000..866e780
--- /dev/null
+++ b/modules/rampart-tests/src/test/java/org/apache/ws/secpolicy/model/SecpolicyModelTest.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ws.secpolicy.model;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.ws.secpolicy.Constants;
+
+import java.util.Iterator;
+import java.util.List;
+
+import junit.framework.TestCase;
+
+public class SecpolicyModelTest extends TestCase {
+
+
+ public void testSymmBinding() {
+ try {
+ Policy p = this.getPolicy("test-resources/policy-symm-binding.xml");
+ List assertions = (List)p.getAlternatives().next();
+
+ boolean symmBindingFound = false;
+
+ for (Iterator iter = assertions.iterator(); iter.hasNext();) {
+ Assertion assertion = (Assertion) iter.next();
+ if(assertion instanceof SymmetricBinding) {
+ symmBindingFound = true;
+ SymmetricBinding binding = (SymmetricBinding)assertion;
+ assertEquals("IncludeTimestamp assertion not processed", true, binding.isIncludeTimestamp());
+
+ ProtectionToken protectionToken = binding.getProtectionToken();
+ assertNotNull("ProtectionToken missing", protectionToken);
+
+ Token token = protectionToken.getProtectionToken();
+ if(token instanceof X509Token) {
+ assertEquals("incorrect X509 token versin and type",
+ Constants.WSS_X509_V3_TOKEN10,
+ ((X509Token) token).getTokenVersionAndType());
+ } else {
+ fail("ProtectionToken must contain a X509Token assertion");
+ }
+
+ }
+ }
+ //The Asymm binding mean is not built in the policy processing :-(
+ assertTrue("SymmetricBinding not porcessed", symmBindingFound);
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testAsymmBinding() {
+ try {
+ this.getPolicy("test-resources/policy-asymm-binding.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ public void testTransportBinding() {
+ try {
+ this.getPolicy("test-resources/policy-transport-binding.xml");
+ } catch (Exception e) {
+ e.printStackTrace();
+ fail(e.getMessage());
+ }
+ }
+
+ private Policy getPolicy(String filePath) throws Exception {
+ StAXOMBuilder builder = new StAXOMBuilder(filePath);
+ OMElement elem = builder.getDocumentElement();
+ return PolicyEngine.getPolicy(elem);
+ }
+}
diff --git a/modules/rampart-tests/test-resources/PWCallback.java b/modules/rampart-tests/test-resources/PWCallback.java
new file mode 100644
index 0000000..df9d4de
--- /dev/null
+++ b/modules/rampart-tests/test-resources/PWCallback.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.axis2.security;
+
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import java.io.IOException;
+
+
+
+/**
+
+ * Class PWCallback
+
+ */
+
+public class PWCallback implements CallbackHandler {
+
+
+
+ /** Field key */
+
+ private static final byte[] key = {
+
+ (byte) 0x31, (byte) 0xfd, (byte) 0xcb, (byte) 0xda, (byte) 0xfb,
+
+ (byte) 0xcd, (byte) 0x6b, (byte) 0xa8, (byte) 0xe6, (byte) 0x19,
+
+ (byte) 0xa7, (byte) 0xbf, (byte) 0x51, (byte) 0xf7, (byte) 0xc7,
+
+ (byte) 0x3e, (byte) 0x80, (byte) 0xae, (byte) 0x98, (byte) 0x51,
+
+ (byte) 0xc8, (byte) 0x51, (byte) 0x34, (byte) 0x04,
+
+ };
+
+
+
+ /*
+
+ * (non-Javadoc)
+
+ * @see javax.security.auth.callback.CallbackHandler#handle(javax.security.auth.callback.Callback[])
+
+ */
+
+
+
+ /**
+
+ * Method handle
+
+ *
+
+ * @param callbacks
+
+ * @throws java.io.IOException
+
+ * @throws javax.security.auth.callback.UnsupportedCallbackException
+
+ */
+
+ public void handle(Callback[] callbacks)
+
+ throws IOException, UnsupportedCallbackException {
+
+
+
+ for (int i = 0; i < callbacks.length; i++) {
+
+ if (callbacks[i] instanceof WSPasswordCallback) {
+
+ WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+
+
+
+ /*
+
+ * This usage type is used only in case we received a
+
+ * username token with a password of type PasswordText or
+
+ * an unknown password type.
+
+ *
+
+ * This case the WSPasswordCallback object contains the
+
+ * identifier (aka username), the password we received, and
+
+ * the password type string to identify the type.
+
+ *
+
+ * Here we perform only a very simple check.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) {
+
+ if(pc.getIdentifer().equals("Ron") && pc.getPassword().equals("noR")) {
+
+ return;
+
+ }
+
+ if (pc.getPassword().equals("sirhC")) {
+
+ return;
+
+ }
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "check failed");
+
+ }
+
+ /*
+
+ * here call a function/method to lookup the password for
+
+ * the given identifier (e.g. a user name or keystore alias)
+
+ * e.g.: pc.setPassword(passStore.getPassword(pc.getIdentfifier))
+
+ * for Testing we supply a fixed name here.
+
+ */
+
+ if (pc.getUsage() == WSPasswordCallback.KEY_NAME) {
+
+ pc.setKey(key);
+
+ } else if(pc.getIdentifer().equals("alice")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("bob")) {
+
+ pc.setPassword("password");
+
+ } else if(pc.getIdentifer().equals("Ron")) {
+
+ pc.setPassword("noR");
+
+ } else {
+
+ pc.setPassword("sirhC");
+
+ }
+
+ } else {
+
+ throw new UnsupportedCallbackException(callbacks[i],
+
+ "Unrecognized Callback");
+
+ }
+
+ }
+
+ }
+
+}
+
+
diff --git a/modules/rampart-tests/test-resources/axis2.xml b/modules/rampart-tests/test-resources/axis2.xml
new file mode 100644
index 0000000..7d978b4
--- /dev/null
+++ b/modules/rampart-tests/test-resources/axis2.xml
@@ -0,0 +1,97 @@
+<axisconfig name="AxisJava2.0">
+ <parameter name="hotdeployment" locked="false">true</parameter>
+ <parameter name="hotupdate" locked="false">true</parameter>
+
+ <messageReceiver mep="INOUT" class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+
+
+ <!-- This is only till we get the service specific parameters fixed in service.xml -->
+ <parameter name="InAction" locked="false">UsernameToken</parameter>
+ <parameter name="passwordCallbackClass" locked="false">
+ org.apache.axis2.security.PWCallback</parameter>
+
+ <transportSender name="http" class="org.apache.axis2.transport.http.CommonsHTTPTransportSender">
+ <parameter name="PROTOCOL" locked="false">HTTP/1.0</parameter>
+ </transportSender>
+
+ <module ref="security"/>
+
+ <phaseOrder type="InFlow">
+ <!-- System pre defined phases -->
+ <phase name="Transport">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ </phase>
+ <phase name="Security"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- System pre defined phases -->
+ <!-- After Postdispatch phase module author or or service author can add any phase he want -->
+ <phase name="OperationInPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutPhase"/>
+ <!--system predefined phase-->
+ <!--these phase will run irrespective of the service-->
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+ <phaseOrder type="InFaultFlow">
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch" class="org.apache.axis2.engine.DispatchPhase">
+ <handler name="RequestURIBasedDispatcher"
+ class="org.apache.axis2.engine.RequestURIBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPActionBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPActionBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="AddressingBasedDispatcher"
+ class="org.apache.axis2.engine.AddressingBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+
+ <handler name="SOAPMessageBodyBasedDispatcher"
+ class="org.apache.axis2.engine.SOAPMessageBodyBasedDispatcher">
+ <order phase="Dispatch"/>
+ </handler>
+ <handler name="InstanceDispatcher"
+ class="org.apache.axis2.engine.InstanceDispatcher">
+ <order phase="PostDispatch"/>
+ </handler>
+ </phase>
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationInFaultPhase"/>
+ </phaseOrder>
+ <phaseOrder type="OutFaultFlow">
+ <!-- user can add his own phases to this area -->
+ <phase name="OperationOutFaultPhase"/>
+ <phase name="PolicyDetermination"/>
+ <phase name="MessageOut"/>
+ </phaseOrder>
+</axisconfig>
+
diff --git a/modules/rampart-tests/test-resources/keys/interop2.jks b/modules/rampart-tests/test-resources/keys/interop2.jks
new file mode 100644
index 0000000..a7d1a3f
--- /dev/null
+++ b/modules/rampart-tests/test-resources/keys/interop2.jks
Binary files differ
diff --git a/modules/rampart-tests/test-resources/policy-asymm-binding.xml b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
new file mode 100644
index 0000000..aae3ea5
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy-asymm-binding.xml
@@ -0,0 +1,46 @@
+<wsp:Policy wsu:Id="1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy-symm-binding.xml b/modules/rampart-tests/test-resources/policy-symm-binding.xml
new file mode 100644
index 0000000..de8bd5b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy-symm-binding.xml
@@ -0,0 +1,53 @@
+<wsp:Policy wsu:Id="3" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy-transport-binding.xml b/modules/rampart-tests/test-resources/policy-transport-binding.xml
new file mode 100644
index 0000000..a74b444
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy-transport-binding.xml
@@ -0,0 +1,43 @@
+<wsp:Policy wsu:Id="2" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml
new file mode 100644
index 0000000..2f3e7a3
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindings.xml
@@ -0,0 +1,50 @@
+
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+<sp:AsymmetricBinding>
+ <wsp:Policy>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
+ </wsp:Policy> </sp:RecipientToken>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always" />
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptBeforeSigning />
+ <sp:EncryptSignature />
+ <sp:ProtectTokens />
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:RequireSignatureConfirmation />
+ </wsp:Policy>
+ </sp:Wss11>
+ </wsp:Policy>
+
+
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml
new file mode 100644
index 0000000..fb32250
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/SecurityPolicyBindingsSymm.xml
@@ -0,0 +1,43 @@
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+<sp:SymmetricBinding>
+<wsp:Policy>
+<sp:ProtectionToken>
+<wsp:Policy>
+<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+</wsp:Policy>
+</sp:ProtectionToken>
+<sp:AlgorithmSuite>
+<wsp:Policy>
+<sp:Basic256 />
+</wsp:Policy>
+</sp:AlgorithmSuite>
+<sp:Layout>
+<wsp:Policy>
+<sp:Strict />
+</wsp:Policy>
+</sp:Layout>
+<sp:IncludeTimestamp />
+<sp:EncryptBeforeSigning />
+<sp:EncryptSignature />
+<sp:ProtectTokens />
+<sp:SignedSupportingTokens>
+<wsp:Policy>
+<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />
+</wsp:Policy>
+</sp:SignedSupportingTokens>
+<!--<sp:SignedEndorsingSupportingTokens>
+<wsp:Policy>
+<sp:X509V3Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/IncludeToken/Once" />
+</wsp:Policy>
+</sp:SignedEndorsingSupportingTokens> -->
+</wsp:Policy>
+</sp:SymmetricBinding>
+<sp:Wss11>
+<wsp:Policy>
+<sp:RequireSignatureConfirmation />
+</wsp:Policy>
+</sp:Wss11>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml b/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml
new file mode 100644
index 0000000..3074acf
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/SecurityPolicyMsg.xml
@@ -0,0 +1,19 @@
+<!-- Example Endpoint Policy -->
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
+
+ <!-- Example Message Policy -->
+
+ <sp:SignedParts>
+ <sp:Header Name="Header1" Namespace="uri:namespace_1" />
+ <sp:Header Name="Header2" Namespace="uri:namespace_2" />
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts>
+ <sp:Header Name="Header2" Namespace="uri:namespace_2" />
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ </wsp:Policy>
+
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
new file mode 100644
index 0000000..3930028
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-1.xml
@@ -0,0 +1,75 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
new file mode 100644
index 0000000..b2102da
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-2-sig-dk.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
new file mode 100644
index 0000000..8d648b2
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-3-dk.xml
@@ -0,0 +1,77 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
new file mode 100644
index 0000000..55cbb13
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-4-dk-ebs.xml
@@ -0,0 +1,85 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning />
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
new file mode 100644
index 0000000..db23288
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-5-ebs.xml
@@ -0,0 +1,81 @@
+<wsp:Policy wsu:Id="6" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:EncryptBeforeSigning />
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
new file mode 100644
index 0000000..735d8c5
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-6-3des-r15.xml
@@ -0,0 +1,74 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
new file mode 100644
index 0000000..7adeceb
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-asymm-binding-7-3des-r15-DK.xml
@@ -0,0 +1,76 @@
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireDerivedKeys/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml b/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
new file mode 100644
index 0000000..5f1e907
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-policy-1.xml
@@ -0,0 +1,15 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.axis2.security.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="keystoreType">JKS</ramp:property>
+ <ramp:property name="keystoreFile">/path/to/file.jks</ramp:property>
+ <ramp:property name="keystorePassword">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
new file mode 100644
index 0000000..f84ada7
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-dk.xml
@@ -0,0 +1,68 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
new file mode 100644
index 0000000..a9c407b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding-no-bst.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
new file mode 100644
index 0000000..0ba03af
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/rampart-transport-binding.xml
@@ -0,0 +1,64 @@
+<wsp:Policy wsu:Id="5" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false"/>
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient" />
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/keys/interop2.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-tests/test-resources/policy/soapmessage.xml b/modules/rampart-tests/test-resources/policy/soapmessage.xml
new file mode 100644
index 0000000..1080754
--- /dev/null
+++ b/modules/rampart-tests/test-resources/policy/soapmessage.xml
@@ -0,0 +1,57 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
+ xmlns:axis2="http://ws.apache.org/namespaces/axis2">
+ <soapenv:Header xmlns:fabrikam="http://example.com/fabrikam">
+ <wsa:MessageID soapenv:mustUnderstand="0">
+ uuid:920C5190-0B8F-11D9-8CED-F22EDEEBF7E5</wsa:MessageID>
+ <wsa:To soapenv:mustUnderstand="0">http://localhost:8081/axis/services/BankPort</wsa:To>
+ <wsa:From axis2:AttrExt="123456789" soapenv:mustUnderstand="0" >
+ <wsa:Address>
+ http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:From>
+ <wsa:Action>http://ws.apache.org/tests/action</wsa:Action>
+ <wsa:ReplyTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/acct</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:ReplyTo>
+
+ <wsa:FaultTo axis2:AttrExt="123456789">
+ <wsa:Address>http://example.com/fabrikam/fault</wsa:Address>
+ <wsa:ReferenceParameters>
+ <fabrikam:CustomerKey>123456789</fabrikam:CustomerKey>
+ </wsa:ReferenceParameters>
+ <wsa:ReferenceProperties>
+ <fabrikam:ShoppingCart>ABCDEFG</fabrikam:ShoppingCart>
+ </wsa:ReferenceProperties>
+ <axis2:EPRExt axis2:AttrExt="123456789">123456789</axis2:EPRExt>
+ </wsa:FaultTo>
+ <wsa:RelatesTo>http://some.previous.message</wsa:RelatesTo>
+ <wsa:RelatesTo RelationshipType="axis2:some.custom.relationship">http://identifier.of.other.message/</wsa:RelatesTo>
+
+ </soapenv:Header>
+ <soapenv:Body>
+ <ns1:getBalance soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xmlns:ns1="http://localhost:8081/axis/services/BankPort">
+ <accountNo href="#id0"/>
+ </ns1:getBalance>
+ <multiRef id="id0" soapenc:root="0"
+ soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
+ xsi:type="xsd:int" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">
+ 1001</multiRef>
+ </soapenv:Body>
+</soapenv:Envelope>
\ No newline at end of file
diff --git a/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml
new file mode 100644
index 0000000..74887ea
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.1.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer">
+ <tokenType>http://example.org/mySpecialToken1</tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml
new file mode 100644
index 0000000..87f6844
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/dispatcher.config.invalid.2.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer" default="true">
+ <tokenType></tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-tests/test-resources/trust/dispatcher.config.xml b/modules/rampart-tests/test-resources/trust/dispatcher.config.xml
new file mode 100644
index 0000000..1c8dea1
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/dispatcher.config.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.TempIssuer" default="true">
+ <tokenType>http://example.org/mySpecialToken1</tokenType>
+ <tokenType>http://example.org/mySpecialToken2</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml b/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml
new file mode 100644
index 0000000..f0a5238
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sct-issuer-config.xml
@@ -0,0 +1,4 @@
+<sct-issuer-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+</sct-issuer-config>
diff --git a/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties b/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties
new file mode 100755
index 0000000..c126c57
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sctIssuer.properties
@@ -0,0 +1,4 @@
+org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=jks
+org.apache.ws.security.crypto.merlin.keystore.password=password
+org.apache.ws.security.crypto.merlin.file=sts.jks
diff --git a/modules/rampart-tests/test-resources/trust/impl/sts-services.xml b/modules/rampart-tests/test-resources/trust/impl/sts-services.xml
new file mode 100644
index 0000000..d3a489b
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sts-services.xml
@@ -0,0 +1,29 @@
+<!-- Security token service configuration -->
+<service name="STS">
+
+ <operation name="RequestSecurityToken">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+ </operation>
+
+ <!-- Using the config file -->
+ <parameter name="token-dispatcher-configuration-file">token-dispatcher-configuration.xml</parameter>
+
+ <parameter name="InflowSecurity">
+ <action>
+ <items>Timestamp Signature</items>
+ <signaturePropFile>sctIssuer.properties</signaturePropFile>
+ </action>
+ </parameter>
+
+ <parameter name="OutflowSecurity">
+ <action>
+ <items>Timestamp</items>
+ </action>
+ </parameter>
+
+</service>
diff --git a/modules/rampart-tests/test-resources/trust/impl/sts.jks b/modules/rampart-tests/test-resources/trust/impl/sts.jks
new file mode 100644
index 0000000..b4514d7
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/sts.jks
Binary files differ
diff --git a/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml b/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml
new file mode 100644
index 0000000..b3ca9ea
--- /dev/null
+++ b/modules/rampart-tests/test-resources/trust/impl/token-dispatcher-configuration.xml
@@ -0,0 +1,6 @@
+<token-dispatcher-configuration>
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration-file>sct-issuer-config.xml</configuration-file>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+</token-dispatcher-configuration>
diff --git a/modules/rampart-trust-mar/module.xml b/modules/rampart-trust-mar/module.xml
new file mode 100644
index 0000000..f95ea19
--- /dev/null
+++ b/modules/rampart-trust-mar/module.xml
@@ -0,0 +1,41 @@
+<module name="rahas">
+ <Description>This module is used to STS enable a service where it adds
+ the RequestSecurityToken operation to a service that the module is engaged to</Description>
+
+ <supported-policy-namespaces namespaces="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
+
+ <operation name="RequestSecurityToken" mep="http://www.w3.org/2006/01/wsdl/in-out">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ <parameter name="token-dispatcher-configuration">
+ <token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="parameter">sct-issuer-config</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="parameter">saml-issuer-config</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="parameter">token-canceler-config</configuration>
+ </canceler>
+
+ </token-dispatcher-configuration>
+ </parameter>
+
+ </operation>
+
+</module>
diff --git a/modules/rampart-trust-mar/pom.xml b/modules/rampart-trust-mar/pom.xml
new file mode 100644
index 0000000..9f471c7
--- /dev/null
+++ b/modules/rampart-trust-mar/pom.xml
@@ -0,0 +1,110 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rahas</artifactId>
+ <packaging>mar</packaging>
+ <version>${rahas.mar.version}</version>
+ <name>Rampart - Trust-Mar</name>
+
+ <scm>
+ <connection>scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mar-maven-plugin</artifactId>
+ <version>1.2</version>
+ <extensions>true</extensions>
+ <configuration>
+ <includeDependencies>false</includeDependencies>
+ <moduleXmlFile>module.xml</moduleXmlFile>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${rampart.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-trust</artifactId>
+ <version>${rampart.version}</version>
+ </dependency>
+ </dependencies>
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>apache-m2</id>
+ <name>Apache M2 Repository</name>
+ <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>false</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ </pluginRepository>
+ <pluginRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Snapshots Repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>daily</updatePolicy>
+ <checksumPolicy>ignore</checksumPolicy>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+ </pluginRepositories>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
diff --git a/modules/rampart-trust/pom.xml b/modules/rampart-trust/pom.xml
new file mode 100644
index 0000000..c514b35
--- /dev/null
+++ b/modules/rampart-trust/pom.xml
@@ -0,0 +1,63 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <parent>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <version>1.3-SNAPSHOT</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>rampart-trust</artifactId>
+ <packaging>jar</packaging>
+ <version>1.3-SNAPSHOT</version>
+ <name>Rampart - Trust</name>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <testSourceDirectory>src/main/java</testSourceDirectory>
+ <resources>
+ <resource>
+ <directory>src/main/java</directory>
+ <includes>
+ <include>**/*.properties</include>
+ <include>**/*.xml</include>
+ <include>**/*.xsl</include>
+ </includes>
+ </resource>
+ </resources>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-policy</artifactId>
+ <version>${pom.version}</version>
+ </dependency>
+ </dependencies>
+
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-site-plugin</artifactId>
+ <configuration>
+ <templateDirectory>${basedir}</templateDirectory>
+ <menu ref="parent" />
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+
+</project>
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
new file mode 100644
index 0000000..6dd1901
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasConstants.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+
+public class RahasConstants {
+
+ public final static int VERSION_05_02 = 1;
+ public final static int VERSION_05_12 = 2;
+
+ /**
+ * WS-Trust 2005 Feb namespace
+ */
+ public final static String WST_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
+
+ /**
+ * WS-SX Namespace
+ */
+ public final static String WST_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+
+ public final static String WST_PREFIX = "wst";
+
+ public final static String WSP_NS = "http://schemas.xmlsoap.org/ws/2004/09/policy";
+ public final static String WSP_PREFIX = "wsp";
+
+ public static class LocalNames {
+ public static final String REQUEST_SECURITY_TOKEN = "RequestSecurityToken";
+ public static final String REQUEST_SECURITY_TOKEN_RESPONSE = "RequestSecurityTokenResponse";
+ public static final String REQUEST_TYPE = "RequestType";
+ public static final String TOKEN_TYPE = "TokenType";
+ public static final String REQUESTED_PROOF_TOKEN = "RequestedProofToken";
+ public static final String
+ REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION = "RequestSecurityTokenResponseCollection";
+ public final static String BINARY_SECRET = "BinarySecret";
+ }
+
+ public static class IssuanceBindingLocalNames {
+ public static final String REQUESTED_SECURITY_TOKEN = "RequestedSecurityToken";
+ public static final String COMPUTED_KEY_ALGO = "ComputedKeyAlgorithm";
+ public static final String COMPUTED_KEY = "ComputedKey";
+ public static final String REQUESTED_ATTACHED_REFERENCE = "RequestedAttachedReference";
+ public static final String REQUESTED_UNATTACHED_REFERENCE = "RequestedUnattachedReference";
+ public static final String KEY_SIZE = "KeySize";
+ public static final String KEY_TYPE = "KeyType";
+ public static final String ENTROPY = "Entropy";
+ public static final String APPLIES_TO = "AppliesTo";
+ public static final String LIFETIME = "Lifetime";
+ public static final String CLAIMS = "Claims";
+
+ }
+
+ public static class CancelBindingLocalNames {
+ public static final String REQUESTED_TOKEN_CANCELED = "RequestedTokenCancelled";
+ public static final String CANCEL_TARGET = "CancelTarget";
+ public static final String URI = "URI";
+ }
+
+ //Key types
+ public static final String KEY_TYPE_SYMM_KEY = "/SymmetricKey";
+ public static final String KEY_TYPE_PUBLIC_KEY = "/PublicKey";
+ public static final String KEY_TYPE_BEARER = "/Bearer";
+
+ //Attr values
+ public static final String BIN_SEC_TYPE_NONCE = "/Nonce";
+
+ //ComputedKey algos
+ public static final String COMPUTED_KEY_PSHA1 = "/CK/PSHA1";
+
+ // RequestTypes
+ public static final String REQ_TYPE_ISSUE = "/Issue";
+ public static final String REQ_TYPE_VALIDATE = "/Validate";
+ public static final String REQ_TYPE_RENEW = "/Renew";
+ public static final String REQ_TYPE_CANCEL = "/Cancel";
+
+ //RST actions
+ public static final String RST_ACTION_ISSUE = "/RST" + REQ_TYPE_ISSUE;
+ public static final String RST_ACTION_VALIDATE = "/RST" + REQ_TYPE_VALIDATE;
+ public static final String RST_ACTION_RENEW = "/RST" + REQ_TYPE_RENEW;
+ public static final String RST_ACTION_CANCEL = "/RST" + REQ_TYPE_CANCEL;
+ public static final String RST_ACTION_SCT = "/RST/SCT";
+ public static final String RST_ACTION_CANCEL_SCT = "/RST/SCT" + REQ_TYPE_CANCEL;
+
+ //RSTR actions
+ public static final String RSTR_ACTION_ISSUE = "/RSTR" + REQ_TYPE_ISSUE;
+ public static final String RSTR_ACTION_VALIDATE = "/RSTR" + REQ_TYPE_VALIDATE;
+ public static final String RSTR_ACTION_RENEW = "/RSTR" + REQ_TYPE_RENEW;
+ public static final String RSTR_ACTION_CANCEL = "/RSTR" + REQ_TYPE_CANCEL;
+ public static final String RSTR_ACTION_SCT = "/RSTR/SCT";
+ public static final String RSTR_ACTION_CANCEL_SCT = "/RSTR/SCT" + REQ_TYPE_CANCEL;
+
+ //Token types
+ public static final String TOK_TYPE_SAML_10 = "http://docs.oasis-open.org/wss/" +
+ "oasis-wss-saml-token-profile-1.1#SAMLV1.1";
+
+ //Attrs
+ public static final String ATTR_TYPE = "Type";
+ public static final String ATTR_CLAIMS_DIALECT = "Dialect";
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
new file mode 100644
index 0000000..1747496
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/RahasData.java
@@ -0,0 +1,468 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityEngineResult;
+import org.apache.ws.security.handler.WSHandlerConstants;
+import org.apache.ws.security.handler.WSHandlerResult;
+
+import javax.xml.namespace.QName;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+/**
+ * Common data items on WS-Trust request messages
+ */
+public class RahasData {
+
+ private MessageContext inMessageContext;
+
+ private OMElement rstElement;
+
+ private int version = -1;
+
+ private String wstNs;
+
+ private String requestType;
+
+ private String tokenType;
+
+ private int keysize = -1;
+
+ private String computedKeyAlgo;
+
+ private String keyType;
+
+ private String appliesToAddress;
+
+ private OMElement appliesToEpr;
+
+ private Principal principal;
+
+ private X509Certificate clientCert;
+
+ private byte[] ephmeralKey;
+
+ private byte[] requestEntropy;
+
+ private byte[] responseEntropy;
+
+ private String addressingNs;
+
+ private String soapNs;
+
+ private OMElement claimElem;
+
+ private String claimDialect;
+ /**
+ * Create a new RahasData instance and populate it with the information from
+ * the request.
+ *
+ * @throws TrustException <code>RequestSecurityToken</code> element is invalid.
+ */
+ public RahasData(MessageContext inMessageContext) throws TrustException {
+
+ this.inMessageContext = inMessageContext;
+
+ //Check for an authenticated Principal
+ this.processWSS4JSecurityResults();
+
+ // Find out the incoming addressing version
+ this.addressingNs = (String) this.inMessageContext
+ .getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
+
+ this.rstElement = this.inMessageContext.getEnvelope().getBody()
+ .getFirstElement();
+
+ this.soapNs = this.inMessageContext.getEnvelope().getNamespace()
+ .getNamespaceURI();
+
+ this.wstNs = this.rstElement.getNamespace().getNamespaceURI();
+
+ int ver = TrustUtil.getWSTVersion(this.wstNs);
+
+ if (ver == -1) {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ } else {
+ this.version = ver;
+ }
+
+ this.processRequestType();
+
+ this.processTokenType();
+
+ this.processKeyType();
+
+ this.processKeySize();
+
+ this.processAppliesTo();
+
+ this.processEntropy();
+
+ this.processClaims();
+
+ }
+
+ /**
+ * Processes the authenticated user information from the WSS4J security
+ * results.
+ *
+ * @throws TrustException
+ */
+ private void processWSS4JSecurityResults() throws TrustException {
+
+ /*
+ * User can be identifier using a UsernameToken or a certificate - If a
+ * certificate is found then we use that to - identify the user and -
+ * encrypt the response (if required) - If a UsernameToken is found then
+ * we will not be encrypting the response
+ */
+
+ Vector results;
+ if ((results = (Vector) this.inMessageContext
+ .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ } else {
+
+ for (int i = 0; i < results.size(); i++) {
+ WSHandlerResult rResult = (WSHandlerResult) results.get(i);
+ Vector wsSecEngineResults = rResult.getResults();
+
+ for (int j = 0; j < wsSecEngineResults.size(); j++) {
+ WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults
+ .get(j);
+ Object principalObject = wser.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ int act = ((Integer)wser.get(WSSecurityEngineResult.TAG_ACTION)).
+ intValue();
+ if (act == WSConstants.SIGN && principalObject != null) {
+ this.clientCert = (X509Certificate) wser
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
+ this.principal = (Principal)principalObject;
+ } else if (act == WSConstants.UT && principalObject != null) {
+ this.principal = (Principal)principalObject;
+ } else if (act == WSConstants.BST) {
+ final X509Certificate[] certificates =
+ (X509Certificate[]) wser
+ .get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
+ this.clientCert = certificates[0];
+ this.principal = this.clientCert.getSubjectDN();
+ }
+ }
+ }
+ // If the principal is missing
+ if (principal == null) {
+ throw new TrustException(TrustException.REQUEST_FAILED);
+ }
+ }
+ }
+
+ private void processAppliesTo() throws TrustException {
+
+ OMElement appliesToElem = this.rstElement
+ .getFirstChildWithName(new QName(RahasConstants.WSP_NS,
+ RahasConstants.IssuanceBindingLocalNames.
+ APPLIES_TO));
+
+ if (appliesToElem != null) {
+ OMElement eprElem = appliesToElem.getFirstElement();
+ this.appliesToEpr = eprElem;
+
+ // If there were no addressing headers
+ // The find the addressing version using the EPR element
+ if (this.addressingNs == null) {
+ this.addressingNs = eprElem.getNamespace()
+ .getNamespaceURI();
+ }
+
+ if (eprElem != null) {
+
+ //Of the epr is a web service then try to get the addr
+
+ OMElement addrElem = eprElem
+ .getFirstChildWithName(new QName(
+ this.addressingNs,
+ AddressingConstants.EPR_ADDRESS));
+ if (addrElem != null && addrElem.getText() != null
+ && !"".equals(addrElem.getText().trim())) {
+ this.appliesToAddress = addrElem.getText().trim();
+ }
+ } else {
+ throw new TrustException("invalidAppliesToElem");
+ }
+ }
+ }
+
+ private void processRequestType() throws TrustException {
+ OMElement reqTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.REQUEST_TYPE));
+
+ if (reqTypeElem == null ||
+ reqTypeElem.getText() == null ||
+ reqTypeElem.getText().trim().length() == 0) {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ } else {
+ this.requestType = reqTypeElem.getText().trim();
+ }
+ }
+
+ private void processTokenType() {
+ OMElement tokTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.LocalNames.TOKEN_TYPE));
+
+ if (tokTypeElem != null && tokTypeElem.getText() != null
+ && !"".equals(tokTypeElem.getText().trim())) {
+ this.tokenType = tokTypeElem.getText().trim();
+ }
+ }
+
+ /**
+ * Find the value of the KeyType element of the RST
+ */
+ private void processKeyType() {
+ OMElement keyTypeElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.KEY_TYPE));
+ if (keyTypeElem != null) {
+ String text = keyTypeElem.getText();
+ if (text != null && !"".equals(text.trim())) {
+ this.keyType = text.trim();
+ }
+ }
+ }
+
+ /**
+ * Finds the KeySize and creates an empty ephmeral key.
+ *
+ * @throws TrustException
+ */
+ private void processKeySize() throws TrustException {
+ OMElement keySizeElem =
+ this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.
+ KEY_SIZE));
+ if (keySizeElem != null) {
+ String text = keySizeElem.getText();
+ if (text != null && !"".equals(text.trim())) {
+ try {
+ //Set key size
+ this.keysize = Integer.parseInt(text.trim());
+
+ //Create an empty array to hold the key
+ this.ephmeralKey = new byte[this.keysize];
+ } catch (NumberFormatException e) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[]{"invalid wst:Keysize value"}, e);
+ }
+ }
+ }
+ this.keysize = -1;
+ }
+
+ /**
+ * Processes a claims.
+ *
+ */
+ private void processClaims() throws TrustException{
+ claimElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.CLAIMS));
+
+ if(claimElem != null){
+ claimDialect = claimElem.getAttributeValue(new QName(this.wstNs,
+ RahasConstants.ATTR_CLAIMS_DIALECT));
+ }
+
+ }
+
+ /**
+ * Process wst:Entropy element in the request.
+ */
+ private void processEntropy() throws TrustException {
+ OMElement entropyElem = this.rstElement
+ .getFirstChildWithName(new QName(this.wstNs,
+ RahasConstants.IssuanceBindingLocalNames.ENTROPY));
+
+ if (entropyElem != null) {
+ OMElement binSecElem = entropyElem.getFirstElement();
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText())) {
+ this.requestEntropy = Base64.decode(binSecElem.getText());
+ } else {
+ throw new TrustException("malformedEntropyElement",
+ new String[]{entropyElem.toString()});
+ }
+
+ }
+ }
+
+ /**
+ * @return Returns the appliesToAddress.
+ */
+ public String getAppliesToAddress() {
+ return appliesToAddress;
+ }
+
+ /**
+ * @return Returns the clientCert.
+ */
+ public X509Certificate getClientCert() {
+ return clientCert;
+ }
+
+ /**
+ * @return Returns the computedKeyAlgo.
+ */
+ public String getComputedKeyAlgo() {
+ return computedKeyAlgo;
+ }
+
+ /**
+ * @return Returns the ephmeralKey.
+ */
+ public byte[] getEphmeralKey() {
+ return ephmeralKey;
+ }
+
+ /**
+ * @return Returns the inMessageContext.
+ */
+ public MessageContext getInMessageContext() {
+ return inMessageContext;
+ }
+
+ /**
+ * @return Returns the keysize.
+ */
+ public int getKeysize() {
+ return keysize;
+ }
+
+ /**
+ * @return Returns the keyType.
+ */
+ public String getKeyType() {
+ return keyType;
+ }
+
+ /**
+ * @return Returns the principal.
+ */
+ public Principal getPrincipal() {
+ return principal;
+ }
+
+ /**
+ * @return Returns the requestEntropy.
+ */
+ public byte[] getRequestEntropy() {
+ return requestEntropy;
+ }
+
+ /**
+ * @return Returns the requestType.
+ */
+ public String getRequestType() {
+ return requestType;
+ }
+
+ /**
+ * @return Returns the responseEntropy.
+ */
+ public byte[] getResponseEntropy() {
+ return responseEntropy;
+ }
+
+ /**
+ * @return Returns the rstElement.
+ */
+ public OMElement getRstElement() {
+ return rstElement;
+ }
+
+ /**
+ * @return Returns the tokenType.
+ */
+ public String getTokenType() {
+ return tokenType;
+ }
+
+ /**
+ * @return Returns the version.
+ */
+ public int getVersion() {
+ return version;
+ }
+
+ /**
+ * @return Returns the addressingNs.
+ */
+ public String getAddressingNs() {
+ return addressingNs;
+ }
+
+ /**
+ * @return Returns the wstNs.
+ */
+ public String getWstNs() {
+ return wstNs;
+ }
+
+ /**
+ * @return Returns the soapNs.
+ */
+ public String getSoapNs() {
+ return soapNs;
+ }
+
+ /**
+ * @param responseEntropy The responseEntropy to set.
+ */
+ public void setResponseEntropy(byte[] responseEntropy) {
+ this.responseEntropy = responseEntropy;
+ }
+
+ /**
+ * @param ephmeralKey The ephmeralKey to set.
+ */
+ public void setEphmeralKey(byte[] ephmeralKey) {
+ this.ephmeralKey = ephmeralKey;
+ }
+
+ public String getClaimDialect() {
+ return claimDialect;
+ }
+
+ public OMElement getClaimElem() {
+ return claimElem;
+ }
+
+ public OMElement getAppliesToEpr() {
+ return appliesToEpr;
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java b/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java
new file mode 100644
index 0000000..f3bd34f
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/STSMessageReceiver.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.receivers.AbstractInOutMessageReceiver;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import javax.xml.namespace.QName;
+
+public class STSMessageReceiver extends AbstractInOutMessageReceiver {
+
+ private static final Log log = LogFactory.getLog(STSMessageReceiver.class);
+
+ public void invokeBusinessLogic(MessageContext inMessage,
+ MessageContext outMessage) throws AxisFault {
+
+ try {
+ Parameter param = inMessage
+ .getParameter(TokenRequestDispatcherConfig.CONFIG_PARAM_KEY);
+ Parameter paramFile = inMessage
+ .getParameter(TokenRequestDispatcherConfig.CONFIG_FILE_KEY);
+ TokenRequestDispatcher dispatcher = null;
+ if (param != null) {
+ dispatcher = new TokenRequestDispatcher(param
+ .getParameterElement().getFirstChildWithName(
+ new QName("token-dispatcher-configuration")));
+ } else if (paramFile != null) {
+ dispatcher = new TokenRequestDispatcher((String) paramFile
+ .getValue());
+ } else {
+ dispatcher = new TokenRequestDispatcher(
+ (OMElement) inMessage
+ .getProperty(TokenRequestDispatcherConfig.CONFIG_PARAM_KEY));
+ }
+
+ if(dispatcher != null) {
+ SOAPEnvelope responseEnv = dispatcher.handle(inMessage, outMessage);
+ outMessage.setEnvelope(responseEnv);
+ } else {
+ throw new TrustException("missingDispatcherConfiguration");
+ }
+ } catch (TrustException e) {
+ e.printStackTrace();
+ //Log the exception
+ log.error(e);
+ throw new AxisFault(e.getFaultString(), e.getFaultCode());
+ }
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
new file mode 100644
index 0000000..c1095dd
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/SimpleTokenStore.java
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+
+import javax.xml.namespace.QName;
+
+import java.util.List;
+import java.util.Map;
+import java.util.ArrayList;
+import java.util.Hashtable;
+import java.util.Iterator;
+
+/**
+ * In-memory implementation of the token storage
+ */
+public class SimpleTokenStore implements TokenStorage {
+
+ protected Map tokens = new Hashtable();
+
+ public void add(Token token) throws TrustException {
+ if (token != null && !"".equals(token.getId()) &&
+ token.getId() != null) {
+ if (this.tokens.keySet().size() == 0
+ || (this.tokens.keySet().size() > 0 && !this.tokens
+ .keySet().contains(token.getId()))) {
+ tokens.put(token.getId(), token);
+ } else {
+ throw new TrustException("tokenAlreadyExists",
+ new String[]{token.getId()});
+ }
+
+ }
+ }
+
+ public void update(Token token) throws TrustException {
+ if (token != null && token.getId() != null && token.getId().trim().length() != 0) {
+
+ if (!this.tokens.keySet().contains(token.getId())) {
+ throw new TrustException("noTokenToUpdate", new String[]{token.getId()});
+ }
+ this.tokens.put(token.getId(), token);
+ }
+ }
+
+ public String[] getTokenIdentifiers() throws TrustException {
+ List identifiers = new ArrayList();
+ for (Iterator iterator = tokens.keySet().iterator(); iterator.hasNext();) {
+ identifiers.add(iterator.next());
+ }
+ return (String[]) identifiers.toArray(new String[identifiers.size()]);
+ }
+
+ public Token[] getValidTokens() throws TrustException {
+ return getTokens(new int[]{Token.ISSUED, Token.RENEWED});
+ }
+
+ public Token[] getRenewedTokens() throws TrustException {
+ return getTokens(Token.RENEWED);
+ }
+
+
+ public Token[] getCancelledTokens() throws TrustException {
+ return getTokens(Token.CANCELLED);
+ }
+
+ public Token[] getExpiredTokens() throws TrustException {
+ return getTokens(Token.EXPIRED);
+ }
+
+ private Token[] getTokens(int[] states) throws TrustException {
+ processTokenExpiry();
+ List tokens = new ArrayList();
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ for (int i = 0; i < states.length; i++) {
+ if (token.getState() == states[i]) {
+ tokens.add(token);
+ break;
+ }
+ }
+ }
+ return (Token[]) tokens.toArray(new Token[tokens.size()]);
+ }
+
+ private Token[] getTokens(int state) throws TrustException {
+ processTokenExpiry();
+ List tokens = new ArrayList();
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ if (token.getState() == state) {
+ tokens.add(token);
+ }
+ }
+ return (Token[]) tokens.toArray(new Token[tokens.size()]);
+ }
+
+ public Token getToken(String id) throws TrustException {
+ processTokenExpiry();
+ Token token = (Token) this.tokens.get(id);
+
+ if(token == null) {
+ //Try the unattached refs
+ for (Iterator iterator = this.tokens.values().iterator(); iterator.hasNext();) {
+ Token tempToken = (Token) iterator.next();
+ OMElement elem = tempToken.getAttachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ token = tempToken;
+ }
+ elem = tempToken.getUnattachedReference();
+ if(elem != null && id.equals(this.getIdFromSTR(elem))) {
+ token = tempToken;
+ }
+
+ }
+ }
+
+
+ return token;
+ }
+
+ protected void processTokenExpiry() throws TrustException {
+ for (Iterator iterator = tokens.values().iterator(); iterator.hasNext();) {
+ Token token = (Token) iterator.next();
+ if (token.getExpires() != null &&
+ token.getExpires().getTime() < System.currentTimeMillis()) {
+ token.setState(Token.EXPIRED);
+ update(token);
+ }
+ }
+ }
+
+ private String getIdFromSTR(OMElement str) {
+// ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = str.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI")).substring(1);
+ } else {
+ return null;
+ }
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
new file mode 100644
index 0000000..6572e25
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/Token.java
@@ -0,0 +1,326 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMException;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+
+import javax.xml.namespace.QName;
+
+import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Date;
+import java.util.Properties;
+
+/**
+ * This represents a security token which can have either one of 4 states.
+ * <ul>
+ * <li>ISSUED</li>
+ * <li>EXPIRED</li>
+ * <li>CACELLED</li>
+ * <li>RENEWED</li>
+ * </ul>
+ * Also this holds the <code>OMElement</code>s representing the token in its
+ * present state and the previous state.
+ *
+ * These tokens are stored using the storage mechanism provided via the
+ * <code>TokenStorage</code> interface.
+ * @see org.apache.rahas.TokenStorage
+ */
+public class Token {
+
+ public final static int ISSUED = 1;
+ public final static int EXPIRED = 2;
+ public final static int CANCELLED = 3;
+ public final static int RENEWED = 4;
+
+ /**
+ * Token identifier
+ */
+ private String id;
+
+ /**
+ * Current state of the token
+ */
+ private int state = -1;
+
+ /**
+ * The actual token in its current state
+ */
+ private OMElement token;
+
+ /**
+ * The token in its previous state
+ */
+ private OMElement previousToken;
+
+ /**
+ * The RequestedAttachedReference element
+ * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
+ * an extensibility mechanism for wsse:SecurityTokenReference and
+ * wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
+ * the ValueType values.
+ */
+ private OMElement attachedReference;
+
+ /**
+ * The RequestedUnattachedReference element
+ * NOTE : The oasis-200401-wss-soap-message-security-1.0 spec allows
+ * an extensibility mechanism for wsse:SecurityTokenRefence and
+ * wsse:Reference. Hence we cannot limit to the
+ * wsse:SecurityTokenReference\wsse:Reference case and only hold the URI and
+ * the ValueType values.
+ */
+ private OMElement unattachedReference;
+
+ /**
+ * A bag to hold any other properties
+ */
+ private Properties properties;
+
+ /**
+ * A flag to assist the TokenStorage
+ */
+ private boolean changed;
+
+ /**
+ * The secret associated with the Token
+ */
+ private byte[] secret;
+
+ /**
+ * Created time
+ */
+ private Date created;
+
+ /**
+ * Expiration time
+ */
+ private Date expires;
+
+ /**
+ * Issuer end point address
+ */
+ private String issuerAddress;
+
+ public Token(String id,
+ OMElement tokenElem,
+ Date created,
+ Date expires) throws TrustException {
+ this.id = id;
+ this.token = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ tokenElem.getXMLStreamReader()).getDocumentElement();
+ this.created = created;
+ this.expires = expires;
+ }
+
+ public Token(String id,
+ OMElement tokenElem,
+ OMElement lifetimeElem) throws TrustException {
+ this.id = id;
+ this.token = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ tokenElem.getXMLStreamReader()).getDocumentElement();
+ this.processLifeTime(lifetimeElem);
+ }
+
+ /**
+ * @param lifetimeElem
+ * @throws TrustException
+ */
+ private void processLifeTime(OMElement lifetimeElem) throws TrustException {
+ try {
+ DateFormat zulu = new XmlSchemaDateFormat();
+ OMElement createdElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.CREATED_LN));
+ this.created = zulu.parse(createdElem.getText());
+
+ OMElement expiresElem =
+ lifetimeElem.getFirstChildWithName(new QName(WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN));
+ this.expires = zulu.parse(expiresElem.getText());
+ } catch (OMException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ } catch (ParseException e) {
+ throw new TrustException("lifeTimeProcessingError",
+ new String[]{lifetimeElem.toString()}, e);
+ }
+ }
+
+ /**
+ * @return Returns the changed.
+ */
+ public boolean isChanged() {
+ return changed;
+ }
+
+ /**
+ * @param chnaged The changed to set.
+ */
+ public void setChanged(boolean chnaged) {
+ this.changed = chnaged;
+ }
+
+ /**
+ * @return Returns the properties.
+ */
+ public Properties getProperties() {
+ return properties;
+ }
+
+ /**
+ * @param properties The properties to set.
+ */
+ public void setProperties(Properties properties) {
+ this.properties = properties;
+ }
+
+ /**
+ * @return Returns the state.
+ */
+ public int getState() {
+ return state;
+ }
+
+ /**
+ * @param state The state to set.
+ */
+ public void setState(int state) {
+ this.state = state;
+ }
+
+ /**
+ * @return Returns the token.
+ */
+ public OMElement getToken() {
+ return token;
+ }
+
+ /**
+ * @param token The token to set.
+ */
+ public void setToken(OMElement token) {
+ this.token = token;
+ }
+
+ /**
+ * @return Returns the id.
+ */
+ public String getId() {
+ return id;
+ }
+
+ /**
+ * @return Returns the presivousToken.
+ */
+ public OMElement getPreviousToken() {
+ return previousToken;
+ }
+
+ /**
+ * @param presivousToken The presivousToken to set.
+ */
+ public void setPreviousToken(OMElement presivousToken) {
+ this.previousToken = new StAXOMBuilder(DOOMAbstractFactory.getOMFactory(),
+ presivousToken.getXMLStreamReader()).getDocumentElement();
+ }
+
+ /**
+ * @return Returns the secret.
+ */
+ public byte[] getSecret() {
+ return secret;
+ }
+
+ /**
+ * @param secret The secret to set.
+ */
+ public void setSecret(byte[] secret) {
+ this.secret = secret;
+ }
+
+ /**
+ * @return Returns the attachedReference.
+ */
+ public OMElement getAttachedReference() {
+ return attachedReference;
+ }
+
+ /**
+ * @param attachedReference The attachedReference to set.
+ */
+ public void setAttachedReference(OMElement attachedReference) {
+ if(attachedReference != null) {
+ this.attachedReference = new StAXOMBuilder(DOOMAbstractFactory
+ .getOMFactory(), attachedReference.getXMLStreamReader())
+ .getDocumentElement();
+ }
+ }
+
+ /**
+ * @return Returns the unattachedReference.
+ */
+ public OMElement getUnattachedReference() {
+ return unattachedReference;
+ }
+
+ /**
+ * @param unattachedReference The unattachedReference to set.
+ */
+ public void setUnattachedReference(OMElement unattachedReference) {
+ if(unattachedReference != null) {
+ this.unattachedReference = new StAXOMBuilder(DOOMAbstractFactory
+ .getOMFactory(), unattachedReference.getXMLStreamReader())
+ .getDocumentElement();
+ }
+ }
+
+ /**
+ * @return Returns the created.
+ */
+ public Date getCreated() {
+ return created;
+ }
+
+ /**
+ * @return Returns the expires.
+ */
+ public Date getExpires() {
+ return expires;
+ }
+
+ /**
+ * @param expires The expires to set.
+ */
+ public void setExpires(Date expires) {
+ this.expires = expires;
+ }
+
+ public String getIssuerAddress() {
+ return issuerAddress;
+ }
+
+ public void setIssuerAddress(String issuerAddress) {
+ this.issuerAddress = issuerAddress;
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java
new file mode 100644
index 0000000..8eca6c2
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenCanceler.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+
+public interface TokenCanceler {
+
+ /**
+ * Cancel the token specified in the request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ SOAPEnvelope cancel(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenCanceller.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenCanceller.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuration
+ */
+ void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ void setConfigurationParamName(String configParamName);
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws TrustException
+ */
+ String getResponseAction(RahasData data) throws TrustException;
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java
new file mode 100644
index 0000000..5362d8f
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenIssuer.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+
+/**
+ * The <code>TokenIssuer</code>
+ */
+public interface TokenIssuer {
+
+ /**
+ * Create the response <code>soap:Envelope</code> for the given issue
+ * request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return The response <code>soap:Envelope</code> for the given issue
+ * request.
+ * @throws TrustException
+ */
+ SOAPEnvelope issue(RahasData data) throws TrustException;
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws TrustException
+ */
+ String getResponseAction(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenIssuer.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenIssuer.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuration
+ */
+ void setConfigurationElement(OMElement configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ void setConfigurationParamName(String configParamName);
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
new file mode 100644
index 0000000..44d58b4
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRenewer.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public interface TokenRenewer {
+
+ /**
+ * Renew the token specified in the given request.
+ *
+ * @param data
+ * A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ public SOAPEnvelope renew(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenRenewer.
+ *
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenRenewer.
+ *
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement
+ * <code>OMElement</code> representing the configuration
+ */
+ public void setConfigurationElement(String configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ *
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @see org.apache.axis2.description.Parameter
+ * @param configParamName
+ */
+ public void setConfigurationParamName(String configParamName);
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
new file mode 100644
index 0000000..c8409d1
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcher.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class TokenRequestDispatcher {
+
+ private TokenRequestDispatcherConfig config;
+
+ private static Log mlog = LogFactory.getLog("org.apache.rampart.messages");
+ private static Log log = LogFactory.getLog(TokenRequestDispatcher.class.getName());
+
+ public TokenRequestDispatcher(TokenRequestDispatcherConfig config) throws TrustException {
+ this.config = config;
+ }
+
+ public TokenRequestDispatcher(OMElement config) throws TrustException {
+ this(TokenRequestDispatcherConfig.load(config));
+ }
+
+ public TokenRequestDispatcher(String configFilePath) throws TrustException {
+ this(TokenRequestDispatcherConfig.load(configFilePath));
+ }
+
+ /**
+ * Processes the incoming request and returns a SOAPEnvelope
+ * @param inMsgCtx
+ * @return The response SOAPEnvelope
+ * @throws TrustException
+ */
+ public SOAPEnvelope handle(MessageContext inMsgCtx,
+ MessageContext outMsgCtx) throws TrustException {
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** TokenRequestDispatcher received \n"+inMsgCtx.getEnvelope());
+ }
+ RahasData data = new RahasData(inMsgCtx);
+
+ String reqType = data.getRequestType();
+ String tokenType = data.getTokenType();
+ if ((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_ISSUE).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_ISSUE).equals(reqType)) {
+ log.debug("issue");
+ TokenIssuer issuer;
+ if (tokenType == null || tokenType.trim().length() == 0) {
+ issuer = config.getDefaultIssuerInstace();
+ } else {
+ issuer = config.getIssuer(tokenType);
+ }
+
+ SOAPEnvelope response = issuer.issue(data);
+
+ //set the response wsa/soap action in the out message context
+ outMsgCtx.getOptions().setAction(issuer.getResponseAction(data));
+
+ if(mlog.isDebugEnabled()){
+ mlog.debug("*********************** TokenRequestDispatcher sent out \n"+response);
+ }
+
+ return response;
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_VALIDATE).equals(reqType)) {
+ log.debug("validate");
+ throw new UnsupportedOperationException("TODO: handle " +
+ "validate requests");
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_RENEW).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_RENEW).equals(reqType)) {
+ log.debug("renew");
+ throw new UnsupportedOperationException("TODO: handle " +
+ "renew requests");
+ } else if((RahasConstants.WST_NS_05_02 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType) ||
+ (RahasConstants.WST_NS_05_12 + RahasConstants.REQ_TYPE_CANCEL).equals(reqType)) {
+ log.debug("cancel");
+ TokenCanceler canceler = config.getDefaultCancelerInstance();
+ SOAPEnvelope response = canceler.cancel(data);
+
+ //set the response wsa/soap action in the out message context
+ outMsgCtx.getOptions().setAction(canceler.getResponseAction(data));
+ return response;
+ } else {
+ throw new TrustException(TrustException.INVALID_REQUEST);
+ }
+
+
+
+
+ }
+
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
new file mode 100644
index 0000000..3a8a08a
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenRequestDispatcherConfig.java
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.ws.security.util.Loader;
+
+import javax.xml.namespace.QName;
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.Map;
+
+public class TokenRequestDispatcherConfig {
+
+ public final static String CONFIG_PARAM_KEY = "token-dispatcher-configuration";
+ public final static String CONFIG_FILE_KEY = "token-dispatcher-configuration-file";
+
+ private final static QName DISPATCHER_CONFIG = new QName("token-dispatcher-configuration");
+ private final static QName ISSUER = new QName("issuer");
+ private final static QName CANCELER = new QName("canceler");
+ private final static QName TOKEN_TYPE = new QName("tokenType");
+ private final static QName CLASS_ATTR = new QName("class");
+ private final static QName DEFAULT_ATTR = new QName("default");
+ private final static QName CONFIGURATION_ELEMENT = new QName("configuration");
+
+ private Map issuers;
+ private Map configFiles = new Hashtable();
+ private Map configElements = new Hashtable();
+ private Map configParamNames = new Hashtable();
+
+ private String defaultIssuerClassName;
+ private String defaultCancelerClassName;
+
+ public static TokenRequestDispatcherConfig load(OMElement configElem) throws TrustException {
+
+ if (!DISPATCHER_CONFIG.equals(configElem.getQName())) {
+ throw new TrustException("incorrectConfiguration");
+ }
+ TokenRequestDispatcherConfig conf = new TokenRequestDispatcherConfig();
+
+ // Issuers
+ handleIssuers(configElem, conf);
+
+ // Cancelers
+ handleCancelers(configElem, conf);
+
+ //There must be a defulat issuer
+ if (conf.defaultIssuerClassName == null) {
+ throw new TrustException("defaultIssuerMissing");
+ }
+ return conf;
+ }
+
+ private static void handleCancelers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+
+ OMElement cancelerEle = configElem.getFirstChildWithName(CANCELER); // support only one canceler
+ if (cancelerEle != null) {
+ //get the class attr
+ String cancelerClass = cancelerEle.getAttributeValue(CLASS_ATTR);
+ if (cancelerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ conf.defaultCancelerClassName = cancelerClass;
+ processConfiguration(cancelerEle, conf, cancelerClass);
+ }
+
+ //TODO: imple
+ }
+
+ private static void handleIssuers(OMElement configElem,
+ TokenRequestDispatcherConfig conf) throws TrustException {
+ for (Iterator issuerElems = configElem.getChildrenWithName(ISSUER);
+ issuerElems.hasNext();) {
+
+ OMElement element = (OMElement) issuerElems.next();
+
+ //get the class attr
+ String issuerClass = element.getAttributeValue(CLASS_ATTR);
+ if (issuerClass == null) {
+ throw new TrustException("missingClassName");
+ }
+ String isDefault = element.getAttributeValue(DEFAULT_ATTR);
+ if (isDefault != null && "true".equalsIgnoreCase(isDefault)) {
+ //Use the first default issuer as the default isser
+ if (conf.defaultIssuerClassName == null) {
+ conf.defaultIssuerClassName = issuerClass;
+ } else {
+ throw new TrustException("badDispatcherConfigMultipleDefaultIssuers");
+ }
+ }
+
+ processConfiguration(element, conf, issuerClass);
+
+ //Process token types
+ for (Iterator tokenTypes = element.getChildrenWithName(TOKEN_TYPE);
+ tokenTypes.hasNext();) {
+ OMElement type = (OMElement) tokenTypes.next();
+ String value = type.getText();
+ if (value == null || value.trim().length() == 0) {
+ throw new TrustException("invalidTokenTypeDefinition",
+ new String[]{"Issuer", issuerClass});
+ }
+ if (conf.issuers == null) {
+ conf.issuers = new Hashtable();
+ }
+ //If the token type is not already declared then add it to the
+ //table with the issuer classname
+ if (!conf.issuers.keySet().contains(value)) {
+ conf.issuers.put(value, issuerClass);
+ }
+ }
+ }
+ }
+
+ private static void processConfiguration(OMElement element,
+ TokenRequestDispatcherConfig conf,
+ String implClass) {
+
+ for (Iterator configs = element.getChildrenWithName(CONFIGURATION_ELEMENT);
+ configs.hasNext();) {
+ OMElement configEle = (OMElement) configs.next();
+ String configType =
+ configEle.getAttribute(new QName("type")).getAttributeValue().trim();
+ if (configType.equalsIgnoreCase("file")) { //Process configuration file information
+ String issuerConfigFile = configEle.getText();
+ if (issuerConfigFile != null) {
+ conf.configFiles.put(implClass, issuerConfigFile);
+ }
+ } else if (configType.equalsIgnoreCase("element"))
+ { //Process configuration element information
+ conf.configElements.put(implClass, configEle);
+ } else if (configType.equalsIgnoreCase("parameter"))
+ { //Process configuration parameter name information
+ conf.configParamNames.put(implClass, configEle.getText());
+ }
+ }
+ }
+
+ public static TokenRequestDispatcherConfig load(String configFilePath) throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile", new String[]{configFilePath});
+ }
+ return load(builder.getDocumentElement());
+ }
+
+ public TokenIssuer getDefaultIssuerInstace() throws TrustException {
+ if (this.defaultIssuerClassName != null) {
+ try {
+ return createIssuer(this.defaultIssuerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultIssuerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public TokenCanceler getDefaultCancelerInstance() throws TrustException {
+ if (this.defaultCancelerClassName != null) {
+ try {
+ return createCanceler(this.defaultCancelerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultCancelerClassName}, e);
+ }
+ } else {
+ return null;
+ }
+ }
+
+ public String getDefaultIssuerName() {
+ return this.defaultIssuerClassName;
+ }
+
+
+ public TokenIssuer getIssuer(String tokenType) throws TrustException {
+ String issuerClassName = null;
+ //try to find the issuer class name from the tokenType<->issuer map
+ if (this.issuers != null) {
+ issuerClassName = (String) this.issuers.get(tokenType);
+ }
+ //If a specific issuer is not found use the default issuer
+ if (issuerClassName == null) {
+ issuerClassName = this.defaultIssuerClassName;
+ }
+ try {
+ return createIssuer(issuerClassName);
+ } catch (Exception e) {
+ throw new TrustException("cannotLoadClass",
+ new String[]{this.defaultIssuerClassName}, e);
+ }
+ }
+
+ /**
+ * @param issuerClassName
+ * @return TokenIssuer
+ */
+ private TokenIssuer createIssuer(String issuerClassName) throws Exception {
+ TokenIssuer issuer = (TokenIssuer) Loader.loadClass(issuerClassName).newInstance();
+ issuer.setConfigurationElement((OMElement) this.configElements.get(issuerClassName));
+ issuer.setConfigurationFile((String) this.configFiles.get(issuerClassName));
+ issuer.setConfigurationParamName((String) this.configParamNames.get(issuerClassName));
+ return issuer;
+ }
+
+ private TokenCanceler createCanceler(String cancelerClassName) throws Exception {
+ TokenCanceler canceler = (TokenCanceler) Loader.loadClass(cancelerClassName).newInstance();
+ canceler.setConfigurationElement((OMElement) this.configElements.get(cancelerClassName));
+ canceler.setConfigurationFile((String) this.configFiles.get(cancelerClassName));
+ canceler.setConfigurationParamName((String) this.configParamNames.get(cancelerClassName));
+ return canceler;
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java
new file mode 100644
index 0000000..cc9d656
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenStorage.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+
+/**
+ * The storage interface to store security tokens and
+ * manipulate them
+ */
+public interface TokenStorage {
+
+ String TOKEN_STORAGE_KEY = "org.apache.rahas.TokenStorage";
+
+ /**
+ * Add the given token to the list.
+ * @param token The token to be added
+ * @throws TrustException
+ */
+ void add(Token token) throws TrustException;
+
+ /**
+ * Update an existing token.
+ * @param token
+ * @throws TrustException
+ */
+ void update(Token token) throws TrustException;
+
+ /**
+ * Return the list of all token identifiers.
+ * @return As array of token identifiers
+ * @throws TrustException
+ */
+ String[] getTokenIdentifiers() throws TrustException;
+
+ /**
+ * Return the list of <code>EXPIRED</code> tokens.
+ * If there are no <code>EXPIRED</code> tokens <code>null</code> will be
+ * returned
+ * @return An array of expired <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getExpiredTokens() throws TrustException;
+
+ /**
+ * Return the list of ISSUED and RENEWED tokens.
+ * @return An array of ISSUED and RENEWED <code>Tokens</code>.
+ * @throws TrustException
+ */
+ Token[] getValidTokens() throws TrustException;
+
+ /**
+ * Return the list of RENEWED tokens.
+ * @return An array of RENEWED <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getRenewedTokens() throws TrustException;
+
+ /**
+ * Return the list of CANCELLED tokens
+ * @return An array of CANCELLED <code>Tokens</code>
+ * @throws TrustException
+ */
+ Token[] getCancelledTokens() throws TrustException;
+
+ /**
+ * Returns the <code>Token</code> of the given id
+ * @param id
+ * @return The requested <code>Token</code> identified by the give id
+ * @throws TrustException
+ */
+ Token getToken(String id) throws TrustException;
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
new file mode 100644
index 0000000..76fdced
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TokenValidator.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.soap.SOAPEnvelope;
+
+public interface TokenValidator {
+
+ /**
+ * Validate the token specified in the given request.
+ *
+ * @param data
+ * A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws TrustException
+ */
+ public SOAPEnvelope validate(RahasData data) throws TrustException;
+
+ /**
+ * Set the configuration file of this TokenValidator.
+ *
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile);
+
+ /**
+ * Set the configuration element of this TokenValidator.
+ *
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement
+ * <code>OMElement</code> representing the configuration
+ */
+ public void setConfigurationElement(String configElement);
+
+ /**
+ * Set the name of the configuration parameter.
+ *
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @see org.apache.axis2.description.Parameter
+ * @param configParamName
+ */
+ public void setConfigurationParamName(String configParamName);
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java
new file mode 100644
index 0000000..39a6ccc
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustException.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import java.text.MessageFormat;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+public class TrustException extends Exception {
+
+ private static final long serialVersionUID = -445341784514373965L;
+
+ public final static String INVALID_REQUEST = "InvalidRequest";
+ public final static String FAILED_AUTHENTICATION = "FailedAuthentication";
+ public final static String REQUEST_FAILED = "RequestFailed";
+ public final static String INVALID_SECURITY_TOKEN = "InvalidSecurityToken";
+ public final static String AUTHENTICATION_BAD_ELEMENTS = "AuthenticationBadElements";
+ public final static String BAD_REQUEST = "BadRequest";
+ public final static String EXPIRED_DATA = "ExpiredData";
+ public final static String INVALID_TIME_RANGE = "InvalidTimeRange";
+ public final static String INVALID_SCOPE = "InvalidScope";
+ public final static String RENEW_NEEDED = "RenewNeeded";
+ public final static String UNABLE_TO_RENEW = "UnableToRenew";
+
+
+ private static ResourceBundle resources;
+
+ private String faultCode;
+ private String faultString;
+
+ static {
+ try {
+ resources = ResourceBundle.getBundle("org.apache.rahas.errors");
+ } catch (MissingResourceException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ public TrustException(String faultCode, Object[] args) {
+ super(getMessage(faultCode, args));
+ this.faultCode = getFaultCode(faultCode);
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ /**
+ * Construct the fault properly code for the standard faults
+ * @param faultCode2
+ * @return
+ */
+ private String getFaultCode(String code) {
+ if(AUTHENTICATION_BAD_ELEMENTS.equals(code) ||
+ BAD_REQUEST.equals(code) ||
+ EXPIRED_DATA.equals(code) ||
+ FAILED_AUTHENTICATION.equals(code) ||
+ INVALID_REQUEST.equals(code) ||
+ INVALID_SCOPE.equals(code) ||
+ INVALID_SECURITY_TOKEN.equals(code) ||
+ INVALID_TIME_RANGE.equals(code) ||
+ RENEW_NEEDED.equals(code) ||
+ REQUEST_FAILED.equals(code) ||
+ UNABLE_TO_RENEW.equals(code)) {
+ return RahasConstants.WST_PREFIX + ":" + code;
+ } else {
+ return code;
+ }
+ }
+
+ public TrustException(String faultCode) {
+ this(faultCode, (Object[])null);
+ }
+
+ public TrustException(String faultCode, Object[] args, Throwable e) {
+ super(getMessage(faultCode, args),e);
+ this.faultCode = faultCode;
+ this.faultString = getMessage(faultCode, args);
+ }
+
+ public TrustException(String faultCode, Throwable e) {
+ this(faultCode, null, e);
+ }
+
+ /**
+ * get the message from resource bundle.
+ * <p/>
+ *
+ * @return the message translated from the property (message) file.
+ */
+ protected static String getMessage(String faultCode, Object[] args) {
+ String msg = null;
+ try {
+ msg = MessageFormat.format(resources.getString(faultCode), args);
+ } catch (MissingResourceException e) {
+ throw new RuntimeException("Undefined '" + faultCode + "' resource property");
+ }
+ if(msg != null) {
+ return msg;
+ } else {
+ return faultCode;
+ }
+ }
+
+ /**
+ * @return Returns the faultCode.
+ */
+ protected String getFaultCode() {
+ return faultCode;
+ }
+
+ /**
+ * @return Returns the faultString.
+ */
+ protected String getFaultString() {
+ return faultString;
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
new file mode 100644
index 0000000..b3ee27a
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/TrustUtil.java
@@ -0,0 +1,532 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.soap.SOAP11Constants;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.rahas.impl.AbstractIssuerConfig;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.namespace.QName;
+
+import java.security.SecureRandom;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Properties;
+import java.util.Iterator;
+
+public class TrustUtil {
+
+ private static final QName NAME = new QName("name");
+
+ /**
+ * Create a wsse:Reference element with the given URI and the value type
+ *
+ * @param doc
+ * @param refUri
+ * @param refValueType
+ * @return Element
+ */
+ public static Element createSecurityTokenReference(Document doc,
+ String refUri, String refValueType) {
+
+ Reference ref = new Reference(doc);
+ ref.setURI(refUri);
+ if (refValueType != null) {
+ ref.setValueType(refValueType);
+ }
+ SecurityTokenReference str = new SecurityTokenReference(doc);
+ str.setReference(ref);
+
+ return str.getElement();
+ }
+
+ public static OMElement
+ createRequestSecurityTokenResponseElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN_RESPONSE,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement
+ createRequestSecurityTokenResponseCollectionElement(int version,
+ OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.LocalNames.
+ REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedSecurityTokenElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.REQUESTED_SECURITY_TOKEN,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestSecurityTokenElement(int version) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ return fac.
+ createOMElement(RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN,
+ ns,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestedProofTokenElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.LocalNames.REQUESTED_PROOF_TOKEN,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createEntropyElement(
+ int version, OMElement parent) throws TrustException {
+ String ns = getWSTNamespace(version);
+ return createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.ENTROPY,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createComputedKeyElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createRequestTypeElement(int version,
+ OMElement parent,
+ String value) throws TrustException {
+ String ns = getWSTNamespace(version);
+
+ OMElement elem = createOMElement(parent,
+ ns,
+ RahasConstants.LocalNames.REQUEST_TYPE,
+ RahasConstants.WST_PREFIX);
+
+ if (RahasConstants.REQ_TYPE_ISSUE.equals(value)
+ || RahasConstants.REQ_TYPE_CANCEL.equals(value)
+ || RahasConstants.REQ_TYPE_RENEW.equals(value)
+ || RahasConstants.REQ_TYPE_VALIDATE.equals(value)) {
+ elem.setText(ns + value);
+ } else {
+ elem.setText(value);
+ }
+
+ return elem;
+ }
+
+ public static OMElement createTokenTypeElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.LocalNames.TOKEN_TYPE,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createBinarySecretElement(
+ int version,
+ OMElement parent,
+ String type) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.LocalNames.BINARY_SECRET,
+ RahasConstants.WST_PREFIX);
+ if (type != null) {
+ elem.addAttribute(elem.getOMFactory().createOMAttribute(
+ RahasConstants.ATTR_TYPE, null, ns + type));
+ }
+ return elem;
+ }
+
+ public static OMElement createComputedKeyAlgorithm(int version,
+ OMElement parent,
+ String algoId) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent,
+ ns,
+ RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY_ALGO,
+ RahasConstants.WST_PREFIX);
+ elem.setText(ns + algoId);
+ return elem;
+ }
+
+ public static OMElement
+ createRequestedUnattachedRef(int version,
+ OMElement parent,
+ String refUri,
+ String refValueType) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ public static OMElement createRequestedAttachedRef(int version,
+ OMElement parent,
+ String refUri,
+ String refValueType) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement elem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_ATTACHED_REFERENCE,
+ RahasConstants.WST_PREFIX);
+ elem.addChild((OMElement) createSecurityTokenReference(
+ ((Element) parent).getOwnerDocument(), refUri, refValueType));
+ return elem;
+ }
+
+ public static OMElement createKeySizeElement(int version,
+ OMElement parent,
+ int size) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement ksElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.KEY_SIZE,
+ RahasConstants.WST_PREFIX);
+ ksElem.setText(Integer.toString(size));
+ return ksElem;
+ }
+
+ public static OMElement createKeyTypeElement(int version,
+ OMElement parent,
+ String type) throws TrustException {
+ String ns = getWSTNamespace(version);
+ OMElement ktElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.KEY_TYPE,
+ RahasConstants.WST_PREFIX);
+ if (RahasConstants.KEY_TYPE_BEARER.equals(type) ||
+ RahasConstants.KEY_TYPE_PUBLIC_KEY.equals(type) ||
+ RahasConstants.KEY_TYPE_SYMM_KEY.equals(type)) {
+ ktElem.setText(ns + type);
+ } else {
+ ktElem.setText(type);
+ }
+ return ktElem;
+ }
+
+ public static OMElement
+ createRequestedTokenCanceledElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED,
+ RahasConstants.WST_PREFIX);
+ }
+
+ public static OMElement createLifetimeElement(int version,
+ OMElement parent,
+ String created,
+ String expires) throws TrustException {
+
+ String ns = getWSTNamespace(version);
+
+ OMElement ltElem = createOMElement(parent, ns,
+ RahasConstants.IssuanceBindingLocalNames.LIFETIME,
+ RahasConstants.WST_PREFIX);
+
+ OMElement createdElem = createOMElement(ltElem, WSConstants.WSU_NS,
+ WSConstants.CREATED_LN,
+ WSConstants.WSU_PREFIX);
+ createdElem.setText(created);
+
+ OMElement expiresElem = createOMElement(ltElem, WSConstants.WSU_NS,
+ WSConstants.EXPIRES_LN,
+ WSConstants.WSU_PREFIX);
+ expiresElem.setText(expires);
+
+ return ltElem;
+ }
+
+ public static OMElement createLifetimeElement(int version,
+ OMElement parent,
+ long ttl) throws TrustException {
+
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + ttl);
+
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ return createLifetimeElement(version,
+ parent,
+ zulu.format(creationTime),
+ zulu.format(expirationTime));
+ }
+
+ public static OMElement createAppliesToElement(OMElement parent,
+ String address, String addressingNs) {
+ OMElement appliesToElem = createOMElement(parent,
+ RahasConstants.WSP_NS,
+ RahasConstants.IssuanceBindingLocalNames.
+ APPLIES_TO,
+ RahasConstants.WSP_PREFIX);
+
+ OMElement eprElem = createOMElement(appliesToElem,
+ addressingNs,
+ "EndpointReference",
+ AddressingConstants.WSA_DEFAULT_PREFIX);
+ OMElement addressElem = createOMElement(eprElem, addressingNs,
+ AddressingConstants.EPR_ADDRESS,
+ AddressingConstants.WSA_DEFAULT_PREFIX);
+ addressElem.setText(address);
+
+ return appliesToElem;
+ }
+
+ public static String getActionValue(int version, String action) throws TrustException {
+ if (RahasConstants.RST_ACTION_ISSUE.equals(action) ||
+ RahasConstants.RST_ACTION_CANCEL.equals(action) ||
+ RahasConstants.RST_ACTION_RENEW.equals(action) ||
+ RahasConstants.RST_ACTION_VALIDATE.equals(action) ||
+ RahasConstants.RST_ACTION_SCT.equals(action) ||
+ RahasConstants.RSTR_ACTION_ISSUE.equals(action) ||
+ RahasConstants.RSTR_ACTION_CANCEL.equals(action) ||
+ RahasConstants.RSTR_ACTION_RENEW.equals(action) ||
+ RahasConstants.RSTR_ACTION_VALIDATE.equals(action) ||
+ RahasConstants.RSTR_ACTION_SCT.equals(action)) {
+
+ return getWSTNamespace(version) + action;
+ }
+ return action;
+ }
+
+ /**
+ * Create a new <code>SOAPEnvelope</code> of the same version as the
+ * SOAPEnvelope in the given <code>MessageContext</code>
+ *
+ * @param nsUri
+ * @return SOAPEnvelope
+ */
+ public static SOAPEnvelope createSOAPEnvelope(String nsUri) {
+ if (nsUri != null
+ && SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI.equals(nsUri)) {
+ return DOOMAbstractFactory.getSOAP11Factory().getDefaultEnvelope();
+ } else {
+ return DOOMAbstractFactory.getSOAP12Factory().getDefaultEnvelope();
+ }
+ }
+
+
+ private static OMElement createOMElement(OMElement parent,
+ String ns,
+ String ln,
+ String prefix) {
+ return parent.getOMFactory().createOMElement(new QName(ns, ln, prefix),
+ parent);
+ }
+
+ public static String getWSTNamespace(int version) throws TrustException {
+ switch (version) {
+ case RahasConstants.VERSION_05_02:
+ return RahasConstants.WST_NS_05_02;
+ case RahasConstants.VERSION_05_12:
+ return RahasConstants.WST_NS_05_12;
+ default:
+ throw new TrustException("unsupportedWSTVersion");
+ }
+ }
+
+ public static int getWSTVersion(String ns) throws TrustException {
+ if (RahasConstants.WST_NS_05_02.equals(ns)) {
+ return RahasConstants.VERSION_05_02;
+ } else if (RahasConstants.WST_NS_05_12.equals(ns)) {
+ return RahasConstants.VERSION_05_12;
+ } else {
+ throw new TrustException("unsupportedWSTVersion");
+ }
+ }
+
+ /**
+ * Returns the token store.
+ * If the token store is already available in the configuration context then
+ * fetch it and return it. If not create a new one, hook it up in the
+ * configuration context and return it
+ *
+ * @param msgCtx
+ * @return the token store
+ */
+ public static TokenStorage getTokenStore(MessageContext msgCtx) {
+ ConfigurationContext configCtx = msgCtx.getConfigurationContext();
+ return getTokenStore(configCtx);
+ }
+
+ /**
+ * Fetches the token storage from the configuration context.
+ * If the token store is already available in the configuration context then
+ * fetch it and return it. If not create a new one, hook it up in the
+ * configuration context and return it
+ * @param ctx
+ * @return
+ */
+ public static TokenStorage getTokenStore(ConfigurationContext ctx) {
+ TokenStorage storage = (TokenStorage) ctx
+ .getProperty(TokenStorage.TOKEN_STORAGE_KEY);
+ if (storage == null) {
+ storage = new SimpleTokenStore();
+ ctx.setProperty(TokenStorage.TOKEN_STORAGE_KEY, storage);
+ }
+ return storage;
+ }
+
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated ephemeral key
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated ephemeral key
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(byte[] reqEnt,
+ byte[] respEnt,
+ String algo,
+ int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ public static OMElement createCancelTargetElement(int version,
+ OMElement parent) throws TrustException {
+ return createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.CancelBindingLocalNames.CANCEL_TARGET,
+ RahasConstants.WST_PREFIX);
+
+ }
+
+ public static OMElement createClaims(int version,
+ OMElement parent, String dialect) throws TrustException{
+ OMElement omElem = createOMElement(parent,
+ getWSTNamespace(version),
+ RahasConstants.IssuanceBindingLocalNames.CLAIMS,
+ RahasConstants.WST_PREFIX);
+
+ OMNamespace ns = omElem.getOMFactory().createOMNamespace(getWSTNamespace(version),
+ RahasConstants.WSP_PREFIX);
+ omElem.addAttribute(RahasConstants.ATTR_CLAIMS_DIALECT , dialect, ns);
+
+
+ return omElem;
+ }
+
+
+
+ public static OMElement createCancelRequest(String tokenId,
+ int version) throws TrustException {
+ /*
+ <wst:RequestSecurityToken>
+ <wst:RequestType>
+ http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
+ </wst:RequestType>
+ <wst:CancelTarget>
+ <o:SecurityTokenReference
+ xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <o:Reference URI="urn:uuid:8e6a3a95-fd1b-4c24-96d4-28e875025ff7"
+ ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </o:SecurityTokenReference>
+ </wst:CancelTarget>
+ </wst:RequestSecurityToken>
+ */
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+ TrustUtil.createRequestTypeElement(version, rst, RahasConstants.REQ_TYPE_CANCEL);
+ OMElement cancelTargetEle = TrustUtil.createCancelTargetElement(version, rst);
+ OMFactory factory = rst.getOMFactory();
+ OMElement secTokenRefEle =
+ factory.createOMElement(SecurityTokenReference.SECURITY_TOKEN_REFERENCE,
+ WSConstants.WSSE_NS,
+ WSConstants.WSSE_PREFIX);
+ OMElement refEle =
+ factory.createOMElement(Reference.TOKEN);
+ refEle.addAttribute(factory.createOMAttribute(RahasConstants.CancelBindingLocalNames.URI,
+ null, tokenId));
+ secTokenRefEle.addChild(refEle);
+ cancelTargetEle.addChild(secTokenRefEle);
+
+ return rst;
+ }
+
+ public static Properties toProperties(OMElement cryptoElem) {
+ Properties properties = new Properties();
+
+ /*
+ Process an element similar to this;
+
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ */
+ for (Iterator propIter = cryptoElem.getChildElements(); propIter.hasNext();) {
+ OMElement propElem = (OMElement) propIter.next();
+ String name = propElem.getAttribute(NAME).getAttributeValue().trim();
+ String value = propElem.getText().trim();
+ properties.setProperty(name, value);
+ }
+ properties.setProperty("org.apache.ws.security.crypto.provider",
+ cryptoElem.getAttribute(AbstractIssuerConfig.PROVIDER)
+ .getAttributeValue().trim());
+ return properties;
+ }
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
new file mode 100644
index 0000000..6cccb3c
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/client/STSClient.java
@@ -0,0 +1,622 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.client;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
+import org.apache.axiom.om.util.Base64;
+import org.apache.axiom.soap.SOAP12Constants;
+import org.apache.axis2.AxisFault;
+import org.apache.axis2.addressing.AddressingConstants;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.description.AxisOperation;
+import org.apache.axis2.description.AxisService;
+import org.apache.axis2.description.OutInAxisOperation;
+import org.apache.axiom.om.util.UUIDGenerator;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.neethi.Assertion;
+import org.apache.neethi.Policy;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.secpolicy.model.AlgorithmSuite;
+import org.apache.ws.secpolicy.model.Binding;
+import org.apache.ws.secpolicy.model.Trust10;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.processor.EncryptedKeyProcessor;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Element;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.xml.namespace.QName;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+public class STSClient {
+
+ private static final String RAMPART_POLICY = "rampartPolicy";
+
+ private static Log log = LogFactory.getLog(STSClient.class);
+
+ private String action;
+
+ private OMElement rstTemplate;
+
+ private int version = RahasConstants.VERSION_05_02;
+
+ private Options options;
+
+ private Trust10 trust10;
+
+ private AlgorithmSuite algorithmSuite;
+
+ private byte[] requestorEntropy;
+
+ private String addressingNs = AddressingConstants.Final.WSA_NAMESPACE;
+
+ private int keySize;
+
+ private String soapVersion = SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI;
+
+ /**
+ * Life time in seconds
+ * Default is 300 seconds (5 mins)
+ */
+ private int ttl = 300;
+ private Crypto crypto;
+ private CallbackHandler cbHandler;
+ private ConfigurationContext configCtx;
+
+ public STSClient(ConfigurationContext configCtx) throws TrustException {
+ if (configCtx != null) {
+ this.configCtx = configCtx;
+ } else {
+ throw new TrustException("stsClientCfgCtxNull");
+ }
+ }
+
+ public Token requestSecurityToken(Policy servicePolicy,
+ String issuerAddress,
+ Policy issuerPolicy,
+ String appliesTo) throws TrustException {
+ try {
+ QName rstQn = new QName("requestSecurityToken");
+ String requestType =
+ TrustUtil.getWSTNamespace(version) + RahasConstants.REQ_TYPE_ISSUE;
+
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+
+ client.getServiceContext().setProperty(RAMPART_POLICY, issuerPolicy);
+ client.getOptions().setSoapVersionURI(this.soapVersion);
+ client.engageModule("addressing");
+
+ //Process the STS and service policy policy
+ this.processPolicy(issuerPolicy, servicePolicy);
+ OMElement response = client.sendReceive(rstQn,
+ createIssueRequest(requestType, appliesTo));
+
+ return processIssueResponse(version, response, issuerAddress);
+ } catch (AxisFault e) {
+ e.printStackTrace();
+ log.error("errorInObtainingToken", e);
+ throw new TrustException("errorInObtainingToken", new String[]{issuerAddress});
+ }
+ }
+
+ /**
+ * Cancel a particular security token
+ *
+ * @param issuerAddress
+ * @param tokenId
+ * @return true is the Token was successfully canceled. False otherwise.
+ * @throws TrustException
+ */
+ public boolean cancelToken(String issuerAddress,
+ String tokenId,
+ String action) throws TrustException {
+ try {
+ QName rstQn = new QName("cancelSecurityToken");
+ ServiceClient client = getServiceClient(rstQn, issuerAddress);
+ if(action != null) {
+ client.getOptions().setAction(action);
+ }
+
+ return processCancelResponse(client.sendReceive(rstQn,
+ createCancelRequest(tokenId)));
+ } catch (AxisFault e) {
+ log.error("errorInCancelingToken", e);
+ throw new TrustException("errorInCancelingToken", e);
+ }
+ }
+
+ private ServiceClient getServiceClient(QName rstQn,
+ String issuerAddress) throws AxisFault {
+ AxisService axisService =
+ new AxisService("SecurityTokenService" + UUIDGenerator.getUUID());
+ axisService.setClientSide(true);
+ AxisOperation operation = new OutInAxisOperation(rstQn);
+ axisService.addOperation(operation);
+ ServiceClient client = new ServiceClient(this.configCtx, axisService);
+
+ if (this.options != null) {
+ client.setOptions(options);
+ }
+
+ //Set the action
+ client.getOptions().setAction(action);
+ client.getOptions().setTo(new EndpointReference(issuerAddress));
+ client.engageModule("rampart");
+ return client;
+ }
+
+ /**
+ * @param result
+ * @return Token
+ */
+ private Token processIssueResponse(int version, OMElement result,
+ String issuerAddress) throws TrustException {
+ OMElement rstr = result;
+ if (version == RahasConstants.VERSION_05_12) {
+ //The WS-SX result will be an RSTRC
+ rstr = result.getFirstElement();
+ }
+
+ String ns = TrustUtil.getWSTNamespace(version);
+
+ //Get the RequestedAttachedReference
+ OMElement reqAttElem = rstr.getFirstChildWithName(new QName(
+ ns, RahasConstants.IssuanceBindingLocalNames.REQUESTED_ATTACHED_REFERENCE));
+ OMElement reqAttRef = reqAttElem == null ? null : reqAttElem.getFirstElement();
+
+ //Get the RequestedUnattachedReference
+ OMElement reqUnattElem =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_UNATTACHED_REFERENCE));
+ OMElement reqUnattRef = reqUnattElem == null ? null : reqUnattElem.getFirstElement();
+
+ //Get the security token
+ OMElement reqSecTok =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ if (reqSecTok == null) {
+ throw new TrustException("reqestedSecTokMissing");
+ }
+
+ OMElement tokenElem = reqSecTok.getFirstElement();
+
+ String id = this.findIdentifier(reqAttRef, reqUnattRef, tokenElem);
+
+ if (id == null) {
+ throw new TrustException("cannotObtainTokenIdentifier");
+ }
+
+ OMElement lifeTimeEle =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ LIFETIME));
+
+ Token token = new Token(id, tokenElem, lifeTimeEle);
+ token.setIssuerAddress(issuerAddress);
+ token.setAttachedReference(reqAttRef);
+ token.setUnattachedReference(reqUnattRef);
+
+ //Handle proof token
+ OMElement rpt =
+ rstr.getFirstChildWithName(new QName(ns,
+ RahasConstants.LocalNames.
+ REQUESTED_PROOF_TOKEN));
+
+ byte[] secret = null;
+
+ if (rpt != null) {
+ OMElement child = rpt.getFirstElement();
+ if (child == null) {
+ throw new TrustException("invalidRPT");
+ }
+ if (child.getQName().equals(new QName(ns,
+ RahasConstants.LocalNames.
+ BINARY_SECRET))) {
+ //First check for the binary secret
+ String b64Secret = child.getText();
+ secret = Base64.decode(b64Secret);
+ } else if (child.getQName().equals(new QName(ns, WSConstants.ENC_KEY_LN))) {
+ try {
+ Element domChild = (Element) new StAXOMBuilder(
+ DOOMAbstractFactory.getOMFactory(), child
+ .getXMLStreamReader()).getDocumentElement();
+
+ EncryptedKeyProcessor processor = new EncryptedKeyProcessor();
+
+ processor.handleToken(domChild, null, this.crypto,
+ this.cbHandler, null, new Vector(),
+ null);
+
+ secret = processor.getDecryptedBytes();
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInProcessingEncryptedKey", e);
+ }
+ } else if (child.getQName().equals(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ COMPUTED_KEY))) {
+ //Handle the computed key
+
+ //Get service entropy
+ OMElement serviceEntrElem = rstr
+ .getFirstChildWithName(new QName(ns,
+ RahasConstants.IssuanceBindingLocalNames.
+ ENTROPY));
+
+ OMElement binSecElem = serviceEntrElem.getFirstElement();
+
+ if (binSecElem != null && binSecElem.getText() != null
+ && !"".equals(binSecElem.getText().trim())) {
+
+ byte[] serviceEntr = Base64.decode(binSecElem.getText());
+
+ //Right now we only use PSHA1 as the computed key algo
+ P_SHA1 p_sha1 = new P_SHA1();
+
+ int length = (this.keySize > 0) ? keySize
+ : this.algorithmSuite
+ .getMaximumSymmetricKeyLength();
+ try {
+ secret = p_sha1.createKey(this.requestorEntropy, serviceEntr, 0, length/8);
+ } catch (ConversationException e) {
+ throw new TrustException("keyDerivationError", e);
+ }
+ } else {
+ //Service entropy missing
+ throw new TrustException("serviceEntropyMissing");
+ }
+ }
+
+ } else {
+ if (this.requestorEntropy != null) {
+ //Use requester entropy as the key
+ secret = this.requestorEntropy;
+ }
+ }
+ token.setSecret(secret);
+ return token;
+ }
+
+ private boolean processCancelResponse(OMElement response) {
+ /*
+ <wst:RequestSecurityTokenResponse>
+ <wst:RequestedTokenCancelled/>
+ </wst:RequestSecurityTokenResponse>
+ */
+ return response.
+ getFirstChildWithName(new QName(RahasConstants.
+ CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED)) != null;
+ }
+
+ /**
+ * Find the token identifier.
+ *
+ * @param reqAttRef
+ * @param reqUnattRef
+ * @param token
+ * @return id
+ */
+ private String findIdentifier(OMElement reqAttRef,
+ OMElement reqUnattRef,
+ OMElement token) {
+ String id;
+ if (reqAttRef != null) {
+ //First try the attached ref
+ id = this.getIdFromSTR(reqAttRef);
+ } else if (reqUnattRef != null) {
+ //then try the unattached ref
+ id = this.getIdFromSTR(reqUnattRef);
+ } else {
+ //Return wsu:Id of the token element
+ id = token.getAttributeValue(new QName(WSConstants.WSU_NS, "Id"));
+ }
+ return id;
+ }
+
+
+ /**
+ * Process the given STR to find the id it refers to
+ *
+ * @param refElem
+ * @return id
+ */
+ private String getIdFromSTR(OMElement refElem) {
+ //ASSUMPTION:SecurityTokenReference/KeyIdentifier
+ OMElement child = refElem.getFirstElement();
+ if(child == null) {
+ return null;
+ }
+
+ if (child.getQName().equals(new QName(WSConstants.SIG_NS, "KeyInfo")) ||
+ child.getQName().equals(new QName(WSConstants.WSSE_NS, "KeyIdentifier"))) {
+ return child.getText();
+ } else if(child.getQName().equals(Reference.TOKEN)) {
+ return child.getAttributeValue(new QName("URI"));
+ } else {
+ return null;
+ }
+
+ }
+
+ /**
+ * Process the goven service policy and extract the info required to create
+ * the RST.
+ *
+ * @param servicePolicy
+ */
+ private void processPolicy(Policy issuerPolicy, Policy servicePolicy) {
+ //Get the policy assertions
+ //Assumption: there's only one alternative
+
+ if (issuerPolicy != null) {
+ log.debug("Processing Issuer policy");
+
+ List issuerAssertions = (List) issuerPolicy.getAlternatives().next();
+
+ for (Iterator iter = issuerAssertions.iterator(); iter.hasNext();) {
+ Assertion tempAssertion = (Assertion) iter.next();
+ //find the AlgorithmSuite assertion
+ if (tempAssertion instanceof Binding) {
+
+ log.debug("Extracting algo suite from issuer " +
+ "policy binding");
+
+ this.algorithmSuite = ((Binding) tempAssertion)
+ .getAlgorithmSuite();
+ }
+ }
+ }
+
+ if (servicePolicy != null) {
+
+ log.debug("Processing service policy to find Trust10 assertion");
+
+ List assertions = (List) servicePolicy.getAlternatives().next();
+
+ for (Iterator iter = assertions.iterator(); iter.hasNext();) {
+ Assertion tempAssertion = (Assertion) iter.next();
+ //find the Trust10 assertion
+ if (tempAssertion instanceof Trust10) {
+ log.debug("Extracting Trust10 assertion from " +
+ "service policy");
+ this.trust10 = (Trust10) tempAssertion;
+ }
+ }
+ }
+ }
+
+ /**
+ * Create the RST request.
+ *
+ * @param requestType
+ * @param appliesTo
+ * @return OMElement
+ * @throws TrustException
+ */
+ private OMElement createIssueRequest(String requestType,
+ String appliesTo) throws TrustException {
+
+ log.debug("Creating request with request type: " + requestType +
+ " and applies to: " + appliesTo);
+
+ OMElement rst = TrustUtil.createRequestSecurityTokenElement(version);
+
+ TrustUtil.createRequestTypeElement(this.version, rst, requestType);
+ if (appliesTo != null) {
+ TrustUtil.createAppliesToElement(rst, appliesTo, this.addressingNs);
+ }
+ TrustUtil.createLifetimeElement(this.version, rst, this.ttl * 1000);
+
+ //Copy over the elements from the template
+ if (this.rstTemplate != null) {
+
+ log.debug("Using RSTTemplate: " + this.rstTemplate.toString());
+
+ Iterator templateChildren = rstTemplate.getChildElements();
+ while (templateChildren.hasNext()) {
+ OMNode child = (OMNode) templateChildren.next();
+ rst.addChild(child);
+ //Look for the key size element
+ if (child instanceof OMElement
+ && ((OMElement) child).getQName().equals(
+ new QName(TrustUtil.getWSTNamespace(this.version),
+ RahasConstants.IssuanceBindingLocalNames.KEY_SIZE))) {
+ log.debug("Extracting key size from the RSTTemplate: ");
+ OMElement childElem = (OMElement) child;
+ this.keySize =
+ (childElem.getText() != null && !"".equals(childElem.getText())) ?
+ Integer.parseInt(childElem.getText()) :
+ -1;
+ log.debug("Key size from RSTTemplate: " + this.keySize);
+ }
+ }
+ }
+
+ try {
+ // Handle entropy
+ if (this.trust10 != null) {
+
+ log.debug("Processing Trust10 assertion");
+
+ if (this.trust10.isRequireClientEntropy()) {
+
+ log.debug("Requires client entropy");
+
+ // setup requestor entropy
+ OMElement ent = TrustUtil.createEntropyElement(this.version, rst);
+ OMElement binSec =
+ TrustUtil.createBinarySecretElement(this.version,
+ ent,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ this.requestorEntropy =
+ WSSecurityUtil.generateNonce(this.algorithmSuite.
+ getMaximumSymmetricKeyLength());
+ binSec.setText(Base64.encode(this.requestorEntropy));
+
+ log.debug("Clien entropy : "
+ + Base64.encode(this.requestorEntropy));
+
+ // Add the ComputedKey element
+ TrustUtil.createComputedKeyAlgorithm(this.version, rst,
+ RahasConstants.COMPUTED_KEY_PSHA1);
+
+ }
+ }
+ } catch (Exception e) {
+ throw new TrustException("errorSettingUpRequestorEntropy", e);
+ }
+
+
+ return rst;
+
+ }
+
+ private OMElement createCancelRequest(String tokenId) throws TrustException {
+
+ return TrustUtil.createCancelRequest(tokenId, version);
+ }
+
+ /**
+ * Set this to set the entropy configurations.
+ * If this is provided in the given policy it will be overridden.
+ *
+ * @param trust10 The trust10 to set.
+ */
+ public void setTrust10(Trust10 trust10) {
+ this.trust10 = trust10;
+ }
+
+ /**
+ * This can be used in the case where the AlgorithmSuite is not specified in
+ * the given policy.
+ * If the AlgorithmSuite exists in a binding in the policy then the value
+ * set will be overridden.
+ *
+ * @param algorithmSuite The algorithmSuite to set.
+ */
+ public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
+ this.algorithmSuite = algorithmSuite;
+ }
+
+ /**
+ * @param addressingNs The addressingNs to set.
+ */
+ public void setAddressingNs(String addressingNs) {
+ this.addressingNs = addressingNs;
+ }
+
+ /**
+ * @param ttl The ttl to set.
+ */
+ public void setTtl(int ttl) {
+ this.ttl = ttl;
+ }
+
+ /**
+ * Sets the crypto information required to process the RSTR.
+ *
+ * @param crypto Crypto information
+ * @param cbHandler Callback handler to provide the private key password to
+ * decrypt
+ */
+ public void setCryptoInfo(Crypto crypto, CallbackHandler cbHandler) {
+ this.crypto = crypto;
+ this.cbHandler = cbHandler;
+ }
+
+ /**
+ * Sets the crypto information required to process the RSTR.
+ *
+ * @param crypto The crypto information
+ * @param privKeyPasswd Private key password to decrypt
+ */
+ public void setCryptoInfo(Crypto crypto, String privKeyPasswd) {
+ this.crypto = crypto;
+ this.cbHandler = new CBHandler(privKeyPasswd);
+ }
+
+ /**
+ * @param action The action to set.
+ */
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ /**
+ * @param options The options to set.
+ */
+ public void setOptions(Options options) {
+ this.options = options;
+ }
+
+ /**
+ * @param rstTemplate The rstTemplate to set.
+ */
+ public void setRstTemplate(OMElement rstTemplate) {
+ this.rstTemplate = rstTemplate;
+ }
+
+ private class CBHandler implements CallbackHandler {
+
+ private String passwd;
+
+ private CBHandler(String passwd) {
+ this.passwd = passwd;
+ }
+
+ public void handle(Callback[] cb) throws IOException,
+ UnsupportedCallbackException {
+ ((WSPasswordCallback) cb[0]).setPassword(this.passwd);
+ }
+
+ }
+
+ /**
+ * @param version The version to set.
+ */
+ public void setVersion(int version) {
+ this.version = version;
+ }
+
+ public void setSoapVersion(String soapVersion) {
+ this.soapVersion = soapVersion;
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
new file mode 100644
index 0000000..c5c76f6
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/errors.properties
@@ -0,0 +1,84 @@
+# -------------------------------------------------------------------
+# Copyright 2001-2004 The Apache Software Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -------------------------------------------------------------------
+
+
+InvalidRequest = The request was invalid or malformed, \"{0}\"
+FailedAuthentication = Authentication failed
+RequestFailed = The specified request failed
+InvalidSecurityToken = Security token has been revoked
+AuthenticationBadElements = Insufficient Digest Elements
+BadRequest = The specified RequestSecurityToken is not understood
+ExpiredData = The request data is out-of-date
+InvalidTimeRange = The requested time range is invalid or unsupported
+InvalidScope = The request scope is invalid or unsupported
+RenewNeeded = A renewable security token has expired
+UnableToRenew = The requested renewal failed
+
+
+errorInObtainingToken = Error in obtaining token from : \"{0}\"
+incorrectConfiguration = The given configuration element is not a "token-dispatcher-configuration" element
+missingClassName = Class attribute missing
+cannotLoadClass = Error in loading and instantiating the class \"{0}\"
+invalidTokenTypeDefinition = Invalid 'tokenType' definition in \"{0}\" : \"{1}\"
+errorLoadingConfigFile = Error in loading configuration file : \"{0}\"
+defaultIssuerMissing = The default issuer must be specified
+tokenAlreadyExists = "The token \"{0}\" already exists in the store
+noTokenToUpdate = Canot find token : \"{0}\" to update
+errorInBuildingTheEncryptedKey = Error in building a xenc:EncyptedKey , encrypted for \"{0}\"
+missingDispatcherConfiguration = Cannot find the token-dispatcher-configuration
+missingConfiguration = Missing configuration: \"{0}\"
+expectedParameterMissing = Expected parameter missing : \"{0}\"
+reqestedSecTokMissing = RequestedSecurityToken missing in the response
+rptMissing = RequestedProofToken missing in the response
+notSupported = Not supported: {0}
+errorCreatingSymmKey = Error in creating the ephemeral key
+badDispatcherConfigMultipleDefaultIssuers = Dispatcher configuration error : There should be only one default issuer
+errorInBuildingTheEncryptedKeyForPrincipal = Error in building encrypted key for principal : \"{0}\"
+invlidTTL = timeToLive (in milliseconds) must be a positive long value.
+invalidKeysize = Invalid key size
+unsupportedWSTVersion = Unsupported WS-Trust version
+unsupportedKeyType = Unsupported KeyType
+invalidAppliesToElem = Invalid AppliesTo element
+errorSettingUpRequestorEntropy = Error setting up requester entropy
+errorInProcessingSTR = Error in processing SecurityTokenReference : {0}
+cannotObtainTokenIdentifier = Cannot obtain token identifier
+lifeTimeProcessingError = Error in processing Lifetime : {0}
+invalidRPT = Invalid RequestedProofToken
+serviceEntropyMissing = Service entropy missing
+keyDerivationError = Error in key derivation
+errorInProcessingEncryptedKey = Error in processing encrypted key
+
+stsClientCfgCtxNull = STSClient: ConfigurationContext client is null
+
+#SCTIssuer specific error messages
+sctIssuerCryptoPropertiesMissing = When the tokenType is not \"BinarySecret\" the cryptoProperties MUST be specified
+
+#SAMLTokenIssuer specific error messages
+samlPropFileMissing = cryptoProperties missing in the SAMLTokenIssuer configuration
+samlIssuerKeyPasswdMissing = issuerKeyPassword missing in SAMLTokenIssuer configuration
+samlIssuerKeyAliasMissing = user value missing in the SAMLTokenIssuer configuration
+samlConverstionError = Error in converting a SAML token to DOOM
+samlAssertionCreationError = Error in creating a SAMLToken using Opensaml library
+aliasMissingForService = Certificate alias missing for service : \"{0}\"
+
+samlIssuerNameMissing = issuerName value missing in the SAMLTokenIssuer configuration
+samlUnsupportedPrincipal = Unsupported principal : \"{0}\"
+
+requiredElementNotFound = Required Element \"{0}\" not found!
+cannotDetermineTokenId = Cannot determine token ID from request
+tokenNotFound = Token with ID \"{0}\" cannot be found
+configurationIsNull = Configuration is null
+errorInCancelingToken = Error occurred while trying to cancel token
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
new file mode 100644
index 0000000..8098302
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/AbstractIssuerConfig.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ */
+public abstract class AbstractIssuerConfig {
+
+ /**
+ * The key computation policy when clien't entropy is provided
+ */
+ public static class KeyComputation {
+ public static final QName KEY_COMPUTATION = new QName("keyComputation");
+ public final static int KEY_COMP_USE_REQ_ENT = 1;
+ public final static int KEY_COMP_PROVIDE_ENT = 2;
+ public final static int KEY_COMP_USE_OWN_KEY = 3;
+ }
+
+ public final static QName ADD_REQUESTED_ATTACHED_REF = new QName("addRequestedAttachedRef");
+ public final static QName ADD_REQUESTED_UNATTACHED_REF = new QName("addRequestedUnattachedRef");
+ public static final QName PROOF_KEY_TYPE = new QName("proofKeyType");
+
+ /**
+ * Element name to include the crypto properties used to load the
+ * information used securing the response
+ */
+ public final static QName CRYPTO_PROPERTIES = new QName("cryptoProperties");
+ public static final QName CRYPTO = new QName("crypto");
+ public static final QName PROVIDER = new QName("provider");
+ public static final QName PROPERTY = new QName("property");
+
+ protected int keyComputation = KeyComputation.KEY_COMP_PROVIDE_ENT;
+ protected String proofKeyType = TokenIssuerUtil.ENCRYPTED_KEY;
+ protected boolean addRequestedAttachedRef;
+ protected boolean addRequestedUnattachedRef;
+ protected long ttl = 300000;
+ protected String cryptoPropertiesFile;
+ protected OMElement cryptoPropertiesElement;
+ protected OMElement cryptoElement;
+ protected int keySize = 256;
+
+ public void setAddRequestedAttachedRef(boolean addRequestedAttachedRef) {
+ this.addRequestedAttachedRef = addRequestedAttachedRef;
+ }
+ public void setAddRequestedUnattachedRef(boolean addRequestedUnattachedRef) {
+ this.addRequestedUnattachedRef = addRequestedUnattachedRef;
+ }
+ public void setKeyComputation(int keyComputation) {
+ this.keyComputation = keyComputation;
+ }
+ public void setProofKeyType(String proofKeyType) {
+ this.proofKeyType = proofKeyType;
+ }
+ public void setTtl(long ttl) {
+ this.ttl = ttl;
+ }
+ public void setKeySize(int keySize) {
+ this.keySize = keySize;
+ }
+ public String getProofKeyType() {
+ return proofKeyType;
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
new file mode 100644
index 0000000..55b2bee
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java
@@ -0,0 +1,588 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.text.DateFormat;
+import java.util.Arrays;
+import java.util.Date;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMNode;
+import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenIssuer;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.impl.util.SAMLAttributeCallback;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.WSUsernameTokenPrincipal;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.Base64;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.EncryptionConstants;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLAttribute;
+import org.opensaml.SAMLAttributeStatement;
+import org.opensaml.SAMLAuthenticationStatement;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
+import org.opensaml.SAMLStatement;
+import org.opensaml.SAMLSubject;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.Text;
+
+/**
+ * Issuer to issue SAMl tokens
+ */
+public class SAMLTokenIssuer implements TokenIssuer {
+
+ private String configParamName;
+
+ private OMElement configElement;
+
+ private String configFile;
+
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ try {
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ SAMLTokenIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = new SAMLTokenIssuerConfig(configElement
+ .getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = new SAMLTokenIssuerConfig(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = inMsgCtx.getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = new SAMLTokenIssuerConfig(param
+ .getParameterElement().getFirstChildWithName(
+ SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[] { this.configParamName });
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("configurationIsNull");
+ }
+
+ // Set the DOM impl to DOOM
+ DocumentBuilderFactoryImpl.setDOOMRequired(true);
+
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(inMsgCtx
+ .getEnvelope().getNamespace().getNamespaceURI());
+
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props
+ // defined as
+ // elements
+ crypto = CryptoFactory.getInstance(TrustUtil
+ .toProperties(config.cryptoElement), inMsgCtx
+ .getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ inMsgCtx.getAxisService().getClassLoader());
+ }
+
+ // Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ // Get the key size and create a new byte array of that size
+ int keySize = data.getKeysize();
+
+ keySize = (keySize == -1) ? config.keySize : keySize;
+
+ /*
+ * Find the KeyType If the KeyType is SymmetricKey or PublicKey,
+ * issue a SAML HoK assertion. - In the case of the PublicKey, in
+ * coming security header MUST contain a certificate (maybe via
+ * signature)
+ *
+ * If the KeyType is Bearer then issue a Bearer assertion
+ *
+ * If the key type is missing we will issue a HoK assertion
+ */
+
+ String keyType = data.getKeyType();
+ SAMLAssertion assertion;
+ if (keyType == null) {
+ throw new TrustException(TrustException.INVALID_REQUEST,
+ new String[] { "Requested KeyType is missing" });
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ || keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) {
+ assertion = createHoKAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else if (keyType.endsWith(RahasConstants.KEY_TYPE_BEARER)) {
+ assertion = createBearerAssertion(config, doc, crypto,
+ creationTime, expirationTime, data);
+ } else {
+ throw new TrustException("unsupportedKeyType");
+ }
+
+ OMElement rstrElem;
+ int wstVersion = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == wstVersion) {
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, env.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ wstVersion, env.getBody());
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(
+ wstVersion, rstrcElem);
+ }
+
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ RahasConstants.TOK_TYPE_SAML_10);
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keySize);
+ }
+
+ if (config.addRequestedAttachedRef) {
+ TrustUtil.createRequestedAttachedRef(wstVersion, rstrElem, "#"
+ + assertion.getId(), RahasConstants.TOK_TYPE_SAML_10);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ TrustUtil.createRequestedUnattachedRef(wstVersion, rstrElem,
+ assertion.getId(), RahasConstants.TOK_TYPE_SAML_10);
+ }
+
+ if (data.getAppliesToAddress() != null) {
+ TrustUtil.createAppliesToElement(rstrElem, data
+ .getAppliesToAddress(), data.getAddressingNs());
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(creationTime), zulu.format(expirationTime));
+
+ // Create the RequestedSecurityToken element and add the SAML token
+ // to it
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+ Token assertionToken;
+ try {
+ Node tempNode = assertion.toDOM();
+ reqSecTokenElem.addChild((OMNode) ((Element) rstrElem)
+ .getOwnerDocument().importNode(tempNode, true));
+
+ // Store the token
+ assertionToken = new Token(assertion.getId(),
+ (OMElement) assertion.toDOM(), creationTime,
+ expirationTime);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+
+ } catch (SAMLException e) {
+ throw new TrustException("samlConverstionError", e);
+ }
+
+ if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)
+ && config.keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_REQ_ENT) {
+
+ // Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data, wstVersion,
+ config, rstrElem, assertionToken, doc);
+ }
+
+ return env;
+ } finally {
+ // Unset the DOM impl to default
+ DocumentBuilderFactoryImpl.setDOOMRequired(false);
+ }
+
+ }
+
+ private SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig config,
+ Document doc, Crypto crypto, Date creationTime,
+ Date expirationTime, RahasData data) throws TrustException {
+ try {
+ Principal principal = data.getPrincipal();
+ // In the case where the principal is a UT
+ if (principal instanceof WSUsernameTokenPrincipal) {
+ SAMLNameIdentifier nameId = null;
+ if(config.getCallbackHander() != null){
+ SAMLNameIdentifierCallback cb = new SAMLNameIdentifierCallback(data);
+ cb.setUserId(principal.getName());
+ SAMLCallbackHandler callbackHandler = config.getCallbackHander();
+ callbackHandler.handle(cb);
+ nameId = cb.getNameId();
+ }else{
+ nameId = new SAMLNameIdentifier(
+ principal.getName(), null, SAMLNameIdentifier.FORMAT_EMAIL);
+ }
+
+ return createAuthAssertion(doc, SAMLSubject.CONF_BEARER,
+ nameId, null, config, crypto, creationTime,
+ expirationTime);
+ } else {
+ throw new TrustException("samlUnsupportedPrincipal",
+ new String[] { principal.getClass().getName() });
+ }
+ } catch (SAMLException e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ private SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig config,
+ Document doc, Crypto crypto, Date creationTime,
+ Date expirationTime, RahasData data) throws TrustException {
+
+ if (data.getKeyType().endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
+ Element encryptedKeyElem;
+ X509Certificate serviceCert = null;
+ try {
+
+ // Get ApliesTo to figure out which service to issue the token
+ // for
+ serviceCert = getServiceCert(config, crypto, data
+ .getAppliesToAddress());
+
+ // Create the encrypted key
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+
+ // Use thumbprint id
+ encrKeyBuilder
+ .setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+
+ // SEt the encryption cert
+ encrKeyBuilder.setUseThisCert(serviceCert);
+
+ // set keysize
+ int keysize = data.getKeysize();
+ keysize = (keysize != -1) ? keysize : config.keySize;
+ encrKeyBuilder.setKeySize(keysize);
+
+ encrKeyBuilder.setEphemeralKey(TokenIssuerUtil.getSharedSecret(
+ data, config.keyComputation, keysize));
+
+ // Set key encryption algo
+ encrKeyBuilder
+ .setKeyEncAlgo(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
+
+ // Build
+ encrKeyBuilder.prepare(doc, crypto);
+
+ // Extract the base64 encoded secret value
+ byte[] tempKey = new byte[keysize / 8];
+ System.arraycopy(encrKeyBuilder.getEphemeralKey(), 0, tempKey,
+ 0, keysize / 8);
+
+ data.setEphmeralKey(tempKey);
+
+ // Extract the Encryptedkey DOM element
+ encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ } catch (WSSecurityException e) {
+ throw new TrustException(
+ "errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[] { serviceCert.getSubjectDN().getName() },
+ e);
+ }
+ return this.createAttributeAssertion(doc, data ,encryptedKeyElem, config,
+ crypto, creationTime, expirationTime);
+ } else {
+ try {
+ String subjectNameId = data.getPrincipal().getName();
+
+ SAMLNameIdentifier nameId = new SAMLNameIdentifier(
+ subjectNameId, null, SAMLNameIdentifier.FORMAT_EMAIL);
+
+ // Create the ds:KeyValue element with the ds:X509Data
+ X509Certificate clientCert = data.getClientCert();
+
+ if(clientCert == null) {
+ X509Certificate[] certs = crypto.getCertificates(
+ data.getPrincipal().getName());
+ clientCert = certs[0];
+ }
+
+ byte[] clientCertBytes = clientCert.getEncoded();
+
+ String base64Cert = Base64.encode(clientCertBytes);
+
+ Text base64CertText = doc.createTextNode(base64Cert);
+ Element x509CertElem = doc.createElementNS(WSConstants.SIG_NS,
+ "X509Certificate");
+ x509CertElem.appendChild(base64CertText);
+ Element x509DataElem = doc.createElementNS(WSConstants.SIG_NS,
+ "X509Data");
+ x509DataElem.appendChild(x509CertElem);
+ Element keyValueElem = doc.createElementNS(WSConstants.SIG_NS,
+ "KeyValue");
+ keyValueElem.appendChild(x509DataElem);
+
+ return this.createAuthAssertion(doc,
+ SAMLSubject.CONF_HOLDER_KEY, nameId, keyValueElem,
+ config, crypto, creationTime, expirationTime);
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+ }
+
+ /**
+ * Uses the <code>wst:AppliesTo</code> to figure out the certificate to
+ * encrypt the secret in the SAML token
+ *
+ * @param config
+ * @param crypto
+ * @param serviceAddress
+ * The address of the service
+ * @return
+ * @throws WSSecurityException
+ */
+ private X509Certificate getServiceCert(SAMLTokenIssuerConfig config,
+ Crypto crypto, String serviceAddress) throws WSSecurityException {
+
+ if (serviceAddress != null && !"".equals(serviceAddress)) {
+ String alias = (String) config.trustedServices.get(serviceAddress);
+ if (alias != null) {
+ return crypto.getCertificates(alias)[0];
+ } else {
+ alias = (String) config.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+ } else {
+ String alias = (String) config.trustedServices.get("*");
+ return crypto.getCertificates(alias)[0];
+ }
+
+ }
+
+ /**
+ * Create the SAML assertion with the secret held in an
+ * <code>xenc:EncryptedKey</code>
+ *
+ * @param doc
+ * @param keyInfoContent
+ * @param config
+ * @param crypto
+ * @param notBefore
+ * @param notAfter
+ * @return
+ * @throws TrustException
+ */
+ private SAMLAssertion createAttributeAssertion(Document doc, RahasData data,
+ Element keyInfoContent, SAMLTokenIssuerConfig config,
+ Crypto crypto, Date notBefore, Date notAfter) throws TrustException {
+ try {
+ String[] confirmationMethods = new String[] { SAMLSubject.CONF_HOLDER_KEY };
+
+ Element keyInfoElem = doc.createElementNS(WSConstants.SIG_NS,
+ "KeyInfo");
+ ((OMElement) keyInfoContent).declareNamespace(WSConstants.SIG_NS,
+ WSConstants.SIG_PREFIX);
+ ((OMElement) keyInfoContent).declareNamespace(WSConstants.ENC_NS,
+ WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(keyInfoContent);
+
+ SAMLSubject subject = new SAMLSubject(null, Arrays
+ .asList(confirmationMethods), null, keyInfoElem);
+
+
+ SAMLAttribute[] attrs = null;
+ if(config.getCallbackHander() != null){
+ SAMLAttributeCallback cb = new SAMLAttributeCallback(data);
+ SAMLCallbackHandler handler = config.getCallbackHander();
+ handler.handle(cb);
+ attrs = cb.getAttributes();
+ }else{
+ //TODO Remove this after discussing
+ SAMLAttribute attribute = new SAMLAttribute("Name",
+ "https://rahas.apache.org/saml/attrns", null, -1, Arrays
+ .asList(new String[] { "Colombo/Rahas" }));
+ attrs = new SAMLAttribute[]{attribute};
+ }
+
+ SAMLAttributeStatement attrStmt = new SAMLAttributeStatement(
+ subject, Arrays.asList(attrs ));
+
+ SAMLStatement[] statements = { attrStmt };
+
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore, notAfter, null, null, Arrays.asList(statements));
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+ assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ return assertion;
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ /**
+ * @param doc
+ * @param confMethod
+ * @param subjectNameId
+ * @param keyInfoContent
+ * @param config
+ * @param crypto
+ * @param notBefore
+ * @param notAfter
+ * @return
+ * @throws TrustException
+ */
+ private SAMLAssertion createAuthAssertion(Document doc, String confMethod,
+ SAMLNameIdentifier subjectNameId, Element keyInfoContent,
+ SAMLTokenIssuerConfig config, Crypto crypto, Date notBefore,
+ Date notAfter) throws TrustException {
+ try {
+ String[] confirmationMethods = new String[] { confMethod };
+
+ Element keyInfoElem = null;
+ if (keyInfoContent != null) {
+ keyInfoElem = doc
+ .createElementNS(WSConstants.SIG_NS, "KeyInfo");
+ ((OMElement) keyInfoContent).declareNamespace(
+ WSConstants.SIG_NS, WSConstants.SIG_PREFIX);
+ ((OMElement) keyInfoContent).declareNamespace(
+ WSConstants.ENC_NS, WSConstants.ENC_PREFIX);
+
+ keyInfoElem.appendChild(keyInfoContent);
+ }
+
+ SAMLSubject subject = new SAMLSubject(subjectNameId, Arrays
+ .asList(confirmationMethods), null, keyInfoElem);
+
+ SAMLAuthenticationStatement authStmt = new SAMLAuthenticationStatement(
+ subject,
+ SAMLAuthenticationStatement.AuthenticationMethod_Password,
+ notBefore, null, null, null);
+ SAMLStatement[] statements = { authStmt };
+
+ SAMLAssertion assertion = new SAMLAssertion(config.issuerName,
+ notBefore, notAfter, null, null, Arrays.asList(statements));
+
+ // sign the assertion
+ X509Certificate[] issuerCerts = crypto
+ .getCertificates(config.issuerKeyAlias);
+
+ String sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_RSA;
+ String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
+ if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
+ sigAlgo = XMLSignature.ALGO_ID_SIGNATURE_DSA;
+ }
+ java.security.Key issuerPK = crypto.getPrivateKey(
+ config.issuerKeyAlias, config.issuerKeyPassword);
+ assertion.sign(sigAlgo, issuerPK, Arrays.asList(issuerCerts));
+
+ return assertion;
+ } catch (Exception e) {
+ throw new TrustException("samlAssertionCreationError", e);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(),
+ RahasConstants.RSTR_ACTION_ISSUE);
+ }
+
+ /**
+ * Create an ephemeral key
+ *
+ * @return The generated key as a byte array
+ * @throws TrustException
+ */
+ protected byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("Error in creating the ephemeral key", e);
+ }
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationFile(String configFile) {
+ // TODO TODO SAMLTokenIssuer setConfigurationFile
+
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ // TODO TODO SAMLTokenIssuer setConfigurationElement
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
new file mode 100644
index 0000000..f7790bf
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuerConfig.java
@@ -0,0 +1,393 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import java.io.FileInputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.namespace.QName;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.axis2.description.Parameter;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.impl.util.SAMLCallbackHandler;
+
+/**
+ * Configuration manager for the <code>SAMLTokenIssuer</code>
+ *
+ * @see SAMLTokenIssuer
+ */
+public class SAMLTokenIssuerConfig extends AbstractIssuerConfig {
+
+
+ Log log = LogFactory.getLog(SAMLTokenIssuerConfig.class);
+
+ /**
+ * The QName of the configuration element of the SAMLTokenIssuer
+ */
+ public final static QName SAML_ISSUER_CONFIG = new QName("saml-issuer-config");
+
+ /**
+ * Element name to include the alias of the private key to sign the response or
+ * the issued token
+ */
+ private final static QName ISSUER_KEY_ALIAS = new QName("issuerKeyAlias");
+
+ /**
+ * Element name to include the password of the private key to sign the
+ * response or the issued token
+ */
+ private final static QName ISSUER_KEY_PASSWD = new QName("issuerKeyPassword");
+
+ /**
+ * Element to specify the lifetime of the SAMLToken
+ * Dafaults to 300000 milliseconds (5 mins)
+ */
+ private final static QName TTL = new QName("timeToLive");
+
+ /**
+ * Element to list the trusted services
+ */
+ private final static QName TRUSTED_SERVICES = new QName("trusted-services");
+
+ private final static QName KEY_SIZE = new QName("keySize");
+
+ private final static QName SERVICE = new QName("service");
+ private final static QName ALIAS = new QName("alias");
+
+ public final static QName USE_SAML_ATTRIBUTE_STATEMENT = new QName("useSAMLAttributeStatement");
+
+ public final static QName ISSUER_NAME = new QName("issuerName");
+
+ public final static QName SAML_CALLBACK_CLASS = new QName("dataCallbackHandlerClass");
+
+ protected String issuerKeyAlias;
+ protected String issuerKeyPassword;
+ protected String issuerName;
+ protected Map trustedServices = new HashMap();
+ protected String trustStorePropFile;
+ protected SAMLCallbackHandler callbackHander;
+
+ /**
+ * Create a new configuration with issuer name and crypto information
+ * @param issuerName Name of the issuer
+ * @param cryptoProviderClassName WSS4J Crypto impl class name
+ * @param cryptoProps Configuration properties of crypto impl
+ */
+ public SAMLTokenIssuerConfig(String issuerName, String cryptoProviderClassName, Properties cryptoProps) {
+ this.issuerName = issuerName;
+ this.setCryptoProperties(cryptoProviderClassName, cryptoProps);
+ }
+
+ /**
+ * Create a SAMLTokenIssuer configuration with a config file picked from the
+ * given location.
+ * @param configFilePath Path to the config file
+ * @throws TrustException
+ */
+ public SAMLTokenIssuerConfig(String configFilePath) throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile",
+ new String[] { configFilePath });
+ }
+ this.load(builder.getDocumentElement());
+ }
+
+ /**
+ * Create a SAMLTokenIssuer configuration using the give config element
+ * @param elem Configuration element as an <code>OMElement</code>
+ * @throws TrustException
+ */
+ public SAMLTokenIssuerConfig(OMElement elem) throws TrustException {
+ this.load(elem);
+ }
+
+ private void load(OMElement elem) throws TrustException {
+ OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+ if (proofKeyElem != null) {
+ this.proofKeyType = proofKeyElem.getText().trim();
+ }
+
+ //The alias of the private key
+ OMElement userElem = elem.getFirstChildWithName(ISSUER_KEY_ALIAS);
+ if (userElem != null) {
+ this.issuerKeyAlias = userElem.getText().trim();
+ }
+
+ if (this.issuerKeyAlias == null || "".equals(this.issuerKeyAlias)) {
+ throw new TrustException("samlIssuerKeyAliasMissing");
+ }
+
+ OMElement issuerKeyPasswdElem = elem.getFirstChildWithName(ISSUER_KEY_PASSWD);
+ if (issuerKeyPasswdElem != null) {
+ this.issuerKeyPassword = issuerKeyPasswdElem.getText().trim();
+ }
+
+ if (this.issuerKeyPassword == null || "".equals(this.issuerKeyPassword)) {
+ throw new TrustException("samlIssuerKeyPasswdMissing");
+ }
+
+ OMElement issuerNameElem = elem.getFirstChildWithName(ISSUER_NAME);
+ if (issuerNameElem != null) {
+ this.issuerName = issuerNameElem.getText().trim();
+ }
+
+ if (this.issuerName == null || "".equals(this.issuerName)) {
+ throw new TrustException("samlIssuerNameMissing");
+ }
+
+ this.cryptoPropertiesElement = elem.getFirstChildWithName(CRYPTO_PROPERTIES);
+ if (this.cryptoPropertiesElement != null) {
+ if ((this.cryptoElement =
+ this.cryptoPropertiesElement .getFirstChildWithName(CRYPTO)) == null){
+ // no children. Hence, prop file should have been defined
+ this.cryptoPropertiesFile = this.cryptoPropertiesElement .getText().trim();
+ }
+ // else Props should be defined as children of a crypto element
+ }
+
+ OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+ if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
+ this.keyComputation = Integer.parseInt(keyCompElem.getText());
+ }
+
+ //time to live
+ OMElement ttlElem = elem.getFirstChildWithName(TTL);
+ if (ttlElem != null) {
+ try {
+ this.ttl = Long.parseLong(ttlElem.getText().trim());
+ } catch (NumberFormatException e) {
+ throw new TrustException("invlidTTL");
+ }
+ }
+
+ OMElement keySizeElem = elem.getFirstChildWithName(KEY_SIZE);
+ if (keySizeElem != null) {
+ try {
+ this.keySize = Integer.parseInt(keySizeElem.getText().trim());
+ } catch (NumberFormatException e) {
+ throw new TrustException("invalidKeysize");
+ }
+ }
+
+ this.addRequestedAttachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+
+ //Process trusted services
+ OMElement trustedServices = elem.getFirstChildWithName(TRUSTED_SERVICES);
+
+ /*
+ * If there are trusted services add them to a list
+ * Only trusts myself to issue tokens to :
+ * In this case the STS is embedded in the service as well and
+ * the issued token can only be used with that particular service
+ * since the response secret is encrypted by the service's public key
+ */
+ if (trustedServices != null) {
+ //Now process the trusted services
+ Iterator servicesIter = trustedServices.getChildrenWithName(SERVICE);
+ while (servicesIter.hasNext()) {
+ OMElement service = (OMElement) servicesIter.next();
+ OMAttribute aliasAttr = service.getAttribute(ALIAS);
+ if (aliasAttr == null) {
+ //The certificate alias is a must
+ throw new TrustException("aliasMissingForService",
+ new String[]{service.getText().trim()});
+ }
+ if (this.trustedServices == null) {
+ this.trustedServices = new HashMap();
+ }
+
+ //Add the trusted service and the alias to the map of services
+ this.trustedServices.put(service.getText().trim(), aliasAttr.getAttributeValue());
+ }
+
+ //There maybe no trusted services as well, Therefore do not
+ //throw an exception when there are no trusted in the list at the
+ //moment
+ }
+
+
+ OMElement attrElemet = elem.getFirstChildWithName(SAML_CALLBACK_CLASS);
+ if (attrElemet != null) {
+ try {
+ String value = attrElemet.getText();
+ Class handlerClass = Class.forName(value);
+ this.callbackHander = (SAMLCallbackHandler)handlerClass.newInstance();
+ } catch (ClassNotFoundException e) {
+ log.debug("Error loading class" , e);
+ throw new TrustException("Error loading class" , e);
+ } catch (InstantiationException e) {
+ log.debug("Error instantiating class" , e);
+ throw new TrustException("Error instantiating class" , e);
+ } catch (IllegalAccessException e) {
+ log.debug("Illegal Access" , e);
+ throw new TrustException("Illegal Access" , e);
+ }
+ }
+
+
+ }
+
+ /**
+ * Generate an Axis2 parameter for this configuration
+ * @return An Axis2 Parameter instance with configuration information
+ */
+ public Parameter getParameter() {
+ Parameter param = new Parameter();
+
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+
+ OMElement paramElem = fac.createOMElement("Parameter", null);
+ paramElem.addAttribute("name", SAML_ISSUER_CONFIG.getLocalPart(), null);
+
+ OMElement configElem = fac.createOMElement(SAML_ISSUER_CONFIG, paramElem);
+
+ OMElement issuerNameElem = fac.createOMElement(ISSUER_NAME, configElem);
+ issuerNameElem.setText(this.issuerName);
+
+ OMElement issuerKeyAliasElem = fac.createOMElement(ISSUER_KEY_ALIAS, configElem);
+ issuerKeyAliasElem.setText(this.issuerKeyAlias);
+
+ OMElement issuerKeyPasswd = fac.createOMElement(ISSUER_KEY_PASSWD, configElem);
+ issuerKeyPasswd.setText(this.issuerKeyPassword);
+
+ configElem.addChild(this.cryptoPropertiesElement);
+
+ OMElement keySizeElem = fac.createOMElement(KEY_SIZE, configElem);
+ keySizeElem.setText(Integer.toString(this.keySize));
+
+ if(this.addRequestedAttachedRef) {
+ fac.createOMElement(ADD_REQUESTED_ATTACHED_REF, configElem);
+ }
+ if(this.addRequestedUnattachedRef) {
+ fac.createOMElement(ADD_REQUESTED_UNATTACHED_REF, configElem);
+ }
+
+ OMElement keyCompElem = fac.createOMElement(KeyComputation.KEY_COMPUTATION, configElem);
+ keyCompElem.setText(Integer.toString(this.keyComputation));
+
+ OMElement proofKeyTypeElem = fac.createOMElement(PROOF_KEY_TYPE, configElem);
+ proofKeyTypeElem.setText(this.proofKeyType);
+
+ OMElement trustedServicesElem = fac.createOMElement(TRUSTED_SERVICES, configElem);
+ for (Iterator iterator = this.trustedServices.keySet().iterator(); iterator.hasNext();) {
+ String service = (String) iterator.next();
+ OMElement serviceElem = fac.createOMElement(SERVICE, trustedServicesElem);
+ serviceElem.setText(service);
+ serviceElem.addAttribute("alias", (String)this.trustedServices.get(service), null);
+
+ }
+
+ param.setName(SAML_ISSUER_CONFIG.getLocalPart());
+ param.setParameterElement(paramElem);
+ param.setValue(paramElem);
+ param.setParameterType(Parameter.OM_PARAMETER);
+
+ return param;
+ }
+
+ public void setIssuerKeyAlias(String issuerKeyAlias) {
+ this.issuerKeyAlias = issuerKeyAlias;
+ }
+
+ public void setIssuerKeyPassword(String issuerKeyPassword) {
+ this.issuerKeyPassword = issuerKeyPassword;
+ }
+
+ public void setIssuerName(String issuerName) {
+ this.issuerName = issuerName;
+ }
+
+ public void setTrustedServices(Map trustedServices) {
+ this.trustedServices = trustedServices;
+ }
+
+ public void setTrustStorePropFile(String trustStorePropFile) {
+ this.trustStorePropFile = trustStorePropFile;
+ }
+
+ /**
+ * Add a new trusted service endpoint address with its certificate
+ * @param address Service endpoint address
+ * @param alias certificate alias
+ */
+ public void addTrustedServiceEndpointAddress(String address, String alias) {
+ this.trustedServices.put(address, alias);
+ }
+
+ /**
+ * Set crypto information using WSS4J mechanisms
+ *
+ * @param providerClassName
+ * Provider class - an implementation of
+ * org.apache.ws.security.components.crypto.Crypto
+ * @param props Configuration properties
+ */
+ public void setCryptoProperties(String providerClassName, Properties props) {
+ OMFactory fac = OMAbstractFactory.getOMFactory();
+ this.cryptoPropertiesElement= fac.createOMElement(CRYPTO_PROPERTIES);
+ OMElement cryptoElem = fac.createOMElement(CRYPTO, this.cryptoPropertiesElement);
+ cryptoElem.addAttribute(PROVIDER.getLocalPart(), providerClassName, null);
+ Enumeration keys = props.keys();
+ while (keys.hasMoreElements()) {
+ String prop = (String) keys.nextElement();
+ String value = (String)props.get(prop);
+ OMElement propElem = fac.createOMElement(PROPERTY, cryptoElem);
+ propElem.setText(value);
+ propElem.addAttribute("name", prop, null);
+ }
+ }
+
+ /**
+ * Return the list of trusted services as a <code>java.util.Map</code>.
+ * The services addresses are the keys and cert aliases available under
+ * those keys.
+ * @return
+ */
+ public Map getTrustedServices() {
+ return trustedServices;
+ }
+
+ public SAMLCallbackHandler getCallbackHander() {
+ return callbackHander;
+ }
+
+ public void setCallbackHander(SAMLCallbackHandler callbackHander) {
+ this.callbackHander = callbackHander;
+ }
+
+
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
new file mode 100644
index 0000000..27aefd0
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuer.java
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.description.Parameter;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TokenIssuer;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import java.text.DateFormat;
+import java.util.Date;
+
+public class SCTIssuer implements TokenIssuer {
+
+ public final static String COMPUTED_KEY = "ComputedKey";
+
+ private String configFile;
+
+ private OMElement configElement;
+
+ private String configParamName;
+
+ /**
+ * Issue a {@link SecurityContextToken} based on the wsse:Signature or
+ * wsse:UsernameToken
+ * <p/>
+ * This will support returning the SecurityContextToken with the following
+ * types of wst:RequestedProof tokens:
+ * <ul>
+ * <li>xenc:EncryptedKey</li>
+ * <li>wst:ComputedKey</li>
+ * <li>wst:BinarySecret (for secure transport)</li>
+ * </ul>
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ SCTIssuerConfig config = null;
+ if (this.configElement != null) {
+ config = SCTIssuerConfig
+ .load(configElement
+ .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = SCTIssuerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = SCTIssuerConfig.load(param.getParameterElement()
+ .getFirstChildWithName(
+ SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("missingConfiguration",
+ new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+ .getLocalPart()});
+ }
+
+ // Env
+ return createEnvelope(data, config);
+ }
+
+ private SOAPEnvelope createEnvelope(RahasData data,
+ SCTIssuerConfig config) throws TrustException {
+ try {
+ SOAPEnvelope env = TrustUtil.createSOAPEnvelope(data.getSoapNs());
+ int wstVersion = data.getVersion();
+
+ // Get the document
+ Document doc = ((Element) env).getOwnerDocument();
+
+ SecurityContextToken sct =
+ new SecurityContextToken(this.getWSCVersion(data.getTokenType()), doc);
+
+ OMElement rstrElem =
+ TrustUtil.createRequestSecurityTokenResponseElement(wstVersion,
+ env.getBody());
+
+ OMElement rstElem =
+ TrustUtil.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ rstElem.addChild((OMElement) sct.getElement());
+
+ String tokenType = data.getTokenType();
+
+ OMElement reqAttachedRef = null;
+ OMElement reqUnattachedRef = null;
+ if (config.addRequestedAttachedRef) {
+ reqAttachedRef = TrustUtil.createRequestedAttachedRef(wstVersion,
+ rstrElem,
+ "#" + sct.getID(),
+ tokenType);
+ }
+
+ if (config.addRequestedUnattachedRef) {
+ reqUnattachedRef = TrustUtil.createRequestedUnattachedRef(wstVersion,
+ rstrElem,
+ sct.getIdentifier(),
+ tokenType);
+ }
+
+ //Creation and expiration times
+ Date creationTime = new Date();
+ Date expirationTime = new Date();
+
+ expirationTime.setTime(creationTime.getTime() + config.ttl);
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion,
+ rstrElem,
+ zulu.format(creationTime),
+ zulu.format(expirationTime));
+
+ // Store the tokens
+ Token sctToken = new Token(sct.getIdentifier(),
+ (OMElement) sct.getElement(),
+ creationTime,
+ expirationTime);
+
+ if(config.addRequestedAttachedRef) {
+ sctToken.setAttachedReference(reqAttachedRef.getFirstElement());
+ }
+
+ if(config.addRequestedUnattachedRef) {
+ sctToken.setUnattachedReference(reqUnattachedRef.getFirstElement());
+ }
+
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data, config.keyComputation, config.keySize);
+ sctToken.setSecret(secret);
+
+ //Add the RequestedProofToken
+ TokenIssuerUtil.handleRequestedProofToken(data,
+ wstVersion,
+ config,
+ rstrElem,
+ sctToken,
+ doc);
+
+ sctToken.setState(Token.ISSUED);
+ TrustUtil.getTokenStore(data.getInMessageContext()).add(sctToken);
+ return env;
+ } catch (ConversationException e) {
+ throw new TrustException(e.getMessage(), e);
+ }
+ }
+
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_SCT);
+ }
+
+ /**
+ * @see org.apache.rahas.TokenIssuer#setConfigurationFile(java.lang.String)
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * @see org.apache.rahas.TokenIssuer#setConfigurationElement(OMElement)
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ private int getWSCVersion(String tokenTypeValue) throws ConversationException {
+
+ if (tokenTypeValue == null) {
+ return ConversationConstants.DEFAULT_VERSION;
+ }
+
+ if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_02)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_02);
+ } else if (tokenTypeValue.startsWith(ConversationConstants.WSC_NS_05_12)) {
+ return ConversationConstants.getWSTVersion(ConversationConstants.WSC_NS_05_12);
+ } else {
+ throw new ConversationException("unsupportedSecConvVersion");
+ }
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java
new file mode 100644
index 0000000..8c1308e
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SCTIssuerConfig.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+
+import java.io.FileInputStream;
+
+/**
+ * SCTIssuer Configuration processor
+ */
+public class SCTIssuerConfig extends AbstractIssuerConfig{
+
+ public final static QName SCT_ISSUER_CONFIG = new QName("sct-issuer-config");
+ protected byte[] requesterEntropy;
+
+ private SCTIssuerConfig(OMElement elem) throws TrustException {
+ OMElement proofKeyElem = elem.getFirstChildWithName(PROOF_KEY_TYPE);
+ if (proofKeyElem != null) {
+ this.proofKeyType = proofKeyElem.getText().trim();
+ }
+
+ OMElement cryptoPropertiesElem = elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!TokenIssuerUtil.BINARY_SECRET.equals(proofKeyType) && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.addRequestedAttachedRef =
+ elem.getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef =
+ elem.getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+ if ((cryptoElement =
+ cryptoPropertiesElem.getFirstChildWithName(CRYPTO)) == null) { // no children. Hence, prop file should have been defined
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();
+ }
+ // else Props should be defined as children of a crypto element
+
+ OMElement keyCompElem = elem.getFirstChildWithName(KeyComputation.KEY_COMPUTATION);
+ if (keyCompElem != null && keyCompElem.getText() != null && !"".equals(keyCompElem)) {
+ this.keyComputation = Integer.parseInt(keyCompElem.getText());
+ }
+ }
+
+ public static SCTIssuerConfig load(OMElement elem) throws TrustException {
+ return new SCTIssuerConfig(elem);
+ }
+
+ public static SCTIssuerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile",
+ new String[] { configFilePath });
+ }
+
+ return load(builder.getDocumentElement());
+ }
+}
\ No newline at end of file
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
new file mode 100644
index 0000000..820cf6b
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerConfig.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.impl.builder.StAXOMBuilder;
+import org.apache.rahas.TrustException;
+
+import javax.xml.namespace.QName;
+import java.io.FileInputStream;
+
+/**
+ *
+ */
+public class TokenCancelerConfig {
+
+ /*
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <proofToken>EncryptedKey</proofToken>
+ <cryptoProperties>sctIssuer.properties</cryptoProperties>
+ <addRequestedAttachedRef />
+ </stoken-canceler-config>
+ </parameter>
+ */
+ public final static QName TOKEN_CANCELER_CONFIG = new QName("token-canceler-config");
+
+ private TokenCancelerConfig(OMElement elem) throws TrustException {
+ /*OMElement proofTokenElem =
+ elem.getFirstChildWithName(new QName("proofToken"));
+ if (proofTokenElem != null) {
+ this.proofTokenType = proofTokenElem.getText().trim();
+ }
+
+ OMElement cryptoPropertiesElem = elem
+ .getFirstChildWithName(new QName("cryptoProperties"));
+
+ if (!SCTIssuer.BINARY_SECRET.equals(proofTokenType)
+ && cryptoPropertiesElem == null) {
+ throw new TrustException("sctIssuerCryptoPropertiesMissing");
+ }
+
+ this.addRequestedAttachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_ATTACHED_REF) != null;
+ this.addRequestedUnattachedRef = elem
+ .getFirstChildWithName(ADD_REQUESTED_UNATTACHED_REF) != null;
+
+ this.cryptoPropertiesFile = cryptoPropertiesElem.getText().trim();*/
+ }
+
+ public static TokenCancelerConfig load(OMElement elem) throws TrustException {
+ return new TokenCancelerConfig(elem);
+ }
+
+ public static TokenCancelerConfig load(String configFilePath)
+ throws TrustException {
+ FileInputStream fis;
+ StAXOMBuilder builder;
+ try {
+ fis = new FileInputStream(configFilePath);
+ builder = new StAXOMBuilder(fis);
+ } catch (Exception e) {
+ throw new TrustException("errorLoadingConfigFile", new String[] { configFilePath });
+ }
+ return load(builder.getDocumentElement());
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java
new file mode 100644
index 0000000..ebbf1b4
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenCancelerImpl.java
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import org.apache.rahas.TokenCanceler;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.TokenStorage;
+import org.apache.rahas.Token;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.message.token.Reference;
+import org.apache.ws.security.message.token.SecurityTokenReference;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMAttribute;
+import org.apache.axis2.description.Parameter;
+import org.apache.axis2.context.MessageContext;
+
+import javax.xml.namespace.QName;
+
+/**
+ *
+ */
+public class TokenCancelerImpl implements TokenCanceler {
+
+ private String configFile;
+ private OMElement configElement;
+ private String configParamName;
+
+ /**
+ * Cancel the token specified in the request.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Response SOAPEnveloper
+ * @throws org.apache.rahas.TrustException
+ *
+ */
+ public SOAPEnvelope cancel(RahasData data) throws TrustException {
+ TokenCancelerConfig config = null;
+ if (this.configElement != null) {
+ config = TokenCancelerConfig.load(configElement.
+ getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ }
+
+ // Look for the file
+ if (config == null && this.configFile != null) {
+ config = TokenCancelerConfig.load(this.configFile);
+ }
+
+ // Look for the param
+ if (config == null && this.configParamName != null) {
+ Parameter param = data.getInMessageContext().getParameter(this.configParamName);
+ if (param != null && param.getParameterElement() != null) {
+ config = TokenCancelerConfig.load(param.getParameterElement()
+ .getFirstChildWithName(SCTIssuerConfig.SCT_ISSUER_CONFIG));
+ } else {
+ throw new TrustException("expectedParameterMissing",
+ new String[]{this.configParamName});
+ }
+ }
+
+ if (config == null) {
+ throw new TrustException("missingConfiguration",
+ new String[]{SCTIssuerConfig.SCT_ISSUER_CONFIG
+ .getLocalPart()});
+ }
+
+ OMElement rstEle = data.getRstElement();
+ QName cancelTagetQName = new QName(data.getWstNs(), RahasConstants.CancelBindingLocalNames.CANCEL_TARGET);
+ OMElement cancelTargetEle = rstEle.getFirstChildWithName(cancelTagetQName);
+ if (cancelTargetEle == null) {
+ throw new TrustException("requiredElementNotFound",
+ new String[]{cancelTagetQName.toString()});
+ }
+ OMElement secTokenRefEle = cancelTargetEle
+ .getFirstChildWithName(new QName(WSConstants.WSSE_NS,
+ SecurityTokenReference.SECURITY_TOKEN_REFERENCE));
+ String tokenId;
+ if (secTokenRefEle != null) {
+
+ /*
+ <o:SecurityTokenReference
+ xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <o:Reference URI="urn:uuid:8e6a3a95-fd1b-4c24-96d4-28e875025ff7"
+ ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct" />
+ </o:SecurityTokenReference>
+ */
+ OMElement referenceEle = secTokenRefEle.getFirstChildWithName(Reference.TOKEN);
+ if (referenceEle != null) {
+ OMAttribute uri = referenceEle.getAttribute(new QName(
+ RahasConstants.CancelBindingLocalNames.URI));
+ if (uri != null) {
+ tokenId = uri.getAttributeValue().substring(1);
+ } else {
+ throw new TrustException("cannotDetermineTokenId");
+ }
+ } else {
+ throw new TrustException("cannotDetermineTokenId");
+ }
+ } else {
+ // TODO: we need to handle situation where the token itself is contained within the
+ // TODO: <wst:CancelTarget> element
+ throw new TrustException("cannotDetermineTokenId");
+ }
+
+ // Cancel the token
+ MessageContext inMsgCtx = data.getInMessageContext();
+ TokenStorage tokenStore = TrustUtil.getTokenStore(inMsgCtx);
+ Token token = tokenStore.getToken(tokenId);
+ if (token == null) {
+ throw new TrustException("tokenNotFound", new String[]{tokenId});
+ }
+ token.setState(Token.CANCELLED);
+ tokenStore.update(token);
+
+ // Create the response SOAP Envelope
+ SOAPEnvelope responseEnv =
+ TrustUtil.
+ createSOAPEnvelope(inMsgCtx.getEnvelope().getNamespace().getNamespaceURI());
+ OMElement rstrElem;
+ int version = data.getVersion();
+ if (RahasConstants.VERSION_05_02 == version) {
+ rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(version, responseEnv.getBody());
+ } else {
+ OMElement rstrcElem = TrustUtil
+ .createRequestSecurityTokenResponseCollectionElement(
+ version, responseEnv.getBody());
+
+ rstrElem = TrustUtil.createRequestSecurityTokenResponseElement(version, rstrcElem);
+ }
+ TrustUtil.createRequestedTokenCanceledElement(version, rstrElem);
+ return responseEnv;
+ }
+
+ /**
+ * Set the configuration file of this TokenCanceller.
+ * <p/>
+ * This is the text value of the <configuration-file> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configFile
+ */
+ public void setConfigurationFile(String configFile) {
+ this.configFile = configFile;
+ }
+
+ /**
+ * Set the configuration element of this TokenCanceller.
+ * <p/>
+ * This is the <configuration> element of the
+ * token-dispatcher-configuration
+ *
+ * @param configElement <code>OMElement</code> representing the configuation
+ */
+ public void setConfigurationElement(OMElement configElement) {
+ this.configElement = configElement;
+ }
+
+ /**
+ * Set the name of the configuration parameter.
+ * <p/>
+ * If this is used then there must be a
+ * <code>org.apache.axis2.description.Parameter</code> object available in
+ * the via the messageContext when the <code>TokenIssuer</code> is called.
+ *
+ * @param configParamName
+ * @see org.apache.axis2.description.Parameter
+ */
+ public void setConfigurationParamName(String configParamName) {
+ this.configParamName = configParamName;
+ }
+
+ /**
+ * Returns the <code>wsa:Action</code> of the response.
+ *
+ * @param data A populated <code>RahasData</code> instance
+ * @return Returns the <code>wsa:Action</code> of the response
+ * @throws org.apache.rahas.TrustException
+ *
+ */
+ public String getResponseAction(RahasData data) throws TrustException {
+ return TrustUtil.getActionValue(data.getVersion(), RahasConstants.RSTR_ACTION_CANCEL);
+ }
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
new file mode 100644
index 0000000..b901592
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/TokenIssuerUtil.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rahas.impl;
+
+import java.security.SecureRandom;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.util.Base64;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationException;
+import org.apache.ws.security.conversation.dkalgo.P_SHA1;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.WSSecurityUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ *
+ */
+public class TokenIssuerUtil {
+
+ public final static String ENCRYPTED_KEY = "EncryptedKey";
+ public final static String BINARY_SECRET = "BinarySecret";
+
+ public static byte[] getSharedSecret(RahasData data,
+ int keyComputation,
+ int keySize) throws TrustException {
+
+ boolean reqEntrPresent = data.getRequestEntropy() != null;
+
+ try {
+ if (reqEntrPresent &&
+ keyComputation != SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_USE_OWN_KEY) {
+ //If there is requester entropy and if the issuer is not
+ //configured to use its own key
+
+ if (keyComputation ==
+ SAMLTokenIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT) {
+ data.setResponseEntropy(WSSecurityUtil.generateNonce(keySize / 8));
+ P_SHA1 p_sha1 = new P_SHA1();
+ return p_sha1.createKey(data.getRequestEntropy(),
+ data.getResponseEntropy(),
+ 0,
+ keySize / 8);
+ } else {
+ //If we reach this its expected to use the requestor's
+ //entropy
+ return data.getRequestEntropy();
+ }
+ } else { // need to use a generated key
+ return generateEphemeralKey(keySize);
+ }
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ } catch (ConversationException e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ }
+ }
+
+ public static void handleRequestedProofToken(RahasData data,
+ int wstVersion,
+ AbstractIssuerConfig config,
+ OMElement rstrElem,
+ Token token,
+ Document doc) throws TrustException {
+ OMElement reqProofTokElem =
+ TrustUtil.createRequestedProofTokenElement(wstVersion, rstrElem);
+
+ if (config.keyComputation == AbstractIssuerConfig.KeyComputation.KEY_COMP_PROVIDE_ENT
+ && data.getRequestEntropy() != null) {
+ //If we there's requester entropy and its configured to provide
+ //entropy then we have to set the entropy value and
+ //set the RPT to include a ComputedKey element
+
+ OMElement respEntrElem = TrustUtil.createEntropyElement(wstVersion, rstrElem);
+ String entr = Base64.encode(data.getResponseEntropy());
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ respEntrElem,
+ RahasConstants.BIN_SEC_TYPE_NONCE);
+ binSecElem.setText(entr);
+
+ OMElement compKeyElem =
+ TrustUtil.createComputedKeyElement(wstVersion, reqProofTokElem);
+ compKeyElem.setText(data.getWstNs() + RahasConstants.COMPUTED_KEY_PSHA1);
+ } else {
+ if (TokenIssuerUtil.ENCRYPTED_KEY.equals(config.proofKeyType)) {
+ WSSecEncryptedKey encrKeyBuilder = new WSSecEncryptedKey();
+ Crypto crypto;
+ if (config.cryptoElement != null) { // crypto props defined as elements
+ crypto = CryptoFactory.getInstance(TrustUtil.toProperties(config.cryptoElement),
+ data.getInMessageContext().
+ getAxisService().getClassLoader());
+ } else { // crypto props defined in a properties file
+ crypto = CryptoFactory.getInstance(config.cryptoPropertiesFile,
+ data.getInMessageContext().
+ getAxisService().getClassLoader());
+ }
+
+ encrKeyBuilder.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
+ try {
+ encrKeyBuilder.setUseThisCert(data.getClientCert());
+ encrKeyBuilder.prepare(doc, crypto);
+ } catch (WSSecurityException e) {
+ throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal",
+ new String[]{data.
+ getClientCert().getSubjectDN().getName()});
+ }
+ Element encryptedKeyElem = encrKeyBuilder.getEncryptedKeyElement();
+ Element bstElem = encrKeyBuilder.getBinarySecurityTokenElement();
+ if (bstElem != null) {
+ reqProofTokElem.addChild((OMElement) bstElem);
+ }
+
+ reqProofTokElem.addChild((OMElement) encryptedKeyElem);
+
+ token.setSecret(encrKeyBuilder.getEphemeralKey());
+ } else if (TokenIssuerUtil.BINARY_SECRET.equals(config.proofKeyType)) {
+ byte[] secret = TokenIssuerUtil.getSharedSecret(data,
+ config.keyComputation,
+ config.keySize);
+ OMElement binSecElem = TrustUtil.createBinarySecretElement(wstVersion,
+ reqProofTokElem,
+ null);
+ binSecElem.setText(Base64.encode(secret));
+ token.setSecret(secret);
+ } else {
+ throw new IllegalArgumentException(config.proofKeyType);
+ }
+ }
+ }
+
+ private static byte[] generateEphemeralKey(int keySize) throws TrustException {
+ try {
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ byte[] temp = new byte[keySize / 8];
+ random.nextBytes(temp);
+ return temp;
+ } catch (Exception e) {
+ throw new TrustException("errorCreatingSymmKey", e);
+ }
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
new file mode 100644
index 0000000..0cde566
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLAttributeCallback.java
@@ -0,0 +1,36 @@
+package org.apache.rahas.impl.util;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.SAMLAttribute;
+
+public class SAMLAttributeCallback implements SAMLCallback{
+
+ private List attributes = null;
+ private RahasData data = null;
+
+ public SAMLAttributeCallback(RahasData data){
+ attributes = new ArrayList();
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.ATTR_CALLBACK;
+ }
+
+ public void addAttributes(SAMLAttribute attribute){
+ attributes.add(attribute);
+ }
+
+ public SAMLAttribute[] getAttributes(){
+ return (SAMLAttribute[])attributes.toArray(new SAMLAttribute[attributes.size()]);
+
+ }
+
+ public RahasData getData() {
+ return data;
+ }
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
new file mode 100644
index 0000000..358842d
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallback.java
@@ -0,0 +1,25 @@
+package org.apache.rahas.impl.util;
+
+/**
+ * All SAML data retrieving call backs will implement this interface
+ *
+ */
+public interface SAMLCallback {
+
+ /**
+ * Attribute callback
+ */
+ public static final int ATTR_CALLBACK = 1;
+
+ /**
+ * Subject name identifier
+ */
+ public static final int NAME_IDENTIFIER_CALLBACK = 2;
+
+ /**
+ * Returns the type of callback
+ * @return
+ */
+ int getCallbackType();
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
new file mode 100644
index 0000000..e3e1439
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLCallbackHandler.java
@@ -0,0 +1,28 @@
+package org.apache.rahas.impl.util;
+
+import org.opensaml.SAMLException;
+
+/**
+ * SAMLCallback Handler enables you to add data to the
+ * to the SAMLAssertion.
+ *
+ * For example Assertions, NameIdentifiers.
+ *
+ */
+public interface SAMLCallbackHandler {
+
+ /**
+ * SAMLCallback object has indicates what kind of data is required.
+ * if(callback.getCallbackType() == SAMLCallback.ATTR_CALLBACK)
+ * {
+ * SAMLAttributeCallback attrCallback = (SAMLAttributeCallback)callback;
+ * \//Retrieve required data from the RahasData inside SAMLAttributeCallback
+ * \//Add your SAMLAttributes to the attrCallback here.
+ *
+ * }
+ * @param callback
+ * @throws SAMLException
+ */
+ public void handle(SAMLCallback callback) throws SAMLException;
+
+}
diff --git a/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
new file mode 100644
index 0000000..185283f
--- /dev/null
+++ b/modules/rampart-trust/src/main/java/org/apache/rahas/impl/util/SAMLNameIdentifierCallback.java
@@ -0,0 +1,47 @@
+package org.apache.rahas.impl.util;
+
+import org.apache.rahas.RahasData;
+import org.opensaml.SAMLNameIdentifier;
+
+/**
+ * This is used retrieve data for the SAMLNameIdentifier.
+ * SAMLNameIdentifier can have different formats.
+ * Depending on it, NameIdentifier must have different values.
+ * It should be implementation specific.
+ *
+ */
+public class SAMLNameIdentifierCallback implements SAMLCallback{
+
+ private SAMLNameIdentifier nameId = null;
+ private String userId = null;
+ private RahasData data = null;
+
+ public SAMLNameIdentifierCallback(RahasData data){
+ this.data = data;
+ }
+
+ public int getCallbackType(){
+ return SAMLCallback.NAME_IDENTIFIER_CALLBACK;
+ }
+
+ public SAMLNameIdentifier getNameId() {
+ return nameId;
+ }
+
+ public void setNameId(SAMLNameIdentifier nameId) {
+ this.nameId = nameId;
+ }
+
+ public void setUserId(String userId) {
+ this.userId = userId;
+ }
+
+ public String getUserId() {
+ return userId;
+ }
+
+ public RahasData getData() {
+ return data;
+ }
+
+}
diff --git a/modules/rampart-trust/sts-aar-resources/rahas-sts.jks b/modules/rampart-trust/sts-aar-resources/rahas-sts.jks
new file mode 100644
index 0000000..02d7c4e
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/rahas-sts.jks
Binary files differ
diff --git a/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml b/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
new file mode 100644
index 0000000..9daecb3
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/saml-issuer-config.xml
@@ -0,0 +1,46 @@
+<saml-issuer-config>
+ <issuerName>Test_STS</issuerName>
+
+ <!-- alias of the issuer's private key -->
+ <issuerKeyAlias>ip</issuerKeyAlias>
+
+ <!-- password of the issuer's private key -->
+ <issuerKeyPassword>password</issuerKeyPassword>
+
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <timeToLive>300000</timeToLive>
+
+ <keySize>256</keySize>
+
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>2</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+
+ <trusted-services>
+ <!-- The service name and the alias of the trusted cert to use -->
+ <service alias="bob">http://localhost:8080/axis2/services/STS</service>
+ </trusted-services>
+
+</saml-issuer-config>
diff --git a/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml b/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml
new file mode 100644
index 0000000..412fbc3
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/sct-issuer-config.xml
@@ -0,0 +1,29 @@
+<sct-issuer-config>
+
+ <cryptoProperties>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</property>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+</sct-issuer-config>
diff --git a/modules/rampart-trust/sts-aar-resources/services.xml b/modules/rampart-trust/sts-aar-resources/services.xml
new file mode 100644
index 0000000..4274a75
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/services.xml
@@ -0,0 +1,89 @@
+<!-- Security token service configuration -->
+<service name="STS">
+
+ <operation name="RequestSecurityToken">
+ <messageReceiver class="org.apache.rahas.STSMessageReceiver"/>
+
+ <!-- Action mapping to accept SCT requests -->
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+ </operation>
+
+ <!-- Using the config file -->
+ <parameter name="token-dispatcher-configuration-file">META-INF/token-dispatcher-configuration.xml</parameter>
+
+ <!-- Configure Rampart to authenticate clients -->
+ <wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+
+ <ramp:user>ip</ramp:user>
+ <ramp:encryptionUser>useReqSigCert</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>PWCBHandler</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ </ramp:RampartConfig>
+
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</service>
diff --git a/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml b/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml
new file mode 100644
index 0000000..c19c2cd
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/token-canceler-config.xml
@@ -0,0 +1,3 @@
+<token-canceler-config>
+
+</token-canceler-config>
diff --git a/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml b/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
new file mode 100644
index 0000000..2000e87
--- /dev/null
+++ b/modules/rampart-trust/sts-aar-resources/token-dispatcher-configuration.xml
@@ -0,0 +1,17 @@
+<token-dispatcher-configuration>
+ <!-- Issuers. You may have many issuers. -->
+ <issuer class="org.apache.rahas.impl.SCTIssuer" default="true">
+ <configuration type="file">sct-issuer-config.xml</configuration>
+ <tokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</tokenType>
+ </issuer>
+ <issuer class="org.apache.rahas.impl.SAMLTokenIssuer">
+ <configuration type="file">META-INF/saml-issuer-config.xml</configuration>
+ <tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+ </issuer>
+
+ <!-- Only a single canceler is allowed -->
+ <canceler class="org.apache.rahas.impl.TokenCancelerImpl">
+ <configuration type="file">META-INF/token-canceler-config.xml</configuration>
+ </canceler>
+
+</token-dispatcher-configuration>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
new file mode 100644
index 0000000..35819f3
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,493 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.apache.rampart</groupId>
+ <artifactId>rampart-project</artifactId>
+ <packaging>pom</packaging>
+ <description>WS-Security, WS-Trust and WS-SecureConversation implementaion for Apache
+ Axis2</description>
+ <version>1.3-SNAPSHOT</version>
+ <name>Apache Rampart</name>
+ <url>http://ws.apache.org/rampart</url>
+
+ <licenses>
+ <license>
+ <name>Apache License Version 2.0</name>
+ <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+ </license>
+ </licenses>
+
+ <organization>
+ <name>Apache Software Foundation</name>
+ <url>http://www.apache.org</url>
+ </organization>
+
+ <issueManagement>
+ <system>JIRA</system>
+ <url>http://issues.apache.org/jira/browse/RAMPART</url>
+ </issueManagement>
+ <mailingLists>
+ <mailingList>
+ <name>Rampart Developers</name>
+ <subscribe>rampart-dev-subscribe@ws.apache.org</subscribe>
+ <unsubscribe>rampart-dev-unsubscribe@ws.apache.org</unsubscribe>
+ <post>rampart-dev@ws.apache.org</post>
+ <archive>http://mail-archives.apache.org/mod_mbox/rampart-dev/</archive>
+ </mailingList>
+ </mailingLists>
+
+ <inceptionYear>2005</inceptionYear>
+
+ <developers>
+ <developer>
+ <name>Afkham Azeez</name>
+ <id>azeez</id>
+ <email>azeez AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ <developer>
+ <name>Ruchith Fernando</name>
+ <id>ruchith</id>
+ <email>ruchith AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ <developer>
+ <name>Sanka Samaranayake</name>
+ <id>sanka</id>
+ <organization>WSO2</organization>
+ <email>sanka AT wso2.com</email>
+ </developer>
+ <developer>
+ <name>Davanum Srinivas</name>
+ <id>dims</id>
+ <email>dims AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
+ </developers>
+
+ <scm>
+ <connection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</connection>
+ <developerConnection>
+ scm:svn:https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</developerConnection>
+ <url>https://svn.apache.org/repos/asf/webservices/rampart/trunk/java</url>
+ </scm>
+
+
+ <repositories>
+ <repository>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>fail</checksumPolicy>
+ </snapshots>
+ <id>apache-snapshots</id>
+ <name>Apache Maven2 SNAPSHOTS</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <layout>default</layout>
+ </repository>
+ <repository>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ <checksumPolicy>warn</checksumPolicy>
+ </snapshots>
+ <id>apache-ws-snapshots2</id>
+ <name>Apache ws.zones - 2</name>
+ <url>http://ws.zones.apache.org/repository2</url>
+ </repository>
+
+ </repositories>
+
+
+ <pluginRepositories>
+ <pluginRepository>
+ <id>snapshot-apache</id>
+ <name>Apache Snapshot repository</name>
+ <url>http://people.apache.org/repo/m2-snapshot-repository</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+
+ <pluginRepository>
+ <id>snapshot</id>
+ <name>Snapshot repository</name>
+ <url>http://snapshots.maven.codehaus.org/maven2</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ </pluginRepository>
+
+ </pluginRepositories>
+
+ <build>
+ <plugins>
+
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0</version>
+ <configuration>
+ <source>1.4</source>
+ <target>1.4</target>
+ </configuration>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-site-plugin</artifactId>
+ <version>2.0-beta-5</version>
+ <inherited>false</inherited>
+ </plugin>
+ </plugins>
+ </build>
+
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-kernel</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-codegen</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-xmlbeans</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-adb-codegen</artifactId>
+ <version>${axis2.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>axis2-mtompolicy</artifactId>
+ <version>${axis2.version}</version>
+ <scope>compile</scope>
+ </dependency>
+
+ <!-- AIOM Dependencies -->
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-impl</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-api</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.ws.commons.axiom</groupId>
+ <artifactId>axiom-dom</artifactId>
+ <version>${axiom.version}</version>
+ </dependency>
+
+ <!-- Thrid party dependencies -->
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>${commons.httpclient.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-collections</groupId>
+ <artifactId>commons-collections</artifactId>
+ <version>${commons.collections.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-discovery</groupId>
+ <artifactId>commons-discovery</artifactId>
+ <version>${commons.discovery.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>${commons.codec.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${stax.impl.groupid}</groupId>
+ <artifactId>${stax.impl.artifactid}</artifactId>
+ <version>${stax.impl.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>stax</groupId>
+ <artifactId>stax-api</artifactId>
+ <version>${stax.api.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ <version>${xml.apis.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.woden</groupId>
+ <artifactId>woden</artifactId>
+ <version>${woden.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>wsdl4j</groupId>
+ <artifactId>wsdl4j</artifactId>
+ <version>${wsdl4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ <version>${javamail.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.activation</groupId>
+ <artifactId>activation</artifactId>
+ <version>${activation.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xmlbeans</groupId>
+ <artifactId>xbean</artifactId>
+ <version>${xbean.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.security</groupId>
+ <artifactId>wss4j</artifactId>
+ <version>${wss4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.santuario</groupId>
+ <artifactId>xmlsec</artifactId>
+ <version>${xmlsec.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>${junit.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>jaxen</groupId>
+ <artifactId>jaxen</artifactId>
+ <version>${jaxen.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>backport-util-concurrent</groupId>
+ <artifactId>backport-util-concurrent</artifactId>
+ <version>${backport_util_concurrent.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <version>${servletapi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ws.commons.schema</groupId>
+ <artifactId>XmlSchema</artifactId>
+ <version>${XmlSchema.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>annogen</groupId>
+ <artifactId>annogen</artifactId>
+ <version>${annogen.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.ant</groupId>
+ <artifactId>ant-nodeps</artifactId>
+ <version>${ant.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.neethi</groupId>
+ <artifactId>neethi</artifactId>
+ <version>${neethi.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpcore</artifactId>
+ <version>${jakarta.httpcore.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <version>${opensaml.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xalan</groupId>
+ <artifactId>xalan</artifactId>
+ <version>${xalan.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>${xerces.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ <version>${xml.apis.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.axis2</groupId>
+ <artifactId>addressing</artifactId>
+ <type>mar</type>
+ <version>${addressing.mar.version}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ <version>${commons.fileupload.version}</version>
+ </dependency>
+ </dependencies>
+
+
+ <profiles>
+ <profile>
+ <id>jdk14</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ <jdk>1.4</jdk>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk13</artifactId>
+ <version>${bcprov.jdk13.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ <profile>
+ <id>jdk15</id>
+ <activation>
+ <jdk>1.5</jdk>
+ </activation>
+ <dependencies>
+ <dependency>
+ <groupId>bouncycastle</groupId>
+ <artifactId>bcprov-jdk15</artifactId>
+ <version>${bcprov.jdk15.version}</version>
+ </dependency>
+ </dependencies>
+ </profile>
+
+ </profiles>
+
+ <modules>
+ <module>modules/rampart-policy</module>
+ <module>modules/rampart-trust</module>
+ <module>modules/rampart-core</module>
+ <module>modules/rampart-tests</module>
+ <module>modules/rampart-mar</module>
+ <module>modules/rampart-trust-mar</module>
+ <module>modules/rampart-integration</module>
+ </modules>
+
+ <properties>
+ <axis2.version>1.3</axis2.version>
+ <rampart.version>1.3-SNAPSHOT</rampart.version>
+ <rampart.mar.version>1.3</rampart.mar.version>
+ <rahas.mar.version>1.3</rahas.mar.version>
+
+ <axiom.version>1.2.5</axiom.version>
+ <addressing.mar.version>1.3</addressing.mar.version>
+
+ <wss4j.version>1.5.3</wss4j.version>
+ <xmlsec.version>1.4.0</xmlsec.version>
+
+ <opensaml.version>1.1</opensaml.version>
+
+ <XmlSchema.version>1.3.1</XmlSchema.version>
+ <neethi.version>2.0.2</neethi.version>
+
+ <xbean.version>2.1.0</xbean.version>
+ <woden.version>1.0-incubating-M7b</woden.version>
+ <wsdl4j.version>1.6.1</wsdl4j.version>
+ <annogen.version>0.1.0</annogen.version>
+
+ <activation.version>1.1</activation.version>
+ <javamail.version>1.4</javamail.version>
+
+ <jaxen.version>1.1-beta-10</jaxen.version>
+
+ <stax.impl.groupid>org.codehaus.woodstox</stax.impl.groupid>
+ <stax.impl.artifactid>wstx-asl</stax.impl.artifactid>
+ <stax.impl.version>3.2.0</stax.impl.version>
+ <stax.api.version>1.0.1</stax.api.version>
+ <xml.apis.version>1.3.03</xml.apis.version>
+
+ <bcprov.jdk13.version>132</bcprov.jdk13.version>
+ <bcprov.jdk15.version>132</bcprov.jdk15.version>
+
+ <commons.codec.version>1.3</commons.codec.version>
+ <commons.httpclient.version>3.0.1</commons.httpclient.version>
+ <commons.logging.version>1.1</commons.logging.version>
+ <backport_util_concurrent.version>2.1</backport_util_concurrent.version>
+
+ <servletapi.version>2.3</servletapi.version>
+
+ <junit.version>3.8.1</junit.version>
+ <xmlunit.version>1.0</xmlunit.version>
+ <log4j.version>1.2.13</log4j.version>
+
+ <jakarta.httpcore.version>4.0-alpha5</jakarta.httpcore.version>
+ <commons.collections.version>3.1</commons.collections.version>
+ <commons.fileupload.version>1.1.1</commons.fileupload.version>
+ <commons.discovery.version>0.2</commons.discovery.version>
+
+ <ant.version>1.7.0</ant.version>
+
+ <xalan.version>2.7.0</xalan.version>
+ <xerces.version>2.8.1</xerces.version>
+
+ </properties>
+ <distributionManagement>
+ <repository>
+ <id>apache-repo</id>
+ <name>Maven Central Repository</name>
+ <url>
+ scpexe://people.apache.org//www/people.apache.org/repo/m2-ibiblio-rsync-repository</url>
+ </repository>
+ <snapshotRepository>
+ <id>apache-snapshots</id>
+ <name>Apache Development Repository</name>
+ <url>scpexe://people.apache.org//www/people.apache.org/repo/m2-snapshot-repository</url>
+ </snapshotRepository>
+ <site>
+ <id>website</id>
+ <url>scpexe://people.apache.org/www/ws.apache.org/rampart</url>
+ </site>
+ </distributionManagement>
+</project>
diff --git a/release-docs/LICENSE.txt b/release-docs/LICENSE.txt
new file mode 100755
index 0000000..6b0b127
--- /dev/null
+++ b/release-docs/LICENSE.txt
@@ -0,0 +1,203 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
diff --git a/release-docs/NOTICE.txt b/release-docs/NOTICE.txt
new file mode 100644
index 0000000..77d3370
--- /dev/null
+++ b/release-docs/NOTICE.txt
@@ -0,0 +1,12 @@
+ =========================================================================
+ == NOTICE file corresponding to the section 4 d of ==
+ == the Apache License, Version 2.0, ==
+ == in this case for the Apache Axis2 distribution. ==
+ =========================================================================
+
+ This product includes software developed by
+ The Apache Software Foundation (http://www.apache.org/).
+
+ Please read the different LICENSE files present in the lib directory of
+ this distribution.
+
diff --git a/release-docs/README.txt b/release-docs/README.txt
new file mode 100644
index 0000000..dae1257
--- /dev/null
+++ b/release-docs/README.txt
@@ -0,0 +1,52 @@
+======================================================
+Apache Rampart-1.3 build (August 23, 2007)
+
+http://ws.apache.org/axis2/modules/rampart/
+------------------------------------------------------
+
+___________________
+Contents
+===================
+
+lib - This directory contains all the libraries required by rampart
+ in addition to the libraries available in the axis2 standard binary
+ release.
+
+
+rampart-1.3.mar - WS-Security and WS-SecureConversation support for Axis2
+rahas-1.3.mar - STS module - to be used to add STS operations to a service
+
+samples - This contains samples on using Apache Rampart and configuring
+ different conponents to carryout different WS-Sec* operations.
+
+README.txt - This file
+
+build.xml - Setup file to copy all jars to required places
+
+IMPORTANT: Before you try any of the samples makesure you
+
+1.) Have the Axis2 standard binary distribution downloaded and extracted.
+2.) Set the AXIS2_HOME environment variable
+3.) Run ant from the "samples" directory to copy the required libraries and
+ modules to relevant directories in AXIS2_HOME.
+4.) Download xalan-2.7.0.jar from here[1] and put under AXIS2_HOME\lib folder,
+ if you use JDK 1.5.
+
+___________________
+Support
+===================
+
+Any problem with this release can be reported to Apache Rampart mailing list
+or in the JIRA issue tracker.
+
+Mailing list subscription:
+ rampart-dev-subscribe@ws.apache.org
+
+Jira:
+ http://issues.apache.org/jira/browse/RAMPART
+
+Thank you for using Apache Rampart!
+
+The Apache Rampart team.
+
+[1] http://www.apache.org/dist/java-repository/xalan/jars/
diff --git a/release-docs/build.xml b/release-docs/build.xml
new file mode 100644
index 0000000..7a2dbd5
--- /dev/null
+++ b/release-docs/build.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ !
+ ! Copyright 2006 The Apache Software Foundation.
+ !
+ ! Licensed under the Apache License, Version 2.0 (the "License");
+ ! you may not use this file except in compliance with the License.
+ ! You may obtain a copy of the License at
+ !
+ ! http://www.apache.org/licenses/LICENSE-2.0
+ !
+ ! Unless required by applicable law or agreed to in writing, software
+ ! distributed under the License is distributed on an "AS IS" BASIS,
+ ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ! See the License for the specific language governing permissions and
+ ! limitations under the License.
+ !-->
+
+<project basedir="." default="setup">
+
+ <property name="lib.dir" value="lib"/>
+ <property name="modules.dir" value="."/>
+
+ <property environment="env"/>
+
+ <target name="check.dependency" unless="env.AXIS2_HOME">
+ <echo message="AXIS2_HOME must be set"/>
+ </target>
+
+ <!-- Copy the required jars and mars appropriately -->
+ <target name="setup" if="env.AXIS2_HOME" depends="check.dependency">
+
+ <property name="axis2.modules.dir" value="${env.AXIS2_HOME}/repository/modules/"/>
+ <property name="axis2.lib.dir" value="${env.AXIS2_HOME}/lib"/>
+
+ <copy todir="${axis2.lib.dir}">
+ <fileset dir="${lib.dir}">
+ <include name="**/*.jar"/>
+ </fileset>
+ </copy>
+
+ <copy todir="${axis2.modules.dir}">
+ <fileset dir="${modules.dir}">
+ <include name="**/*.mar"/>
+ </fileset>
+ </copy>
+
+ </target>
+
+</project>
diff --git a/release-docs/release-notes.html b/release-docs/release-notes.html
new file mode 100644
index 0000000..771b3a1
--- /dev/null
+++ b/release-docs/release-notes.html
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
+ <title>Apache Rampart - Release Notes</title>
+ <meta name="generator" content="amaya 9.2.2, see http://www.w3.org/Amaya/"
+ />
+</head>
+
+<body>
+<h1>Apache Rampart Release Notes</h1>
+
+<p>This is the 1.3 release of Apache Rampart.</p>
+
+<p>Apache Rampart 1.3 is a toolkit that provides implementations of the WS-Sec*
+specifications for Apache Axis 1.3, based on Apache WSS4J 1.5.3 and
+the Apache AXIOM-DOOM 1.2.5 implementation.</p>
+
+<b>What is in this release</b>
+
+<p>There are two main Apache Axis2 modules provided with this release.</p>
+<ul>
+<li>rampart-1.3.mar</li>
+This provides support for WS-Security and WS-SecureConversation features.
+<li>rahas-1.3.mar</li>
+This module provides the necessary components to enable SecurityTokenService
+functionality on a service.
+</ul>
+
+<p>Apache Rampart 1.3 uses a configuration model based on WS-Policy
+and WS-Security Policy and it is important to note that Apache Rampart 1.0 style
+configuration is also available even though being marked as deprecated.
+</p>
+
+<p>Apache Rampart 1.3 can be successfully used with the next Apache Sandesha2
+release targeted towards Apache Axis2 1.3 to configure
+WS-SecureConversation + WS-ReliableMessaging scenarios.</p>
+<p>
+The rampart module was successfully tested for interoperability with other
+WS-Security implementations.</p>
+
+<p>WS - Sec* specifications supported by Apache Rampart are as follows:</p>
+
+<ul>
+<li>WS - Security 1.0</li>
+<li>WS - Secure Conversation - February 2005</li>
+<li>WS - Security Policy - 1.1 - July 2005</li>
+<li>WS - Trust - February 2005</li>
+<li>WS - Trust - WS-SX spec - EXPERIMENTAL </li>
+</ul>
+
+
+
+
+<p>Thank you for using Apache Rampart.</p>
+
+<p></p>
+
+<p>Apache Rampart team</p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+</body>
+</html>
diff --git a/src/site/resources/developer-guide.html b/src/site/resources/developer-guide.html
new file mode 100644
index 0000000..d6c4052
--- /dev/null
+++ b/src/site/resources/developer-guide.html
@@ -0,0 +1,302 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<head>
+ <title>Apache Rampart - Source Repository</title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="ws.apache.org/rampart/" id="bannerLeft">Apache Rampart</a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+ <div class="xleft">
+ Last Published: 13 Jul 2007
+ </div>
+ <div class="xright"><a href="http://www.apache.org/">Apache</a>
+ <a href="../">WebServices</a>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+ <h5>Apache Rampart</h5>
+ <ul>
+
+ <li class="none">
+ <a href="index.html">About</a>
+ </li>
+
+ <li class="expanded">
+ <a href="">Downloads</a>
+ <ul>
+
+ <li class="none">
+ <a href="download.cgi">Releases</a>
+ </li>
+
+ <li class="none">
+ <a href="source-repository.html">Source Code</a>
+ </li>
+ </ul>
+ </li>
+ <li class="expanded">
+ <a href="">Documentation</a>
+ <ul>
+
+ <li class="none">
+ <a href="quick-start.html">Quick Start Guide</a>
+ </li>
+
+ <li class="none">
+ <a href="rampartconfig-guide.html">Rampart Configuration</a>
+ </li>
+
+ <li class="none">
+ <strong>Developer Guide</strong>
+ </li>
+ </ul>
+ </li>
+
+ <li class="expanded">
+ <a href="">Project Information</a>
+ <ul>
+
+ <li class="none">
+ <a href="mail-lists.html">Mailing Lists</a>
+ </li>
+
+ <li class="none">
+ <a href="http://issues.apache.org/jira/browse/Rampart">Issue Tracking</a>
+ </li>
+
+ <li class="none">
+ <a href="dependencies.html">Dependencies</a>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
+ <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+<h2>Getting Involved in Rampart</h2>
+
+<h3>Introduction</h3>
+
+Components of Rampart
+<ul>
+ <li>Rampart Core</li>
+ <li>Rampart Policy</li>
+ <li>Rampart Trust</li>
+</ul>
+
+<p></p>
+<img alt="Rampart Components and WS-Security Stack"
+title="Rampart Components and WS-Security Stack"
+src="images/security-stack.jpg" align="middle">
+
+<p><strong><em>Figure 1 : Rampart Components and WS-Security
+Stack</em></strong></p>
+
+<h3>Building Rampart</h3>
+<ol>
+ <li>Install maven2. Refer to the <a
+ href="http://maven.apache.org/guides/getting-started/maven-in-five-minutes.html">Installation
+ guide</a>.</li>
+ <li>Install SVN on your machine. (The Rampart repository uses SVN.) Please
+ read the ASF <a
+ href="http://www.apache.org/dev/version-control.html">Source Code
+ Repositories page.</a></li>
+ <li>Download the source code.
+ <ul>
+ <li>Anon Checkout <a
+ href="http://svn.apache.org/repos/asf/webservices/rampart/trunk/java/">http://svn.apache.org/repos/asf/webservices/rampart/trunk/java/</a></li>
+ <li>Committers <a
+ href="https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/">https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/</a></li>
+ </ul>
+ </li>
+ <li>The Rampart project has 8 modules under it. They are:
+ <ul>
+ <li>rampart-policy contains security policy assertions.</li>
+ <li>rampart-core has core components that process and enforce
+ security.</li>
+ <li>rampart-trust contains trust components.</li>
+ <li>rampart-mar builds the rampart.mar that is deployed in the
+ "modules" directory of the Axis2 repository.</li>
+ <li>rampart-trust-mar builds the rahas.mar that adds WS-Trust into
+ Axis2.</li>
+ <li>rampart-test has a set of unit test cases.</li>
+ <li>integration-test has functional tests.</li>
+ <li>rampart-samples consist of samples provided with the
+ distribution.</li>
+ </ul>
+ </li>
+ <li>Build by typing <code>$mvn clean install</code></li>
+</ol>
+
+<p>When deploying rampart.mar and rampart-trust.mar in the Axis2 repository,
+you may notice that they do not contain any dependencies. Therefore all the
+dependencies must be in the classpath.</p>
+
+<h3>Rampart in Axis2</h3>
+
+<p>Rampart is deployed as a module in Axis2, in the security phase. The
+security phase is right after the transport phase. The Rampart module
+introduces a couple of handlers -
+"org.apache.rampart.handler.RampartReciever" and
+"org.apache.rampart.handler.RampartSender" to the security phase.</p>
+
+<p></p>
+<img alt="DOOM" title="Rampart in Axis2" src="images/rampart-handlers.jpg"
+align="middle">
+
+<p><strong><em>Figure 2 : Rampart in Axis2</em></strong></p>
+
+<p>The "RampartReciver" handler intercepts the incoming message. Then Rampart
+validates the security of the incoming message, and checks whether it is
+in-line with the specified security policy. All security actions such as
+decryption of the message, validating the digital signature, validating the
+timestamp, and authenticating the user happens inside the Rampart module.</p>
+
+<p>"RampartSender" is the last handler in the outflow. The outgoing message
+is intercepted by this handler and Rampart takes the security actions. For
+example SOAP message can be encrypted, digitally signed, and security tokens
+are included according to the security policy.</p>
+
+<h3>Rampart, WSS4J, and DOOM</h3>
+
+<p>Rampart uses WSS4J for securing SOAP messages. WSS4J is an Apache project
+which implements the WS-Security specification. SOAP messages are signed and
+encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/">XML
+Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/">XML Digital
+Signature</a> specifications, but the WS-Security specification introduces an
+additional set of rules. Therefore WSS4J ensures that SOAP messages are
+singed according to all the rules defined in the specifications. WSS4J uses
+Apache's <a href="http://santuario.apache.org/Java/index.html">xmlsec
+libraries</a> for XML Encryption and XML Digital Signature.</p>
+
+<p>Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP
+message security in Rampart but there was a fundamental problem. WSS4J and
+all the incorporating XML security libraries use "DOM" for parsing and
+generating XML, while Axis2 uses "AXIOM" as the object model. This was
+resolved by using a new object model named "DOOM". DOOM is both AXIOM and DOM
+implementations. Therefore you can manipulate/access a DOOM object structure
+through DOM interfaces and AXIOM interfaces.</p>
+
+<p>When Rampart is engaged and configured, the incoming SOAP messages are
+converted to DOOM. Since DOOM implements the DOM interface it is possible for
+WSS4J to process messages. After performing the security validations, before
+flushing the message down the message inflow, the DOOM SOAP message is
+converted back to OM. At the outgoing flow, the message is converted to DOOM
+and then the security functions are performed using WSS4J.</p>
+
+<h3>Rampart Core</h3>
+
+<p>Rampart core drives security enforcement and validation on SOAP messages.
+It binds all components together to create the final product. The important
+components of Rampart core are,</p>
+<ul>
+ <li>org.apache.rampart.RampartEngine</li>
+ <li>org.apache.rampart.MessageBuilder</li>
+</ul>
+
+<p><strong>SOAP Message Inflow</strong></p>
+
+<p>Incoming messages are intercepted by RampartReciver and handed over to the
+RampartEngine. RampartEngine is responsible for handling validation of
+security in the incoming SOAP message.</p>
+<img alt="Rampart Engine" title="Rampart Engine"
+src="images/rampart-engine.jpg" align="middle">
+
+<p><strong><em>Figure 3: Control flow in RampartEngine</em></strong></p>
+
+<p><strong>Note</strong>: RampartMessageData stores
+"org.apache.rampart.policy.RampartPolicyData", which contains security policy
+in the manner required by "RampartEngine" and "MessageBuilder".</p>
+
+<p><strong>SOAP Message Outflow</strong></p>
+
+<p>Outgoing messages are intercepted by RampartSender and handed over to
+org.apache.rampart.RampartMessageBuilder. It is responsible for enforcing
+security on an outgoing SOAP message.</p>
+<img alt="Message Builder" title="Message Builder"
+src="images/message-builder.jpg" align="middle">
+
+<p><strong><em>Figure 4: Control flow in MessageBuilder</em></strong></p>
+
+<h3>Rampart Policy</h3>
+
+<p>WS - Security Policy is an extension of WS-Policy specification.
+Corresponding to this, the implementation of the security policy in Rampart
+is based on "Neethi", which is the Apache implementation of WS Policy
+specification. For each policy assertion introduced in the WS-Security
+Policy, there is an "Assertion Builder" and an "Assertion Model" defined in
+Rampart-policy.</p>
+
+<p>Apache Neethi is a highly extensible framework. When reading a security
+policy file, these builders and models in Rampart Policy are picked up by the
+Neethi framework using the "Jar file Service Provider Mechanism". All Rampart
+builders are listed in the
+META-INF/services/org.apache.neethi.builders.AssertionBuilder file. When
+adding a new Policy assertion it requires only a builder, assertion model,
+and an entry in the file.</p>
+
+<p>The RampartPolicyBuilder creates a RampartPolicyData given a "Policy"
+object created using the Rampart-policy and Neethi frameworks.</p>
+
+<h3>Rampart Trust</h3>
+
+<p>Rampart Trust implements the WS-Trust specification, which can be used
+in-conjunction with the Rampart Core and Rampart Policy modules. Rampart
+Trust defines a framework that can be used to issue, cancel, renew, and
+validate tokens, i.e., it defines a set of interfaces that must be
+implemented by different token issuing parties. Basically, Rampart Trust
+provides the functionality needed to host a STS - Security Token Service.</p>
+<img alt="Rampart Trust" title="Rampart Trust" src="images/rampart-trust.jpg"
+align="middle">
+
+<p><strong><em>Figure 5: Control flow in Rampart Trust</em></strong></p>
+
+<p></p>
+
+<p></p>
+
+<p></p>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">©
+ 2005-2007
+
+ Apache Software Foundation
+
+
+
+
+
+
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
diff --git a/src/site/resources/download.cgi b/src/site/resources/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/src/site/resources/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/src/site/resources/download.html b/src/site/resources/download.html
new file mode 100644
index 0000000..7fbaaa5
--- /dev/null
+++ b/src/site/resources/download.html
Binary files differ
diff --git a/src/site/resources/download/1.2/download.cgi b/src/site/resources/download/1.2/download.cgi
new file mode 100644
index 0000000..8bdb438
--- /dev/null
+++ b/src/site/resources/download/1.2/download.cgi
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Wrapper script around mirrors.cgi script
+# (we must change to that directory in order for python to pick up the
+# python includes correctly)
+cd /www/www.apache.org/dyn/mirrors
+/www/www.apache.org/dyn/mirrors/mirrors.cgi $*
\ No newline at end of file
diff --git a/src/site/resources/download/1.2/download.html b/src/site/resources/download/1.2/download.html
new file mode 100644
index 0000000..e6c19a4
--- /dev/null
+++ b/src/site/resources/download/1.2/download.html
Binary files differ
diff --git a/src/site/resources/images/message-builder.jpg b/src/site/resources/images/message-builder.jpg
new file mode 100644
index 0000000..922fcce
--- /dev/null
+++ b/src/site/resources/images/message-builder.jpg
Binary files differ
diff --git a/src/site/resources/images/rampart-engine.jpg b/src/site/resources/images/rampart-engine.jpg
new file mode 100644
index 0000000..9c10718
--- /dev/null
+++ b/src/site/resources/images/rampart-engine.jpg
Binary files differ
diff --git a/src/site/resources/images/rampart-handlers.jpg b/src/site/resources/images/rampart-handlers.jpg
new file mode 100644
index 0000000..5a84e2b
--- /dev/null
+++ b/src/site/resources/images/rampart-handlers.jpg
Binary files differ
diff --git a/src/site/resources/images/rampart-trust.jpg b/src/site/resources/images/rampart-trust.jpg
new file mode 100644
index 0000000..8c32f0a
--- /dev/null
+++ b/src/site/resources/images/rampart-trust.jpg
Binary files differ
diff --git a/src/site/resources/images/security-stack.jpg b/src/site/resources/images/security-stack.jpg
new file mode 100644
index 0000000..502f31e
--- /dev/null
+++ b/src/site/resources/images/security-stack.jpg
Binary files differ
diff --git a/src/site/resources/mail-lists.html b/src/site/resources/mail-lists.html
new file mode 100644
index 0000000..5191679
--- /dev/null
+++ b/src/site/resources/mail-lists.html
@@ -0,0 +1,183 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+
+
+
+
+
+
+
+
+
+<html>
+ <head>
+ <title>Apache Rampart - Project Mailing Lists</title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="ws.apache.org/rampart/" id="bannerLeft">
+
+ Apache Rampart
+
+ </a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+
+
+
+
+
+
+
+ <div class="xleft">
+ Last Published: 13 Jul 2007
+ </div>
+ <div class="xright"> <a href="http://www.apache.org/">Apache</a>
+ |
+ <a href="http://ws.apache.org/">WebServices</a>
+
+
+
+
+
+
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+
+
+
+
+
+
+
+ <h5>Apache Rampart</h5>
+ <ul>
+
+ <li class="none">
+ <a href="index.html">About</a>
+ </li>
+
+
+
+
+
+
+
+ <li class="expanded">
+ <a href="">Downloads</a>
+ <ul>
+
+ <li class="none">
+ <a href="download.cgi">Releases</a>
+ </li>
+
+ <li class="none">
+ <a href="source-repository.html">Source Code</a>
+ </li>
+ </ul>
+ </li>
+
+
+
+
+
+
+
+ <li class="expanded">
+ <a href="">Documentation</a>
+ <ul>
+
+ <li class="none">
+ <a href="quick-start.html">Quick Start Guide</a>
+ </li>
+ <li class="none">
+ <a href="rampartconfig-guide.html">Rampart Configuration</a>
+ </li>
+
+ <li class="none">
+ <a href="developer-guide.html">Developer Guide</a>
+ </li>
+ </ul>
+ </li>
+
+
+
+
+
+
+
+
+
+ <li class="expanded">
+ <a href="">Project Information</a>
+ <ul>
+
+ <li class="none">
+ <strong>Mailing Lists</strong>
+ </li>
+
+ <li class="none">
+ <a href="http://issues.apache.org/jira/browse/Rampart">Issue Tracking</a>
+ </li>
+
+ <li class="none">
+ <a href="dependencies.html">Dependencies</a>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
+ <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
+ </a>
+
+
+
+
+
+
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+ <div class="section"><h2>Project Mailing Lists</h2><p>These are the mailing lists that have been established for this project. For each list, there is a subscribe, unsubscribe, and an archive link.</p><table class="bodyTable"><tr class="a"><th>Name</th><th>Subscribe</th><th>Unsubscribe</th><th>Post</th><th>Archive</th></tr><tr class="b"><td>Rampart Developers</td><td><a href="mailto:rampart-dev-subscribe@ws.apache.org">Subscribe</a></td><td><a href="mailto:rampart-dev-unsubscribe@ws.apache.org">Unsubscribe</a></td><td><a href="mailto:rampart-dev@ws.apache.org">Post</a></td><td><a href="http://mail-archives.apache.org/mod_mbox/ws-rampart-dev/">mail-archives.apache.org</a></td></tr></table></div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">©
+ 2005-2007
+
+ Apache Software Foundation
+
+
+
+
+
+
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
diff --git a/src/site/resources/quick-start.html b/src/site/resources/quick-start.html
new file mode 100644
index 0000000..82ac283
--- /dev/null
+++ b/src/site/resources/quick-start.html
@@ -0,0 +1,246 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<head>
+ <title>Apache Rampart - Source Repository</title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="ws.apache.org/rampart/" id="bannerLeft">Apache Rampart</a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+ <div class="xleft">
+ Last Published: 13 Jul 2007
+ </div>
+ <div class="xright"><a href="http://www.apache.org/">Apache</a>
+ <a href="../">WebServices</a>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+ <h5>Apache Rampart</h5>
+ <ul>
+
+ <li class="none">
+ <a href="index.html">About</a>
+ </li>
+
+ <li class="expanded">
+ <a href="">Downloads</a>
+ <ul>
+
+ <li class="none">
+ <a href="download.cgi">Releases</a>
+ </li>
+
+ <li class="none">
+ <a href="source-repository.html">Source Code</a>
+ </li>
+ </ul>
+ </li>
+ <li class="expanded">
+ <a href="">Documentation</a>
+ <ul>
+
+ <li class="none">
+ <strong>Quick Start Guide</strong>
+ </li>
+
+ <li class="none">
+ <a href="rampartconfig-guide.html">Rampart Configuration</a>
+ </li>
+
+ <li class="none">
+ <a href="developer-guide.html">Developer Guide</a>
+ </li>
+ </ul>
+ </li>
+
+ <li class="expanded">
+ <a href="">Project Information</a>
+ <ul>
+
+ <li class="none">
+ <a href="mail-lists.html">Mailing Lists</a>
+ </li>
+
+ <li class="none">
+ <a href="http://issues.apache.org/jira/browse/Rampart">Issue Tracking</a>
+ </li>
+
+ <li class="none">
+ <a href="dependencies.html">Dependencies</a>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
+ <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+<h2>Rampart Quick Start Guide</h2>
+
+<h3>Installing Rampart in Axis2</h3>
+<p>Steps to install</p>
+<ol>
+<li>If you haven't installed Axis2, then download and extract the standard binary distribution. Make sure you have set the AXIS2_HOME environment variable</li>
+<li>Run ant from the "samples" directory to copy the required libraries and modules to relevant directories in AXIS2_HOME.</li>
+<li>Download xalan-2.7.0.jar from <a href="http://www.apache.org/dist/java-repository/xalan/jars/">here</a> and put under AXIS2_HOME\lib folder, if you use JDK 1.5.</li>
+<li>Download log4j.jar from <a href="http://people.apache.org/repo/m1-ibiblio-rsync-repository/log4j/jars/">here</a> and put under AXIS2_HOME\lib</li>
+</ol>
+<p></p>
+<h3>Running Samples</h3>
+<p>Now we'll look at how to run the first sample inside samples/policy folder.</p>
+<ol>
+<li>Open a console and change the directory to sample/policy and give the following command. This will start the server at port 8080</li>
+<pre><code>$ant service.01</code></pre>
+<li>Open a new console and change the directory to sample/policy and type the following command.</li>
+<pre><code>$ant client.01</code></pre>
+</ol>
+<p>Congratulations! Now you have executed the first sample. Rest of the samples can be run by changing the sample number.</p>
+
+<h3>Understanding the first sample</h3>
+
+<ul><li>Engaging Rampart</li></ul>
+<p>When securing a SOAP message, the sender must know the security actions to be performed on the message and the receiver must know enough details to process and validate the security of the message. Therefore when using Rampart with Axis2, it must be engaged at both ends.<p>
+<p>Observe how module has been engaged in server side by opening samples/policy/sample01/services.xml. The following line has engaged the module.</p>
+<div class="source">
+ <module ref="rampart"/>
+</div>
+<p>Engaging Rampart at client side is done programatically as follows.</p>
+<div class="source">
+ServiceClient client = new ServiceClient(ctx, null);<br/>
+client.engageModule("rampart");
+</div>
+<ul><li>Understanding policy</li></ul>
+<p>WS-Security Policy can be used to indicate what security actions that needs be performed on SOAP messages and and what actions should be validated. The file 'samples/policy/sample01/policy.xml' configures Rampart to add Username Token with Timestamp to this message. The element <RampartConfig> in policy.xml defines Rampart specific configurations. </p>
+<p>Policy at serverside is included in samples/policy/sample01/services.xml file. This configures Rampart module at serverside to validate the message for Username Token an Timestamp.</p>
+<p>More details on RampartConfig can be found <a href="ampartconfig-guide.html">here</a>.<p>
+
+<ul><li>Viewing the Message on wire</li></ul>
+<p>It is interesting to view the secured SOAP message on the wire using TCP monitor. Change the "client.port" property in samples/policy/build.xml file to the listening port of TCP monitor. This will send all the messages through TCP monitor when you execute the ant script. Observe the <security> header in the SOAP message.</p>
+
+<h3>Setting up a Security Token Service</h3>
+<p>Security Token Service can be set up as per WS-Trust specification using Rampart. The default security token service shipped with the rampart distribution is contained in the rampart-trust.mar module. It can issue SCT tokens and SAML tokens. Sample05 contains a client that connects to the default STS and obtain a SAML token. The services.xml in the sample contains "saml-issuer-config" parameter that is used to configure the default SAML issuer.</p>
+
+<strong>STS with a custom issuer</strong>
+<p>First the default rampart.mar has to be removed from the modules. Then write you own issuer implementing the <code>"org.apache.rahas.TokenIssuer"</code> interface. Let's say that your issuer is <code>"org.custom.MyIssuer"</code>. Then create a Axis2 service archive with the following in the services.xml. Drop the archive into the repository and you have a STS with a CustomToken issuer.</p>
+<div class="source">
+<module ref="rampart" /><br />
+ <operation name="IssueToken"
+mep="http://www.w3.org/2006/01/wsdl/in-out">
+<br />
+
+<messageReceiver
+class="org.apache.rahas.STSMessageReceiver"/>
+<br />
+ <br />
+
+<!-- Action mapping to accept SCT requests -->
+<br />
+
+<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+
+<br />
+ <br />
+
+<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</actionMapping>
+
+<br />
+
+<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Renew</actionMapping>
+
+<br />
+
+<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Cancel</actionMapping>
+
+<br />
+
+<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel</actionMapping>
+
+<br />
+
+<actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Validate</actionMapping>
+
+<br />
+<br />
+
+<parameter name="token-dispatcher-configuration">
+<br />
+
+
+<token-dispatcher-configuration>
+<br />
+
+ <!-- Issuers. You may have many
+issuers. -->
+<br />
+
+
+<issuer
+class="org.custom.MyIssuer"
+default="true">
+<br />
+
+
+<configuration
+type="parameter">saml-issuer-config</configuration>
+
+<br />
+
+
+<tokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tokenType>
+
+<br />
+
+ </issuer>
+<br />
+
+
+</token-dispatcher-configuration>
+<br />
+
+</parameter><br />
+</operation><br />
+
+<div>
+ </div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">©
+ 2005-2007
+
+ Apache Software Foundation
+
+
+
+
+
+
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
+
diff --git a/src/site/resources/rampart-config.xsd b/src/site/resources/rampart-config.xsd
new file mode 100644
index 0000000..38b7a92
--- /dev/null
+++ b/src/site/resources/rampart-config.xsd
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ramp="http://ws.apache.org/rampart/policy" targetNamespace="http://ws.apache.org/rampart/policy" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="RampartConfig">
+ <xs:annotation>
+ <xs:documentation>http://ws.apache.org/rampart/rampartconfig-guide.html</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureCrypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="encryptionCypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="decryptionCrypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="timestampTTL" type="xs:integer"/>
+ <xs:element name="timestampMaxSkew" type="xs:integer" minOccurs="0"/>
+ <xs:element name="tokenStoreClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="sslConfig" type="ssl" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="crypto">
+ <xs:annotation>
+ <xs:documentation>http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/components/crypto/Crypto.html</xs:documentation>
+ </xs:annotation>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property" type="xs:string"/>
+ </xs:sequence>
+ <xs:attribute name="provider"/>
+ </xs:complexType>
+ <xs:complexType name="ssl">
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
\ No newline at end of file
diff --git a/src/site/resources/rampartconfig-guide.html b/src/site/resources/rampartconfig-guide.html
new file mode 100644
index 0000000..8133aea
--- /dev/null
+++ b/src/site/resources/rampartconfig-guide.html
@@ -0,0 +1,156 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<head>
+ <title>Apache Rampart - Source Repository</title>
+ <style type="text/css" media="all">
+ @import url("./css/maven-base.css");
+ @import url("./css/maven-theme.css");
+ @import url("./css/site.css");
+ </style>
+ <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" />
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+ </head>
+ <body class="composite">
+ <div id="banner">
+ <a href="ws.apache.org/rampart/" id="bannerLeft">Apache Rampart</a>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="breadcrumbs">
+ <div class="xleft">
+ Last Published: 13 Jul 2007
+ </div>
+ <div class="xright"><a href="http://www.apache.org/">Apache</a>
+ <a href="../">WebServices</a>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ <div id="leftColumn">
+ <div id="navcolumn">
+ <h5>Apache Rampart</h5>
+ <ul>
+
+ <li class="none">
+ <a href="index.html">About</a>
+ </li>
+
+ <li class="expanded">
+ <a href="">Downloads</a>
+ <ul>
+
+ <li class="none">
+ <a href="download.cgi">Releases</a>
+ </li>
+
+ <li class="none">
+ <a href="source-repository.html">Source Code</a>
+ </li>
+ </ul>
+ </li>
+ <li class="expanded">
+ <a href="">Documentation</a>
+ <ul>
+
+ <li class="none">
+ <a href="quick-start.html">Quick Start Guide</a>
+ </li>
+ <li class="none">
+ <strong>Rampart Configuration</strong>
+ </li>
+ <li class="none">
+ <a href="developer-guide.html">Developer Guide</a>
+ </li>
+ </ul>
+ </li>
+
+
+ <li class="none">
+ <a href="">Project Information</a>
+ <ul>
+
+ <li class="none">
+ <a href="mail-lists.html">Mailing Lists</a>
+ </li>
+
+ <li class="none">
+ <a href="http://issues.apache.org/jira/browse/Rampart">Issue Tracking</a>
+ </li>
+
+ <li class="none">
+ <a href="dependencies.html">Dependencies</a>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy">
+ <img alt="Built by Maven" src="./images/logos/maven-feather.png"></img>
+ </a>
+
+ </div>
+ </div>
+ <div id="bodyColumn">
+ <div id="contentBox">
+<h2>Rampart Configurations</h2>
+<p>RampartConfig element can have any of the following child elements. Schema is available <a href="rampart-config.xsd">here</a></p>
+<table class="bodyTable"><tbody>
+ <tr class="a"><td><b>Parameter</b></td><td><b>Description</b></td><td><b>Example</b></td></tr>
+
+ <tr class="b"><td>user</td><td>The user's name</td><td>Set alias of the key to be used to sign<br></br>
+ <user> bob</user></td></tr>
+ <tr class="a"><td>encryptionUser</td><td>The user's name for encryption.</td><td><br></br>
+ <encryptionUser>alice</encryptionUser></td></tr>
+ <tr class="b"><td>passwordCallbackClass</td><td>Callback class used to provide the password required to create the
+ UsernameToken or to sign the message</td><td><passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td></tr>
+
+ <tr class="a"><td>signatureCrypto</td><td>properties to needed perform signature, such as crypto
+ provider, keystore and its password</td><td>
+ <signatureCrypto><br/>
+ <crypto provider="org.apache.ws.security.components.crypto.Merlin"><br>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property><br>
+ <property name="org.apache.ws.security.crypto.merlin.file">client.jks</property><br>
+ <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property><br>
+ </crypto><br>
+ <signatureCrypto></td></tr>
+ <tr class="b"><td>encryptionCypto</td><td>properties to needed perform signature, such as crypto
+ provider, keystore and its password</td><td><encryptionCypto>....crypto element ......</encryptionCypto></td></tr>
+ <tr class="a"><td>decryptionCrypto</td><td>properties to needed perform signature, such as crypto
+ provider, keystore and its password</td><td><decryptionCrypto>....crypto element ......</decryptionCrypto></td></tr>
+ <tr class="b"><td>timestampTTL</td><td>Time to live of Timestamp</td><td>The default timestamp time to live is 300 seconds</td></tr>
+ <tr class="a"><td>timestampMaxSkew</td><td>The maximum tolerence limit for timeskew of the timestamp</td><td>Rampart allows timestamps created slightly ahead of the reciever's time.<br/> This parameter allows to specify the tolerence limit</td></tr>
+ <tr class="b"><td>tokenStoreClass</td><td></td><td></td></tr>
+ <tr class="a"><td>sslConfig</td><td>SSL Configuration need for Transportbinding</td><td>Can specify the properties such as "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword". Please see below for more information.</td></tr>
+ </tbody></table>
+<h3>Crypto Provider</h3>
+ <p>org.apache.ws.security.crypto.provider defines the implementation of
+the org.apache.ws.security.components.crypto.Crypto interface to provide the
+crypto information required by WSS4J. The other properties defined are the
+configuration properties used by the implementation class
+(org.apache.ws.security.components.crypto.Merlin). <a name="ref"></a><a name="references"></a></p></div><div class="subsection"><a name="References"></a><h3>References</h3><p>1. <a href="http://ws.apache.org/wss4j" class="externalLink" title="External Link">Apache WSS4J -Home</a>
+</div>
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ <div id="footer">
+ <div class="xright">©
+ 2005-2007
+
+ Apache Software Foundation
+
+
+
+
+
+
+
+ </div>
+ <div class="clear">
+ <hr/>
+ </div>
+ </div>
+ </body>
+</html>
+
diff --git a/src/site/site.xml b/src/site/site.xml
new file mode 100644
index 0000000..45a3c23
--- /dev/null
+++ b/src/site/site.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<project name="Apache Rampart">
+
+ <bannerLeft>
+ <name>Apache Rampart</name>
+ <href>ws.apache.org/rampart/</href>
+ </bannerLeft>
+
+ <skin>
+ <groupId>org.apache.maven.skins</groupId>
+ <artifactId>maven-default-skin</artifactId>
+ <version>1.0</version>
+ </skin>
+
+ <publishDate format="dd MMM yyyy"/>
+
+ <body>
+ <links>
+ <item name="Apache" href="http://www.apache.org/"/>
+ <item name="WebServices" href="http://ws.apache.org/"/>
+ </links>
+
+ <menu name="Apache Rampart">
+ <item name="About" href="index.html"/>
+ <item name="Downloads">
+ <item name="Releases" href="download.cgi"/>
+ <item name="Source Code" href="source-repository.html"/>
+ </item>
+ <item name="Documentation">
+ <item name="Quick Start Guide" href="quick-start.html"/>
+ <item name="Rampart Configuration" href="rampartconfig-guide.html"/>
+ <item name="Developer Guide" href="developer-guide.html"/>
+ </item>
+ <item name="Project Information">
+ <item name="Mailing Lists" href="mail-lists.html"/>
+ <item name="Issue Tracking" href="http://issues.apache.org/jira/browse/Rampart"/>
+ <item name="Dependencies" href="dependencies.html"/>
+ </item>
+ </menu>
+
+ </body>
+</project>
diff --git a/src/site/xdoc/index.xml b/src/site/xdoc/index.xml
new file mode 100644
index 0000000..f28fd41
--- /dev/null
+++ b/src/site/xdoc/index.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+
+<document>
+
+ <properties>
+ <title>Apache Rampart</title>
+ </properties>
+
+<body>
+
+<section name="Apache Rampart">
+<p>Rampart is the security module of Axis2. It secures SOAP messages
+according to specifications in the WS-Security stack. Rampart implements the
+following specifications:</p>
+<ul>
+ <li>WS - Security 1.0</li>
+ <li>WS - Secure Conversation - February 2005</li>
+ <li>WS - Security Policy - 1.1 - July 2005</li>
+ <li>WS - Trust - February 2005</li>
+ <li>WS - Trust - WS-SX spec - EXPERIMENTAL</li>
+</ul>
+</section>
+
+</body>
+</document>
